MS opens up on Whistler copy protection
No privacy invasion, no plot, no hassle - honest...
The product activation copy protection system that will ship with Whistler and Office 10 will form the basis of a "cross product" protection system for Microsoft software, and the signs are that the company will move heaven and earth to make it stick. Speaking to The Register earlier today Microsoft product manager, licensing technology group, Allan Nieman went through the checklist of gotchas, and explained why product activation is a pussycat really.
But first, although cracks and patches dealing with the protection in Whistler builds 2410 and 2416 (an "internal" Microsoft build currently maiming bandwidth in shady circles) have been produced, it would seem that the panic produced by product activation's appearance in the beta code was unnecessary - according to Nieman, neither of these builds is actually protected. "It's just a UI screen," he says, a "first glimpse" of what the system will look like. Just click next, as Microsoft's technical beta testers have now been informed. Duh.
Obviously that won't be the case with the shipping product, so the work of the script kiddies won't have been entirely in vain. But Microsoft really, really wants people not to hate product activation and - strange but at least at the moment true - is trying to draw a sharp distiction between activation and registration. And, by the way, registration will not be compulsory, according to Nieman.
As has now been widely reported, product activation takes a product key from the software packaging, combines it with a code generated from the specific hardware you're installing on, and then in exchange for the result you get an unlock key from Microsoft, either over the Web or by phone. But this is not registration. You only need to give Microsoft the code, not your name or anything else, so it's entirely anonymous unless Microsoft is doing any surreptitious sniffing, which Nieman assures us it is not.
Nor, he guarantees, will the software check into base on a "phone home" basis after you've unlocked it. Once it's unlocked it'll be a fully stand-alone product that doesn't try to regularly validate itself with Microsoft. Presumably this will mean that the "rental" versions of products Microsoft will be testing will have some form of time bomb rather than a phone home, but it seems pretty clear that Microsoft is willing to go quite a distance to separate privacy issues from anti-piracy.
One could reasonably doubt that it can keep it up, or even (given the nature of .NET) that it's technically feasible to keep it up in the longer term. When Microsoft tested the precursor to product activation in various countries with Office 2000, Nieman says the company processed six million activation requests in 24 months. That's chicken feed compared to the tens of millions of activations a year if the system just applied to Windows, and the marketing people surely can't be happy about passing up data on that number of people.
Nevertheless, registration will be separate, and won't be compulsory. Not exactly, anyway - Microsoft has required registration for access to product updates in the past, and the position here tends to be a bit variable. The activation process was described as the "Office Registration Wizard" in the O2K test, but that was what you might call infelicitious. Nor did you actually have to register as such - according to Nieman the only data required was country.
So in that case, why is Microsoft bothering? Nieman says the system is primarily directed at "casual copying," where people loan one another software, pass it around the office, install multiple copies with just the one licence and so on. The system will certainly tend to stop people doing this, but on the other hand that could give casual copiers sufficient impetus to dig out the cracks and use them, and recordable CD makes that awfully tempting. Think yourself into the position of paterfamilias, one PC for him, one each for the two kids to do their homework, so what's he going to say to three Office licences? Student licensing, yes we know, but he doesn't, and anyway it's a hassle. He might hear about student licensing, or then again he might hear about StarOffice being free.
You can circumvent the Whistler product activation system as described here last week, and there are also two files circulating which deal with the CD key and the time bomb on the Whistler beta. Put together with a bit of cosmetics these provide the means to produce a completely unprotected Whistler CD, and it's unlikely there'll be any difference when it comes to the shipping product.
That leaves it as eminently crackable, and whether it is cracked on a widespread basis or not will depend to some extent on cost, to some on hassle. Large numbers of consumers and small businesses swap software, and they're not about to stump up the readies to convert their current unlicensed software to full product. Even in businesses that do pay their licences, systems managers will frequently produce their own unprotected copies to avoid having to go through the activation process over and over again.
But, says, Microsoft, they don't have to - and this is where you can maybe see an angle for the company. Product activation won't be present for the enterprise Select and the volume Open licensing deals. These will still require a single unlock for the media, but after that you can do multiple installs, just keeping a tally of the licences you're using. Microsoft licence management software will no doubt help you out here, and the Open licence scheme goes as low as five copies, for which you get discounts. Except on old operating systems Redmond wants you to stop using.
Microsoft sees promotion of the Open licence to small businesses as going alongside product activation for consumers, as businesses will be encouraged to go for the volume deals. Of course by doing so, you report yourself to Microsoft, and are therefore more readily auditable. So consumers get roadblocks to stop them sharing with their friends, Microsoft's reach extends further down the business food chain, but there are no privacy implications. Microsoft likely won't squeeze much more money out of the consumer market, but by being better able to police "unprotected" business licences, it could do well there. Quite a paradox, no? ®
Sponsored: Becoming a Pragmatic Security Leader