Possible anti WGA feature

Discussion in 'Windows 7' started by biceman, Jul 30, 2009.

  1. biceman

    biceman MDL Novice

    Jul 29, 2009
    21
    0
    0
    #1 biceman, Jul 30, 2009
    Last edited: Jul 30, 2009
    I wrote this both to Hazar and Orbit30...

    I think that Microsoft may create an windows update that finds the win7 lo*ders, and so they will be disabled. This can be easily achived by searching the "grldr" or "bootmgr" file; if present, then it's considered an "exploit" and it will be disabled.
    This can be avoided with a script that modifies the filename "grldr" and "bootmgr" to a random name (maybe using specific PC criteria - CPU, MAC, MB serial, etc...), so each PC station will have their own boot filenames, which cannot be traced by Microsoft.
    It's just a suggestion, if you can implement it and if it worth it, it will be nice!
     
  2. MSbetatester

    MSbetatester MDL Novice

    Feb 18, 2009
    38
    0
    0
    #2 MSbetatester, Jul 30, 2009
    Last edited: Jul 30, 2009
    I would thnk that various legit versions of grldr are in use on many PC systems. They can't attack all of them. That would be "throwing out the baby with the bath water" mentality and would cause a MS PR problem they do not want.

    So, to do identify such a OEM Win7 lo*der hack, they would have to open up the grldr file and match it to what they think is the actual hack version. When they get lucky and find a match, they would have to add code to trigger the "not genuine" thing.

    But, a new version of the lo*der would come out in hours and loading it will cause a mismatch. So, it would end up being a cat and mouse game. Truly not worth it on MS part. That is why they never did it for Vista.

    MSB
     
  3. jackdor

    jackdor MDL Member

    Jun 20, 2009
    127
    0
    10
    also searching a persons computer would be in breach of the data prodection act in the uk and the same for most modern countries :)
     
  4. 0ldBear

    0ldBear MDL Novice

    Jul 29, 2009
    37
    1
    0
    Yeah - I dual boot between Windows and Ubuntu using grub.

    I'd be unhappy if M$ said that was an invalid configuration :)
     
  5. Qermit

    Qermit MDL Novice

    Jul 30, 2009
    14
    0
    0
    grldr and grub (used for the loaders), are installed by all Linux distribution.
    Messing with the ability to install an alternative operation system will re-open an antitrust can of worms they don't really want to mess with.

    Method to defeat the loaders:
    1. They can easily add signature checks to windows defender / one care / windows update, and employ a small team (4-5 people) to track the known hacked signatures.

    2. They can also compare the bios slic table to the software slic table, and in case of discrepancy, raise a flag. (if they are different, or the bios is lacking one).

    3. They can use a whitelist - store a hash of valid bioses + some uniquely identifying string, that will have to be submitted before getting an oem license.

    4. They can just disable pre-activation on the oem site. It's very cumbersome, but will kill all the loaders immediately.

    5. They can transit to a service model: if you don't pay 5$ per month, your system will automatically shut down (or just not receive any updates).

    6. at the very least, they can associate the model of an existing motherboard and oem license, and if it older than 6/2009, and uses an OEM license, kill the activation.
     
  6. jackdor

    jackdor MDL Member

    Jun 20, 2009
    127
    0
    10
    and all the above would be in breach of the data prodection act thay are not allowed by law to scan your computer and if thay did it would lead to law suits all Around The World i don't think microtish wants that :D