Feeds

WinXP product activation: is MS only kidding?

We're only going to go for you if you're very naughty indeed, says source...

  • alert
  • submit to reddit

High performance access to file storage

Product Activation is probably the major doubt hanging over Windows XP, and it's therefore to be expected that people from within Microsoft will attempt to defend it. This week, HardOCP has an email which presumably emanates from a Microserf, and which seems to have sufficient background information about product activation for it to looks like the real thing.

But what the anonymous author has to say doesn't altogether gel with the claims we've heard from elsewhere. The system has some sensitivity to hardware changes, so if you install Windows XP and switch your kit around, at some point the OS will decide it's maybe a different machine, and cease to function. But where is that point? We've heard small changes are enough to put you over the line, but that's not what HardOCP's informant says at all. The Register, by the way, will be checking this one out, but is currently baffled by why the entirely legitimate system we're running seems not to want to activate itself. We'll push the button manually soon, then change CPUs - that should settle the matter.

HardOCP's informant confirms that product activation uses unique identifiers for the hardware the OS is installed on, but declines to be specific about the precise hardware components used. It generates a value from these, and this is passed on to Microsoft, which responds with a verification code you use in order to complete the installation of the software.

So far so good. As we already know, the system allows for changes in the hardware, we just don't know what level of changes it can cope with. But the way the writer tells it, hardware changes are barely relevant: "Changes in hardware are expected, and allowed. It is only when a PID is trying to be cleared on several hundred/thousand configurations that Microsoft would even care. Microsoft isn’t in the business of screwing customers, but they would definitely like to give the shaft to thieves."

If that's true, there are obvious implications. If Microsoft were seriously using individual IDs to police its licences, its software would be flagging alerts and blocking validations when the PID count got to three, not a "hundred/thousand." If this guy's telling the truth, then actually Microsoft isn't going to be using rigid database rules at all, and is simply going to be on the lookout for outrageously warezed product keys.

There's more in that vein. Product activation does not require you to "get a new product key every time you want to reinstall/format windows. Not the first time you reinstall, not the 8 billionth time you reinstall. (You have to go through the Activation process, but you are passing the same AUTH string to the clearinghouse, it never counts against you. There is no timeout for reinstalling Windows against the same hardware, or several future hardware upgrades.)"

The weirdness of that depends on how you look at it. You can install WinXP on the same piece of hardware 8 billion times, but we knew that already. The key is really the numeric value assigned to "several" when it comes to hardware upgrades, but our writer isn't biting on this. "If you change your hardware significantly, you can still reactivate." (Ah, but what is significant?)

He doesn't address that directly, but the indirect commentary speaks volumes. "In fact, only on high volume keys with different hardware will MS stop accepting the pirate key... Now, if a product key is used in 1000 different hardware configurations, we don’t let that product get activated. The PID has then become worthless. Nobody can activate Windows with it."

That's entirely different from the published licence regime, which says you've got one primary installation plus a secondary one, and that's that. It suggests that you could (say) install six copies for family use, activate them all with Redmond, and you'd get no come-back. Microsoft, it says, is only after major, high-volume escapes.

The next bit kind of fits into this. The writer doesn't specifically say you can get away with sharing the key around your family, but that's sort of implied in the rest. The system "makes PID sharing (the most common form of Windows piracy) a little more costly. If you ever want to reinstall the Windows you bought, you better keep your key, and not give it away, or post it on the internet."

So if your key shows up on the net and a couple of thousand people try to use it, then your installation is vaped next time you upgrade, but as this guy said earlier, "only on high volume keys with different hardware will MS stop accepting the pirate key..." So how lucky do you feel? And how much do you believe him?

Whatever, he reckons a crack for the final activation method will be out "within one week after RTM," but that this isn't important, because the system will only hurt the intended targets, the software pirates. One might observe that, given the sliding, undefined scale he's using, it's kind of difficult to say who the software pirates are. If he's right, then large numbers of people will be technically defined as software pirates, but Microsoft will only be going after a small, obviously criminal-looking, subset of these. For now?

One other thing that puzzles us. He says that the activation process "doesn't scan hardware and send it without permission. That would take too long, and, consequently, is protected under law already." Well, we understand that it takes a fair amount of time to do a complete audit of local hardware and then collate it in an easily understood format, but... control panel, system, device manager... Are we missing something, or is this a standard side-effect of installing Windows? ®

Related link:
Full HardOCP story

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.