Feeds

WinXP product activation: is MS only kidding?

We're only going to go for you if you're very naughty indeed, says source...

  • alert
  • submit to reddit

Boost IT visibility and business value

Product Activation is probably the major doubt hanging over Windows XP, and it's therefore to be expected that people from within Microsoft will attempt to defend it. This week, HardOCP has an email which presumably emanates from a Microserf, and which seems to have sufficient background information about product activation for it to looks like the real thing.

But what the anonymous author has to say doesn't altogether gel with the claims we've heard from elsewhere. The system has some sensitivity to hardware changes, so if you install Windows XP and switch your kit around, at some point the OS will decide it's maybe a different machine, and cease to function. But where is that point? We've heard small changes are enough to put you over the line, but that's not what HardOCP's informant says at all. The Register, by the way, will be checking this one out, but is currently baffled by why the entirely legitimate system we're running seems not to want to activate itself. We'll push the button manually soon, then change CPUs - that should settle the matter.

HardOCP's informant confirms that product activation uses unique identifiers for the hardware the OS is installed on, but declines to be specific about the precise hardware components used. It generates a value from these, and this is passed on to Microsoft, which responds with a verification code you use in order to complete the installation of the software.

So far so good. As we already know, the system allows for changes in the hardware, we just don't know what level of changes it can cope with. But the way the writer tells it, hardware changes are barely relevant: "Changes in hardware are expected, and allowed. It is only when a PID is trying to be cleared on several hundred/thousand configurations that Microsoft would even care. Microsoft isn’t in the business of screwing customers, but they would definitely like to give the shaft to thieves."

If that's true, there are obvious implications. If Microsoft were seriously using individual IDs to police its licences, its software would be flagging alerts and blocking validations when the PID count got to three, not a "hundred/thousand." If this guy's telling the truth, then actually Microsoft isn't going to be using rigid database rules at all, and is simply going to be on the lookout for outrageously warezed product keys.

There's more in that vein. Product activation does not require you to "get a new product key every time you want to reinstall/format windows. Not the first time you reinstall, not the 8 billionth time you reinstall. (You have to go through the Activation process, but you are passing the same AUTH string to the clearinghouse, it never counts against you. There is no timeout for reinstalling Windows against the same hardware, or several future hardware upgrades.)"

The weirdness of that depends on how you look at it. You can install WinXP on the same piece of hardware 8 billion times, but we knew that already. The key is really the numeric value assigned to "several" when it comes to hardware upgrades, but our writer isn't biting on this. "If you change your hardware significantly, you can still reactivate." (Ah, but what is significant?)

He doesn't address that directly, but the indirect commentary speaks volumes. "In fact, only on high volume keys with different hardware will MS stop accepting the pirate key... Now, if a product key is used in 1000 different hardware configurations, we don’t let that product get activated. The PID has then become worthless. Nobody can activate Windows with it."

That's entirely different from the published licence regime, which says you've got one primary installation plus a secondary one, and that's that. It suggests that you could (say) install six copies for family use, activate them all with Redmond, and you'd get no come-back. Microsoft, it says, is only after major, high-volume escapes.

The next bit kind of fits into this. The writer doesn't specifically say you can get away with sharing the key around your family, but that's sort of implied in the rest. The system "makes PID sharing (the most common form of Windows piracy) a little more costly. If you ever want to reinstall the Windows you bought, you better keep your key, and not give it away, or post it on the internet."

So if your key shows up on the net and a couple of thousand people try to use it, then your installation is vaped next time you upgrade, but as this guy said earlier, "only on high volume keys with different hardware will MS stop accepting the pirate key..." So how lucky do you feel? And how much do you believe him?

Whatever, he reckons a crack for the final activation method will be out "within one week after RTM," but that this isn't important, because the system will only hurt the intended targets, the software pirates. One might observe that, given the sliding, undefined scale he's using, it's kind of difficult to say who the software pirates are. If he's right, then large numbers of people will be technically defined as software pirates, but Microsoft will only be going after a small, obviously criminal-looking, subset of these. For now?

One other thing that puzzles us. He says that the activation process "doesn't scan hardware and send it without permission. That would take too long, and, consequently, is protected under law already." Well, we understand that it takes a fair amount of time to do a complete audit of local hardware and then collate it in an easily understood format, but... control panel, system, device manager... Are we missing something, or is this a standard side-effect of installing Windows? ®

Related link:
Full HardOCP story

Application security programs and practises

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.