Microsoft updates validation tool to detect more piracy methods

Microsoft is releasing a smarter tool to detect whether your version of Windows 7 or Vista is the real deal, but you don’t have to use it if you don’t want to.

Windows Activation Technology (WAT) — also known as the Windows Genuine Advantage (WGA) program — was initially used on Windows XP computers.

It will be updated Feb. 16 on Microsoft’s Genuine Web site, and pushed out as an “important” level update through Windows Update Feb. 23. The tool will detect more methods of pirating Windows.

Related Story

Black background, persistent notices await those who don’t activate Windows 7

Hackers have bypassed Windows 7 validation by altering a computer’s master boot record and tweaking Windows registry settings, says Joe Williams, worldwide general manager, Microsoft’s Windows Genuine program.

“We’ve really had to evolve and move away from looking for compromised keys, which is the way Windows XP was pirated,” he says. “We’re looking for telltale footprints of activation hacks.”

Despite being marked as an important update for Windows users, it won’t be required, Williams adds. Users who don’t install the tool won’t be penalized with any loss of functionality, and users who do install it can choose to remove it.

That’s a welcome departure from the Redmond-based software giant’s past practices, says Michael Cherry, analyst with Directions on Microsoft. The Seattle-based analyst firm focuses on following Microsoft technology.

“That makes me feel a lot better about it,” he says. “In the past, it was optional to install, but once installed, couldn’t be uninstalled.”

In the past, Microsoft handicapped non-activated PCs by increasing the number of on-screen notifications received, and forcing a black background. Vista users who didn’t activate had to wait for 15 seconds to clear a notification and continue using their PC. This was changed with Vista’s Service Pack 1.

The new WAT will not reduce functionality in any way, Williams says.

“Everything the user sees is purely a visual cue,” he says. The feedback was that past methods provided an unacceptable experience, he said.

Related Story

Microsoft funds anti-piracy exhibit at Royal Ontario Museum

Microsoft’s Genuine Advantage program has had its share of controversy.

A lawsuit was filed against the program in 2006, characterizing it as spyware didn’t adequately describe the tool’s function. The complaint also said Microsoft collected private and identifying information, and beta versions of the tool sent information to Microsoft every day.

After Microsoft and the complainants agreed to drop the lawsuit, a judge dismissed the case Feb. 11. Microsoft explained the daily information was only a beta test, and more recent versions only do so every 90 days.

The lawsuit “was certainly a variable” in determining the new WAT features, Williams says. “A set of customers, or this time a set of lawyers that are looking for money certainly makes us look at our design process.”

No personally identifiable information is collected from the tool, he adds. WAT connects with Microsoft servers every 90 days to check for updates that could detect new piracy methods. A hash code of the computer that can specify a unique machine is created, but not combined with an IP address to identify an individual.

“We don’t keep a list of machines,” Williams says. “It’s just to understand when we have repeat visits.”

Analyst Cherry isn’t concerned with the information Microsoft collects with WAT. Microsoft is just interested in checking to see if a machine is activated and generate some statistics about piracy, he says. But Microsoft may be asking for users to prove their software is genuine too often.

There are two occasions when it’s perfectly valid for them to check, he says. “The first time is when I purchase the software and the only other time is when I request service from them.”

Microsoft argues pirated copies of its software can pose a threat to consumers and businesses that install them. A 2006 IDC study sponsored by the software giant found that a quarter of the Web sites offering crack tools attempt to install malware on the user’s machine, and that 59 per cent of crack tools downloaded from peer-to-peer file sharing contained malware.

But Cherry is dubious of Microsoft’s claim to altruism.

“I’m sure pirated versions of Windows contain evil software that shouldn’t be there,” he says. “Let’s not try to cloak this [by saying] it’s good for me, the consumer. It’s really good for Microsoft.”

Microsoft’s intent with WAT is to stop casual piracy, he adds. Many people misunderstand that one copy of Windows can’t be installed on more than one computer legally, and try to install it on both their laptop and desktop PC, for example.

Meanwhile Microsoft’s Williams says his company wants to help hapless victims of counterfeit — customers who want to know if they are using genuine software or not. The tool won’t bust those who are knowingly running pirated software.

“We expect if they found this notification on this system, they’d just choose to wipe it,” he says. “We’re realistic there’s a segment of the market we’re not going to slow down.”

Validated Windows will be required to download some optional add-ons such as Microsoft Security Essentials and Windows Media Player 11. But verification can be accomplished by running an ActiveX control on Microsoft’s Web site that is far less comprehensive than WAT.

Microsoft also says it will provide a complimentary copy of Windows to anyone who has been duped into buying a high-quality counterfeit version.

Microsoft’s information gathering

Williams emphasizes that Microsoft doesn’t collect personally identifiable information with its activation tool.

Analyst Cherry is confident that the information collected doesn’t allow the company to put together any sort of profile on its users, and Microsoft can’t know what software they’re running.

Here’s a list of the information sent to Microsoft through WAT. Most of this is converted into a hash code that represents a specific machine, Williams says.

  • Computer make and model
  • Version information for the operating system and software
  • Region and language settings
  • A unique number assigned to your computer by the tools (Globally Unique Identifier or GUID)
  • Product key (hashed) and Product ID
  • BIOS name, revision number and revision date
  • Hard drive volume serial number (hashed)
  • Whether the installation was successful if one was performed
  • The result of the validation check, including information about any activation exploits and any related malicious or unauthorized software found, disabled or removed
  • The name and a hash of the contents of the computer’s start-up instructions file (commonly called the boot file) to help Microsoft discover activation exploits that modify this file
  • Your Internet Protocol (IP) address may be temporarily logged when your computer connects to a website or server, but this information is not linked to a WAT or WGA validation, and it is routinely deleted

Follow Brian Jackson on Twitter.

Share on LinkedIn Share with Google+
More Articles