Windows Vista crack is actually a trojan
By faique
@faique (41)
Pakistan
January 1, 2007 6:36am CST
Malware makers are starting to take advantage of the number of users searching for cracks for the pirated copies of Vista floating around.
A new download has started circulating around the crack boards called "Windows Vista All Versions Activation 21.11.06". It purports to be an activation crack for any version of Vista.
However, the file is actually a trojan-carrier which will install Trojan-PSW.Win32.LdPinch.aze onto your PC.
BitTorrent users who posted reviews of the crack said that a number of antivirus programs detected the malware, though Norton AntiVirus and NOD32 did not.
In an interview about the Windows Vista installation process, and the ease with which administrators can pre-install software into a Vista install DVD, Microsoft Australia's John Pritchard warned that pirated copies of Vista could easily come with malware preinstalled."I would certainly recommend when people are looking at any content they make sure they have the approved and hologrammed DVDs to make sure they’re dealing with the genuine product, to get away from not knowing where the source comes from. If they have control of the unattended installation and built it themselves then hopefully they know what they are putting on it."INFO TAKEN FROM: http://www.it-networks.org/News/29.html
---------------
Inside Vista's new image-based install
Vista’s installation process is dramatically different to any previous version of Windows: rather than being an 'installer', the install DVD is actually a preinstalled copy of Windows that simply gets decompressed onto your PC.
So how does it adjust to your hardware? How do you slipstream updates and drivers into it? Can you also 'preinstall' your favourite apps into your Vista DVD?And most importantly, can you build a custom Vista install DVD that doesn't install all the 'free AOL trial' crap that typically comes bundled in with Windows?john-pritchard.jpgWe asked Microsoft Australia Technology Specialist for Windows Client, John Pritchard how it all works and got some surprising answers.
Dan Warne: Vista’s “image based install” basically means that what you get on your Vista DVD is a preinstalled image of Vista, is that right?John Pritchard: Yes, what users’ DVDs will contain is the install Windows Imaging (.WIM) file, which is basically our operating system folders wrapped up into one image file.
The users will put their DVD in, boot off it and run the setup and it will look to them like they are doing an install, but what it is really doing is grabbing the install.wim and executing that as an upgrade or clean install depending on what the user wants.
Dan Warne: So it’s basically decompressing a preinstalled version of Vista onto the hard drive, and when you do an upgrade, it’s basically putting a clean install of Vista on there and migrating your XP settings into Vista, right?John Pritchard: Yes, that’s right, it’s a compressed image. We will ship it with fast compression, and then users just need to have the space on the hard disk for that image to be offloaded and decompressed.
There’s also the advantage that it is file-based, not sector-based image, so you can install the image onto your hard drive without overwriting other data.
We also have advanced User State Migration with Vista. Users can take their settings from a previous version of Windows, migrate them off the PC and put them into an installable format for a new PC.
So, for example if they wanted to wipe their XP installation completely and start again with Vista, they could take their data off their XP installation with the User State Migration Toolkit and then restore it into Vista once they’ve completed their installation.
The User State Migration Toolkit can collect settings from Windows 2000 and XP SP.
Dan Warne: So is that something that ordinary consumers could use to migrate data from an old PC to a new Vista PC? Would it be easy enough for consumers to use?John Pritchard: Yes, it would be easy enough for consumers to use, though in that market there’s also the Files and Settings Transfer Wizard.
James Bannan: I’ve used the XP Tool, the Transfer Wizard, a number of times for upgrading computers. The User State Migration Tool is more powerful but it is command-line based, so not as user friendly. You’d certainly find that power users would be drawn to it, definitely, especially as you can combine it with the WIM file image being a file based imaging format, meaning it’s not an overwrite of your whole hard drive (unless you wish it to be).
Dan Warne: So in terms of the way the WIM system works, would it be possible to use WIM to back up, say, a Dell laptop completely as an image, and then restore it onto a Lenovo laptop with different hardware, for example? Would Windows be able to adjust to that different hardware?John Pritchard: Yes, and that’s one of the great benefits of it. The WIM format, being a file-based format, is separated from the hardware you’re running it on. So you could take an IBM, Dell, Toshiba, whatever you’ve got, build your image up in it, and the way the traditional imaging process works, you can sysprep the machine, drop it and then create the image.
That way you can restore the image on multiple platforms. The caveat is that I wouldn’t go from a 32-bit architecture to a 64-bit architecture, but staying inside 32-bit, you are no longer tied to the Hardware Abstraction Layer (HAL) any more, and that is a great feature that releases us from so many challenges we’ve had in the past with HALs and multiple images.
You can now build your golden machine just like before, capture the image and then that image can be deployed widely and as you need to.
Dan Warne: what about keeping an image up to date. Users have had to get quite expert in doing this with XP because of its very out-of-date driverbase. Is this made easier with WIM?John Pritchard: yes, you can update WIM images very easily.
There are two basic steps: one, you can just load a folder anywhere in the image you like. If there’s something that requires a folder under the system32 directory that is completely unique to some particular hardware, you have the liberty to inject that folder into your WIM.
The other way is that you can use a DriverLoad utility, and that will actually place important things like disk drivers into their required location in the image, so when you are running a setup, it can look through its normal repository for drivers and bang, it’s there, because it has been injected.
James Bannan: Out of interest, this all does rely on the image having been sysprepped, is that right? Because even though it is a similar deal with XP, even if the drivers are there, it does still need to run through that setup process of assigning drivers to hardware. With WIM, I assume you couldn’t just do a clean build, capture, inject the drivers, and drop it back on? It would still need to run through the driver allocation?John Pritchard: With the actual released build of Vista, a user can mount the install.wim file on the Vista install DVD, mount it and put the drivers in themselves through the command line utilities.
When they unmount it, they’d have to burn another DVD of course, but they could have put drivers in there with it mounted into the file system. The drivers are actually injected into the right locations in there.
That’s with an image that comes from Microsoft; if they want to build their own golden machine, they have to reboot it, boot into something like WinPE, and then use ImageX to capture the image, and once you’ve got that WIM image, you can inject drivers into it just like the Microsoft-supplied WIM.
Dan Warne: A lot of drivers nowadays come bundled up into EXE files that install everything into the right place for you. How would you inject those into a WIM image?John Pritchard: You can actually do that with the unattend.xml file. You would put those EXE files on the disk and let the unattend process install them. If you look at the Windows System Image Manager, it has the capability to say, “look at these packages on a distribution share, and run these drivers as an application after you have built the system.”
James Bannan: at what point in the install do those apps run?John Pritchard: They’re done in part seven, that’s after the system has been built, before logon. Now, with the EXE packaged drivers, you can install them onto your golden machine, then build an image based on that. That’s the other way of doing it, of course.
Dan Warne: I know that I have a cynical journalist’s mind, but isn’t that a bit of a risk for malware to be injected into Vista install DVDs, given that those apps are executed before logon?John Pritchard: Yes, well I would certainly recommend when people are looking at any content they make sure they have the approved and hologrammed DVDs to make sure they’re dealing with the genuine product, to get away from not knowing where the source comes from. But if they have got control of the unattend and built it themselves then hopefully they know what they are putting on it.
James Bannan: plus I believe ImageX itself can do a verify on a WIM so I guess that is an advantage if you have got the original WIM, a corrupted WIM won’t match up to the original.
Dan Warne: I guess like any software that can be corrupted, people will just have to go back to the original hashes.
John Pritchard: I think it comes back to people having the original software first, and that is the level of assurance I would look for.
Dan Warne: I guess I was thinking more of a corporation that might have a WIM image sitting somewhere on a network share and a rogue employee might go in and add something to the image.
James Bannan: it’s probably a bit too much to rely on WIM to be able to protect itself from rogue IT administrators… you’re asking a lot.
Dan Warne: yeah, I guess if you have file access you can do pretty much whatever you like can’t you.
James Bannan: pretty much.
John Pritchard: Also with larger e
1 response