RealTime IT News

Vista SP1 to End Genuine Advantage 'Kill Switch'

Microsoft plans to eliminate the most controversial of its Windows Vista anti-piracy features in the OS's upcoming Service Pack update.

The company now plans to ax Vista's "kill switch", which disables features of the operating system when it appears to be counterfeit.

"Although our overall strategy remains the same, with SP1 we're adjusting the customer experience that differentiates genuine from non-genuine systems in Windows Vista and later in Windows Server," Mike Sievert, Microsoft's vice president of Windows product marketing, said in a statement.

The current release of Vista includes Windows Genuine Advantage (WGA) anti-piracy features that disable aspects of the operating system should a user fail to provide a "genuine" keycode. Following a grace period, portions of the OS remain disabled until the user provides a code that can be verified by WGA.

Under the new system, Microsoft will allow customers to have full access to features even if they fail to pass WGA verification. However, Vista will warn users about their lack of WGA compliance by changing the Windows desktop and providing other alert messages.

"Users whose systems are identified as counterfeit will be presented with clear and recurring notices about the status of their system and how to get genuine," Sievert said. "They won't lose access to functionality or features, but it will be very clear to them that their copy of Window Vista is not genuine and they need to take action."

Industry-watchers applauded the move toward a gentler anti-piracy approach. "Microsoft's sort of backed away from the reduced-functionality mode," Chris Swensen, an analyst at NPD Group, told InternetNews.com. "Other software companies don't do that. There is no reduced functionality mode of Photoshop, for example -- you either activate it or you don't."

"But Microsoft realizes that people might get stung by this, and might get upset," he added. "There's a lot of small scenarios that aren't going to affect that many people, but it happened enough that some consumers were complaining, and large enterprises were complaining. I think Microsoft took the right strategy here."

While it relents on clamping down on non-"genuine" Windows editions, Vista SP1 will also eliminate two of the most common ways that hackers circumvent WGA.

The first, known as the OEM BIOS exploit, mimics the type of activation used in factory-installed versions of Vista. The second, the "Grace Timer" exploit, tries to reset the 30-day grace period for activation of Vista.

"This exploit attempts to reset the 'grace time' limit between installation and activation to something like the year 2099 in some cases," Sievert said.

"The good news is that they nipped in the bud two of the most pervasive ways of circumventing the grace period," Swensen said. And judging from the telemetry they're getting back, the number of failed registrations is cut in half from what they were getting with XP.

Sievert also said that the same revised anti-piracy approach used in SP1 would be applied to Windows Server 2008.

"It makes sense, because they've done a lot to make Vista a lot more difficult to pirate than XP," Swensen said. "It’s almost impossible to use a volume license key posted on the Internet to pirate, for example, because of the changes in the product activation technology. You have to activate to a server within your company."

"If I've got a volume activation key, I still can't activate because I can't get to the company's activation server within their firewall. It renders those volume keys useless," he said.

Microsoft's use of WGA has often proved contentious since it appeared in 2005. Critics routinely allege that WGA can produce false positives, incorrectly leading some legitimate users to fail validation. In August, Microsoft confirmed that an outage in the WGA service had resulted in that very scenario.

The company has long downplayed the severity of the false-positive problem, however. In late 2006, Microsoft spokespeople said the false-positive rate amounted to less than a half a percent.

Since the WGA launch, users also complained about -- and filed lawsuits over -- privacy implications for the service, which requires the OS to periodically verify with Microsoft's servers that it's still legitimate.

Despite the controversy, Microsoft said its strict anti-piracy measures have proven effective in boosting sales. The company said revenue from preinstalled editions of Windows Vista grew 5 percent due solely to reduced software piracy.

Additionally, because Vista is more difficult to counterfeit, Sievert said, "We're seeing indications from internal metrics, like WGA validation failures, that the Windows Vista piracy rate is less than half that of Windows XP today."

Microsoft has signaled some earlier willingness to relent on WGA. In October, it dropped validation requirements from Internet Explorer 7.

In mid-2006, Redmond backed off on the number of times an OS would check-in with Microsoft's service to ensure its compliance. Later that year, Microsoft also tweaked the notification process to make it more intuitive for users.