Re: How To Install Windows From Free BSD?

Reply: Ralf Mardorf : "Re: How To Install Windows From Free BSD?"
Reply: Ralf Mardorf : "Re: How To Install Windows From Free BSD?"
In reply to: Ralf Mardorf : "Re: How To Install Windows From Free BSD?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: John Howie <john_at_thehowies.com>
Date: Sun, 16 Jan 2022 01:48:22 UTC

Hi Ralf,

With all due respect, there is so much wrong with your reply that I feel compelled to reply to you than to let it drop.

Regarding your question/opinion about checksums, the guidance that I gave Megan stands true (do not download from untrustworthy sites, especially "The Pirate Bay and co"!!!). Checksums are good if/when used properly and you have all the tools to use them. I suspect given the tone and tenor of Megan's posting she is not familiar with them, and how to use them.

Yes, Windows (and other OSes) can get compromised over time, but rarely through a RCE. It is usually the act of installing compromised software (again, "The Pirate Bay and co"), or going to compromised web-sites which exploit vulnerabilities in the browser, which are user actions. Windows is no less secure than most other general purpose OSes, it is just one of the most popular so people spend all their time developing exploits for it and the software that runs on it. That makes it seem less secure.

You cannot use AV (which is not snake oil) to guarantee removal of malware from an infected machine. You need to flatten and rebuild.

It is illegal to use an unlicensed version of Windows in every country in the world. That includes using license keys you may find via the search engine of your choice.

Best regards,

John

On 1/15/22, 5:35 PM, "owner-freebsd-questions@freebsd.org on behalf of Ralf Mardorf" <owner-freebsd-questions@freebsd.org on behalf of ralf-mardorf@riseup.net> wrote:

On Sun, 16 Jan 2022 00:41:50 +0000, John Howie wrote:
>Windows 10

Hi,

Windows 10 still provides Internet Explorer, but it can't be used to
use the nowadays Internet, hence Microsoft recommends to migrate to
Edge.

>DO NOT download an ISO image from a third-party site. It is likely
>compromised, and cannot be trusted.

1. Are there any signed checksums to verify the ISO?

If not, what makes it more secure to download it from a Microsoft
server, than from a third party? I also wonder, if a web of trust does
exist around Microsoft, so probably even a signed checksum is not
better, than a checksum that isn't signed.

2. Even if it should be possible to verify the ISO against a signed
checksum and there should be a valid web of trust, what do you think
how long it takes that Windows gets compromised when used by an
unskilled computer user like the OP?

Does it make a difference, if Windows is compromised already when
installing it or after running it for two days? You can use the same
Antivirus snake oil to scan Windows from third parties or from a
Microsoft server.

There's usually nothing wrong with using an ISO image from The Pirate
bay and Co., it just isn't activated and there are no more AIO Windows
media available nowadays.

>If you have no license key on a sticker on your CPU case you have no
>choice but to get a retail version of Windows 10 or Windows 11.

There are rumours that Microsoft soon or later revokes leaked activation
keys, but AFAIK those are what they are, just rumours. Microsoft
likely never ever will revoke keys used by customers who pay much for
company licenses. There unlikely ever will be a problem with using a
companies activation service. I don't know if it's forbidden by law to
use those keys. It probably depends on the country. I'm not a lawyer. I
don't recommend to use a leaked key, if it's against a countries law.
However, those keys exist, they can be found by using Google, I never
heard that such a key was ever revoked.

Regards,
Ralf