Original URL: http://www.theregister.co.uk/2002/06/07/ms_turns_up_heat/

MS turns up heat on warezed WinXP copies

Cut off their update supply...

By John Lettice

Posted in Software, 7th June 2002 16:11 GMT

The beta of Service Pack 1 for Windows XP has now shipped to testers and, as previously advertised, it declines to install if you're using a leaked WinXP licence key. But - again as previously advertised - it doesn't deactivate your installation, just stops you applying the service pack.

But a sharp-eyed reader of Neowin.net has spotted what appears to be an escalation of the role of product activation. The privacy statement now says "To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. This information includes: Operating-system version number and Product Identification number... The Product Identification number is collected to confirm that you are running a validly licensed copy of Windows. A validly licensed copy of Windows ensures that you will receive on-going updates from Windows Update."

So far, people using copies of Windows XP that have been activated using one of the leaked keys have had no trouble getting patches and updates because Windows Update didn't check the validity of their licence. But as Microsoft is clearly stating that licence information is now being gathered by Windows Update, and that a "validly licensed copy of Windows ensures that you will receive on-going updates," then it seems pretty logical to presume that an invalidly licensed copy of Windows ensures that you won't.

It should be a pretty simple matter for Microsoft to add keys that it knows have been leaked to a blocking list, and then to deny access to Windows Update to people using them. Many of these keys are, obviously, being used by people who've warezed XP, but there's also a reasonably large number of software professionals and refuseniks who have used them even though they have a legitimately bought version of XP. This can be for several reasons - they might have to do a lot of hardware testing, involving multiple reinstalls of the software, they might view activation as unecessary aggravation, or they might see it as a privacy thing. Most of them are probably just ornery, and quite a few of them are, er, Microsoft beta testers. Note however that if you use an invalid key to circumvent product activation you do not, in Microsoft's view, have a validly licensed installation even if you paid full whack for the software. That's what it says in the EULA, folks.

Blocking the leaked keys however isn't likely to get Microsoft very far, because people determined not to use a legitimate key can simply use one of the KeyGen routines to produce a working key. This appears to be impossible to block right now, because the keys produced do seem to be indistinguishable from 'proper' keys, to the extent that they are, sort of, proper keys. In theory this could be stopped if Microsoft had a list of all of the keys it had actually issued, but it probably hasn't, and it'd be a tricky thing to keep up to date.

As far as Windows Update is concerned, it also still seems possible to use the corporate version of Windows Update to download your selected patches and updates without having your ID checked. At the moment corporate Windows Update is also claiming it checks your OS and product identification number, but as it's still perfectly feasible to download a WinXP critical update with a Win2k machine (we just did), it's not entirely clear to us where that gets Microsoft. It may be the case that the site collects licensing information if you're running XP and declines to serve you if it's a dodgy copy. But as the message is on the corporate site, again we have a clear statement of intent. ®