In a world with zero-day attacks, phishing and pharming, the lives of sys admins using Microsoft technology just got a little more complicated – at least if they’re planning to adopt Microsoft Vista or Windows Server Longhorn
Their anti-piracy features are designed to shut out users who have illegally obtained their versions of Vista or Longhorn, when the applications become available.
According to the Business Software Alliance, a staggering 35 per cent of software worldwide has been pirated. In 2005, that meant the industry lost US$35 billion. Microsoft is determined to stop the hemorrhaging.
But with the Microsoft Software Protection Platform (SPP), it’s the companies who buy legitimate volume licensing from Microsoft who will foot the bill for the Band-aid in the form of increased time and resources.
Currently, when businesses acquire multiple licences from Microsoft they are given a key that can be reused an unlimited number of times. These keys are sometimes stolen, and can be found on the Internet.
Microsoft wants to change this to make the keys more difficult to obtain. Users will be given two options under SPP.
With the first, multiple activation key service, keys given to users will activate a limited number of licences. With the second, key management service (KMS), enterprises will have to place KMS on a server that holds an encrypted key that will authenticate systems and require them to be reactivated every 180 days. The first method will likely be used by small business and the latter by enterprises.
Systems that aren’t properly authenticated in 30 days will operate in reduced functionality mode unless users activate their product. Users who are locked out will be able to use the Internet for about an hour before they are logged off. They will be given warnings during the 30-day period, and those warnings will increase in frequency as zero-day approaches.
Activating keys will take enterprises more time and resources than before. And, some might wonder, to what end?
It’s only a matter of time before hackers crack KMS and get their hands on the newly encrypted keys.
Still, Microsoft does have the right to protect its software from pirates, and just because they will eventually up the ante, that doesn’t mean it shouldn’t act at all. In fact, it probably should have made some kind of move to better safeguard the keys earlier.
However, (sometimes deliberately) naive small businesses that unsuspectingly buy software from untrustworthy resellers might find themselves suddenly locked out of their systems – which these days would be akin to trying to operate without a phone.
The same goes for small businesses whose IT department consists of a power user who might not correctly activate legitimate versions of Vista.
Being locked out could be extremely costly and potentially even fatal to small businesses. Of course, it can be argued that the businesses have no one else to blame but themselves and they should have known that the lower cost for which they got their systems was too good to be true.