|
Microsoft Hits Snags in Anti-Piracy Net
Published: February 7, 2007
by Alex Woodie
Like the nation's war on terror, Microsoft's war on software pirates has seen its ups and downs. Controversies ensued in 2005, when Microsoft launched its Windows Genuine Advantage (WGA) program, and again last year, when Microsoft's Software Asset Management (SAM) ran into accusations of heavy-handedness. Now with Windows Vista, Microsoft has locked down the operating system even more with the new Software Protection Platform (SPP), but some are wondering if the software giant has given them the right tools to co-exist with SPP.
Make no doubt about it,software piracy is a huge problem and Microsoft has the moral and legal authority to fight it. Recent calculations by the pro-Microsoft Business Software Alliance found that 35 percent of the software in the world is pirated, which translates into a $35 billion hit on the part of Microsoft and other software developers.
Microsoft started to crack down on piracy in earnest during the summer of 2005, when it started rolling out the WGA program. Under WGA--which Microsoft maintains is a voluntary program--users first authenticate their copy of Windows, by downloading an ActiveX control when prompted, before they download any updates from Microsoft. The exception to WGA is security updates; even Microsoft wants pirates to apply their patches. (Just not over their eye. Argh!)
The problem with WGA is that it hasn't always worked properly, and sometimes incorrectly flagged legitimate users as software pirates. While Microsoft has not disclosed the actual rate of false positives under WGA, it has disclosed some numbers, and they've raised an eyebrow or two. According to Microsoft, 22 percent of the systems checked by the WGA tool failed the validation check. However, of the 100 million or so systems that failed the WGA check, about one in five were tagged for something other than using a pirated license key. This strongly suggests that about half a percent, or more than 5 million users, were falsely tagged as being software pirates by WGA.
Microsoft faced another WGA misstep last June when a California man filed a lawsuit accusing the software giant's WGA software of being spyware. While the lawsuit had a laundry list of reasons why WGA should be labeled spyware, the feature that hit the hardest was a "phone home" feature that sent information from the user's computer to Microsoft servers. Microsoft subsequently toned down--but did not fully remove--the feature due to public pressure.
Microsoft also sought to clarify the perception that WGA was a requirement. A new version of WGA, released in late November, includes a wizard that's supposed to make it clearer that WGA is optional, and not a requirement. However, the fact remains that WGA is distributed through Windows Update--a mechanism that is primarily used to distribute security patches and fixes for bugs in the operating systems--which makes this claim dubious, at best. Also included in the November WGA release was a new category, labeled "indeterminate," for computers that neither pass nor fail the validation checks.
Microsoft also received sharp criticism from some of its volume customers over its SAM program. SAM seeks to root out a less pernicious--but still costly--form of software piracy: large corporate users who use more Microsoft product than what they paid for. Under SAM, Microsoft uses data mining techniques to find volume license customers that could be out of compliance with the terms of their agreements, and then shares this information with partners who due the grunt work of calling these customers on the phone.
However, just like with WGA, Microsoft ran into accusations of heavy-handedness and deceptive practices with SAM. Some of Microsoft's volume customers reported the SAM calls felt more like mandatory audits than voluntary assessments.
Like it did with WGA, Microsoft is seeking to make the SAM program clearer. Last month, it re-formed the outreach portion of its SAM program in the U.K. to include a succession of letters from its partner, the BSA, each more strongly worded than the previous one, culminating with a threat of legal action.
While Windows WGA and SAM carry on, Microsoft is ramping up the next iteration of Microsoft's ongoing war on piracy: the SPP.
SPP incorporates directly into Windows Vista operating system many of the features of WGA, and adds a few new anti-piracy tricks of its own. For one, license keys are no longer stored in plain text in the registry, where any enterprise pirate can easily copy them. Instead, keys are now encrypted, which puts a big hurdle in front of any would-be pirates.
But perhaps the most daunting of the SPP features is the "reduced functionality" mode that Vista PCs will enter within 30 days of activation when their license keys haven't been correctly validated, when an incorrect key is used, or when it detects a license key has been tampered with. Under this new feature, users will be able to browse the Web for an hour at a time, before they're logged out of Windows Vista. Users can log back on as many times as they like, but the succession of log-ons is expected to render the computers very frustrating to use and essentially useless.
Under SPP, Microsoft is providing two ways for enterprise Windows shops to validate the license keys of large numbers of computers. Under the first volume activation method, called Multiple Activation Keys (MAK), a customer receives a MAK key with a limited number of activations on it. To authenticate the keys, computers must connect to a Microsoft server over the Internet, or a user must call Microsoft on the phone. Because of the manual work involved, MAK is best suited for smaller shops, with fewer than 25 PCs.
The second choice is called Key Management Service (KMS). Under KMS, a single license key, controlled by a trusted individual, is used to authenticate multiple copies of Windows Vista. However, to keep Vista from entering an invalidated state, computers must connect to the KMS service every 180 days.
Here's the sticking point: The KMS service must be run from a Windows Vista workstation, which is impractical for very large users--those with, say, 10,000 or more PCs. Currently, there's no way to authenticate large numbers of Windows Vista PCs from an internal server. Microsoft plans to enable the KMS service to be run from Windows Server "Longhorn," but of course Longhorn won't ship until next year.
Microsoft plans to enable MAK to run from Windows Server 2003, via the Volume Activation Management Tool (VAMT), which perhaps will give large shops a better way to manage their Vista licenses in lieu of KMS support on Windows Server 2003, or Longhorn. But Microsoft won't ship VAMT until next month, putting early adopters for Vista at a disadvantage. The fact is, most businesses won't be upgrading to Vista for quite some time, but it would be nice for volume customers to have a smooth path to upgrade now, if they desire.
In the same way the U.S. government has taken the fight to terrorists, Microsoft has gone on the offensive against software piracy. You can't argue against either cause, because the world would undoubtedly be a better place without terrorists and pirates. However, innocent bystanders are needlessly being subjected to cross-fire, raising important questions about the execution of both campaigns.
RELATED STORIES
Microsoft Tightens the Screws on Windows Pirates
Microsoft Leans on SAM as Licensing Grows More Complex
 Post this story to del.icio.us
 Post this story to Digg
 Post this story to Slashdot
|
