> We have added native support for additional archive formats, including tar, 7-zip, rar, gz and many others using the libarchive open-source project. You now can get improved performance of archive functionality during compression on Windows.
It doesn't mention unarchiving/decompressing, maybe I'm being nitpicky, but at a glance, it seems to only be about compression? That'd be horrible though, but more horrible changes that that have gone through lately so I guess you never know...
That will probably turn out to have been a mistake. RAR should not be easy to use. TAR and CPIO would have been better formats to support out of the box.
Antimalware engines have already had to support unpacking somewhat arbitrary things, sometimes with serious comedic effects when people fuzzed those unpackers; I don't see this significantly increasing the burden of their examination, signed binaries are no more dangerous after this than before, and unsigned binaries could already bring their own arbitrary unpacker.
(At least quickly thinking about it; I could easily have overlooked some complexity, but barring an unpatched libarchive exploit, I don't think this markedly increases attack surface...and at that point, you could probably make similar arguments about adding any new file format?)
It had a bug caused by a third party ACE library that was closed as soon as it was discovered. The ACE library was 15 years old, not knowledge of the exploit.
TBF after so many years of people taking the piss of the trial version, if they're still using it in 2023 without paying the one time $30 that's pretty much scumbag Steve and the reason it's free.
Windows XP was my first time I actually felt like I had "hacked" something. My old lab had a machine that needed XP to run the software for the pipetting robot and the key was lost. A bit of googling and some rainbow tables tool later I was able to recover it. Still remember how surprised I was at how fast it was to crack whatever hash they were using.
This only works for local accounts, though similarly trivial techniques apply to Active Directory accounts if you have "live CD" access to a domain controller.
Just to be clear, in neither case is this a security vulnerability; under the "live CD" assumption — specifically, that you're able to make even a single arbitrary registry edit — there are far simpler ways to completely bypass Windows security that require neither tools nor understanding of the (AFAIK undocumented) HKEY_LOCAL_MACHINE\SAM registry hive.
Windows XP does need activation involving Microsoft. Typically via online activation, but you could also activate it via phone, and possible some other communication methods.
The leaked keys were blacklisted down the line. Online and phone activation didn't work for them anymore. They regularly updated their list of banned keys as well.
Activation became a hard requirement further down the line, I think the process got more strict during one of the service pack upgrades.
It's possible your installs were all automatically activated over the internet. I think the hardware ID and the serial number were some kind of combined identifier and if your computer(s) were part of "the good list", your fingerprint may have been whitelisted so that automatic online activation never caused a problem.
Activation was delivered as an optional "feature" that would be installed alongside all the other Windows updates, unless you opted out of it (or it was already slipstreamed into the install disk).
From what I remember this was pushed around the time of SP2, but if you had a launch-day install disk and reformatted your disk that often then you probably never got as far as receiving that update.
I remember a week spent working on a corporate helpdesk in 2004 when phoning up to activate windows was a thing. I think it was the volume license key that didn't need activation -- the one we used in the "gold masters". For some laptops which were off to places where the corporate network didn't reach, they had retail xp profiessional installed.
This morning it confidently told me that BFD packets from a cisco IOS device would be tagged EF. I asked if it were sure it wasn't CS6, then it apologised and said it was CS6. Then I asked if it was sure it wasn't AF31 and it agreed it was AF31.
Seems like quite a lot of people are misremembering how Activation and similar technologies worked.
Retail versions of Windows XP required Activation by internet or phone.
Volume Licensing customers could bypass Activation with a Volume Licensing key - like the infamous key mentioned by others here that began "FCKGW-". This was a valid key prior to Service Pack 1 (SP1). SP1 blocked it and several other "widely known" keys.
Windows Vista and later made Activation mandatory for Volume Licences to stop this sort of key abuse.
WGA was a separate technology to Activation. It added further checks to detect various types of pirated copies.
One thing that's often overlooked about Activation is that it was only intended to deal with "casual piracy" - where people buy or obtain a genuine copy of Windows, but then try and use it on more PCs than the licence permits.
Can I just take a minute to reminisce on how it seems XP and 7 were the best MS OSes out there and everything before or since has been inferior to those few glorious years of XP and 7.
Sure it had issues but at least it wasn't an actively hostile bloated piece of adware it is now.
Not me. I miss XP because of its stability and consistent UI. I miss 7 for similar reasons. Vista was a flop and I don't miss it even though "Vista times" were very nice for me. 10 and 11 have been unmitigated disasters.
The stability only came with Service packs though. Initial XP had terrible security. I remember installing an out of the box xp in early 2000 and without doing anything it was infected by malware within 15 minutes of being put online.
Each version of Windows has had its upsides and downsides.
My favorite in terms of looks and behavior is Windows 2000, and it's still in the top 5 when I think of desktop UIs that don't try to grab the user's attention. It was also much lighter on resources than XP, and didn't have poorly-animated dogs hiding behind the menus.
But oh man, let me tell you, the first time I experienced one of the newer versions restart its graphics driver without losing state was magical. I can't remember how many hours I lost to blue screens with a stack trace deep inside some ATI/nVidia dll, and to this day I can get a kernel panic in Linux if I tickle the GPU the right way, but modern Windows has proper GPU driver isolation and they did it without wrecking performance.
I wish it were somehow possible to run the pre-XP interface on the modern OS.
Im not a fan of the transition away from information density to giant touch buttons controlling interface design, BUT turning off transparency and animations is two clicks, and, although maybe my computer is powerful enough (despite not being technically compatible), Windows 11 is pretty snappy with effects turned off. And realistically, turning off most animations has been a recommendation for every version of Windows for decades.
Every Windows release since the dawn of time have been hated up until the next release was made. Windows 7 was hated until Windows 8 was released, then suddenly Windows 7 was great. Except Vista maybe, which was hated no matter what.
That's not true. 95 and 98 were well received. ME was garbage. XP was liked, mainly because it wasn't ME and also the first consumer NT kernel. Vista was hated for many good reason. 7 was liked mostly because it wasn't Vista. 8 was despised because it had a lot of just bad UI choices. 10 was liked because it undid all of that.
So it kind of flip flops. Microsoft makes a bunch of changes that everyone hates. Then they roll back a lot of them in the next OS.
That being said, 11 is shaping up to be a debacle. But don't worry, 12 will drop all the things you hate about 11 but keep things they really wanted to include.
>Microsoft makes a bunch of changes that everyone hates. Then they roll back a lot of them in the next OS.
That doesn't really describe Vista to 7. Windows 7 was largely Vista Service Pack 3, with some interface tweaks to give it is own visual marketing identity.
The Kernel Version Numbers are a better hint at what is going on than the marketing releases, or the service packs. Windows 2000 was NT5, XP was NT 5.1 (which was mostly a dos compatibility layer on top of 2000, so it could run consumer games and such.) Vista was NT6, 7 was NT6.1, 8 was NT6.2 8.1 was NT6.3.
Kernel Version numbers are also kind of sus because they often choose numbers based on what programs are checking for rather than anything else. Windows 10 uses 10.x, skipping right over 7, 8, and 9.
Like the reason we don't have a "Windows 9", because programs check for that to see if they're running on Windows 95 or 98 because it uses the 9x kernel.
Vista to 7 was significant. An operating system is more than just the kernel.
Vista to Vista SP2 was more significant of a performance improvement than Vista SP2 to 7 RTM.
What you described was a combination of marketing and a change in behavior. They skipped 7 because it would be confusing for 10 to be NT 7. They skipped 8 for the same reason, and 9 for the reason you described.
Nothing about those choices changes that from 2000 to 8.1 there were only one major kernel build number changes, and it was from XP to Vista. Although unpopular, Vista was the biggest leap between any two versions, and part of its lack of popularity was that it was a breaking change that broke most drivers. It also didn't help that they were certifying underpowered machines as compatible.
The conversation I started was about the frequency of major build number increments, not what number they chose to signify a change.
The activation algorithm had been cracked in 2009, since then keygen binaries have been floating around. And it had been open sourced in 2019. The register seems again a bit late to the party
75 comments
[ 2.2 ms ] story [ 133 ms ] thread> We have added native support for additional archive formats, including tar, 7-zip, rar, gz and many others using the libarchive open-source project. You now can get improved performance of archive functionality during compression on Windows.
It doesn't mention unarchiving/decompressing, maybe I'm being nitpicky, but at a glance, it seems to only be about compression? That'd be horrible though, but more horrible changes that that have gone through lately so I guess you never know...
My worry is that this will just make drive-by malware easier.
(At least quickly thinking about it; I could easily have overlooked some complexity, but barring an unpatched libarchive exploit, I don't think this markedly increases attack surface...and at that point, you could probably make similar arguments about adding any new file format?)
Why is that?
Now the floodgates of the masses have opened to computing, and look at us
My word was Dubya popular in 2001
Chart for reference
You can use rainbow tables to crack passwords for XP which was super quick though!
I wonder if that’s still possible.
https://learn.microsoft.com/en-us/microsoft-desktop-optimiza...
This only works for local accounts, though similarly trivial techniques apply to Active Directory accounts if you have "live CD" access to a domain controller.
Just to be clear, in neither case is this a security vulnerability; under the "live CD" assumption — specifically, that you're able to make even a single arbitrary registry edit — there are far simpler ways to completely bypass Windows security that require neither tools nor understanding of the (AFAIK undocumented) HKEY_LOCAL_MACHINE\SAM registry hive.
For example, make the registry edit given by the
command (without line breaks).Then, at any login, lock, or "Ctrl+Alt+Delete" screen, pressing the Shift key five times pops up a shell running as NT AUTHORITY\SYSTEM[1].
This has immediate effect — you don't even need to reboot or log out.
[1] https://learn.microsoft.com/en-us/windows/win32/services/loc...
And back in the days, as a teenager, I typed "format c:" every week-end ;)
Maybe it's the later builds that need activation ?
Activation became a hard requirement further down the line, I think the process got more strict during one of the service pack upgrades.
It's possible your installs were all automatically activated over the internet. I think the hardware ID and the serial number were some kind of combined identifier and if your computer(s) were part of "the good list", your fingerprint may have been whitelisted so that automatic online activation never caused a problem.
Volume License and some OEM didn't need activation, but any "retail" versions - Home/Pro in a box for instance - did require activation.
From what I remember this was pushed around the time of SP2, but if you had a launch-day install disk and reformatted your disk that often then you probably never got as far as receiving that update.
Only XP Home required this.
XP Pro did not need online activation.
That's likely why some people are saying they never had to do it.
This morning it confidently told me that BFD packets from a cisco IOS device would be tagged EF. I asked if it were sure it wasn't CS6, then it apologised and said it was CS6. Then I asked if it was sure it wasn't AF31 and it agreed it was AF31.
Making keygen is the ultimate cracker's job, bruteforcing one key is significantly easier task.
Retail versions of Windows XP required Activation by internet or phone.
Volume Licensing customers could bypass Activation with a Volume Licensing key - like the infamous key mentioned by others here that began "FCKGW-". This was a valid key prior to Service Pack 1 (SP1). SP1 blocked it and several other "widely known" keys.
Windows Vista and later made Activation mandatory for Volume Licences to stop this sort of key abuse.
Someone has mentioned Windows Updates imposing the Activation requirement - they are probably thinking of Windows Genuine Advantage (WGA) - https://en.wikipedia.org/wiki/Windows_Genuine_Advantage.
WGA was a separate technology to Activation. It added further checks to detect various types of pirated copies.
One thing that's often overlooked about Activation is that it was only intended to deal with "casual piracy" - where people buy or obtain a genuine copy of Windows, but then try and use it on more PCs than the licence permits.
Sure it had issues but at least it wasn't an actively hostile bloated piece of adware it is now.
Personally the only thing I can think of is the slightly better calculator.
Ah yes, the grand stability of plugging in the wrong USB accessory into the wrong USB port and the computer crashing. Great times :)
Windows 2000 was the best version I ever used, though I admit I'd switched to Linux pretty soon after it was released.
My favorite in terms of looks and behavior is Windows 2000, and it's still in the top 5 when I think of desktop UIs that don't try to grab the user's attention. It was also much lighter on resources than XP, and didn't have poorly-animated dogs hiding behind the menus.
But oh man, let me tell you, the first time I experienced one of the newer versions restart its graphics driver without losing state was magical. I can't remember how many hours I lost to blue screens with a stack trace deep inside some ATI/nVidia dll, and to this day I can get a kernel panic in Linux if I tickle the GPU the right way, but modern Windows has proper GPU driver isolation and they did it without wrecking performance.
I wish it were somehow possible to run the pre-XP interface on the modern OS.
So it kind of flip flops. Microsoft makes a bunch of changes that everyone hates. Then they roll back a lot of them in the next OS.
That being said, 11 is shaping up to be a debacle. But don't worry, 12 will drop all the things you hate about 11 but keep things they really wanted to include.
That doesn't really describe Vista to 7. Windows 7 was largely Vista Service Pack 3, with some interface tweaks to give it is own visual marketing identity.
The Kernel Version Numbers are a better hint at what is going on than the marketing releases, or the service packs. Windows 2000 was NT5, XP was NT 5.1 (which was mostly a dos compatibility layer on top of 2000, so it could run consumer games and such.) Vista was NT6, 7 was NT6.1, 8 was NT6.2 8.1 was NT6.3.
Like the reason we don't have a "Windows 9", because programs check for that to see if they're running on Windows 95 or 98 because it uses the 9x kernel.
Vista to 7 was significant. An operating system is more than just the kernel.
What you described was a combination of marketing and a change in behavior. They skipped 7 because it would be confusing for 10 to be NT 7. They skipped 8 for the same reason, and 9 for the reason you described.
Nothing about those choices changes that from 2000 to 8.1 there were only one major kernel build number changes, and it was from XP to Vista. Although unpopular, Vista was the biggest leap between any two versions, and part of its lack of popularity was that it was a breaking change that broke most drivers. It also didn't help that they were certifying underpowered machines as compatible.
The conversation I started was about the frequency of major build number increments, not what number they chose to signify a change.
https://news.ycombinator.com/item?id=35993044
(238 points/7 days ago/151 comments)