Vista and Longhorn to get new antipiracy measures

Microsoft plans to tighten its vulnerable volume license key scheme

Microsoft Corp. today confirmed that it plans to overhaul its antipiracy technology in Windows Vista, a move it hopes will avoid the problems associated similar efforts in Windows XP and plug a longtime gap associated with corporate customers.

Companies that buy large amounts of software from Microsoft -- known as volume licensing customers -- are currently issued a single key for each application or operating system, no matter how many machines the software will be installed on. The keys do not have to connect to a Microsoft server to validate.

That has led many corporations to store their license keys as strings in plain-text files, making them vulnerable to loss or theft. Stolen volume license keys often end up on the Internet, where they can be reused millions of times by pirates and unwitting users.

Under the Microsoft Software Protection Platform (SPP), business customers of Microsoft will be forced to tighten up how they install software. Starting with Windows Vista and Windows Server Longhorn, which is expected in 2007, companies will have one of two choices. The first, expected to be popular with smaller customers, is to receive a validated Multiple Activation Key (MAK) directly through the Internet from a Microsoft server during installation. The second option, expected to be embraced by larger corporations, is for companies to install a Key Management Service (KMS) on an internal server to validate PCs during the installation process and every 180 days thereafter.

The KMS application will encrypt the keys and hide them on the server.

Roger Kay, an analyst at Endpoint Technologies Associates Inc., said SPP should "significantly tighten" up the leakage of volume license keys to pirates. "This should have an inhibiting effect, though the hard core pirates will work hard to get around this stuff. I don't think [SPP] will be that much hassle [for companies]."

Frank Yawn, an IT manager at Time Warner Cable Inc.'s office in Greensboro, N.C., expects SPP will probably "add another layer of complexity" to his work. "I personally feel security of our keys is pretty adequate," he said. "If I can't trust my employees with the key and a Windows CD, then maybe I need to re-evaluate my employees."

Cori Hartje, director of Microsoft's Genuine Software Initiative, said that companies that still have their Vista volume keys lost or stolen and used by pirates won't be penalized, though they may be required to reinstall and change their key -- a process simplified by KMS.

For consumers and small businesses, SPP may prove to be simpler than the current Windows Genuine Advantage (WGA) program for Windows XP. Those installing or upgrading to Windows Vista will have their license keys simultaneously and invisibly validated in the background. For customers who get Vista preinstalled on new PCs from big vendors such as Dell Inc. and Hewlett-Packard Co., the one-time validation will have already been done by the original equipment manufacturer.

That contrasts with Windows XP, where users downloaded and installed a WGA plug-in, which checked to see whether they were running a legitimately-licensed copy of XP. That process drew protests earlier this year after some users complained Microsoft tried at one point to disguise and slip WGA past them as a needed operating system update; others said that WGA mistakenly declared their legitimate copies of Windows to be illegal.

Hartje said SPP technology is already "baked into" some Microsoft games today. She said SPP will provide "a different experience" than WGA but declined to state outright that SPP will engender fewer consumer complaints than WGA did.

As with WGA for XP users, customers who decline to or cannot successfully validate their copy of Vista during installation will receive recurring messages urging them to validate or buy the software. And in Vista, users will be blocked from using certain features including Aero, Vista's updated graphical user interface; ReadyBoost, an application that uses flash memory to add to RAM and boost system performance; and Windows Defender, which protects against viruses and spyware.

After 30 days, the operating system will go into what Kay calls an "ugly mode" similar to Windows Safe Mode, and grant users one final hour of access to a Web browser to strongly encourage them to validate or buy a legal license of Vista through the Internet.

SPP will not be included in Office 2007, which is expected to ship by year's end.

Hartje also said that with SPP, Microsoft's policy of restricting the use of OEM licenses of Vista to their original PCs has not changed. Thus, users who find that their Dell or HP PC has died cannot reinstall their OEM copy of Vista on another computer.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies