WinXP product activation: is MS only kidding?
We're only going to go for you if you're very naughty indeed, says source...
Product Activation is probably the major doubt hanging over Windows XP, and it's therefore to be expected that people from within Microsoft will attempt to defend it. This week, HardOCP has an email which presumably emanates from a Microserf, and which seems to have sufficient background information about product activation for it to looks like the real thing.
But what the anonymous author has to say doesn't altogether gel with the claims we've heard from elsewhere. The system has some sensitivity to hardware changes, so if you install Windows XP and switch your kit around, at some point the OS will decide it's maybe a different machine, and cease to function. But where is that point? We've heard small changes are enough to put you over the line, but that's not what HardOCP's informant says at all. The Register, by the way, will be checking this one out, but is currently baffled by why the entirely legitimate system we're running seems not to want to activate itself. We'll push the button manually soon, then change CPUs - that should settle the matter.
HardOCP's informant confirms that product activation uses unique identifiers for the hardware the OS is installed on, but declines to be specific about the precise hardware components used. It generates a value from these, and this is passed on to Microsoft, which responds with a verification code you use in order to complete the installation of the software.
So far so good. As we already know, the system allows for changes in the hardware, we just don't know what level of changes it can cope with. But the way the writer tells it, hardware changes are barely relevant: "Changes in hardware are expected, and allowed. It is only when a PID is trying to be cleared on several hundred/thousand configurations that Microsoft would even care. Microsoft isn’t in the business of screwing customers, but they would definitely like to give the shaft to thieves."
If that's true, there are obvious implications. If Microsoft were seriously using individual IDs to police its licences, its software would be flagging alerts and blocking validations when the PID count got to three, not a "hundred/thousand." If this guy's telling the truth, then actually Microsoft isn't going to be using rigid database rules at all, and is simply going to be on the lookout for outrageously warezed product keys.
There's more in that vein. Product activation does not require you to "get a new product key every time you want to reinstall/format windows. Not the first time you reinstall, not the 8 billionth time you reinstall. (You have to go through the Activation process, but you are passing the same AUTH string to the clearinghouse, it never counts against you. There is no timeout for reinstalling Windows against the same hardware, or several future hardware upgrades.)"
The weirdness of that depends on how you look at it. You can install WinXP on the same piece of hardware 8 billion times, but we knew that already. The key is really the numeric value assigned to "several" when it comes to hardware upgrades, but our writer isn't biting on this. "If you change your hardware significantly, you can still reactivate." (Ah, but what is significant?)
He doesn't address that directly, but the indirect commentary speaks volumes. "In fact, only on high volume keys with different hardware will MS stop accepting the pirate key... Now, if a product key is used in 1000 different hardware configurations, we don’t let that product get activated. The PID has then become worthless. Nobody can activate Windows with it."
That's entirely different from the published licence regime, which says you've got one primary installation plus a secondary one, and that's that. It suggests that you could (say) install six copies for family use, activate them all with Redmond, and you'd get no come-back. Microsoft, it says, is only after major, high-volume escapes.
The next bit kind of fits into this. The writer doesn't specifically say you can get away with sharing the key around your family, but that's sort of implied in the rest. The system "makes PID sharing (the most common form of Windows piracy) a little more costly. If you ever want to reinstall the Windows you bought, you better keep your key, and not give it away, or post it on the internet."
So if your key shows up on the net and a couple of thousand people try to use it, then your installation is vaped next time you upgrade, but as this guy said earlier, "only on high volume keys with different hardware will MS stop accepting the pirate key..." So how lucky do you feel? And how much do you believe him?
Whatever, he reckons a crack for the final activation method will be out "within one week after RTM," but that this isn't important, because the system will only hurt the intended targets, the software pirates. One might observe that, given the sliding, undefined scale he's using, it's kind of difficult to say who the software pirates are. If he's right, then large numbers of people will be technically defined as software pirates, but Microsoft will only be going after a small, obviously criminal-looking, subset of these. For now?
One other thing that puzzles us. He says that the activation process "doesn't scan hardware and send it without permission. That would take too long, and, consequently, is protected under law already." Well, we understand that it takes a fair amount of time to do a complete audit of local hardware and then collate it in an easily understood format, but... control panel, system, device manager... Are we missing something, or is this a standard side-effect of installing Windows? ®
Full HardOCP story
Sponsored: The Nuts and Bolts of Ransomware in 2016