Feeds

MS turns up heat on warezed WinXP copies

Cut off their update supply...

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

The beta of Service Pack 1 for Windows XP has now shipped to testers and, as previously advertised, it declines to install if you're using a leaked WinXP licence key. But - again as previously advertised - it doesn't deactivate your installation, just stops you applying the service pack.

But a sharp-eyed reader of Neowin.net has spotted what appears to be an escalation of the role of product activation. The privacy statement now says "To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. This information includes: Operating-system version number and Product Identification number... The Product Identification number is collected to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update."

So far, people using copies of Windows XP that have been activated using one of the leaked keys have had no trouble getting patches and updates because Windows Update didn't check the validity of their licence. But as Microsoft is clearly stating that licence information is now being gathered by Windows Update, and that a "validly licensed copy of Windows ensures that you will receive on-going updates," then it seems pretty logical to presume that an invalidly licensed copy of Windows ensures that you won't.

It should be a pretty simple matter for Microsoft to add keys that it knows have been leaked to a blocking list, and then to deny access to Windows Update to people using them. Many of these keys are, obviously, being used by people who've warezed XP, but there's also a reasonably large number of software professionals and refuseniks who have used them even though they have a legitimately bought version of XP. This can be for several reasons - they might have to do a lot of hardware testing, involving multiple reinstalls of the software, they might view activation as unecessary aggravation, or they might see it as a privacy thing. Most of them are probably just ornery, and quite a few of them are, er, Microsoft beta testers. Note however that if you use an invalid key to circumvent product activation you do not, in Microsoft's view, have a validly licensed installation even if you paid full whack for the software. That's what it says in the EULA, folks.

Blocking the leaked keys however isn't likely to get Microsoft very far, because people determined not to use a legitimate key can simply use one of the KeyGen routines to produce a working key. This appears to be impossible to block right now, because the keys produced do seem to be indistinguishable from 'proper' keys, to the extent that they are, sort of, proper keys. In theory this could be stopped if Microsoft had a list of all of the keys it had actually issued, but it probably hasn't, and it'd be a tricky thing to keep up to date.

As far as Windows Update is concerned, it also still seems possible to use the corporate version of Windows Update to download your selected patches and updates without having your ID checked. At the moment corporate Windows Update is also claiming it checks your OS and product identification number, but as it's still perfectly feasible to download a WinXP critical update with a Win2k machine (we just did), it's not entirely clear to us where that gets Microsoft. It may be the case that the site collects licensing information if you're running XP and declines to serve you if it's a dodgy copy. But as the message is on the corporate site, again we have a clear statement of intent. ®

Boost IT visibility and business value

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.