Vista and Longhorn to get new antipiracy measures
Microsoft plans to tighten its vulnerable volume license key scheme
Computerworld - Microsoft Corp. today confirmed that it plans to overhaul its antipiracy technology in Windows Vista, a move it hopes will avoid the problems associated similar efforts in Windows XP and plug a longtime gap associated with corporate customers.
Companies that buy large amounts of software from Microsoft -- known as volume licensing customers -- are currently issued a single key for each application or operating system, no matter how many machines the software will be installed on. The keys do not have to connect to a Microsoft server to validate.
That has led many corporations to store their license keys as strings in plain-text files, making them vulnerable to loss or theft. Stolen volume license keys often end up on the Internet, where they can be reused millions of times by pirates and unwitting users.
Under the Microsoft Software Protection Platform (SPP), business customers of Microsoft will be forced to tighten up how they install software. Starting with Windows Vista and Windows Server Longhorn, which is expected in 2007, companies will have one of two choices. The first, expected to be popular with smaller customers, is to receive a validated Multiple Activation Key (MAK) directly through the Internet from a Microsoft server during installation. The second option, expected to be embraced by larger corporations, is for companies to install a Key Management Service (KMS) on an internal server to validate PCs during the installation process and every 180 days thereafter.
The KMS application will encrypt the keys and hide them on the server.
Roger Kay, an analyst at Endpoint Technologies Associates Inc., said SPP should "significantly tighten" up the leakage of volume license keys to pirates. "This should have an inhibiting effect, though the hard core pirates will work hard to get around this stuff. I don't think [SPP] will be that much hassle [for companies]."
Frank Yawn, an IT manager at Time Warner Cable Inc.'s office in Greensboro, N.C., expects SPP will probably "add another layer of complexity" to his work. "I personally feel security of our keys is pretty adequate," he said. "If I can't trust my employees with the key and a Windows CD, then maybe I need to re-evaluate my employees."
Cori Hartje, director of Microsoft's Genuine Software Initiative, said that companies that still have their Vista volume keys lost or stolen and used by pirates won't be penalized, though they may be required to reinstall and change their key -- a process simplified by KMS.
For consumers and small businesses, SPP may prove to be simpler than the current Windows Genuine Advantage (WGA) program for Windows XP. Those installing or upgrading to Windows Vista will have their license keys simultaneously and invisibly validated in the background. For customers who get Vista preinstalled on new PCs from big vendors such as Dell Inc. and Hewlett-Packard Co., the one-time validation will have already been done by the original equipment manufacturer.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts