Feeds

XP deloaded? MS tightens screws on loose product keys

But effects will be limited

  • alert
  • submit to reddit

Top three mobile application threats

Microsoft is tightening the screws further on pirate copies of Windows by disabling Internet activation of XP product keys for software distributed by all of the large OEMs. The move however doesn't take the company anywhere close to universal compliance, and seems more intended to reduce casual copying and leakage from the PC channel.

The latest move, which was first revealed by Aviran Mordo earlier this week, places restrictions on a mechanism used by OEMs to bypass Product Activation. They have previously been allowed to do this for their customers, but this meant that stolen or leaked Certificates of Authenticity (COAs) could be used to activate unlicensed copies of Windows. So for example a small operation might sell quite a large number of machines with 'preinstalled Windows', but only pay for quite a small number of licences from Microsoft, or none at all, making up the difference with hot COAs.

In the past Microsoft has been able to keep some kind of lid on this by (among other mechanisms) investigating discrepancies between apparent sales and the ones it can account for, but the modified route provides more of a physical barrier to the practice. Activation using one of the affected product keys will now mean having to go through a series of questions with a Microsoft call centre representative, who will issue an override key provided the answers confirm that the activation is legitimate.

The procedure affects the top 20 OEMs from 28th February, and will be extended to all other OEMs who've been using this activation method over the rest of the year. People who need to activate a lot of products in their line of work (e.g. service engineers) are likely to be less than ecstatic.

But as we noted, this is more a case of tightening control on channel leakage than it is on stopping Windows piracy in general. Possibly the most popular pirate versions of Windows are of Corporate edition, where it is (and will remain, until Microsoft thinks of something) perfectly feasible to install a copy of the software and activate it with a leaked key, or one produced by a key generation routine, without going anywhere near the Internet. If the software was installed with one of the leaked keys Microsoft knows of and has blocked, then such an installation won't be able to access software updates, but as far as we're aware Microsoft still has no mechanism for detecting and countering generated keys.

The corporate customer sacred cow is unlikely to smile on any Microsoft anti-piracy initiative that would get in the way of multi-machine, multi-site upgrade rollouts, which does rather limit Microsoft's options here. But there remains an upside, from Microsoft's point of view. Actual corporate customers aren't likely to engage in widespread theft of Windows on the basis that it just takes Microsoft to wonder where they're getting the stuff from in order for them to be detected, and over the years Microsoft has been progressively increasing its ability to detect piracy in smaller businesses.

This means it can achieve a reasonable, and probably increasing, level of compliance among the customers already paying, most likely to pay and most likely to be easily discouraged from running unauthorised software. The people it misses, although they're the ones Microsoft tends to shout loudest about, aren't the ones Microsoft stands much chance of making more money out of anyway. Not, at least, before Bill owns the whole world. ®

Related Stories:

Windows authentication: reasonable and gentle
China's IT: an inside outsider's view
Should XP pirates get SP2?

Mobile application security vulnerability report

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.