My Vista product key can be easily dumped out?

Discussion in 'Windows Vista Security' started by zxli, Jan 4, 2007.

  1. zxli

    zxli Guest

    Hello,

    Today I tried SiSoftware Sandra under my Vista. I find it can dump my
    product key out without any UAC warnings. Is it by design? Isn't it a
    security hole? I'm really embarrassed...

    Thanks!
    zxli
     
    zxli, Jan 4, 2007
    #1
    1. Advertisements

  2. zxli

    Todd Hudson Guest

    Whats the security issue? It is stored in the registry like most other
    settings.
     
    Todd Hudson, Jan 4, 2007
    #2
    1. Advertisements

  3. I'm agree with Todd Husdon. This is not an security issue and doesn't have
    anything to do with UAC.
     
    Chriss3 [MVP], Jan 4, 2007
    #3
  4. zxli

    Kerry Brown Guest

    Uac only prompts when writing to certain areas of the registry. Reading does
    not cause a uac prompt.
     
    Kerry Brown, Jan 4, 2007
    #4
  5. zxli

    Zhenxin Li Guest

    MS always tells us to keep the product key in a physically safe place. But
    how to protect my product key(in clear text?) in the registry that everybody
    including hackers know where it is? I can hide the physically printed
    product key somewhere in my home or some other place. Even someone breaks
    into my home, he will spend a lot of time to find where it is. But what if
    someone intrude into my computer? He knows, the product key is right
    there...

    BTW, how many computers can be activated by one product key?
     
    Zhenxin Li, Jan 5, 2007
    #5

  6. You need to keep it in a physically safe place so that you can access it
    when the computer won't boot. That's why OEM machines put it right on the
    box.

    One key - one computer.
     
    Frank Saunders, MS-MVP OE/WM, Jan 5, 2007
    #6
  7. zxli

    Zhenxin Li Guest

    I do know there are some special keys which can activate multiple machines.
    It is a threat for those keys if the keys can be dumped out so easily.

    If I get it correctly(I forget where I heard this), for XP keys, one key can
    be used to activate another machine after some months when the first machine
    was activated. Is that right?
     
    Zhenxin Li, Jan 5, 2007
    #7
  8. Jupiter Jones [MVP], Jan 5, 2007
    #8
  9. Where did you find the product key in the registry stored as clear text???
    :)
     
    John E. Carty, Jan 5, 2007
    #9
  10. zxli

    Zhenxin Li Guest

    Maybe it's not in clear text. But it can be dumped to clear text easily...
     
    Zhenxin Li, Jan 5, 2007
    #10
  11. zxli

    Zhenxin Li Guest

    I'm not asking for a solution. I just want to know why it is designed like
    this.

    Of course I should not let the ones I don't trust access my computer. But no
    one can guarantee he won't run malicious softwares accidentally or be
    attacked by the hackers. Why the product key is stored as clear text or
    similar to clear text in the registry. Why it isn't stored by some
    non-reversible hash algorithm.
     
    Zhenxin Li, Jan 5, 2007
    #11
  12. Why?
    Because that is the way Windows is designed.

    It is not a security issue at all since even if someone gets your key, you
    still have no security issues on your computer.

    "But no one can guarantee ..."
    And no one but you can control that, it is called "Physical Security".

    "run malicious softwares accidentally"
    That is another reason why it is highly recommended to not run as
    Administrator.
    Hopefully you have others that use your computer set up as Limited Accounts
    as well.

    --
    Jupiter Jones [MVP]
    http://www3.telus.net/dandemar
    http://www.dts-l.org
     
    Jupiter Jones [MVP], Jan 5, 2007
    #12

  13. Only if it's taken off the first machine.
     
    Frank Saunders, MS-MVP OE/WM, Jan 5, 2007
    #13
  14. zxli

    Robert Firth Guest

    Why would someone steal your product key anyway? Remember, it is one key,
    one computer. Therefore it would be useless to them because they will be
    unable to activate it.

    This isn't really something that someone would take advantage of. It would
    be pointless.

    --
    /* * * * * * * * * * * * * * * * * *
    * Robert Firth *
    * Windows Vista x86 RTM *
    * http://www.WinVistaInfo.org *
    * * * * * * * * * * * * * * * * * */
     
    Robert Firth, Jan 6, 2007
    #14
  15. What if they were looking to sell "Vista Ultimate for Download NOW
    $89!!!"?

    They would send out a virus, collect a bunch of Vista product keys
    and sell one stolen key with each pirated download.

    The hapless victim might have his key / activation revoked via WGA
    check the following month and be forced to buy a new license to
    continue to run the copy of Vista he bought in the first place.
     
    Jeffery Jones, Mar 18, 2007
    #15
  16. Somewhat Ok until you said "...forced to buy a new license..."
    Won't happen.
    The "hapless victim" may mistakenly think that is needed, but it is
    not.
     
    Jupiter Jones [MVP], Mar 20, 2007
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.