All of this was gleened from the most recent Crypto-Gram
One person ‘s experience trying to secure Windows. One interesting point: after he does a clean install, he doesn ‘t have time to download all the security patches before his computer is infected by malware. Worth reading. http://www.techuser.net/index.php?id=47
The security of your computer and your network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It ‘s not enough for you to maintain a secure network. If everybody else doesn ‘t maintain their security, we ‘re all more vulnerable to attack.
In early May, stories were written saying that Microsoft would make this upgrade available to all XP users, both licensed and unlicensed. To me, this was a very smart move on Microsoft ‘s part. Think about all the ways it benefits Microsoft. One, its licensed users are more secure. Two, its licensed users are happier. Three, worms that attack Microsoft products are less virulent, which means Microsoft doesn ‘t look as bad in the press. Microsoft wins, Microsoft ‘s customers win, the Internet wins. It ‘s the kind of marketing move that businessmen write best-selling books about.
Sadly, the press was wrong. Soon after, Microsoft said the initial comments were wrong, and that SP2 would not run on pirated copies of XP. Those copies would not be upgradeable, and would remain insecure. Only legal copies of the software could be secured.
This is the wrong decision, for all the same reasons that the opposite decision was the correct one.
This decision, more than anything else Microsoft has said or done in the last few years, proves to me that security is not the first priority of the company. Here was a chance to do the right thing: to put security ahead of profits. Here was a chance to look good in the press, and improve security for all their users worldwide. Microsoft claims that improving security is the most important thing, but their actions prove otherwise.