Feeds

MS turns up heat on warezed WinXP copies

Cut off their update supply...

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

The beta of Service Pack 1 for Windows XP has now shipped to testers and, as previously advertised, it declines to install if you're using a leaked WinXP licence key. But - again as previously advertised - it doesn't deactivate your installation, just stops you applying the service pack.

But a sharp-eyed reader of Neowin.net has spotted what appears to be an escalation of the role of product activation. The privacy statement now says "To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. This information includes: Operating-system version number and Product Identification number... The Product Identification number is collected to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update."

So far, people using copies of Windows XP that have been activated using one of the leaked keys have had no trouble getting patches and updates because Windows Update didn't check the validity of their licence. But as Microsoft is clearly stating that licence information is now being gathered by Windows Update, and that a "validly licensed copy of Windows ensures that you will receive on-going updates," then it seems pretty logical to presume that an invalidly licensed copy of Windows ensures that you won't.

It should be a pretty simple matter for Microsoft to add keys that it knows have been leaked to a blocking list, and then to deny access to Windows Update to people using them. Many of these keys are, obviously, being used by people who've warezed XP, but there's also a reasonably large number of software professionals and refuseniks who have used them even though they have a legitimately bought version of XP. This can be for several reasons - they might have to do a lot of hardware testing, involving multiple reinstalls of the software, they might view activation as unecessary aggravation, or they might see it as a privacy thing. Most of them are probably just ornery, and quite a few of them are, er, Microsoft beta testers. Note however that if you use an invalid key to circumvent product activation you do not, in Microsoft's view, have a validly licensed installation even if you paid full whack for the software. That's what it says in the EULA, folks.

Blocking the leaked keys however isn't likely to get Microsoft very far, because people determined not to use a legitimate key can simply use one of the KeyGen routines to produce a working key. This appears to be impossible to block right now, because the keys produced do seem to be indistinguishable from 'proper' keys, to the extent that they are, sort of, proper keys. In theory this could be stopped if Microsoft had a list of all of the keys it had actually issued, but it probably hasn't, and it'd be a tricky thing to keep up to date.

As far as Windows Update is concerned, it also still seems possible to use the corporate version of Windows Update to download your selected patches and updates without having your ID checked. At the moment corporate Windows Update is also claiming it checks your OS and product identification number, but as it's still perfectly feasible to download a WinXP critical update with a Win2k machine (we just did), it's not entirely clear to us where that gets Microsoft. It may be the case that the site collects licensing information if you're running XP and declines to serve you if it's a dodgy copy. But as the message is on the corporate site, again we have a clear statement of intent. ®

Build a business case: developing custom apps

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?