Microsoft's plans to stop people pirating the next version of Windows have suffered a setback. A German computer magazine has found weaknesses in the piracy protection system built into Windows XP.
The weaknesses could mean that in up to 90% of cases users can circumvent the copy protection system. But Microsoft said that the protection system would be much stronger and harder to defeat when the final version of XP is released later this year.
Component count
In a bid to combat piracy Microsoft is introducing a product activation system into the XP versions of its software. Activating a product involves contacting Microsoft for an identification number that is then combined with the serial numbers of the components inside your computer to create a unique identifier.
Big changes to the hardware in a machine could mean that users have to contact Microsoft for a new identification number to re-activate their software.
By tying software to individual machines Microsoft hopes to stop its products being run on more machines than they are licensed for.
But now German computer magazine Tec Channel has analysed the product activation system that is being used in the test, or beta, versions of Windows XP and found that, in many cases, it can be compromised by making simple changes.
File fiddling
When Windows XP is first installed and activated it generates a file called wpa.dbl that stores information about the configuration of your machine.
Changes to any one of the ten components or serial numbers that this file watches are logged. When three changes have been made the wpa.dbl file is deleted forcing the user to contact Microsoft to reactivate the software.
But Mike Hartmann, a journalist at Tec Channel, has found that the ability of the wpa file to spot piracy can be easily compromised.
In tests Mr Hartmann installed and activated XP, then saved a version of the wpa file that was generated. He then changed components on the test machine so XP had to be re-activated. However, copying the old version of the wpa file back in the Windows system directory stopped requests for reactivation.
Piracy problems
The activation was also compromised when XP was fooled into thinking that a desktop PC was a laptop in a docking station, rather than a self-contained machine. In this configuration some components that wpa watches would be in the docking station rather than the portable computer. XP dutifully ignored any changes made to these components.
In total Mr Hartmann found a way to make the Windows XP activation technology ignore six of the ten components that it monitors. Mr Hartmann said another two can vary in only a small number of ways among all machines making it possible to create a "universal" wpa file that should activate XP on most PCs.
"With some smart tools that do automatic matching of hardware and activation-files it would be possible to 'activate' nearly 90 percent of home-user machines without Microsoft knowing anything about it," Mr Hartmann told BBC News Online.
Mr Hartmann expects to see activation file sites springing up on the web that offer wpa files tied to PCs with particular configurations thus ruining Microsoft's chances of cutting piracy.
"Should Microsoft stick with current version of wpa they will have wasted lots of money for call-center-employees, webservers and the technology itself," he said.
But a spokeswoman for Microsoft said that the version of the activation system that is in the pre-release versions of Windows XP is weaker than that which will ship with the finished version.
"The things that have been highlighted as a way of potentially bypassing activation will not be in the final code," said the spokeswoman. "The final code is going to be very different to what we have now."
"Product activation is not completely fixed in place at this time," she added
http://news.bbc.co.uk/2/hi/science/nature/1448869.stm
Companies are always wanted to find new ways to prevent piracy. Microsoft is one of these companies, this time by introducing XP version is trying to overcome previous defect which was security problem. This new version has this security system; Activating a product involves contacting Microsoft for an identification number that is then combined with the serial numbers of the components inside your computer to create a unique identifier. Also this security system is so strong and unreachable for hackers but still there is some problem for XP activation the problem can be seen in the uploaded video the thing is 'activate' nearly 90 percent of home-user machines without Microsoft knowing anything about it," Mr Hartmann told BBC News Online.
The weaknesses could mean that in up to 90% of cases users can circumvent the copy protection system. But Microsoft said that the protection system would be much stronger and harder to defeat when the final version of XP is released later this year.
Component count
In a bid to combat piracy Microsoft is introducing a product activation system into the XP versions of its software. Activating a product involves contacting Microsoft for an identification number that is then combined with the serial numbers of the components inside your computer to create a unique identifier.
Big changes to the hardware in a machine could mean that users have to contact Microsoft for a new identification number to re-activate their software.
By tying software to individual machines Microsoft hopes to stop its products being run on more machines than they are licensed for.
But now German computer magazine Tec Channel has analysed the product activation system that is being used in the test, or beta, versions of Windows XP and found that, in many cases, it can be compromised by making simple changes.
File fiddling
When Windows XP is first installed and activated it generates a file called wpa.dbl that stores information about the configuration of your machine.
Changes to any one of the ten components or serial numbers that this file watches are logged. When three changes have been made the wpa.dbl file is deleted forcing the user to contact Microsoft to reactivate the software.
But Mike Hartmann, a journalist at Tec Channel, has found that the ability of the wpa file to spot piracy can be easily compromised.
In tests Mr Hartmann installed and activated XP, then saved a version of the wpa file that was generated. He then changed components on the test machine so XP had to be re-activated. However, copying the old version of the wpa file back in the Windows system directory stopped requests for reactivation.
Piracy problems
The activation was also compromised when XP was fooled into thinking that a desktop PC was a laptop in a docking station, rather than a self-contained machine. In this configuration some components that wpa watches would be in the docking station rather than the portable computer. XP dutifully ignored any changes made to these components.
In total Mr Hartmann found a way to make the Windows XP activation technology ignore six of the ten components that it monitors. Mr Hartmann said another two can vary in only a small number of ways among all machines making it possible to create a "universal" wpa file that should activate XP on most PCs.
"With some smart tools that do automatic matching of hardware and activation-files it would be possible to 'activate' nearly 90 percent of home-user machines without Microsoft knowing anything about it," Mr Hartmann told BBC News Online.
Mr Hartmann expects to see activation file sites springing up on the web that offer wpa files tied to PCs with particular configurations thus ruining Microsoft's chances of cutting piracy.
"Should Microsoft stick with current version of wpa they will have wasted lots of money for call-center-employees, webservers and the technology itself," he said.
But a spokeswoman for Microsoft said that the version of the activation system that is in the pre-release versions of Windows XP is weaker than that which will ship with the finished version.
"The things that have been highlighted as a way of potentially bypassing activation will not be in the final code," said the spokeswoman. "The final code is going to be very different to what we have now."
"Product activation is not completely fixed in place at this time," she added
http://news.bbc.co.uk/2/hi/science/nature/1448869.stm
Companies are always wanted to find new ways to prevent piracy. Microsoft is one of these companies, this time by introducing XP version is trying to overcome previous defect which was security problem. This new version has this security system; Activating a product involves contacting Microsoft for an identification number that is then combined with the serial numbers of the components inside your computer to create a unique identifier. Also this security system is so strong and unreachable for hackers but still there is some problem for XP activation the problem can be seen in the uploaded video the thing is 'activate' nearly 90 percent of home-user machines without Microsoft knowing anything about it," Mr Hartmann told BBC News Online.
No comments:
Post a Comment