MS opens up on Whistler copy protection

No privacy invasion, no plot, no hassle - honest...

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The product activation copy protection system that will ship with Whistler and Office 10 will form the basis of a "cross product" protection system for Microsoft software, and the signs are that the company will move heaven and earth to make it stick. Speaking to The Register earlier today Microsoft product manager, licensing technology group, Allan Nieman went through the checklist of gotchas, and explained why product activation is a pussycat really.

But first, although cracks and patches dealing with the protection in Whistler builds 2410 and 2416 (an "internal" Microsoft build currently maiming bandwidth in shady circles) have been produced, it would seem that the panic produced by product activation's appearance in the beta code was unnecessary - according to Nieman, neither of these builds is actually protected. "It's just a UI screen," he says, a "first glimpse" of what the system will look like. Just click next, as Microsoft's technical beta testers have now been informed. Duh.

Obviously that won't be the case with the shipping product, so the work of the script kiddies won't have been entirely in vain. But Microsoft really, really wants people not to hate product activation and - strange but at least at the moment true - is trying to draw a sharp distiction between activation and registration. And, by the way, registration will not be compulsory, according to Nieman.

As has now been widely reported, product activation takes a product key from the software packaging, combines it with a code generated from the specific hardware you're installing on, and then in exchange for the result you get an unlock key from Microsoft, either over the Web or by phone. But this is not registration. You only need to give Microsoft the code, not your name or anything else, so it's entirely anonymous unless Microsoft is doing any surreptitious sniffing, which Nieman assures us it is not.

Nor, he guarantees, will the software check into base on a "phone home" basis after you've unlocked it. Once it's unlocked it'll be a fully stand-alone product that doesn't try to regularly validate itself with Microsoft. Presumably this will mean that the "rental" versions of products Microsoft will be testing will have some form of time bomb rather than a phone home, but it seems pretty clear that Microsoft is willing to go quite a distance to separate privacy issues from anti-piracy.

One could reasonably doubt that it can keep it up, or even (given the nature of .NET) that it's technically feasible to keep it up in the longer term. When Microsoft tested the precursor to product activation in various countries with Office 2000, Nieman says the company processed six million activation requests in 24 months. That's chicken feed compared to the tens of millions of activations a year if the system just applied to Windows, and the marketing people surely can't be happy about passing up data on that number of people.

Nevertheless, registration will be separate, and won't be compulsory. Not exactly, anyway - Microsoft has required registration for access to product updates in the past, and the position here tends to be a bit variable. The activation process was described as the "Office Registration Wizard" in the O2K test, but that was what you might call infelicitious. Nor did you actually have to register as such - according to Nieman the only data required was country.

So in that case, why is Microsoft bothering? Nieman says the system is primarily directed at "casual copying," where people loan one another software, pass it around the office, install multiple copies with just the one licence and so on. The system will certainly tend to stop people doing this, but on the other hand that could give casual copiers sufficient impetus to dig out the cracks and use them, and recordable CD makes that awfully tempting. Think yourself into the position of paterfamilias, one PC for him, one each for the two kids to do their homework, so what's he going to say to three Office licences? Student licensing, yes we know, but he doesn't, and anyway it's a hassle. He might hear about student licensing, or then again he might hear about StarOffice being free.

You can circumvent the Whistler product activation system as described here last week, and there are also two files circulating which deal with the CD key and the time bomb on the Whistler beta. Put together with a bit of cosmetics these provide the means to produce a completely unprotected Whistler CD, and it's unlikely there'll be any difference when it comes to the shipping product.

That leaves it as eminently crackable, and whether it is cracked on a widespread basis or not will depend to some extent on cost, to some on hassle. Large numbers of consumers and small businesses swap software, and they're not about to stump up the readies to convert their current unlicensed software to full product. Even in businesses that do pay their licences, systems managers will frequently produce their own unprotected copies to avoid having to go through the activation process over and over again.

But, says, Microsoft, they don't have to - and this is where you can maybe see an angle for the company. Product activation won't be present for the enterprise Select and the volume Open licensing deals. These will still require a single unlock for the media, but after that you can do multiple installs, just keeping a tally of the licences you're using. Microsoft licence management software will no doubt help you out here, and the Open licence scheme goes as low as five copies, for which you get discounts. Except on old operating systems Redmond wants you to stop using.

Microsoft sees promotion of the Open licence to small businesses as going alongside product activation for consumers, as businesses will be encouraged to go for the volume deals. Of course by doing so, you report yourself to Microsoft, and are therefore more readily auditable. So consumers get roadblocks to stop them sharing with their friends, Microsoft's reach extends further down the business food chain, but there are no privacy implications. Microsoft likely won't squeeze much more money out of the consumer market, but by being better able to police "unprotected" business licences, it could do well there. Quite a paradox, no? ®

Related Story

Copy protection on Whistler easily cracked

Providing a secure and efficient Helpdesk

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
prev story


Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.