Is is possible to reactivate the Windows XP that comes with a used computer or do you have to either use the XP edition you had on your old computer or buy a new XP disk? Please advise- I would like to purchase a used computer with Windows XP Pro. Thank
you

On Sat, 17 Jan 2004 18:16:02 -0700, "Ken Blake, MVP"
>"cquirke (MVP Win9x)" > wrote in
>> On Sat, 17 Jan 2004 14:04:51 -0700, "Ken Blake, MVP"

>> >However if I bought a used computer, the first thing I would
>> >do is reinstall the operating system. You have no idea
>> >how the computer has been maintained, what has been
>> >installed incorrectly, what is missing, what viruses, etc.

>> Hmm. OTOH, that will:
>> - lose all patches and subsystem upgrades
>> - require device drivers as per PnP detection

>> The raw "fit to ship" form of the OS may be worse than whatever
>> it is you have, given the risks of RPC attack.

>Although that risk certainly exists, it's easy to get around. All
>you need to do is start the firewall.

To confirm: Does XP's built-in firewall block all RPC attacks?

>Yes, my way loses all patches and upgrades (*if they* had ever
>been installed), but I'd a lot rather redownload and reinstall
>them than live with what the previous owner may or may not have
>done.

For XP, I may agree with you, given that the RPC patch is small and
will "take" without having to install SP1 etc.

For Win2000, I wouldn't - having discovered that the < 1M RPC patch
requires 100M or so of SP2 to be installed first. There's no way in
hell a modem dial-up user is going to manage that download; even
without RPC attackers, the chances of keeping the phone line up that
long (as well as the cost of the call) are obstacles.


You could say that a pre-SP2 Win2000 CD is simply unfit for sale or
resale as an installation disk for modem users, who should demand a
replacement CD as appropriate "product recall" in this situation.

I've recently gone bband and have access to MSDN, but prior to that,
if a Win2000 user came to me for SP2, I'd have to bounce him off to
Microsoft SA... who in turn might duck behind "that's an OEM disk, ask
your OEM" or "we don't deal with clients directly, ask your reseller".

As a reseller myself, I had no effective access to this material until
I got bbanded and MSDN'd. Simply being a reseller of MSware does not
give one access to this material on CD, though IMO it should. It's
unrealistic to expect resellers to cough up for MSDN or Technet simply
so they can fulfill product recall obligations on MS's behalf.


The same thing applies to *any* pre-XP Windows, where IE concerned.
Not one of those products ships with an IE that is "new" enough to be
patched against MIME-spoofing attack, as has commonly been used by
malware since November 2001.

All require a substantial download of a newer IE (and the IE versions
needed for Win95xx are off MS's site), a process that is unrealistic
via modem. The risk is less critical than Lovesan et al, though
simply not using MSware for email does not remove the risk entirely -
any HTML rendered via the OS is a risk, as are .EML files.

In this respect, I was surprised to see SP4 for Win2000 still comes
with IE 5.5 SP0, which is as wide open to MIME-spoofing attack as the
rest of SP4 is to Lovesan etc. RPC attackers. IE 5.5 SP0 is "too old"
to patch, forcing IE upgrade to patchable IE 5.5 SP1 or fixed IE 5.5
SP2 at least, though I'd rather go all the way to IE 6 SP1.



>--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
>--------------- ----- ---- --- -- - - -

Xref: kermit microsoft.public.windowsxp.general:921382

"Browser" > wrote in message
...
> Is is possible to reactivate the Windows XP that comes with a used
computer or do you have to either use the XP edition you had on your old
computer or buy a new XP disk? Please advise- I would like to purchase a
used computer with Windows XP Pro. Thank you


If you purchase a Pre owned PC and they supply it with Windows XP. If the
Windows XP installed is a retail version they MUST give you the original CD
and all other documentation etc. If they do not do this then they have not
transferred the license to you and you are not licensed to use that copy of
Windows on there.
If the Windows XP installed is an OEM version then they must supply either
the OEM CD or restore CD (if one was shipped), for the same reasons as
above.


--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Browser" > wrote in message
...
> Is is possible to reactivate the Windows XP that comes with a used
computer or do you have to either use the XP edition you had on your old
computer or buy a new XP disk? Please advise- I would like to purchase a
used computer with Windows XP Pro. Thank you

"Browser" > wrote in message
...

> Is is possible to reactivate the Windows XP that comes with a
used computer or do you have to either use the XP edition you had
on your old computer or buy a new XP disk? Please advise- I
would like to purchase a used computer with Windows XP Pro.
Thank you


If you don't reinstall the operating system, reactivation is not
necessary. Activation ties the Product key to the hardware, not
to any individual.

However if I bought a used computer, the first thing I would do
with it is reinstall the operating system. You have no idea how
the computer has been maintained, what has been installed
incorrectly, what is missing, what viruses there may be, etc. I
wouldn't want to live with somebody else's mistakes and problems,
and I wouldn't recommend that anyone else do either.

So make sure that the computer you buy includes the Windows CD
,the product key, all documentation, etc, and get assurance from
the seller that he has not kept and used these on another
computer. Without these, you don't have a legal copy of Windows,
and without them, you won't be able to reinstall, either now, if
you take my advice, or at any other time if you need to.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Thank you so much for the information. It is very information and greatly appreciated.

"cquirke (MVP Win9x)" > wrote in
message ...

> On Sat, 17 Jan 2004 18:16:02 -0700, "Ken Blake, MVP"
> >"cquirke (MVP Win9x)" > wrote in
> >> On Sat, 17 Jan 2004 14:04:51 -0700, "Ken Blake, MVP"
>
> >> >However if I bought a used computer, the first thing I
would
> >> >do is reinstall the operating system. You have no idea
> >> >how the computer has been maintained, what has been
> >> >installed incorrectly, what is missing, what viruses, etc.
>
> >> Hmm. OTOH, that will:
> >> - lose all patches and subsystem upgrades
> >> - require device drivers as per PnP detection
>
> >> The raw "fit to ship" form of the OS may be worse than
whatever
> >> it is you have, given the risks of RPC attack.
>
> >Although that risk certainly exists, it's easy to get around.
All
> >you need to do is start the firewall.
>
> To confirm: Does XP's built-in firewall block all RPC attacks?



All? As far as I know it blocks all known ones. It certainly
blocks Blaster. Whether someone might be able to come up with a
new way of doing this that gets around the firewall, I don't
know.


> >Yes, my way loses all patches and upgrades (*if they* had ever
> >been installed), but I'd a lot rather redownload and reinstall
> >them than live with what the previous owner may or may not
have
> >done.
>
> For XP, I may agree with you, given that the RPC patch is small
and
> will "take" without having to install SP1 etc.
>
> For Win2000, I wouldn't - having discovered that the < 1M RPC
patch
> requires 100M or so of SP2 to be installed first. There's no
way in
> hell a modem dial-up user is going to manage that download;
even
> without RPC attackers, the chances of keeping the phone line up
that
> long (as well as the cost of the call) are obstacles.


Even though Windows 2000 doesn't come with a firewall, there are
freeware firewalls that can be downloaded. They are a lot smaller
than 100MB. You could also get one from a friend.

There's also no guarantee that a used computer has the
appropriate patches installed.

If you follow your argument to its logical conclusion, you might
say that nobody should ever install a new copy of Windows or buy
a new computer. Sorry, I can't agree with that.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Browser wrote:

>Is is possible to reactivate the Windows XP that comes with a used computer or do you have to either use the XP edition you had on your old computer or buy a new XP disk?


Activation relates to the hardware, not its owner. If the machine came
with XP installed and activated, it remains so. If the previous owner
cleaned it off and provided you with the installation disks, use them
again.

If you had it on another computer (from a copy bought retail, not an OEM
one) you could also install that, after removing from the old machine -
When it comes to activation, if it is more than 120 days since you last
did it, you will find it will go through on the net just like first
time. If not, you will have to phone a toll-free number that will be
given, to explain and swap one long number for another to check back as
you type it in

--
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K. (remove the D8 bit)

On Sat, 17 Jan 2004 14:04:51 -0700, "Ken Blake, MVP"

>However if I bought a used computer, the first thing I would do
>with it is reinstall the operating system. You have no idea how
>the computer has been maintained, what has been installed
>incorrectly, what is missing, what viruses there may be, etc.

Hmm. OTOH, that will:
- lose all patches and subsystem upgrades
- require device drivers as per PnP detection

The raw "fit to ship" form of the OS may be worse than whatever it is
you have, given the risks of RPC attack.

I really would NOT like to attempt pulling down patches while under a
barrage of Lovesan et al attacks, so first I'd want to pull these down
and keep them in installable form, as well as make sure the PC's
device driver disks are present and working, before proceeding.

The situation is particularly dire for Win2000 victims, who can't
install the 1M patch to block Lovesan et al until they first install
SP2, which is a massive download that is impractical via modem.

Win2000 lacks XP's built-in firewall, which may block the attacks, but
at least it doesn't restart every time a system error arises or the
RPC service fails as XP does by default.



>--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
>--------------- ----- ---- --- -- - - -

"cquirke (MVP Win9x)" > wrote in
message ...

> On Sat, 17 Jan 2004 14:04:51 -0700, "Ken Blake, MVP"
>
> >However if I bought a used computer, the first thing I would
do
> >with it is reinstall the operating system. You have no idea
how
> >the computer has been maintained, what has been installed
> >incorrectly, what is missing, what viruses there may be, etc.
>
> Hmm. OTOH, that will:
> - lose all patches and subsystem upgrades
> - require device drivers as per PnP detection
>
> The raw "fit to ship" form of the OS may be worse than whatever
it is
> you have, given the risks of RPC attack.


Although that risk certainly exists, it's easy to get around. All
you need to do is start the firewall. I still don't want to
inherit anyone else's problems, and I can't imagine wanting to
live with a used operating system, set up, configured, and
mainained by someone I don't know, and probably would trust if I
did know.

Yes, my way loses all patches and upgrades (*if they* had ever
been installed), but I'd a lot rather redownload and reinstall
them than live with what the previous owner may or may not have
done.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup


> I really would NOT like to attempt pulling down patches while
under a
> barrage of Lovesan et al attacks, so first I'd want to pull
these down
> and keep them in installable form, as well as make sure the
PC's
> device driver disks are present and working, before proceeding.
>
> The situation is particularly dire for Win2000 victims, who
can't
> install the 1M patch to block Lovesan et al until they first
install
> SP2, which is a massive download that is impractical via modem.
>
> Win2000 lacks XP's built-in firewall, which may block the
attacks, but
> at least it doesn't restart every time a system error arises or
the
> RPC service fails as XP does by default.
>
>
>
> >--------------- ----- ---- --- -- - - -
> Dreams are stack dumps of the soul
> >--------------- ----- ---- --- -- - - -

On Sat, 17 Jan 2004 18:16:02 -0700, "Ken Blake, MVP"
>"cquirke (MVP Win9x)" > wrote in
>> On Sat, 17 Jan 2004 14:04:51 -0700, "Ken Blake, MVP"

>> >However if I bought a used computer, the first thing I would
>> >do is reinstall the operating system. You have no idea
>> >how the computer has been maintained, what has been
>> >installed incorrectly, what is missing, what viruses, etc.

>> Hmm. OTOH, that will:
>> - lose all patches and subsystem upgrades
>> - require device drivers as per PnP detection

>> The raw "fit to ship" form of the OS may be worse than whatever
>> it is you have, given the risks of RPC attack.

>Although that risk certainly exists, it's easy to get around. All
>you need to do is start the firewall.

To confirm: Does XP's built-in firewall block all RPC attacks?

>Yes, my way loses all patches and upgrades (*if they* had ever
>been installed), but I'd a lot rather redownload and reinstall
>them than live with what the previous owner may or may not have
>done.

For XP, I may agree with you, given that the RPC patch is small and
will "take" without having to install SP1 etc.

For Win2000, I wouldn't - having discovered that the < 1M RPC patch
requires 100M or so of SP2 to be installed first. There's no way in
hell a modem dial-up user is going to manage that download; even
without RPC attackers, the chances of keeping the phone line up that
long (as well as the cost of the call) are obstacles.


You could say that a pre-SP2 Win2000 CD is simply unfit for sale or
resale as an installation disk for modem users, who should demand a
replacement CD as appropriate "product recall" in this situation.

I've recently gone bband and have access to MSDN, but prior to that,
if a Win2000 user came to me for SP2, I'd have to bounce him off to
Microsoft SA... who in turn might duck behind "that's an OEM disk, ask
your OEM" or "we don't deal with clients directly, ask your reseller".

As a reseller myself, I had no effective access to this material until
I got bbanded and MSDN'd. Simply being a reseller of MSware does not
give one access to this material on CD, though IMO it should. It's
unrealistic to expect resellers to cough up for MSDN or Technet simply
so they can fulfill product recall obligations on MS's behalf.


The same thing applies to *any* pre-XP Windows, where IE concerned.
Not one of those products ships with an IE that is "new" enough to be
patched against MIME-spoofing attack, as has commonly been used by
malware since November 2001.

All require a substantial download of a newer IE (and the IE versions
needed for Win95xx are off MS's site), a process that is unrealistic
via modem. The risk is less critical than Lovesan et al, though
simply not using MSware for email does not remove the risk entirely -
any HTML rendered via the OS is a risk, as are .EML files.

In this respect, I was surprised to see SP4 for Win2000 still comes
with IE 5.5 SP0, which is as wide open to MIME-spoofing attack as the
rest of SP4 is to Lovesan etc. RPC attackers. IE 5.5 SP0 is "too old"
to patch, forcing IE upgrade to patchable IE 5.5 SP1 or fixed IE 5.5
SP2 at least, though I'd rather go all the way to IE 6 SP1.



>--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
>--------------- ----- ---- --- -- - - -

"cquirke (MVP Win9x)" > wrote in
message ...

> On Sat, 17 Jan 2004 18:16:02 -0700, "Ken Blake, MVP"
> >"cquirke (MVP Win9x)" > wrote in
> >> On Sat, 17 Jan 2004 14:04:51 -0700, "Ken Blake, MVP"
>
> >> >However if I bought a used computer, the first thing I
would
> >> >do is reinstall the operating system. You have no idea
> >> >how the computer has been maintained, what has been
> >> >installed incorrectly, what is missing, what viruses, etc.
>
> >> Hmm. OTOH, that will:
> >> - lose all patches and subsystem upgrades
> >> - require device drivers as per PnP detection
>
> >> The raw "fit to ship" form of the OS may be worse than
whatever
> >> it is you have, given the risks of RPC attack.
>
> >Although that risk certainly exists, it's easy to get around.
All
> >you need to do is start the firewall.
>
> To confirm: Does XP's built-in firewall block all RPC attacks?



All? As far as I know it blocks all known ones. It certainly
blocks Blaster. Whether someone might be able to come up with a
new way of doing this that gets around the firewall, I don't
know.


> >Yes, my way loses all patches and upgrades (*if they* had ever
> >been installed), but I'd a lot rather redownload and reinstall
> >them than live with what the previous owner may or may not
have
> >done.
>
> For XP, I may agree with you, given that the RPC patch is small
and
> will "take" without having to install SP1 etc.
>
> For Win2000, I wouldn't - having discovered that the < 1M RPC
patch
> requires 100M or so of SP2 to be installed first. There's no
way in
> hell a modem dial-up user is going to manage that download;
even
> without RPC attackers, the chances of keeping the phone line up
that
> long (as well as the cost of the call) are obstacles.


Even though Windows 2000 doesn't come with a firewall, there are
freeware firewalls that can be downloaded. They are a lot smaller
than 100MB. You could also get one from a friend.

There's also no guarantee that a used computer has the
appropriate patches installed.

If you follow your argument to its logical conclusion, you might
say that nobody should ever install a new copy of Windows or buy
a new computer. Sorry, I can't agree with that.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Browser wrote:

>Is is possible to reactivate the Windows XP that comes with a used computer or do you have to either use the XP edition you had on your old computer or buy a new XP disk?


Activation relates to the hardware, not its owner. If the machine came
with XP installed and activated, it remains so. If the previous owner
cleaned it off and provided you with the installation disks, use them
again.

If you had it on another computer (from a copy bought retail, not an OEM
one) you could also install that, after removing from the old machine -
When it comes to activation, if it is more than 120 days since you last
did it, you will find it will go through on the net just like first
time. If not, you will have to phone a toll-free number that will be
given, to explain and swap one long number for another to check back as
you type it in

--
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K. (remove the D8 bit)

Ken Blake, MVP wrote:

>
>All? As far as I know it blocks all known ones. It certainly
>blocks Blaster. Whether someone might be able to come up with a
>new way of doing this that gets around the firewall, I don't
>know.
>

It blocks all ports incoming, apart from the basic few associated with
mail, news and http. Certainly from XP SP1 - it was said that NetBios -
the relevant one - was left open by default before SP1, but it is the
work of a moment to check that in its settings. This type of attack
must depend on getting through a port to some service that listens to it
- hence the Messenger service pop-up ads. That comes in to attack that
service through the self same port 138, which is why stopping the
messenger service is not good advice, because it leaves the basic hole
still unplugged


--
Alex Nichol MS MVP (Windows Technologies)
Bournemouth, U.K. (remove the D8 bit)

In ,
Alex Nichol > typed:

> Ken Blake, MVP wrote:
>
>>
>>All? As far as I know it blocks all known ones. It certainly
>>blocks Blaster. Whether someone might be able to come up with a
>>new way of doing this that gets around the firewall, I don't
>>know.
>>
>
> It blocks all ports incoming, apart from the basic few
associated with
> mail, news and http. Certainly from XP SP1 - it was said that
> NetBios - the relevant one - was left open by default before
SP1, but
> it is the work of a moment to check that in its settings. This
type
> of attack must depend on getting through a port to some service
that
> listens to it - hence the Messenger service pop-up ads. That
comes
> in to attack that service through the self same port 138, which
is
> why stopping the messenger service is not good advice, because
it
> leaves the basic hole still unplugged


Thanks, Alex.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup