|
Microsoft Tightens the Screws on Windows Pirates
Published: October 11, 2006
by Alex Woodie
Microsoft is closing a giant loophole in its Windows licensing system that should dramatically reduce the ability of software pirates to distribute forged copies of the operating system, the software giant announced last week. The new system, which will debut with Windows Vista and Windows Server "Longhorn," will incrementally reduce the functionality of the operating system until the Windows license keys, which will be encrypted for the first time, are cleared with Microsoft over the Internet.
Software piracy is a huge problem for Microsoft and its business partners. According to the Business Software Alliance, 35 percent of all software installed in 2005 was unlicensed or pirated, a figure that corresponds with a $35 billion loss. While Microsoft is still doing an extremely profitable--if somewhat flat--business selling Windows and Office software, Microsoft's reseller partners feel the sting much more acutely.
To cut down on software piracy and help boost the business of its resellers, the software giant last week introduced the Software Protection Platform. The new anti-piracy measures will be first rolled out with upcoming releases of Windows Vista and Windows Server "Longhorn," but will eventually be used with every Microsoft product, the company says.
Software pirates have had a free reign for a long time, but that lawlessness is about to end, according to Cori Hartje, director of Microsoft's Genuine Software Initiative. "Over the years, IT professionals have stressed to us that the software is too easy to pirate, and knowing that they are getting genuine installations is often difficult," she says.
To remedy this, Microsoft is introducing the SP Platform, which Hartje describes as "a new set of technologies that will help Microsoft make software piracy harder, help protect consumers from the risks of counterfeit software, and better enable small to large businesses to manage their software assets."
A key part of the SP Platform is the introduction of encryption technology to protect license keys. Up to this point, license keys have been stored in plain text in the Windows registry, which makes it very easy for software pirates to duplicate and redistribute Windows. With the next releases of the operating systems, license keys will be kept in an encrypted store, which should greatly cut down on the instances of piracy.
Windows will enter a "non-genuine" state when an incorrect key is used, when Windows detects a license key has been tampered with, or when Windows detects an attempt to hack the product activation. Microsoft is constantly searching for commonly used product activation keys, and if it finds that a particular key is being abused, it will cut off that key. Up to this point, the keys most commonly abused have been volume license keys, but now Microsoft has a better way to police those keys.
Volume Licensing
The SP Platform program will introduce Volume Activation 2.0, which brings two ways for enterprise Windows shops to validate the license keys of large numbers of computers. The first technology, called Key Management Service (KMS), uses a single license key, controlled by a trusted individual, that is used to authenticate Windows. Computers will connect to the KMS service, running on a Windows Vista workstation or a server (either Windows Server Longhorn server or Windows Server 2003, which should support KMS by next spring) at least twice a year.
The second volume activation method is called Multiple Activation Keys (MAK). Under MAK, a customer receives a MAK key with a limited number of activations on it, although computers must connect to a Microsoft server over the Internet or users must call Microsoft on the phone to authenticate their keys. Computers only need to authenticate once, compared to every six months under KMS. Microsoft says this method is best for smaller shops (25 users or less) or for those shops where computers are not always hooked up to the network. Microsoft also plans to issue a Microsoft Operations Manager (MOM) plug-in to help users manage their PCs under Volume Activation 2.0.
Microsoft says Volume Activation information will be kept separate from volume billing information, according to Hartje. Microsoft's volume license data collection techniques have been a concern of volume license customers since the company started ramping up its Software Asset Management (SAM) program to reign in volume customers who are installing Windows on more machines than they are supposed to under their contracts. To prove no untoward bits are making their way to Redmond, Microsoft reportedly certified the datastream with a third party.
Volume license customers who have concerns about the program or feel that their versions of Windows have been incorrectly labeled as non-genuine will be able to contact Microsoft through a call center the software giant is setting up to handle these types of complaints.
'Enhanced' Reduced Functionality
Under the SP Platform, Windows will begin cutting off access to features when it enters a state of non-genuineness. Microsoft has offered reduced functionality capabilities with previous versions of Windows, but with Windows Vista and Longhorn, reduced functionality has been enhanced, according to Hartje.
Windows Vista and Windows Server Longhorn users will have 30 days of full functionality from the time they first boot up the computer to complete the product activation, which is the same amount of time they are given now. The copy of Windows must also be validated every time software updates are applied, and if the copy of Windows is found not to be genuine, the user is put on 30-day notice again.
This validation process is not required to receive security updates from Microsoft. The company has made a point of enabling all copies of Windows--genuine and pirated--to get access to security patches, which increases the security of all Windows users in this inter-connected world.
If a copy of Windows has not been validated after the 30-day notice, then it enters into reduced functionality mode and an icon in the lower right corner of the interface (above the taskbar) informs the user that "this copy of Windows is not genuine." The user is also presented with a reminder that pops up every time they log onto a computer that hasn't been validated.
Versions of Windows in Reduced Functionality Mode (RFM) do not display a start menu or desktop icons, and the desktop background is changed to black, according to Microsoft. Additionally, the user is logged off every hour, without warning. The user can log back on, and no data will be lost, Microsoft says. But it will have made its point.
Computers in RFM will no longer be able to run several features that debut with Vista, including the Windows Aero interface, the new Windows ReadyBoost function (which enables computers to utilize USB flash memory thumb drives as system memory), or the Windows Defender anti-malware software (Defender will continue to detect malware, but uses won't be able to remove it). They also will not be able to download optional updates from Windows Update, such as new versions of Windows Media or Internet Explorer, which is the same as it's been for Windows XP.
Users can end the RFM by entering a product key, either through the one-off MAK technique (over the phone or over the Internet) or by obtaining a key through KMS.
Security Boost
Microsoft expects its new MSPP program to increase the security of Windows users. "Those who have unknowingly purchased counterfeit software often have a compromised experience of the product." Hartje says. "They're also at greater risk, since counterfeit software can expose consumers and businesses to spyware, viruses, faulty code, and identity theft.
Microsoft recently took a close look at CDs containing pirated software, and although it found that these CDs often didn't work correctly and often contained other programs or binary code, it made no mention of viruses or malware, leaving one to speculate that the majority of the malware contained in pirated software is distributed over the Internet as opposed to via physical media.
RELATED STORIES
Microsoft Sues 20 Resellers for Piracy, Sees What's On Counterfeit CDs
Microsoft Leans on SAM as Licensing Grows More Complex
|
