MS opens up on Whistler copy protection

No privacy invasion, no plot, no hassle - honest...

  • alert
  • submit to reddit

New hybrid storage solutions

The product activation copy protection system that will ship with Whistler and Office 10 will form the basis of a "cross product" protection system for Microsoft software, and the signs are that the company will move heaven and earth to make it stick. Speaking to The Register earlier today Microsoft product manager, licensing technology group, Allan Nieman went through the checklist of gotchas, and explained why product activation is a pussycat really.

But first, although cracks and patches dealing with the protection in Whistler builds 2410 and 2416 (an "internal" Microsoft build currently maiming bandwidth in shady circles) have been produced, it would seem that the panic produced by product activation's appearance in the beta code was unnecessary - according to Nieman, neither of these builds is actually protected. "It's just a UI screen," he says, a "first glimpse" of what the system will look like. Just click next, as Microsoft's technical beta testers have now been informed. Duh.

Obviously that won't be the case with the shipping product, so the work of the script kiddies won't have been entirely in vain. But Microsoft really, really wants people not to hate product activation and - strange but at least at the moment true - is trying to draw a sharp distiction between activation and registration. And, by the way, registration will not be compulsory, according to Nieman.

As has now been widely reported, product activation takes a product key from the software packaging, combines it with a code generated from the specific hardware you're installing on, and then in exchange for the result you get an unlock key from Microsoft, either over the Web or by phone. But this is not registration. You only need to give Microsoft the code, not your name or anything else, so it's entirely anonymous unless Microsoft is doing any surreptitious sniffing, which Nieman assures us it is not.

Nor, he guarantees, will the software check into base on a "phone home" basis after you've unlocked it. Once it's unlocked it'll be a fully stand-alone product that doesn't try to regularly validate itself with Microsoft. Presumably this will mean that the "rental" versions of products Microsoft will be testing will have some form of time bomb rather than a phone home, but it seems pretty clear that Microsoft is willing to go quite a distance to separate privacy issues from anti-piracy.

One could reasonably doubt that it can keep it up, or even (given the nature of .NET) that it's technically feasible to keep it up in the longer term. When Microsoft tested the precursor to product activation in various countries with Office 2000, Nieman says the company processed six million activation requests in 24 months. That's chicken feed compared to the tens of millions of activations a year if the system just applied to Windows, and the marketing people surely can't be happy about passing up data on that number of people.

Nevertheless, registration will be separate, and won't be compulsory. Not exactly, anyway - Microsoft has required registration for access to product updates in the past, and the position here tends to be a bit variable. The activation process was described as the "Office Registration Wizard" in the O2K test, but that was what you might call infelicitious. Nor did you actually have to register as such - according to Nieman the only data required was country.

So in that case, why is Microsoft bothering? Nieman says the system is primarily directed at "casual copying," where people loan one another software, pass it around the office, install multiple copies with just the one licence and so on. The system will certainly tend to stop people doing this, but on the other hand that could give casual copiers sufficient impetus to dig out the cracks and use them, and recordable CD makes that awfully tempting. Think yourself into the position of paterfamilias, one PC for him, one each for the two kids to do their homework, so what's he going to say to three Office licences? Student licensing, yes we know, but he doesn't, and anyway it's a hassle. He might hear about student licensing, or then again he might hear about StarOffice being free.

You can circumvent the Whistler product activation system as described here last week, and there are also two files circulating which deal with the CD key and the time bomb on the Whistler beta. Put together with a bit of cosmetics these provide the means to produce a completely unprotected Whistler CD, and it's unlikely there'll be any difference when it comes to the shipping product.

That leaves it as eminently crackable, and whether it is cracked on a widespread basis or not will depend to some extent on cost, to some on hassle. Large numbers of consumers and small businesses swap software, and they're not about to stump up the readies to convert their current unlicensed software to full product. Even in businesses that do pay their licences, systems managers will frequently produce their own unprotected copies to avoid having to go through the activation process over and over again.

But, says, Microsoft, they don't have to - and this is where you can maybe see an angle for the company. Product activation won't be present for the enterprise Select and the volume Open licensing deals. These will still require a single unlock for the media, but after that you can do multiple installs, just keeping a tally of the licences you're using. Microsoft licence management software will no doubt help you out here, and the Open licence scheme goes as low as five copies, for which you get discounts. Except on old operating systems Redmond wants you to stop using.

Microsoft sees promotion of the Open licence to small businesses as going alongside product activation for consumers, as businesses will be encouraged to go for the volume deals. Of course by doing so, you report yourself to Microsoft, and are therefore more readily auditable. So consumers get roadblocks to stop them sharing with their friends, Microsoft's reach extends further down the business food chain, but there are no privacy implications. Microsoft likely won't squeeze much more money out of the consumer market, but by being better able to police "unprotected" business licences, it could do well there. Quite a paradox, no? ®

Related Story

Copy protection on Whistler easily cracked

Security for virtualized datacentres

More from The Register

next story
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.