Piracy

Enterprise Vista activation feature hacked


In a recent article (Pirates work around Vista's activation feature, IDG News Service, 12/08/06), Nancy Gohring described hacks to circumvent Microsoft Windows Vista’s Key Management Service (KMS).  The KMS, part of the SPP process, is designed to prevent piracy of the new Windows operating system while allowing enterprise customers to locally host the licensing process.  Since Microsoft has been in business as long as I’ve been an IT professional, I find it hard to believe that they have forgotten the consequences of imposing stringent copyright controls.

In the early days of personal computing, certain companies attempted to impose strict copyright processes on popular software.  One that stands out is the early version of Lotus 1-2-3.  A license disk had to be in the floppy drive in order to run the program.  Putting aside issues of piracy, this was just plain inconvenient for licensed users.  This situation created a market for tools to crack the licensing scheme.  Once cracked, the spreadsheet software could be run without the floppy disk.

Since those days, any attempts by software companies to impose piracy controls seen as too restrictive have been circumvented by a variety of tools or processes.  Add to that the reported problems with SPP, and you have fertile ground for hacking activities to make it all but useless. 

As a person who once made a living writing proprietary applications, I am all in favor of users adhering to copyright laws.  But imposed restrictions have historically failed to achieve intended results. 

How does KMS affect your organization?  Would you consider circumventing KMS to prevent business issues caused by the process?

About

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

6 comments
Tachyon
Tachyon

Microsoft has worked so hard to drive off customers in recent years that I wonder if it's all a scheme to give Linux a large enough customer base to get Microsoft off the government's monopoly list.

JohnMcGrew
JohnMcGrew

I too have been in IT nearly as long as Microsoft, and recall vividly the insane attempts at DRM (then called "copy protection" inflicted upon legitimate users. Things got to the point to where IT people (I don't think they yet called us IT people at that point) were spending more time on resolving "copy protection" related problems than on any other single issue. The last thing that software needed back then (or now, for that matter) was extra code dedicated to making it NOT work properly. And just as with today's DRM, most "copy protection" schemes were defeated within days of release. The only people inconvenienced were legitimate users. After a period of time in larger companies, upper management started to see the real costs imposed by dealing with this nonsense, and ultimately made it policy to no longer purchase any software that used these schemes. "Copy protection" dissapeared almost overnight. So how long will it take this time for management to see how many man-hours are wasted and how many servers have to be devoted only to serving out user liceneses before they say enough is enough, and opt for cheaper or even open-source solutions?

Ole Man
Ole Man

I'm just laughing in my boots. All their activation schemes matters not a whit to hackers and true pirates, it only hinders (and aggravates the hell out of) users like myself that are not a hacker or pirate. Not that I couldn't learn to hack it, but my attitude is, if they want to be that way about it (after i've paid THAT much for it, let them keep their crap. I don't need it that bad (what with Linux improving by leaps and bounds), and don't want it with all them strings attached. When enough people wake up to the facts, they won't be in business long unless they learn to back-peddle faster than they could run forward. And a lot of people are wising up fast, witness (for example): http://www.securityfocus.com/columnists/423?ref=rss

Dave the Computer Guy
Dave the Computer Guy

It?s interesting that Microsoft continues to pour resources into anti piracy software for Windows. Vista has been out now for not even a month and already there are two ways that you can bypass the Windows Validation check. I still say if they would save the money they are using to develop anti piracy software and then use it to lower the costs of the OS then you wouldn?t have so many people trying to copy the software. It?s been proven that any software can be hacked and cracked given time and resources.

shardeth-15902278
shardeth-15902278

The corp. I work for will see that. Almost every support issue that I run into, and am unable to resolve myself, is related to copy protection schemes. I wish I had tracked lost productivity cost, so I could truly quantify how expensive their anti-piracy measures have been for us. I admit I am a little disappointed. I was looking forward to some of the new featues in Vista, But not bad enough to introduce product activation on my home systems (Looks like I will be back to buying bare-bones systems again, I'm not going to pay for an OS I won't use). Sadly, I doubt many large corp's will leverage their buying power to influence software companies' use of anti-piracy mechanisms. Too bad.

Tachyon
Tachyon

If Microsoft would just concentrate on making better quality products and selling them at cheaper prices, they might not have so many people pirating their products. The second change that would buy them a lot of good will would be to stop treating customers like criminals, and collaborating with content providers who do the same. Remove all the security nonsense and DRM and treat customers like people. Everyone but Microsoft these days seems to get the fact that the new business model is services anyway. Look at Linux and other open source products. How are companies like MySQL-AB making money? Service contracts. The sad thing is that Apple has jumped onto the "treat teh customers like criminals and screw them for all their worth" bandwagon with both feet. No company can be both a content seller and content deliever at the same time and do good business. You will always treat your customers in a way that will not endear you to them. Look at Sony since they got into the Movie and Music business. It's hurt their business on both fronts. Don't think so? Anyone own a Walkman brand music player anymore? No? Why? Since they also became a content provider, their products are more designed to protect their content than to please consumers. The Walkman DAP's pretty much suck. THe first one's didn't even support MP3. They've done it again with the PS3. Many customers are put off with the DRM that had more thought put into it than the new PS3 user interface. Look at Microsoft's Zune. All of it's best features are ruined/crippled by DRM greed concerns. As soon as you make your own customers your enemy, your business is doomed.

Editor's Picks