On Mon, 19 Apr 2004, Alexei Roudnev wrote:
Hmnm, if you: -- are in Russia or other East Europe country - got Windows with a computer (so it is 90% pirated one) - have not credit card how can you order this CD (of course, pirates will help -:))?
The US/English Windows Security Update CD is free. There is also a Russian version. I don't speak/read Russian, so I don't know if Microsoft asks for a credit card number before shipping the CD on the Russian web page. For the other languages/countries web pages I can understand, the CD is free. That goal was having an off-line version of the same patches you get from WindowsUpdate.Microsoft.com
This explains the number of infected systems (in addition to other reasons). My friends in Moscow have 3 - 4 Windows Me and Windows 98 (those, who are far from computer business) - no one updated. It is impossible by Internet, and you never know, is it Microsoft (CD) or is it Hacker (CD) when you purchase a CD (and you have not any reason to spend a time and money, purchasing CD).
In the US, the Security Update CD is shipped directly from the Microsoft contractor to the end-user. Of course, if the postal service, delivery service or contractor is corrupt; what you receive could be intercepted and replaced enroute.
Updates are not so easy, as it seems, having 1 Mbit DSL at home, good $20K firewall and 10 Mbit at work (or been ISP itself).
Fixing insecure computers in black market economies is a difficult problem. The more common reason I hear is people know (or suspect) they are using pirate copies of Windows, and are afraid the Microsoft patches will also disable illegal copies. People concerned about that won't use any updates, regardless of how easy or quick. Although Microsoft has several web pages how to check the so-called Certificate of Authenticity, I haven't found a Microsoft supported way to verify the actual software installed on a computer. Other operating system vendors such as Sun have Solaris MD5 fingerprints for their operating systems.