Re: How To Install Windows From Free BSD?

From: John Howie <john_at_thehowies.com>
Date: Sun, 16 Jan 2022 01:48:22 UTC
Hi Ralf,

With all due respect, there is so much wrong with your reply that I feel compelled to reply to you than to let it drop.

Regarding your question/opinion about checksums, the guidance that I gave Megan stands true (do not download from untrustworthy sites, especially "The Pirate Bay and co"!!!). Checksums are good if/when used properly and you have all the tools to use them. I suspect given the tone and tenor of Megan's posting she is not familiar with them, and how to use them.

Yes, Windows (and other OSes) can get compromised over time, but rarely through a RCE. It is usually the act of installing compromised software (again, "The Pirate Bay and co"), or going to compromised web-sites which exploit vulnerabilities in the browser, which are user actions. Windows is no less secure than most other general purpose OSes, it is just one of the most popular so people spend all their time developing exploits for it and the software that runs on it. That makes it seem less secure.

You cannot use AV (which is not snake oil) to guarantee removal of malware from an infected machine. You need to flatten and rebuild.

It is illegal to use an unlicensed version of Windows in every country in the world. That includes using license keys you may find via the search engine of your choice. 

Best regards,

John


On 1/15/22, 5:35 PM, "owner-freebsd-questions@freebsd.org on behalf of Ralf Mardorf" <owner-freebsd-questions@freebsd.org on behalf of ralf-mardorf@riseup.net> wrote:

    On Sun, 16 Jan 2022 00:41:50 +0000, John Howie wrote:
    >Windows 10

    Hi,

    Windows 10 still provides Internet Explorer, but it can't be used to
    use the nowadays Internet, hence Microsoft recommends to migrate to
    Edge.

    >DO NOT download an ISO image from a third-party site. It is likely
    >compromised, and cannot be trusted.

    1. Are there any signed checksums to verify the ISO?

    If not, what makes it more secure to download it from a Microsoft
    server, than from a third party? I also wonder, if a web of trust does
    exist around Microsoft, so probably even a signed checksum is not
    better, than a checksum that isn't signed.

    2. Even if it should be possible to verify the ISO against a signed
       checksum and there should be a valid web of trust, what do you think
       how long it takes that Windows gets compromised when used by an
       unskilled computer user like the OP?

    Does it make a difference, if Windows is compromised already when
    installing it or after running it for two days? You can use the same
    Antivirus snake oil to scan Windows from third parties or from a
    Microsoft server.

    There's usually nothing wrong with using an ISO image from The Pirate
    bay and Co., it just isn't activated and there are no more AIO Windows
    media available nowadays.

    >If you have no license key on a sticker on your CPU case you have no
    >choice but to get a retail version of Windows 10 or Windows 11.

    There are rumours that Microsoft soon or later revokes leaked activation
    keys, but AFAIK those are what they are, just rumours. Microsoft
    likely never ever will revoke keys used by customers who pay much for
    company licenses. There unlikely ever will be a problem with using a
    companies activation service. I don't know if it's forbidden by law to
    use those keys. It probably depends on the country. I'm not a lawyer. I
    don't recommend to use a leaked key, if it's against a countries law.
    However, those keys exist, they can be found by using Google, I never
    heard that such a key was ever revoked.

    Regards,
    Ralf