Feeds

MS turns up heat on warezed WinXP copies

Cut off their update supply...

  • alert
  • submit to reddit

Intelligent flash storage arrays

The beta of Service Pack 1 for Windows XP has now shipped to testers and, as previously advertised, it declines to install if you're using a leaked WinXP licence key. But - again as previously advertised - it doesn't deactivate your installation, just stops you applying the service pack.

But a sharp-eyed reader of Neowin.net has spotted what appears to be an escalation of the role of product activation. The privacy statement now says "To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. This information includes: Operating-system version number and Product Identification number... The Product Identification number is collected to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update."

So far, people using copies of Windows XP that have been activated using one of the leaked keys have had no trouble getting patches and updates because Windows Update didn't check the validity of their licence. But as Microsoft is clearly stating that licence information is now being gathered by Windows Update, and that a "validly licensed copy of Windows ensures that you will receive on-going updates," then it seems pretty logical to presume that an invalidly licensed copy of Windows ensures that you won't.

It should be a pretty simple matter for Microsoft to add keys that it knows have been leaked to a blocking list, and then to deny access to Windows Update to people using them. Many of these keys are, obviously, being used by people who've warezed XP, but there's also a reasonably large number of software professionals and refuseniks who have used them even though they have a legitimately bought version of XP. This can be for several reasons - they might have to do a lot of hardware testing, involving multiple reinstalls of the software, they might view activation as unecessary aggravation, or they might see it as a privacy thing. Most of them are probably just ornery, and quite a few of them are, er, Microsoft beta testers. Note however that if you use an invalid key to circumvent product activation you do not, in Microsoft's view, have a validly licensed installation even if you paid full whack for the software. That's what it says in the EULA, folks.

Blocking the leaked keys however isn't likely to get Microsoft very far, because people determined not to use a legitimate key can simply use one of the KeyGen routines to produce a working key. This appears to be impossible to block right now, because the keys produced do seem to be indistinguishable from 'proper' keys, to the extent that they are, sort of, proper keys. In theory this could be stopped if Microsoft had a list of all of the keys it had actually issued, but it probably hasn't, and it'd be a tricky thing to keep up to date.

As far as Windows Update is concerned, it also still seems possible to use the corporate version of Windows Update to download your selected patches and updates without having your ID checked. At the moment corporate Windows Update is also claiming it checks your OS and product identification number, but as it's still perfectly feasible to download a WinXP critical update with a Win2k machine (we just did), it's not entirely clear to us where that gets Microsoft. It may be the case that the site collects licensing information if you're running XP and declines to serve you if it's a dodgy copy. But as the message is on the corporate site, again we have a clear statement of intent. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.