RealTime IT News

Microsoft Not Hacked Off by 'Mad Scientist'

Microsoft  raises its hackles whenever hackers or software pirates threaten to disrupt its business. However, the Redmond, Wash.-based software vendor downplayed the importance of a hack currently getting its 15 minutes of cyber-fame.

The OEM Activation (OA) hack and its variant are sniffing around Windows systems, but, according to Alex Kochis, senior product manager for the Windows Genuine Advantage (WGA) group, they are not a priority, as Microsoft saves that for "hacks that pose threats to our customers, partners and products."

The hack in question doesn't rise to that level because it doesn't scale easily and, therefore, won't disrupt its channel partners' business, Kochis said in a blog post, adding that the company isn't going to try "to stop every 'mad scientist' that's on a mission to hack Windows."

The OEM Activation (OA) hack exploits a marker in the BIOS of motherboards installed by original equipment manufacturers (OEMs) that Microsoft installed to make it easier for its large OEM and retail channel partners to authenticate its software.

The system enables a copy of Windows to look for that marker in the BIOS of the motherboard and, when found, confirm it was booting on a PC that was sold by a specific OEM and licensed to boot Windows.

Over the years, hackers have discovered how to make an edited BIOS appear to be an OEM BIOS. Kochis said that hackers began using this trick on Windows XP, but Microsoft largely ignored it because "there were easier ways to pirate Windows XP."

Since WGA has made Vista harder to pirate, according to Kochis, the BIOS hack has become a more appealing target for pirates. But he added the payoff for potential crooks is still limited. "It is a pretty labor-intensive process and quite risky... it's potentially hazardous and really doesn't scale well to large number of systems, which makes it less of a threat."

There's a second variant of this hack, which doesn't change anything in the BIOS itself but uses a software-based approach to fool the OS into thinking it's running on OA-approved hardware. But Kochis said that Microsoft is able to detect and respond to this hack more easily than the BIOS attack method.

This is hardly the first time pirates have attempted to thwart the WGA system. A code snippet supposedly allowing users to bypass WGA appeared on the Internet within days after Microsoft first began making use of WGA mandatory for customers.

Microsoft has shown it is willing to track down software pirates that do threaten it or its partners anywhere in the world, its software-pirate pursuits having taken the company to Jordan and Thailand.