Microsoft Steps Up Efforts to Ensure Users Are Legit

Computerworld - Microsoft Corp. today will launch an education campaign on the risks of using counterfeit, pirated and mislicensed software. The "Genuine Fact Files" campaign comes one week before the Jan. 29 general release of Windows Vista, which includes a set of tools called the Software Protection Platform (SPP) that can put unvalidated copies of the software into a reduced-functionality mode.

Cori Hartje

In an interview with Computerworld last week, Cori Hartje, director of Microsoft's Genuine Software Initiative, said the company has already downloaded pirated copies of Vista and Office 2007 in the U.S. and has found phony discs in South America, Asia and Europe. For example, during a December trip to São Paulo, Brazil, she spotted a street vendor selling counterfeit CDs of both products. Hartje also discussed Microsoft's efforts  via SPP and its earlier Windows Genuine Advantage (WGA) program  to ensure that users run authentic software. Excerpts from the interview follow:

What's the most surprising thing you learned after Microsoft instituted the WGA program in mid-2005?The wild spread of leaked and stolen volume license keys. I was absolutely shocked at how fast a key that was just put on somebody's blog on Google or Yahoo and was searched could make it around the world in eight days onto [illegitimate] products. ... A tech [worker] had a personal space on his own server that was exposed to the public. It was just hidden files. It wasn't indexed. But he'd put keys in there, just for safeguarding. Somehow, searching for keys, somebody found [one]. A month later, there were over 200,000 users of it.

Have you found any cases of IT workers deliberately contributing to the problem by selling or sending license keys to counterfeiters? I don't have any evidence of any particular person [doing that]. Here's the scenario that I think happens. Somebody says, "I need a key." An IT pro has a key and gives that key to somebody. All of a sudden, that key ends up on a blog. I've personally seen them on blogs. I don't know why those people would think to put them there, but they did. Boom. Wildfire. And the bad guys, the counterfeiters, are looking for those.

Because a volume key could activate an unlimited number of copies of Windows XP? Right. And they didn't know it, either. Somehow, it would get out. So that technology needed to be changed, and that's why we have SPP.

Was the problem with volume license keys the main driver for developing SPP? Volume licensing keys are one of the most-used methodologies for counterfeiting. But SPP has lots of other features. It includes volume activation, antitampering technologies and anti-reverse-engineering technologies. It enables the validation check. And it also enables genuine users to easily get anywhere, anytime upgrades for Vista.

Some users with legitimate copies of Windows encountered validation problems with WGA. Do you think concerns that there could be similar problems with SPP are valid? I haven't seen it yet. I acknowledge that people are always wondering if there will be compatibility issues, but I don't have any to share with you.

Given the scope of the counterfeiting problem you're seeing, do you ever think that licensing might not be the best model for software, and that the maintenance and support model open-source vendors use might make more sense? It's a debate for economists as to what the best model is long term. Certainly, we believe that products have value. We charge for them. I think what you're saying is that we haven't also done enough to protect the [software]. Engineering changes that we have done will hopefully protect it. It has been just really too easy to copy.

A genuine copy of Windows (left) can be difficult to distinguish from an inauthentic one (right). Microsoft discovered the phony package during a government-assisted raid of a U.S. warehouse filled with a variety of counterfeit products.