Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
[OT] More info about Windows XP's new Activation scheme
  • From: wilson@xxxxxxxxxxx (Jonathan Wilson)
  • Date: Fri, 25 May 2001 14:48:59 -0500
  • Message-id: <5.1.0.14.0.20010525144742.0277efe0@xxxxxxxxxxxxxxxx>
Sorry I don't have the URL this came from.

>Windows Product Activation: More Details
>In last month's Windows 2000 Magazine UPDATE Special Edition, I
>explained what I knew about the new Windows Product Activation feature
>built into Windows XP Professional, Windows XP Home Edition, and the
>various flavors of Windows 2002 Server. (In case you missed the
>fanfare--Microsoft has revealed the product name of what we've been
>calling "Whistler Server"--Windows 2002 Server.) Many of you--hundreds
>of you--responded with interesting and helpful insights. A particularly
>interesting response came from one of the Microsoft folks working on
>product activation, Allen Nieman. Nieman is a product manager in the
>Licensing Technologies group. He was kind enough to spend about an hour
>and a half with me on the phone to fill in more details about how
>product activation works, and I can't thank him enough for his help.
>Because I didn't have all of the information about the Windows
>activation process last month, I had to speculate a bit, so this month
>I'll pass along what he told me.
>I'll begin with more specifics about what product activation does. When
>you install a product that requires activation, it asks that you
>activate it within 30 days (or that's what the final product will do;
>it's 14 days in the beta). During the activation process, the OS
>inventories your hardware and summarizes it as a single 50-digit string.
>The hash is, I'm told, a one-way function, meaning that although a
>particular set of hardware will generate a particular set of digits,
>reversing it isn't easy, so merely knowing the 50 digits about your
>system wouldn't tell me what size and type of hard disk you owned. But
>do you believe that's all that Microsoft is gathering? A capture of the
>transaction shows that a very small amount of data going over the wire
>to Microsoft, so it doesn't look as if Bill is uploading your
>portfolio.
>Additionally, you can choose to activate your OS by calling Microsoft
>and reading the 50-digit number to a carbon-based life form (rather than
>sending it to a silicon-based server). The recipient will then read a
>42-digit number to you, which you key in to complete your activation.
>Unfortunately, that's a one-time-only 42-digit value; should you need to
>reinstall the OS on that system, you must call Microsoft to get another
>code.
>As I explained last month, a Microsoft server then stores your 50-digit
>code and your product key in a database. If someone tries to activate a
>different machine using your product key, the database will see that
>someone's tried to install the same copy of the OS on two different
>machines and will refuse to authorize the activation. Additionally,
>every time you boot that system, the system recomputes the 50-digit
>value and, if it's too different from the one used to activate the
>system in the first place, the OS will demand that you once more connect
>to the Internet to reactivate your copy. Small hardware changes won't
>require reactivation. If, however, you lend your neighbor your Windows
>XP CD-ROM and product key and he installs it on his system and tries to
>activate it, the Microsoft server will see a radically different set of
>hardware trying to activate an already activated copy of Windows XP, and
>will tell your neighbor's system not to activate itself.
>But how much hardware difference is "too much"? Nieman wouldn't say
>because (1) Microsoft hasn't finished Windows XP yet, so anything he'd
>say might change, and (2) he didn't want to make life easier for
>pirates. A reasonable answer, but I argued that a determined bunch of
>people with a closet full of hardware and a day or two to play around
>could (and would) soon figure that out, so why not just release the
>information anyway? He demurred, but told me to stay tuned, because
>Microsoft might publish that information come shipping time anyway.
>But what about when I buy a new machine, FDISK the old one, and put my
>copy of Windows XP on it--won't Microsoft refuse to activate Windows XP
>on that new system, thinking that I'm already running it on my old
>system? No, Nieman said--Microsoft will trust you and approve activating
>Windows XP on the new system, deactivating it on the old.
>Rampant piracy among American small businesses and home users motivates
>the whole approach, according to Nieman. Microsoft believes that on the
>average, those folks use four copies of a given piece of software but
>pay for only one. (The company reckons the ratio outside of the United
>States to be even higher.) Microsoft acquired those numbers from the
>Business Software Alliance (BSA--see the URL listed at the end of the
>column), an organization that finds and fines software pirates. I've
>never seen the methodology that led the BSA to those numbers (which have
>been floating around for some time), and I personally don't believe
>them. That 75 percent of the small office/home office (SOHO) software is
>pirated seems a bit farfetched and, I think, insulting. And if Microsoft
>truly believes that its home users--you know, the evening and weekend
>versions of the people who use its commercial products by day--are
>stealing 75 percent of the Microsoft products they use, that degree of
>piracy would be pretty important news to Microsoft's stockholders,
>wouldn't you think? "Here at Microsoft, we have great products, but
>before you invest, you really ought to know that three out of four
>people who use our products don't actually pay for them." Shouldn't that
>information be in the company's annual report or Securities and Exchange
>Commission (SEC) filings?
>Actually, beyond what you or I think, it's a matter of law: If Microsoft
>believes in those piracy figures, the company must disclose that
>information in its SEC filings. But other than one vague reference to
>piracy in its 10-K filing for 2000, Microsoft is silent about piracy--no
>numbers, percentages, or damages to the bottom line are cited.
>No, I'm not suggesting that Microsoft's in violation of investment
>regulations for not writing "The Prospectus of Penzance"--because I
>believe that the four-to-one ratio is no more than an exaggeration that
>provides a convenient bit of self-justification for some industry
>pundits. But we are talking legal issues here. After all, I pay for all
>of my software because the law tells me to, not necessarily because I
>want to. And if the irritation of activation will become part of my life
>because of a wave of piracy of that supposed magnitude, surely Microsoft
>should alert its investors to that piracy, by law.
>And thinking about finances led to another question: What happens if
>Microsoft goes out of business? No one could activate copies of Windows
>XP. If Microsoft disappeared, so would your ability to use its software
>during the inevitable reinstalls. And no, I don't think Microsoft is
>going belly-up any time soon (unless it keeps up this product activation
>stuff), but Nieman said that he hoped that this product-activation
>approach would turn out to be an effective way to protect software
>companies of all kinds, including many not as sturdy as Microsoft. I'd
>hate to think that if Intuit disappeared, all of a sudden I wouldn't be
>able to get to my checkbook or portfolio information!
>Despite the many other things to consider, I'm about out of space. I
>don't want to sign off, however, without answering a frequent reader
>question generated by last month's column. I explained last month that
>product activation wouldn't apply to those using Open, Select, or
>Enterprise copies, but many of you disagreed, telling me that your Open,
>Select, or Enterprise Beta 2 copies require it. According to Microsoft,
>that's an issue with the beta only. Nieman said that the final copies of
>Windows XP and Windows Server 2002 won't require activation--so scripts,
>Ghost, Remote Installation Services (RIS), and the other rollout tools
>that we know and love will work without a hitch in Windows NT's latest
>incarnation. And when asked whether Windows XP would target SOHOs as a
>preparatory step to visiting the activation process on bigger customers
>next time, Nieman STRONGLY maintained that Microsoft had no intention of
>doing that. The company feels that it has the piracy issues pretty much
>under control in large organizations.
>I repeat in closing that I fully agree that Microsoft has a right to
>defend its copyrighted works; and I hope that the company will continue
>to do so. But placing a burden of annoyance on its existing customers
>seems unreasonable, particularly when the only reason that Microsoft can
>impose product activation is its pre-eminence in the market. As I said
>last month, could Microsoft have made such a move when Windows 3.1 came
>out? Sure. But we'd have all bought OS/2 instead. And that's the point:
>when you've got competition, then you can do a lot of things that you
>CAN'T--or at least shouldn't--do once you're a monopoly.
>http://www.bsa.org
>Mark Minasi
>Senior Contributing Editor, Windows 2000 Magazine
>help@xxxxxxxxxx

----------------------------------------------------
Jonathan Wilson
System Administrator

Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com


< Previous Next >