Feeds

XP deloaded? MS tightens screws on loose product keys

But effects will be limited

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Microsoft is tightening the screws further on pirate copies of Windows by disabling Internet activation of XP product keys for software distributed by all of the large OEMs. The move however doesn't take the company anywhere close to universal compliance, and seems more intended to reduce casual copying and leakage from the PC channel.

The latest move, which was first revealed by Aviran Mordo earlier this week, places restrictions on a mechanism used by OEMs to bypass Product Activation. They have previously been allowed to do this for their customers, but this meant that stolen or leaked Certificates of Authenticity (COAs) could be used to activate unlicensed copies of Windows. So for example a small operation might sell quite a large number of machines with 'preinstalled Windows', but only pay for quite a small number of licences from Microsoft, or none at all, making up the difference with hot COAs.

In the past Microsoft has been able to keep some kind of lid on this by (among other mechanisms) investigating discrepancies between apparent sales and the ones it can account for, but the modified route provides more of a physical barrier to the practice. Activation using one of the affected product keys will now mean having to go through a series of questions with a Microsoft call centre representative, who will issue an override key provided the answers confirm that the activation is legitimate.

The procedure affects the top 20 OEMs from 28th February, and will be extended to all other OEMs who've been using this activation method over the rest of the year. People who need to activate a lot of products in their line of work (e.g. service engineers) are likely to be less than ecstatic.

But as we noted, this is more a case of tightening control on channel leakage than it is on stopping Windows piracy in general. Possibly the most popular pirate versions of Windows are of Corporate edition, where it is (and will remain, until Microsoft thinks of something) perfectly feasible to install a copy of the software and activate it with a leaked key, or one produced by a key generation routine, without going anywhere near the Internet. If the software was installed with one of the leaked keys Microsoft knows of and has blocked, then such an installation won't be able to access software updates, but as far as we're aware Microsoft still has no mechanism for detecting and countering generated keys.

The corporate customer sacred cow is unlikely to smile on any Microsoft anti-piracy initiative that would get in the way of multi-machine, multi-site upgrade rollouts, which does rather limit Microsoft's options here. But there remains an upside, from Microsoft's point of view. Actual corporate customers aren't likely to engage in widespread theft of Windows on the basis that it just takes Microsoft to wonder where they're getting the stuff from in order for them to be detected, and over the years Microsoft has been progressively increasing its ability to detect piracy in smaller businesses.

This means it can achieve a reasonable, and probably increasing, level of compliance among the customers already paying, most likely to pay and most likely to be easily discouraged from running unauthorised software. The people it misses, although they're the ones Microsoft tends to shout loudest about, aren't the ones Microsoft stands much chance of making more money out of anyway. Not, at least, before Bill owns the whole world. ®

Related Stories:

Windows authentication: reasonable and gentle
China's IT: an inside outsider's view
Should XP pirates get SP2?

Providing a secure and efficient Helpdesk

More from The Register

next story
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.