Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Windows 7 registration crack comes as no surprise to Fortify

Fortify : 18 November, 2009  (Technical Article)
The product activation system of Microsoft's Windows 7 OS has been cracked, a problem which Fortify says is no surprise due to the complexity of code auditing operating system software
Weekend reports that Windows 7's product activation system has been cracked less than a month after the new Microsoft operating system was officially released comes as no surprise, says Fortify, the application vulnerability specialist.

'The RemoveWAT utility - also known as ChewWGA - exploits at least one of several probable security flaws on Windows 7 to allow a user to bypass the Windows Genuine Advantage registration procedure,' said Richard Kirk, Fortify's European director.

'This type of crack appeared shortly after Windows Vista went on sale in January 2007 and was solved when Microsoft issued an update. Similar utilities for Windows XP also started appearing in the summer of 2005, shortly after the Windows Genuine Advantage system was made mandatory in July of that year,' he added.

According to Kirk, the reason these flaws exist - which Microsoft promptly patches after they appear in the wild - is the millions of lines of program code that go into a modern operating system, which makes it extremely difficult to ensure security.

And, he said, whilst the code security flaws and potential loopholes are a headache for software vendors, they are an even worse problem for operating system developers, simply because of the scale of the coding structures involved.

The only real solution to the problem is for software vendors to exhaustively test and retest the security of the code from the earliest stages in the software's development stages. Specialized tools can help automate this process, enabling efficient scanning and accurate detection.

Code security auditing and testing, he explained, is a highly specialised industry that can help organizations avoid revenue and data losses when software is cracked, as has clearly happened with Windows 7.

'Will it happen again? I doubt it, as Microsoft will now almost certainly retroactively re-engineer Win7 to prevent any registration loopholes from being exploited,' he said.

'More than anything, this highlights the fact that the sheer size of programs these days means that code loopholes will slip through the net unless you are scrutinizing them regularly from the moment they are written whether designed inhouse or commercially. Our advice is check, check and keep checking for flaws. You can't ever rest on your laurels."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo