Microsoft always says it opposes "software pirates" who sell thousands of unauthorized copies of Windows.
But the Redmond company has made things a lot easier for pirates by adding a line to the Registry that can be changed from 0 to 1 to postpone the need to "activate" Vista indefinitely.
Activation doesn't stop true software piracy
As most Windows users know, Microsoft has required "product activation" since the release of Windows XP in 2001. XP must be activated by communicating with servers in Redmond within 30 days of installation. By contrast, Microsoft Office XP, 2003, and 2007 require activatation before the package is used 5 to 50 times, depending on the version, according to a company FAQ. If a PC has no Internet connection, a user may activate a product by dialing a telephone number in various countries.
The activation process will complete successfully only if the software has not been previously activated, such as on a different machine. If activation isn't completed within the trial period, Microsoft products temporarily shut down some of their features. MS Office loses the ability to edit and save files. After Vista's activation deadline runs out, the user can do little other than use Internet Explorer to activate the operating system or buy a new license.
Microsoft describes its product activation scheme as a way to foil software pirates. However, as I previously described in an InfoWorld Magazine article on Oct. 22, 2001, activation does nothing to stop mass piracy. The Redmond company actually included in Windows XP a small file, Wpa.dbl, that makes it easy for pirates to create thousands of machines that validate perfectly.
Far from stopping software piracy, product activation has primarily been designed to prevent home users from installing one copy of Windows on a home machine and a personal-use copy on a laptop. As I explained in an article on Mar. 8, buying a copyrighted work and making another copy strictly for personal use is specifically permitted to consumers by the U.S. Copyright Act and the copyright laws of many other countries.
For example, courts have repeatedly ruled that consumers can make copies of copyrighted songs or television programs for personal use (not for distribution or resale). This principle is legally known as "fair use." The home edition of Microsoft Office 2007 reflects this principle, allowing consumers to activate three copies of a single purchased product. Microsoft Windows XP and Vista, however, allow only one activation.
Surprisingly, Microsoft has embedded into its new Vista operating system a feature that makes things easier than ever for true, mass software pirates. These tricksters will be able to produce thousands of Windows PCs machines that won't demand activation indefinitely — at least for a year or more.
Leaving the activation barn door open
I reported in a Feb. 1 article that the upgrade version of Windows Vista allows itself to be clean-installed to a new hard drive. The new Microsoft operating system completely omits any checking for a qualifying previous version of Windows. This allows the upgrade version of Vista to successfully upgrade over a nonactivated, trial version of itself.
After my article appeared, ZDnet blogger Ed Bott summarized the secret in a post on Feb. 15. He flatly states, "You satisfied every condition of the license agreement and aren't skating by on a technicality. The fact that you have to use a kludgey workaround to use the license you've purchased and are legally entitled to is Microsoft's fault."
In my own piece, I had speculated that clean-installing the upgrade version of Vista "probably violates the Vista EULA (End User License Agreement)." But more and more computer experts are saying that the procedure is fully compliant with the EULA and, in any event, is perfectly legal.
I wrote a follow-up story on Feb. 15. I reported that Microsoft includes in Vista a one-line command that even novices can use to postpone the product's activation deadline three times. This can extend the deadline from its original 30 days to as much as 120 days — almost four months.
PCWorld.com posted a report on my story on Feb. 17. The magazine quotes a Microsoft spokeswoman as saying that extending Vista's activation deadline as I described it "is not a violation of the Vista End User License Agreement." I'm glad that's clear.
The feature that I've revealing today shows that Microsoft has built into Vista a function that allows anyone to extend the operating system's activation deadline not just three times, but many times. The same one-line command that postpones Vista's activation deadline to 120 days can be used an indefinite number of times by first changing a Registry key from 0 to 1.
This isn't a hacker exploit. It doesn't require any tools or utilities whatsoever. Microsoft even documented the Registry key, although obtusely, on its Technet site.
But dishonest PC sellers could use the procedure to install thousands of copies of Vista and sell them to unsuspecting consumers or businesses as legitimately activated copies. This would certainly violate the Vista EULA, but consumers might not realize this until the PCs they bought started demanding activation — and failing — months or years later.
Source: Windows Secrets
Visit the source site over at Windows Secrets for full details...