WinXP: product activation, updates and control freakery

What you have to deal with before you install...

  • alert
  • submit to reddit

New hybrid storage solutions

XP diaries A week or so ago Microsoft finally plied The Register with a small stack of state of the art XP code. We now have the official WinXP beta 2, a Corporate Preview Program CD of Office XP, and a production Office XP CD as well. All of this seems to work, which is more than can be said for the snazzy Office XP wristwatch we collected at the same time - but that's another story.*

In recent months Microsoft's High Command has taken to describing WinXP as the company's most important product since Windows 95, and The Register has rather heartlessly suggested this indicates advanced Alzheimer's, considering that Win2k was the really big effort. But seriously, you can see where they're coming from. WinXP is rock solid stable, finally converges Microsoft operating systems onto a single codebase for business and consumer, and will be pitched as a universal platform not just for PCs but for all sorts of other 'successor' devices as well.

You can reasonably grouse about how long it's taken Microsoft to do this, and grouse some more about the crash-prone rubbish the company has been serving up to consumers for the best part of a decade, but finally, it's happening. XP is the Big One for Microsoft, and there's enough about it that's good for it to look highly likely to see off any Linux threat - at least as far as the client and some areas of the appliance market are concerned.

This naturally comes at a price; XP is aimed at fairly well-specced hardware, 128 megs of RAM and a decent speed Pentium III or better. But new machines are exceeding that spec already, and there won't be many footprint problems for XP by the time it ships later this year. Plus, it would seem that WinXP doesn't really need all that hardware - but more of this anon.

The other component of the price you (maybe) have to pay comes under the general heading of Microsoft anti-piracy and control-freakery activities. XP will use Microsoft's product activation system (we're stopping calling it a technology - right now, it isn't), will allow Microsoft to elect itself as quality control supremo for device drivers and (later) applications, and will make a fair stab at putting you off MP3 files. It may also stop you burning CDs if you don't already own the data.

These are sufficiently large downsides to make it possible that many of the more, ah, XPerienced users will simply boycott the OS. One senior industry exec we've spoken to who's close to the beta even views product activation as having the potential to become Microsoft's Stalingrad. That's probably putting it too strong, considering that most of the people who buy a new PC will get XP, and will tend to just go along the routes Microsoft has defined for them - but on the other hand, if they did get riled, then it all could snowball, and the Great Revolt could happen.

So to sum up we've got a very good OS that's a pleasure to use, and that you're going to think just about justifies the vast hardware footprint. Sure, they could have done it better, leaner, coded it more elegantly and more efficiently, but it works, and that's a major blessing. On the other hand it wants to run your life rather more than you'd probably like (you want Microsoft to run your life at all? Exactly...), and it's likely just a couple of revs away from giving the scumbags in the recording industry direct access to your wallet. Decisions, decisions...

Product Activation

Finally having legit code gave me the ability to verify the activation procedure itself and the workarounds. If you want to avoid this process, then there's some good news and some bad news. First of all, the current product keys for Windows XP beta 2 circulating on the Web work with genuine code, as you'd expect them to. They do not of themselves switch off the timer which will compel your use of the activation process
14 days after you first boot the OS, but the cracks also circulating will do this. The beta code itself times out 180 days after first boot, but that's a separate crack, and anyway, won't you want production code by then?

The universal key currently circulating for Office XP also works on the Corporate Preview Program code, and does circumvent activation. Try to activate after you've used it, and it comes back with the message "this product has already been activated." The CPP code itself times out, of course, but provided there's a time crack for it, copied versions could effectively be live code. But discerning pirates will no doubt go for copies of the production version instead, and not have to bother with the time crack.

So that's the good news - activation still seems easy to get around, although naturally we're not suggesting widespread piracy of Office XP could be, ah, good news.

The bad news is what it says in the licence agreement:

"Mandatory Activation. The license rights granted under the EULA may be limited to the first fourteen (14) days after Recipient first boots the Software Product unless Recipient activates Recipient's copy of the Software Product in the manner described during the setup sequence of the Software Product and, as a result of such activation, Recipient receives a final confirmation number for the Software Product."

That, I think, is the important bit. Activation itself is a paper tiger, but by not activating, you are in breach of your licence agreement. Hence, you do not have a legal installation. Think about the implications of this, and again you'll find good news and bad news.

If you don't have a 'legal' copy, even if you have paid for it (which is what that paragraph says will be the case if you don't activate properly), it'll only be a problem for you if the feds come calling. Microsoft is not about to bust its way through the world's playgrounds so consumers are safe, and anyway, Microsoft's lawyers will probably be keen to avoid establishing the wrong legal precedent as regards people buying the product then not activating it.

But it'll be a different matter in business. There, if you don't activate the product properly you're going to be in trouble, because the different licensing mechanism for XP Professional means that Microsoft knows who you are. Microsoft has also been getting keener and keener on software audits for businesses, and has identified small businesses as target number one for anti-piracy enforcement. The bottom line of product activation as currently constituted, it seems to me, is that it would be reckless for businesses, particularly small businesses, to try to circumvent product activation. They're going to come after you if you do, and it'll cost.

I've still got some questions about activation. The basic transaction as far as consumers are concerned is anonymous; you type in the key, the software swizzles it around with the local hardware spec then sends a request to MS, and you get back a number. But Microsoft doesn't know who you are. So, if you use a known 'universal' or compromised key you're obviously not going to get a legit number back (I'll check this later just to make double sure), but the installation itself will proceed, and as Microsoft doesn't know who you are, nothing happens to you, right? Obviously you'd have to crack the 14 days to carry on using the software.

In response to this Microsoft tells me, 'ah, but we know whose key it is you used.' But I don't see where this gets them - corporate key escapes onto market, is used by 10,000 warez enthusiasts, so what happens? Microsoft phones up the owner of the key and tells them they're naughty and careless? Microsoft invoices the owner for 10,000 extra copies of WinXP? (That'd go down a bundle with MIS) It's a puzzle.

What about updates? Microsoft could conceivably check the confirmation number during registration for Windows Update and reject hooky installations, and considering that Microsoft intends to centralise all device drivers on Windows Update, this would be a major gotcha. But if Microsoft did do this, it would undermine the claimed one-time nature of the activation procedure. Loads of people would then shout 'we knew they were lying,' so it doesn't sound like a good idea to me. But again, I'll check.

Finally, there's the status of cracks to consider. It's possible that Microsoft could interpret the use of cracks as a breach of the Digital Millennium Copyright Act (DMCA). At the moment it's difficult to see how deleting the odd .exe and twiddling with the registry (isn't that what the registry's for?) could be an offence, but it wouldn't be hard for Microsoft to build in something that required a little light reverse-engineering, and that would be an offence.

Windows Update

The whole signed driver experience is the other bit of control freakery you're likely to run into during the install. Microsoft is mounting a major push to improve quality of device drivers and to improve the end user experience, so XP includes a driver rating system. You can set it to install all drivers without warning you, to install only signed drivers, or to warn you before installing unsigned drivers. As all signed drivers are intended to be stored at Windows Update, users who find they haven't been shipped a signed driver with their new piece of hardware can just check at Update.

From the consumer's perspective the regime is positive, if Windows Update holds a huge pile of signed drivers for all of the hardware they're likely to be using. But with the Win2k and WinME experience in mind, one could doubt this just a tad as being a likely scenario for the off.

At this stage at least, however, the process is a little troubling. One of the test pieces of hardware I've used so far uses an Asus AGP Pro 7700 graphics card, which isn't supported in beta 2. It installed with generic Geforce drivers instead, but as it seemed to be locked to a maximum 800x600 I decided to install the Win2k drivers instead. Actually, the card with generic drivers might not have been locked to 800x600 after all. I discovered after installing the Win2k drivers that these too seemed to be locked, but that it was really just the slide control that wouldn't move - go a little deeper into the settings, show all modes, and then you can switch display resolution. This is possibly an example of how Microsoft is shielding naiive users from themselves.

These users will however also be extremely scared by the unsigned driver experience, which consists of big warnings and is clearly intended to discourage use of unsigned drivers, to direct users to Windows Update, and to hardware that does have signed drivers. That puts massive power in Microsoft's hands, and means hardware manufacturers will have to keep very close to Microsoft development if they're going to avoid a tech support hammering.

Two more examples, for the moment. As I intended to actually try a 'legit' installation as well as the universal key ones, I needed a modem for the test rig, and as I'm currently in The Register's French premises, it was down the road to the hypermarche, then back clutching an Elsa Microlink Fun USB 56k external. Our German friends clearly have a different notion of "Fun", but there you go. It's a cute little red box that's eminently portable, and it'd be bound to come in handy in the future. Unless...

There's no signed driver for WinXP, and the Win2k driver is not exactly operative. It apparently crashes the machine when querying the modem on install, but if you unplug the modem the machine comes back. Once the driver's installed, again it hangs when querying the modem, and comes back when you unplug. But as your modem's not plugged in, you can't activate, can you? Back to the hypermarche for an internal Olitec "V92-ready," and more on this later.

If you're listening, Elsa, you'd do well to take a look at this 'issue' and get onside for signed drivers before RTM. But my second example should help get through to hardware manufacturers, if the penny hasn't dropped already.

I installed beta 2 on an IBM ThinkPad 600 (233MHz Pentium II? Yes, I know they say you can't do that - more on this tomorrow), and it miraculously found the internal modem and installed signed drivers for it straight off the CD. This is the modem, you'll recall, that had sufficient proprietary tech in it to stop IBM producing a Linux driver for it for almost three years, and that driver has only just recently gone into beta. So go figure on the importance to hardware manufacturers of sticking close to Microsoft, in the wonderful new world of Redmond-approved drivers.

Tune in tomorrow, when I'll finally get down to the installation itself, and a bit of comparative stuff. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.