Skip the navigation

Vista and Longhorn to get new antipiracy measures

Microsoft plans to tighten its vulnerable volume license key scheme

By Eric Lai
October 4, 2006 12:00 PM ET

Computerworld - Microsoft Corp. today confirmed that it plans to overhaul its antipiracy technology in Windows Vista, a move it hopes will avoid the problems associated similar efforts in Windows XP and plug a longtime gap associated with corporate customers.

Companies that buy large amounts of software from Microsoft -- known as volume licensing customers -- are currently issued a single key for each application or operating system, no matter how many machines the software will be installed on. The keys do not have to connect to a Microsoft server to validate.

That has led many corporations to store their license keys as strings in plain-text files, making them vulnerable to loss or theft. Stolen volume license keys often end up on the Internet, where they can be reused millions of times by pirates and unwitting users.

Under the Microsoft Software Protection Platform (SPP), business customers of Microsoft will be forced to tighten up how they install software. Starting with Windows Vista and Windows Server Longhorn, which is expected in 2007, companies will have one of two choices. The first, expected to be popular with smaller customers, is to receive a validated Multiple Activation Key (MAK) directly through the Internet from a Microsoft server during installation. The second option, expected to be embraced by larger corporations, is for companies to install a Key Management Service (KMS) on an internal server to validate PCs during the installation process and every 180 days thereafter.

The KMS application will encrypt the keys and hide them on the server.

Roger Kay, an analyst at Endpoint Technologies Associates Inc., said SPP should "significantly tighten" up the leakage of volume license keys to pirates. "This should have an inhibiting effect, though the hard core pirates will work hard to get around this stuff. I don't think [SPP] will be that much hassle [for companies]."

Frank Yawn, an IT manager at Time Warner Cable Inc.'s office in Greensboro, N.C., expects SPP will probably "add another layer of complexity" to his work. "I personally feel security of our keys is pretty adequate," he said. "If I can't trust my employees with the key and a Windows CD, then maybe I need to re-evaluate my employees."

Cori Hartje, director of Microsoft's Genuine Software Initiative, said that companies that still have their Vista volume keys lost or stolen and used by pirates won't be penalized, though they may be required to reinstall and change their key -- a process simplified by KMS.

For consumers and small businesses, SPP may prove to be simpler than the current Windows Genuine Advantage (WGA) program for Windows XP. Those installing or upgrading to Windows Vista will have their license keys simultaneously and invisibly validated in the background. For customers who get Vista preinstalled on new PCs from big vendors such as Dell Inc. and Hewlett-Packard Co., the one-time validation will have already been done by the original equipment manufacturer.



Our Commenting Policies