Vista and Longhorn to get new antipiracy measures
Microsoft plans to tighten its vulnerable volume license key scheme
Computerworld - Microsoft Corp. today confirmed that it plans to overhaul its antipiracy technology in Windows Vista, a move it hopes will avoid the problems associated similar efforts in Windows XP and plug a longtime gap associated with corporate customers.
Companies that buy large amounts of software from Microsoft -- known as volume licensing customers -- are currently issued a single key for each application or operating system, no matter how many machines the software will be installed on. The keys do not have to connect to a Microsoft server to validate.
That has led many corporations to store their license keys as strings in plain-text files, making them vulnerable to loss or theft. Stolen volume license keys often end up on the Internet, where they can be reused millions of times by pirates and unwitting users.
Under the Microsoft Software Protection Platform (SPP), business customers of Microsoft will be forced to tighten up how they install software. Starting with Windows Vista and Windows Server Longhorn, which is expected in 2007, companies will have one of two choices. The first, expected to be popular with smaller customers, is to receive a validated Multiple Activation Key (MAK) directly through the Internet from a Microsoft server during installation. The second option, expected to be embraced by larger corporations, is for companies to install a Key Management Service (KMS) on an internal server to validate PCs during the installation process and every 180 days thereafter.
The KMS application will encrypt the keys and hide them on the server.
Roger Kay, an analyst at Endpoint Technologies Associates Inc., said SPP should "significantly tighten" up the leakage of volume license keys to pirates. "This should have an inhibiting effect, though the hard core pirates will work hard to get around this stuff. I don't think [SPP] will be that much hassle [for companies]."
Frank Yawn, an IT manager at Time Warner Cable Inc.'s office in Greensboro, N.C., expects SPP will probably "add another layer of complexity" to his work. "I personally feel security of our keys is pretty adequate," he said. "If I can't trust my employees with the key and a Windows CD, then maybe I need to re-evaluate my employees."
Cori Hartje, director of Microsoft's Genuine Software Initiative, said that companies that still have their Vista volume keys lost or stolen and used by pirates won't be penalized, though they may be required to reinstall and change their key -- a process simplified by KMS.
For consumers and small businesses, SPP may prove to be simpler than the current Windows Genuine Advantage (WGA) program for Windows XP. Those installing or upgrading to Windows Vista will have their license keys simultaneously and invisibly validated in the background. For customers who get Vista preinstalled on new PCs from big vendors such as Dell Inc. and Hewlett-Packard Co., the one-time validation will have already been done by the original equipment manufacturer.
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!