Microsoft to crack down on Windows 7 activation cracks

Optional update to WAT will sniff out more than 70 cracks, 'phone home' to Microsoft

Microsoft today said it will soon feed Windows 7 users an update that detects illegal copies installed using more than 70 different activation cracks.

The update to Windows Activation Technologies (WAT), the anti-piracy software formerly known as Windows Genuine Advantage (WGA), will be posted to Microsoft's download site on Feb. 17, and offered as an optional upgrade via Windows Update later this month, where it will be tagged as "important."

Out the gate, the update will reach Windows 7 Home Premium, Professional, Ultimate and Enterprise users, said Joe Williams, the general manager of Microsoft's activation and anti-counterfeit group. "I'd like to stress that the Update is voluntary, which means that you can choose not to install it when you see it appear on Windows Update," said Williams in an entry to the Genuine Windows blog.

That's counter to the practice Microsoft used in 2006, when it force fed Windows XP customers a WGA update by labeling it as a high-priority security update. Several users sued Microsoft over that behavior; the lawsuit was officially dismissed just last week. Since then, the company's anti-piracy software updates have been less aggressive.

According to Williams, the WAT update sniffs out more than 70 "activation exploits," Microsoft's term for what others call "cracks" that sidestep the product activation process, or use stolen keys to illegally activate counterfeit copies of Windows 7.

After the update has been installed, PCs running cracked copies will begin displaying a black background and the usual gamut of nagging notifications that mark the operating system as bogus. "Machines running genuine Windows 7 software with no activation exploits will see nothing," promised Williams.

Microsoft regularly refreshes its anti-piracy technology to identify new activation exploits -- it did the same two years ago in a Vista crack crack-down -- but the number of exploit "signatures" in the upcoming WAT update is magnitudes larger than any previous.

Among the 70-some cracks shut down by the update are a pair that surfaced last November, just weeks after the launch of Windows 7. At the time, Microsoft said it was aware of the cracks -- "RemoveWAT" and "Chew-WGA" -- and was working on ways to disable them. A Microsoft spokeswoman confirmed today that the WAT update will include signatures for both cracks.

Williams also noted that the WAT update will periodically "phone home" to Microsoft's servers to re-validate the copy of Windows 7 as legit, and use those opportunities to update activation signatures to detect newer cracks. Initially, WAT will connect to Microsoft's severs every 90 days.

If WAT uncovers tampered, disabled or missing activation or licensing files, the software steps up its activity, and runs a check every week, and if necessary, repairs those files.

Williams argued that the update is intended to keep "customers and partners secure," a rationale the company regularly uses when it explains why anti-piracy software is necessary. He cited studies by IDC and others, which Microsoft has called on in the past, that have said up to a third of counterfeit copies of Windows are infected with malware.

A leaked copy of Windows 7 Release Candidate (RC) posted on file-sharing sites in May 2009 was, in fact, infected with a Trojan horse.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies