Feeds

WinXP product activation: is MS only kidding?

We're only going to go for you if you're very naughty indeed, says source...

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Product Activation is probably the major doubt hanging over Windows XP, and it's therefore to be expected that people from within Microsoft will attempt to defend it. This week, HardOCP has an email which presumably emanates from a Microserf, and which seems to have sufficient background information about product activation for it to looks like the real thing.

But what the anonymous author has to say doesn't altogether gel with the claims we've heard from elsewhere. The system has some sensitivity to hardware changes, so if you install Windows XP and switch your kit around, at some point the OS will decide it's maybe a different machine, and cease to function. But where is that point? We've heard small changes are enough to put you over the line, but that's not what HardOCP's informant says at all. The Register, by the way, will be checking this one out, but is currently baffled by why the entirely legitimate system we're running seems not to want to activate itself. We'll push the button manually soon, then change CPUs - that should settle the matter.

HardOCP's informant confirms that product activation uses unique identifiers for the hardware the OS is installed on, but declines to be specific about the precise hardware components used. It generates a value from these, and this is passed on to Microsoft, which responds with a verification code you use in order to complete the installation of the software.

So far so good. As we already know, the system allows for changes in the hardware, we just don't know what level of changes it can cope with. But the way the writer tells it, hardware changes are barely relevant: "Changes in hardware are expected, and allowed. It is only when a PID is trying to be cleared on several hundred/thousand configurations that Microsoft would even care. Microsoft isn’t in the business of screwing customers, but they would definitely like to give the shaft to thieves."

If that's true, there are obvious implications. If Microsoft were seriously using individual IDs to police its licences, its software would be flagging alerts and blocking validations when the PID count got to three, not a "hundred/thousand." If this guy's telling the truth, then actually Microsoft isn't going to be using rigid database rules at all, and is simply going to be on the lookout for outrageously warezed product keys.

There's more in that vein. Product activation does not require you to "get a new product key every time you want to reinstall/format windows. Not the first time you reinstall, not the 8 billionth time you reinstall. (You have to go through the Activation process, but you are passing the same AUTH string to the clearinghouse, it never counts against you. There is no timeout for reinstalling Windows against the same hardware, or several future hardware upgrades.)"

The weirdness of that depends on how you look at it. You can install WinXP on the same piece of hardware 8 billion times, but we knew that already. The key is really the numeric value assigned to "several" when it comes to hardware upgrades, but our writer isn't biting on this. "If you change your hardware significantly, you can still reactivate." (Ah, but what is significant?)

He doesn't address that directly, but the indirect commentary speaks volumes. "In fact, only on high volume keys with different hardware will MS stop accepting the pirate key... Now, if a product key is used in 1000 different hardware configurations, we don’t let that product get activated. The PID has then become worthless. Nobody can activate Windows with it."

That's entirely different from the published licence regime, which says you've got one primary installation plus a secondary one, and that's that. It suggests that you could (say) install six copies for family use, activate them all with Redmond, and you'd get no come-back. Microsoft, it says, is only after major, high-volume escapes.

The next bit kind of fits into this. The writer doesn't specifically say you can get away with sharing the key around your family, but that's sort of implied in the rest. The system "makes PID sharing (the most common form of Windows piracy) a little more costly. If you ever want to reinstall the Windows you bought, you better keep your key, and not give it away, or post it on the internet."

So if your key shows up on the net and a couple of thousand people try to use it, then your installation is vaped next time you upgrade, but as this guy said earlier, "only on high volume keys with different hardware will MS stop accepting the pirate key..." So how lucky do you feel? And how much do you believe him?

Whatever, he reckons a crack for the final activation method will be out "within one week after RTM," but that this isn't important, because the system will only hurt the intended targets, the software pirates. One might observe that, given the sliding, undefined scale he's using, it's kind of difficult to say who the software pirates are. If he's right, then large numbers of people will be technically defined as software pirates, but Microsoft will only be going after a small, obviously criminal-looking, subset of these. For now?

One other thing that puzzles us. He says that the activation process "doesn't scan hardware and send it without permission. That would take too long, and, consequently, is protected under law already." Well, we understand that it takes a fair amount of time to do a complete audit of local hardware and then collate it in an easily understood format, but... control panel, system, device manager... Are we missing something, or is this a standard side-effect of installing Windows? ®

Related link:
Full HardOCP story

Providing a secure and efficient Helpdesk

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.