Vista and Longhorn to get new antipiracy measures
Microsoft plans to tighten its vulnerable volume license key scheme
Computerworld - Microsoft Corp. today confirmed that it plans to overhaul its antipiracy technology in Windows Vista, a move it hopes will avoid the problems associated similar efforts in Windows XP and plug a longtime gap associated with corporate customers.
Companies that buy large amounts of software from Microsoft -- known as volume licensing customers -- are currently issued a single key for each application or operating system, no matter how many machines the software will be installed on. The keys do not have to connect to a Microsoft server to validate.
That has led many corporations to store their license keys as strings in plain-text files, making them vulnerable to loss or theft. Stolen volume license keys often end up on the Internet, where they can be reused millions of times by pirates and unwitting users.
Under the Microsoft Software Protection Platform (SPP), business customers of Microsoft will be forced to tighten up how they install software. Starting with Windows Vista and Windows Server Longhorn, which is expected in 2007, companies will have one of two choices. The first, expected to be popular with smaller customers, is to receive a validated Multiple Activation Key (MAK) directly through the Internet from a Microsoft server during installation. The second option, expected to be embraced by larger corporations, is for companies to install a Key Management Service (KMS) on an internal server to validate PCs during the installation process and every 180 days thereafter.
The KMS application will encrypt the keys and hide them on the server.
Roger Kay, an analyst at Endpoint Technologies Associates Inc., said SPP should "significantly tighten" up the leakage of volume license keys to pirates. "This should have an inhibiting effect, though the hard core pirates will work hard to get around this stuff. I don't think [SPP] will be that much hassle [for companies]."
Frank Yawn, an IT manager at Time Warner Cable Inc.'s office in Greensboro, N.C., expects SPP will probably "add another layer of complexity" to his work. "I personally feel security of our keys is pretty adequate," he said. "If I can't trust my employees with the key and a Windows CD, then maybe I need to re-evaluate my employees."
Cori Hartje, director of Microsoft's Genuine Software Initiative, said that companies that still have their Vista volume keys lost or stolen and used by pirates won't be penalized, though they may be required to reinstall and change their key -- a process simplified by KMS.
For consumers and small businesses, SPP may prove to be simpler than the current Windows Genuine Advantage (WGA) program for Windows XP. Those installing or upgrading to Windows Vista will have their license keys simultaneously and invisibly validated in the background. For customers who get Vista preinstalled on new PCs from big vendors such as Dell Inc. and Hewlett-Packard Co., the one-time validation will have already been done by the original equipment manufacturer.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!