In a recent article (Pirates work around Vista's activation feature, IDG News Service, 12/08/06), Nancy Gohring described hacks to circumvent Microsoft Windows Vista’s Key Management Service (KMS). The KMS, part of the SPP process, is designed to prevent piracy of the new Windows operating system while allowing enterprise customers to locally host the licensing process. Since Microsoft has been in business as long as I’ve been an IT professional, I find it hard to believe that they have forgotten the consequences of imposing stringent copyright controls.
In the early days of personal computing, certain companies attempted to impose strict copyright processes on popular software. One that stands out is the early version of Lotus 1-2-3. A license disk had to be in the floppy drive in order to run the program. Putting aside issues of piracy, this was just plain inconvenient for licensed users. This situation created a market for tools to crack the licensing scheme. Once cracked, the spreadsheet software could be run without the floppy disk.
Since those days, any attempts by software companies to impose piracy controls seen as too restrictive have been circumvented by a variety of tools or processes. Add to that the reported problems with SPP, and you have fertile ground for hacking activities to make it all but useless.
As a person who once made a living writing proprietary applications, I am all in favor of users adhering to copyright laws. But imposed restrictions have historically failed to achieve intended results.
How does KMS affect your organization? Would you consider circumventing KMS to prevent business issues caused by the process?
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.