Microsoft will change the user experience of its automatic anti-piracy checks in Windows Vista and also make it harder for hackers to bypass the system in the first service pack for the OS due out early next year.
Once Windows Vista Service Pack 1 (SP1) is installed on a PC, that computer will no longer go into limited functionality mode if a user or administrator fails to activate Vista on that system in 30 days or if the system fails Microsoft’s Windows Genuine Advantage (WGA) validation, which checks to see if a version of Vista is pirated or counterfeit. In Vista, WGA is called the Software Protection Program feature.
In limited functionality mode, a computer will shut down after 60 minutes and then allow only browser use. Now, instead of going into that mode, a version of Vista that has not been activated in 30 days will start up with a black screen and a dialogue box that gives users the choice of activating Vista now or later, said Alex Kochis, a group product manager at Microsoft.
If users choose to activate now, the screen prompts will lead them through the proper activation system. If users choose to activate later, all the usual functions of Windows will start up, but with a black screen in the background instead of whatever customized background screen a user had set for the system.
Then, after 60 minutes of use, a balloon dialogue box will appear on the screen reminding the user to activate Vista. It also will reset the background to black even if a user had replaced the black screen with a customized view.
The experience will be similar for machines that fail the WGA validation, except that users will be reminded that their copy of Vista is not valid and that they need to purchase a valid copy of the OS.
Kochis said it was feedback from business and enterprise customers that inspired Microsoft to make the changes to the user experience. Many of these customers have been waiting until SP1 to upgrade to Vista, which means Microsoft has gotten their feedback on the Software Protection Program only recently. SP1 is expected to be available in the first calendar quarter of 2008.
However, Kochis said on Monday that Microsoft’s anti-piracy checks and other efforts to combat piracy — including lawsuits brought against alleged counterfeiters — are working. He said the rate of piracy for Vista to date is half the rate it was for XP during the same stage of its release cycle.
Business and enterprise customers were concerned about the idea that desktop computers in their organizations would cease to function in the usual way if a machine were not activated or validated properly, Kochis said.
“In some cases, it was a simple reaction to this concept, as in ‘We don’t like this,'” he said. The complexity of getting a large number of users up and running again on Vista was also a concern.
In addition to these user-experience changes, in SP1 Microsoft also will include code to combat two of the most common hacker workarounds to the WGA system — OEM Bios and Grace Timer exploits — and their variants, Kochis said.
Many customers were unhappy with the way Vista’s Software Protection System and the compulsory WGA checks for XP worked, as there were initially bugs in the systems that would deem valid versions of the OS invalid. Hackers came up with ways to bypass the system not only for nefarious purposes, but also for users who were frustrated by system errors.
The OEM Bios exploit bypasses the check by mimicking what Windows looks like during a normal installation by an OEM, thus fooling the anti-piracy check by appearing to be a genuine copy of Windows.
The Grace Timer exploit allows a hacker to modify the 30-day activation system so an indefinite number of days or years can be set as the time the user has to validate Vista.
Microsoft also is building a feature into SP1 that can find new hacks in counterfeit systems and send out updates to Windows to stop new exploits before they can be used, Kochis said.
The pirating of Windows has been a perennial problem for Microsoft, particularly in developing countries where Windows is too expensive for many people to purchase. Microsoft and agencies that track piracy, such as the Business Software Alliance, claim piracy costs software vendors billions of dollars a year in revenue.
Microsoft began coming down hard on software piracy two years ago when it introduced WGA, which initially required users to validate their copies of Windows if they wanted to use Microsoft’s update services.
That program expanded into the automatic validation built directly into Vista. Many have criticized Microsoft’s anti-piracy tactics not only for failing to work properly, but also for being generally intrusive, since they communicate directly with a user’s PC and send information back to Microsoft.
