Microsoft Software Protection Platform

The Microsoft PR department is gearing up for the software pirates. Released on 10/3/06, this document describes Microsoft’s new anti-piracy efforts. BSA is quoted in the document stating “35% of all software installed worldwide is pirated or unlicensed“. Exactly how that it determined is beyond me (that’s liking quoting population numbers without taking a census). Microsoft also explains its new program called the Genuine Software Initiative (GSI). It wants to make sure its customers have genuine Microsoft software. The original name of the program was the Microsoft Cash Grab (MCG), but that didn’t sound as sexy so they changed it.

In terms of Windows Vista, users have 30 days to activate their operating system. After 30 days, the system goes into a locked down state where-in Windows Defender updates are turned off, Aero Glass is disabled, ReadyBoost is disabled and the only thing you use is Internet Explorer for 1 hour. After one hour, the system locks you out. You cannot even log into safe mode! In addition, if Microsoft detects that your copy of Windows is not genuine (through WGA, see my earlier article) all of these features listed above (except for the Internet Explorer part) are disabled immediately! The other interesting fact is that Windows Vista will run 14 days if you do not enter a product key. I guess this is to allow people to test out the operating system to see if they like it.

Volume licensing has also changed dramatically. No longer can you input a key to get around product activation. There are now two types of VLKs: KMS and MAK. MAKs or Multiple Activation Keys are pretty much like the old VLKs, except that you must activate the copy of Windows. However, once you activate a MAK over the Internet or telephone, it stays activated. A MAK is only allowed a certain amount of activations. For example: during the beta program our MAK was allowed 100 activations. That means we can activate 100 copies of Windows Vista Enterprise on 100 unique PCs. That means if a MAK leaks, Microsoft proactively plugs the hole by blocking the 101st activation from happening.

KMS or Key Management Service works by having one copy of Vista activate all the others. This assumes that the other Vista clients are “well connected” to the KMS (think “LAN”). This model also requires 25 physical machines before the service kicks in (don’t bother with virtual machines: someone tried it in the beta program and found it doesn’t work). Every 180 days, each copy of Vista must report to the KMS at least once, otherwise it deactivates itself.

Key finders won’t work with KMS, because the product key is protected in the trusted store of the KMS. However, key finders should still work on machines with a MAK.

Looking back on Windows XP piracy, we saw that pirates actually figured out the key algorithm to making Windows XP product keys. Microsoft plugged that hole by checking product keys against its database to see if they were ever generated by Microsoft (only keys with a resulting PID of 640 could actually be Microsoft generated). This time around its my guess that pirates will be using legitimate product keys and then use “time-cracks” to get around activation time limits. For example: when Windows XP first came out, pirates just came out with an activation reset crack. Since you have 30 days to activate Windows XP, that meant you just had to reboot once every 30 days. Grab a product key from MSDN and now you have 60 days.

How do you get legitimate product keys? By illegitimate processes! Think of credit card fraud to get legitimate product keys. Think of spyware and viruses that already port cookie information back to 3rd party servers. How much more would it be to grab a 25-character product key from your copy of Windows Vista?

Suffice to say, those pirating bad boys have nothing to do, but crank on Microsoft’s anti-piracy schemes day and night. It’s not a question of “if” Windows Vista’s copy protection will be broken, but “when”. While you are chewing on that, you might want to check out a paper I did on software piracy a few years ago.

Here’s an interesting post made by Chad Harris on on 10/7/06 on SPP, quoted in its entirety:

The problem is not that MSFT is addressing piracy with a legal staff
dedicated to it full time under the direction of Nancy Anderson, Associate
General Counsel.

Of course MSFT faces a huge, sprawling piracy problem as evidenced by the
maps and literature they hve circulated at their meetings from booths
attended by their attorneys and other employees over the years. It is
complicated by the fact that many governments don’t cooperate fully, and
there is a similar situation in India in respect to patents for
pharmaceuticals and in medicine in general in respect to HIV and the Avian
Flu pandemic and Mr. Gates is building on his learning curve in this area
right now.

Microsoft and its partners and its system builders certainly have crucial
concerns over the systemic implications of piracy.

The problem is that MFST is choosing to address piracy in an erratic fashion
that has already shown substantial evidence of inflicting massive collateral
damage and friendly fire on their customers. I hope that if they don’t
change this concept that has already proved to cause significant problems
with WGA in its new incranation as SPP, that they are forced to back off the
way they usually are– they face money loss. If they had been able to make
precise surgical tools, that would be one thing. But they already know that
they are killing Vista and Longhorn Server on boxes that have fully
legitimate licenses and they don’t seem to care. This is evidenced if you
read Ed Bott’s account of how stupidly they fielded the calls and messages
from a major Windows author, expert, and writer of columns on Microsoft’s

I don’t have any doubt there will be substantial litigation and possibly
class action suits for Nancy Anderson’s legal team at Microsoft, and while
many suits are baseless–these will not be and they will be filed by high
quality legal talent.

Ed Bott is doing a stellar job of tracking this, analyzing, and critiquing
this and Ed Bott co-authors one of the most complete and authoritative
Windows references for every operating system including the one that has
pre-sold nearly a million copies, “Windows Vista Inside Out” by Microsoft

Ed Bott’s Bookstore

Ed Bott’s Three Blogs

Ed Bott’s Microsoft Report

Ed Bott’s Windows Expertise/Tips, tricks, news, and advice about Windows and

Ed Bott’s Media Central

Ed Bott’s Columns on MSFT’s Site

The author of one of the major books on Windows OS’s and numerous
articles for MSFT over the year Ed Bott has taken MSFT to task for their
sloppy work with WGA repeatedly in the last few months and the same sloppy
work with SPP and MSFT has had totally ignorant spokes persons speak to
different questioners that are quoted on Ed’s two blogs currently with the
most inane and no knowledgable defenses of WGA which does not work correctly
and SPP which will not work correctly immaginable. They are making a fool
of themselves with the implemenation of WGA and SPP and they are going to
learn to back off when it hits them in the area they worship–their money.

See and note in these articles the inane responses of MSFT representatives
to the author of one of the best selling major books on their major
Operating System software and others–one more example of MSFT’s perception
of the public as stupid and their tin ear contempt for the public who are
their customers and put Windows on 97% of the boxes on the planet.

I want people to note this conversation because it speaks volumes about
MSFT’s inane contracted support and MSFT’s oversight of it and MSFT’s
attitude as to how little it means when they represent themselves to their
customers–this is a conversation that Ed Bott had with “MSFT PSS” probably
Convergys of Ohio contracting:

From Ed Bott at

“I called Microsoft support to see if there is a hidden option to say, “yep,
I’ve got updates turned to manual: it’s okay.” The rep said, “No and why
wouldn’t you want to get the latest updates to Windows.”

I responded with the issues relating to WGA. He spent some time telling me
that WGA was a good thing, etc. I reiterated that I have accepted all the
updates except WGA and just want to review the updates before they’re
installed on my machine.

He told me that “in the fall, having the latest WGA will become mandatory
and if its not installed, Windows will give a 30 day warning and when the 30
days is up and WGA isn’t installed, Windows will stop working, so you might
as well install WGA now.” [emphasis added]

I’m wondering if Microsoft has the right to disable Windows functionality or
the OS as a whole (tantamount to revoking my legitimate Windows license) if
I do not install every piece of software that they send it updates.

That can’t be true, can it? I’m always suspicious of any report that comes
from a front-line tech support drone, so I sent a note to Microsoft asking
for an official confirmation or, better yet, a denial. Instead, I got this
terse response from a Microsoft spokesperson:

As we have mentioned previously, as the WGA Notifications program expands
in the future, customers may be required to participate. [emphasis added]
Microsoft is gathering feedback in select markets to learn how it can best
meet its customers’ needs and will keep customers informed of any changes to
the program.

That’s it. That’s the entire response.

Uh-oh. Currently, Windows users have the ability to opt out of the Windows
Genuine Advantage program and still get security patches and other Critical
Updates delivered via Windows Update. The only thing you give up is the
ability to download optional updates. Hackers have been working overtime to
find ways to disable WGA notification. If WGA becomes mandatory, would it
mean that Microsoft could prevent Windows from working if it determines –
possibly erroneously – that your copy isn’t “genuine”? That’s a chilling
possibility, and Microsoft refuses an easy opportunity to deny that that
option is in its plans.

Over at Ed Bott’s Windows Expertise, I’ve been soliciting feedback from
Windows users who’ve been burned by WGA. So far, I’ve received 20 comments.

Here’s a sampling:

a.. I have an XP Media center with a promise RAID 0 4-disc array. When I
installed the WPA it broke the drivers for the array by causing failed
delayed writes (half of the array just “disapears”.) If I do a system
restore to before the installation of the WPA everything goes back to
working just fine.
b.. [S]ince installing WPA : I’ve had blue screens and a total inability
to boot. I had to run the XP repair function to get the computer to boot. I
had a damaged boot sector on the hard drive. I am running two drives on a
RAID 1 config.
c.. I purchased a SEALED OEM copy of XP Professional. WGA said the license
key was already used. I called MS and they said I should uninstall and buy
another copy. I told them I wasn’t made of money and hung-up.
d.. Microsoft rejected the product key that came with the ThinkPad I’m
using. I had to call in and they gave me another code to enter which
supposedly worked but now I get the blue screen of death about every other
time I reboot. I’ve also lost all internet connectivity.
e.. I sent my Compaq Presario notebook for service repair, and it fails
the WGA check. I have a legal version of windows xp professional on it. But
I have no way to correct this problem.
What’s most disturbing about this whole saga is Microsoft’s complete lack of
transparency on the issue. And before the ABM crowd jumps in with
predictable “What did you expect?” comments, let me argue that Microsoft
actually has a fairly good track record on transparency issues in recent
years. Windows Product Activation is very well documented, and when a
similar uproar occurred in 2001, it was squelched quickly by some fairly
prominent postings from high-level executives who provided details without a
lot of spin. Likewise, the Microsoft Security Response Center has done an
exceptional job at providing quick responses to security issues. (Just ask
Adam Shostack.)

Currently, no one at Microsoft is blogging about this fiasco. No executive
has been quoted on the record about it. There are very few technical details
available, and those that have been published are being tumbled through the
spin machine and spit out as press releases.

If Microsoft really does plan to turn WGA into a kill switch in September,
be prepared for an enormous backlash.”

From Ed Bott on October 5, 2006:

UAC Good; SPP Not So Good

“SPP, on the other hand, is the successor to Windows Genuine Advantage. Both
initiatives have in common a reliance on Orwellian language that appears to
be in the customer’s benefit but is actually a horrible inconvenience and
potentially a nightmare. Despite Microsoft’s attempts to spin the new
program, there’s no advantage for the Windows customer, and the only thing
being protected is Microsoft’s revenue stream.”

Microsoft Issues Warning to VLK Customers Over WGA Fail

Guess there will be a WGA “Kill Switch After All”
Published October 4, 2006 by Ed Bott

Is Microsoft about to release a Windows “kill switch”?

Search on WGA

October 4, 2006 For Vista, WGA gets Tougher

Ed Bott Blog Readers Burned by WGA

WGA is a Mess

Microsoft Kill Switch in Windows Vista and threat to disable Windows (the
so-called Microsoft Software Protection Platform)

Microsoft’s Software Protection Platform: Protecting Software and Customers
from Counterfeiters

Microsoft’s Software Protection Platform: Protecting Software and Customers
from Counterfeiters

White Paper: Software Protection Platform: Innovations for Windows Vista
and Windows Server “Longhorn” Oct. 2006 (.doc file, 2.7 MB)

Microsoft Issues Warning to VLK Customers Over WGA Fail

Phil Liu of Microsoft has reported problems with the Windows Genuine
Advantage authentication method for Volume License Key (VLK) customers and a
temporary work-around.

“Just a heads up on an issue related to (Volume) VLK validation. On Monday
and Tuesday of this week (Oct 2-3), some VLK customers may have experienced
problems with WGA validation. If a Windows XP system with a VLK recently
began failing validation or reporting as non-genuine, then they may
experiencing this problem. The problem was the result of an issue on the
Microsoft server side, and we are still investigating the cause. We regret
any inconvenience this may have caused you, and I am personally working to
get the information you need to resolve this issue.

We do have steps available that affected customers can take to correct the
problem, and we’ll continue to work on solutions and post them on this

Customers who are affected can:
1.. Delete the data.dat file from Cocuments and SettingsAll
UsersApplication DataWindows Genuine Advantagedata (The drive letter will
depend on where the OS was installed)
2.. Revisit to
confirm that the machine is now genuine.
3.. Run wgatray.exe /b from the command line to ensure that the latest
validation is updated for WGA Notifications. This command may not be present
on the user’s machine and should not be considered an error if it is not.
Please ensure that this is run as an Administrator. A reboot may be required
to remove all non-genuine notifications.”

Excellent article Chad!!

– Soli Deo Gloria

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.