Microsoft’s upcoming anti-piracy measures for Windows Vista

Microsoft Corp. announced that it was killing the “kill switch” built into Windows Vista.

While it has never recognized the term “kill switch,” Microsoft’s beefed-up antipiracy software could effectively render a PC running Vista unusable for anything other than paying for a legitimate product key. Microsoft called that “reduced functionality.”

This fall, Apple iPhone owners called the practice “bricking.” In all cases, users hated the concept and haven’t been shy about sharing their opinions.

Someone at Microsoft must have been listening. But because the company’s anticounterfeit scheme is both jargon-heavy and inherently confusing, an FAQ seemed like a good idea. Here’s the scoop on the modifications.

What changes did Microsoft make? If you’re thinking that Vista’s product activation — or its validation and revalidation — are history, think again.

Only the results of not activating a copy of Vista and of failing validation have changed, according to Alex Kochis, the senior product manager for Microsoft’s Windows Genuine Advantage (WGA) program.

Specifically, Microsoft is ditching what it has called “reduced-functionality mode” and “nongenuine,” the states that came into play when users didn’t activate their copy within 30 days, activated it with an invalid product key or failed the persistent anticounterfeit validation tests that Vista did on itself from time to time.

In the worst-case scenario — reduced-functionality mode — nothing but Internet Explorer worked, and then only for an hour at a time before the operating system automatically logged off the user.

Nongenuine was more forgiving, but even then certain Vista features were disabled, including the Aero user interface, the ReadyBoost disk-caching tool and some parts of the Windows Defender antimalware protection. Nag notices to get legit were also slapped on the screen.

So what’s the new plan? Rather than dial down the operating system’s feature list, Microsoft will instead add to the nagging.

This is what users will see when they migrate to Vista Service Pack 1 (SP1) next year:

— During log-in, users must wait 15 seconds before clicking the “Activate Later” button in the two-option dialog to proceed to the normal Vista desktop.
— A new black background prominently marks a machine as running pirated — or at best, questionable — Vista.
— A “nongenuine” label appears in the lower right-hand corner of the screen.
— Every hour, an “Activate Now” alert pops up.

Under what circumstances will users see these? As before, if users don’t activate Vista with a legitimate product key within 30 days, the black screen and nagging reminders begin appearing on Day 31, Kochis said.

Actually, the nagging starts way before then. Notices to activate appear daily starting on Day 3 of the 30-day grace period, and they continue through Day 27. During Days 28 and 29, however, the notices show up every four hours. On Day 30, they pop up hourly.

The 15-day grace period for copies that have been preactivated by the reseller also remains unchanged, Kochis said. “This is extremely rare and only appears if the association between that specific computer and the operating system is broken,” he said.

However, if a users swaps out a reseller’s machine’s motherboard for one from another vendor, Vista starts a 15-day countdown. An inability to reactivate brings the black screen and nag notices starting on Day 16.

Ditto for the infamous three-day grace period if Vista determines that the user has made major changes to the PC, which by its logic could mean that the operating system has been installed on another machine (when in actuality, the original hardware may have been only upgraded).

The usual notices about activating appear during those three days, said Kochis, but on Day 4, the new effects kick in.

The changes will also be seen if Vista won’t revalidate online, which is required to download some software from Microsoft’s site. Vista also periodically revalidates, or tries to, even without any download attempts; that’s part of Microsoft’s scheme to limit the damage done by the theft or leak of volume license keys.

“If Vista fails validation online, which is much more deterministic and may be because the [product] key has been blocked, the black screen and notices can start right away,” Kochis said.

What prompted the change? Kochis said customers, primarily corporations and other large-volume users of Windows, told Microsoft they wanted something different.

“We did a lot of research with customers before RTM [release to manufacturing, a development stage met in November 2006], most of them consumers and small businesses,” Kochis said.

“A lot of that research pointed us toward what WGA is now, and RTM was consistent with what we heard from those users. Following Vista’s release, we started to get feedback from large customers about the [activation and validation] experience, especially recently. As those kinds of customers focused on Vista deployment, we started getting more feedback.”

What kind of feedback? Kochis wouldn’t get specific, but when asked if by feedback, he meant enterprise customers had told Microsoft that they were unhappy with the current behavior of Vista or that they would not implement it with the reduced-functionality and nongenuine modes, Kochis’ response was simple.

“Yes,” he said.

So, the August meltdown of Microsoft’s validation service had nothing to do with the decision?

Users bad-mouthed Microsoft’s antipiracy policies long before Vista’s debut — in July 2006, it was bashed for phoning home daily to company servers — but tempers flared hottest in last August when thousands of users’ copies were pegged as pirated because of a server outage at Microsoft.

It would be natural to make a cause-and-effect connection between that incident and this week’s announcement. Wouldn’t it? Not according to Microsoft, which denied any connection. “Actually, it wasn’t the reason,” Kochis said. “It didn’t relate at all to the decisions or affect the feedback from customers.”

When will the changes be made? Vista SP1, now scheduled to release in final form in the first quarter of 2008, will include the new activation and validation aftereffects.

Although Vista SP1 has been in testing for weeks and a release candidate version (RC1) will be made available to anyone who downloads it next Tuesday, the changes won’t be implemented in any prefinal version, Kochis confirmed.

The modifications will be added to every version of Vista, in all languages, and will be part of the operating system delivered worldwide.

Any surprises? Microsoft will also include fixes for a pair of activation hacks — Kochis called them “exploits,” although there is no evidence that they infect a machine with malware — when it changes activation and validation in SP1.

What hasn’t gotten much play in the press, however, is that Microsoft is also adding another update component to Vista so it can deliver fixes for any future hack. Kochis again used security terminology, dubbing the fixes “signatures.”

“SP1 will natively disable two [activation] exploits,” Kochis said, “and we will provide new updates in the form of signatures that will enable the same sort of behavior.”

Those new fixes, Kochis said, will be delivered via the usual update mechanisms of Windows Update, Microsoft Update and the WSUS (Windows Server Update Services) add-on to Windows Server.

Users will be told of all such “signatures” updates, and will have the opportunity to decline them, Kochis said. (The question was prompted by several WSUS and Windows Update snafus this fall, including overrides of IT administrators’ settings and a behind-the-scenes update to Windows Update that users weren’t told about.)

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.