Feeds

WPA wars resume over WinXP SP1 beta

First workaround turns up bang on schedule

  • alert
  • submit to reddit

3 Big data security analytics techniques

Here we go again? Shortly after the beta of WinXP Service Pack 1 was released, locking out installations using leaked activation keys, a workaround with what appears to be a replacement key began circulating on IRC. We can therefore look forward to a repeat of the Windows Product Activation wars that were waged during the original XP beta, as crack and block alternate until the product actually ships.

At which point, barring the invention of an entirely new and uncrackable system, the final crack will be unveiled. At the moment, the SP1 beta won't install on systems using at least one widely-leaked activation key. The workaround circulating appears to include a replacement key, but given that this could be easily blocked by Microsoft in future builds, its main importance is that it explains a procedure for deactivating the system and entering a new corporate key. Which could even be a genuine one. You never know.

The cracking at this stage has about the same long-term significance as was the case during the XP beta, i.e., none. The beta itself will expire prior to the service pack finally shipping, and in the intervening period, if Microsoft wants to, then a game of block and counter-block will take place.

It's obvious what Microsoft's problem is here, but entirely non-obvious how it can be solved. Workarounds for WPA that allowed pirated retail copies of XP to be used were devised, and similar routines could no doubt be produced for any subsequent protection system Microsoft cared to ship. But sensible software pirates preferred the ease of just using a leaked corporate key, and for as long as corporate keys exist, there will be leaked ones. At the moment, given that key generation systems appear to be able to produce operational keys out of thin air, there don't even need to be leaked ones, but Microsoft will no doubt get a lid on that aspect at some point.

Similarly, although it is conceivable that Microsoft could develop towards having some kind of unique identifier for each installation that stopped pirate copies using Windows Update, this isn't going to work terribly well for as long as corporate customer are able to demand patches and upgrades that they don't have to apply one machine at a time.

Basically, the system as currently shipped doesn't deliver what Microsoft wants, and the company's going to have to figure out a new one or stop wanting it. WPA 2 (which we feel sure the boffins are working on) really has to identify individual PCs, copies of Windows sold at retail, with new pieces of hardware and via corporate licensing schemes, and it's going to have to be able to audit corporate installations without forcing corporate customers to apply updates to individual machines. A rental model would probably deliver, but we keep backing off that one, don't we?

Whatever the future system turns out to be will have to be steered through the privacy minefield, and implemented slowly, stage by stage. So maybe collecting IDs at Windows Update now is just part of the process of getting people used to what's coming. Meanwhile, the WPA wars will at least keep both sides off the streets. ®

Related story:
MS turns up heat on warezed WinXP copies

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.