Feeds

WinXP product activation: is MS only kidding?

We're only going to go for you if you're very naughty indeed, says source...

  • alert
  • submit to reddit

Intelligent flash storage arrays

Product Activation is probably the major doubt hanging over Windows XP, and it's therefore to be expected that people from within Microsoft will attempt to defend it. This week, HardOCP has an email which presumably emanates from a Microserf, and which seems to have sufficient background information about product activation for it to looks like the real thing.

But what the anonymous author has to say doesn't altogether gel with the claims we've heard from elsewhere. The system has some sensitivity to hardware changes, so if you install Windows XP and switch your kit around, at some point the OS will decide it's maybe a different machine, and cease to function. But where is that point? We've heard small changes are enough to put you over the line, but that's not what HardOCP's informant says at all. The Register, by the way, will be checking this one out, but is currently baffled by why the entirely legitimate system we're running seems not to want to activate itself. We'll push the button manually soon, then change CPUs - that should settle the matter.

HardOCP's informant confirms that product activation uses unique identifiers for the hardware the OS is installed on, but declines to be specific about the precise hardware components used. It generates a value from these, and this is passed on to Microsoft, which responds with a verification code you use in order to complete the installation of the software.

So far so good. As we already know, the system allows for changes in the hardware, we just don't know what level of changes it can cope with. But the way the writer tells it, hardware changes are barely relevant: "Changes in hardware are expected, and allowed. It is only when a PID is trying to be cleared on several hundred/thousand configurations that Microsoft would even care. Microsoft isn’t in the business of screwing customers, but they would definitely like to give the shaft to thieves."

If that's true, there are obvious implications. If Microsoft were seriously using individual IDs to police its licences, its software would be flagging alerts and blocking validations when the PID count got to three, not a "hundred/thousand." If this guy's telling the truth, then actually Microsoft isn't going to be using rigid database rules at all, and is simply going to be on the lookout for outrageously warezed product keys.

There's more in that vein. Product activation does not require you to "get a new product key every time you want to reinstall/format windows. Not the first time you reinstall, not the 8 billionth time you reinstall. (You have to go through the Activation process, but you are passing the same AUTH string to the clearinghouse, it never counts against you. There is no timeout for reinstalling Windows against the same hardware, or several future hardware upgrades.)"

The weirdness of that depends on how you look at it. You can install WinXP on the same piece of hardware 8 billion times, but we knew that already. The key is really the numeric value assigned to "several" when it comes to hardware upgrades, but our writer isn't biting on this. "If you change your hardware significantly, you can still reactivate." (Ah, but what is significant?)

He doesn't address that directly, but the indirect commentary speaks volumes. "In fact, only on high volume keys with different hardware will MS stop accepting the pirate key... Now, if a product key is used in 1000 different hardware configurations, we don’t let that product get activated. The PID has then become worthless. Nobody can activate Windows with it."

That's entirely different from the published licence regime, which says you've got one primary installation plus a secondary one, and that's that. It suggests that you could (say) install six copies for family use, activate them all with Redmond, and you'd get no come-back. Microsoft, it says, is only after major, high-volume escapes.

The next bit kind of fits into this. The writer doesn't specifically say you can get away with sharing the key around your family, but that's sort of implied in the rest. The system "makes PID sharing (the most common form of Windows piracy) a little more costly. If you ever want to reinstall the Windows you bought, you better keep your key, and not give it away, or post it on the internet."

So if your key shows up on the net and a couple of thousand people try to use it, then your installation is vaped next time you upgrade, but as this guy said earlier, "only on high volume keys with different hardware will MS stop accepting the pirate key..." So how lucky do you feel? And how much do you believe him?

Whatever, he reckons a crack for the final activation method will be out "within one week after RTM," but that this isn't important, because the system will only hurt the intended targets, the software pirates. One might observe that, given the sliding, undefined scale he's using, it's kind of difficult to say who the software pirates are. If he's right, then large numbers of people will be technically defined as software pirates, but Microsoft will only be going after a small, obviously criminal-looking, subset of these. For now?

One other thing that puzzles us. He says that the activation process "doesn't scan hardware and send it without permission. That would take too long, and, consequently, is protected under law already." Well, we understand that it takes a fair amount of time to do a complete audit of local hardware and then collate it in an easily understood format, but... control panel, system, device manager... Are we missing something, or is this a standard side-effect of installing Windows? ®

Related link:
Full HardOCP story

Intelligent flash storage arrays

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
Whistling Google: PLEASE! Brussels can only hurt Europe, not us
And Commish is VERY pro-Google. Why should we worry?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?