Report of a new hack - and one of my favorite websites stumbles

For me the report of this latest hack was a double whammy. First it's no fun to read a report of a new attempt to hack Microsoft's products, but secondly the tone of coverage of this hack on one of my favorite sites left me very disappointed.

 First the hack. Known as the 'timer crack' or '2099 crack' this hack basically resets the pre-activation grace period to be in effect through 2099. Implementing this hack requires the user to implement a 23-step process that involves modifying/replacing kernel level files, making manual registry edits and other serious changes that could have destabilizing consequences. Our team is actively reviewing the reports of this workaround now, and I expect we'll take corrective action soon.

I ran across the first report of the hack on one of my favorite websites, Engadget, which I read daily as a feed on my live.com page. What disappointed me so much about the post that announced this hack wasn't that they discussed the hack, because I do think it's newsworthy. What really disappointed me was the tone of the Engadget poster.  The poster seems to endorse the practice of trying to hack Windows Vista to enable unlicensed use. The beginning of the post says "we've already found a way to circumvent Redmond's most valiant efforts to make us activate the darned software" and the end concludes with "So if you're looking to hit up a new OS in the coming weeks, or you've already got 'er up and running, be sure to peep the read link if you're interested in pulling this off".  I don't know how to interpret that except as a blatant endorsement of theft, by whoever "we" is. I can't imagine reading another post on Engadget using language like that to encourage people to try to get their hands on any of the recently-stolen truck load of RAM or any other of the thousands of products they have featured on their site. The Engadget editorial policy says "If we get something wrong, we correct the error immediately. "  I'd ask, is it wrong to advocate theft?

Comments

  • Anonymous
    January 02, 2007
    The comment has been removed

  • Anonymous
    January 02, 2007
    The comment has been removed

  • Anonymous
    January 04, 2007
    Disabling activation != theft. It may enable theft, but it's not theft in an of itself. Revenue protection schemes impose burdens on end users. End users, seeking to avoid those burdens, look for work-arounds. This is a signal that means people are unhappy, and they don't see any advantage to compliance. When work-arounds are approached as 'theft' rather than 'this method of marketing isn't working out very well' the opportunity for a constructive dialog is lost. Example - many households have several computers. Mine (for example) has 4 - one Mac, two laptops, and a desktop. If I had all Macs, I could upgrade to the latest Apple OS with a Family Pack for $70.00 more than the cost for a single license. I could even have two or three bootable partitions for each Mac without having to purchase additional licenses. Cost for the upgrade is $199.00 If I want to run Vista on all of them, I'll need to get 4 upgrade licenses (the Mac is a newer Intel Mac with Boot Camp installed, so it can run Windows too). If I want to take advantage of virtualization, or have multiple bootable partitions, I'll need to purchase additional licenses for each instance. Even without the additional instances, I'm still looking at ~$600.00 if I opt for a version with Aero. Getting into an MOLP might save me a few bucks, but that's still not gonna get me down into Family Pack pricing [1]. If you want to lure people away from work-arounds, you've got to offer them something more than a stick if they comply. An attitude of activation difficulty = theft isn't going to make that happen. What will I do? Well, I'm probably gonna sit this upgrade out at home. Aero isn't worth $600 to me. I'm gonna recommend to my clients that they stick with XP for at least the next year and hope MS sees the light on activation, and I'm gonna attend some MS training to figure out how to get my job done while protecting your revenue from the real thieves who will happily continue to stay one or two steps ahead of WGA, just like they are staying one or two steps ahead of every other protection scheme out there. [1] I know about the argument that Apple pushes new hardware rather than encoraging folks to keep upgrading old PCs. OTOH, I've got a Pismo PowerBook in my office that's happily running Tiger. None of my PCs that old can run XP usefully.

  • Anonymous
    January 05, 2007
    The comment has been removed

  • Anonymous
    January 05, 2007
    Shorter reply: stop whining already.  Maybe when 'one of your favorite websites' reports on how to disable activation, you can take it as a sign that you're working on one of the most annoying software (mis)'features' in history. Remember copy protection for games in the 80s involving black text on dark red paper?  That was very annoying--perhaps the most annoying copy protection ever. WGA manages to be even more annoying. So, seriously, stop whining.

  • Anonymous
    January 05, 2007
    What I'm looking forward to is the first 'mission critical' system that is disabled because of a WGA-related failure. With companies needing to either set up a license server or do individual activations, the most likely time for the leading edge to have a key server failure would be sometime in late spring or early summer. For the folks waiting a year or so, figure on it being about fall of '08.

  • Anonymous
    January 05, 2007
    mhornyak, I'm sorry to hear you get pleasure out of what you think is someone else's pain. I have yet to see anyone be 'locked out' of Windows because of WGA. To date everything we've done on Windows XP has been oriented towards informing the users of counterfeit or unlicensed product of the status of their systems. To your point about understanding that WGA could be bad, and to be clear I don't think WGA is bad, but I do recognize it can be speed bump in some instances. At the end of the day I hope everyone remembers that there are real victims of counterfeiters and as much as our efforts can help protect them and Microsoft's IP I do feel good about our work. Another basic fact I think is worth keeping in mind is that our software has validated a huge number of systems. Of the hundreds of millions of individuals who have validated their Windows software and the extremely small number of complaints Microsoft receives we would consider the program a big success.

  • Anonymous
    January 05, 2007
    rdamiani, to your point about bypassing activation not equaling theft, while I think the issues quickly extend into realm of the lawyers when terms in the EULA are violated etc. what that all means at least in so far as our recent action with respect to the 'Frankenbuild' systems are concerned I think things are very clear cut since Windows Vista isn't even available to non-business customers. Also, to your point about workarounds, I would ask you to remember that there are real victims of counterfeit and to help them I think our program is definitely worth it.

  • Anonymous
    January 05, 2007
    "Of the hundreds of millions of individuals who have validated their Windows software and the extremely small number of complaints Microsoft receives we would consider the program a big success." Small number of complaints? The best non-MS WGA write-ups I've seen are people saying it's not completly horrible. I can't recall hearing any non-MS source (with the possible exception of the BSA) write about how WGA helps them. Number of complaints vs. number of authentications is an odd definition of success. I'd think that success would be measured by increased revenue. There really isn't any point in irritating folks who give you money unless it encourages them to give you more money.

  • Anonymous
    January 05, 2007
    The comment has been removed

  • Anonymous
    January 05, 2007
    The comment has been removed

  • Anonymous
    January 06, 2007
    The comment has been removed

  • Anonymous
    January 08, 2007
    Alex, can you please point me towards an easy way to complain and then sit back and watch me go. I'm sick of having to validate every time I'm referred to Windows update. Now it's doubly annoying as for IE7 and WMP 11 (I think) you now have to validate again when you first launch the application. I have a laptop that I don't connect to the internet much and I now have to connect it once more just to play a video file. This is annoying! I've bought every version of Windows since 95. I now have several copies of Windows XP, two Home running on laptops and one copy of Pro running on a desktop. I wish to reinstall the desktop, but the CD is scratched. Microsoft is referring me to the OEM and the OEM is referring me to Microsoft. Licence key has been validated countless times as this PC is connected to the internet most of the time. I have offered to send Microsoft the licence key once again. Can someone please show me the Advantage? Now I'm buying another copy of the software so I can simply get a copy of the CD. You can bet that I'll be making several copies of this disc and keeping the original safe with my spare licence key. Alex, while Ubuntu doesn't suit my needs, it would do the job quite well for my mother and my sister. They just need basic internet, email and word processing.

  • Anonymous
    January 08, 2007
    Oh, I forgot to mention this other one. My sister's PC was failing WGA. She didn't understand what was happening and just left it alone. She could still browse the web and send email, so she was fine with that. I finally visited, got the key from the sticker on the side, called Microsoft and had it reactivated. She had a PC working again after several months of it reminding her every few days that it "wasn't genuine." So WGA lied. How many other customers simply don't understand what's happening and leave it like that? Alex, is there an email address that people can write to in order to complain about WGA? Unless your complaints process is easy to use, you statistics regarding complaints have no value.

  • Anonymous
    January 08, 2007
    By the way Alex, showing someone how to make their computer work for them instead of fighting them is not theft, nor is it advocating theft. I've paid for all my copies of XP and can show receipts for each. WGA doesn't "assure" me. WGA harasses me.

  • Anonymous
    January 09, 2007
    I will make one positive comment: I concur with rdamiani that the open discussion you permit here is worthy of praise. Indeed, I'm an extraordinarily harsh critic, yet you are engaging me.   I don't take pleasure in the fact that you suffer; no, when WGA is hacked, I take pleasure in knowing that justice has been done.  You get a taste of the hours of frustrating, wasted time experienced by people victimized by false WGA deactivations.  (Though this is an incomplete analogy: MS pays you for that frustrating time; the victims of your software are not compensated at all). (Also note, and this is spoken very seriously, that I'd never wish ill on you in any way beyond hoping the WGA endeavor fails.  I'm sure you a decent human being.)

  • Anonymous
    January 11, 2007
    Thanks mhornyak, I appreciate the clarification.

  • Anonymous
    January 11, 2007
    The comment has been removed

  • Anonymous
    January 11, 2007
    I went to the forum you linked to above and now I'm all upset. What's the deal with this nGear Gameprotect stuff conflicting with Vista's licensing technology?

  • Anonymous
    January 16, 2007
    The comment has been removed

  • Anonymous
    January 30, 2007
    to quote alexkoc "...our program is designed so that once a first validation has taken place additional validations will only need to look locally for a cached answer..." is ridiculous!  The WGA Notification, as installed, regularly prompts me for a proxy login to do something - what, if not to revalidate itself??  I think our admins have somehow blocked it's install altogether or maybe MS re-thought it because I don't see it in windows update anymore on new machines.

  • Anonymous
    January 30, 2007
    and to say it's for our protection - bullgrunkles!!  It's for MS and MS alone - if I get a pirated copy, I don't know any difference.  Go after the people SELLING the pirated copies, not the end consumer, because most are clueless and get caught in the middle.

  • Anonymous
    February 04, 2007
    The comment has been removed

  • Anonymous
    February 26, 2007
    The comment has been removed

  • Anonymous
    February 26, 2007
    The comment has been removed

  • Anonymous
    February 26, 2007
    rdamiani was right, it's nice for you to have open discussion I also like to hear the MS view from alexkoc. Under that guise, my beefs with Vista are solely based on the fact that I would like to see it work out well. I'm an MCSE already, don't force me into Linux training.............

  • Anonymous
    February 26, 2007
    The comment has been removed

  • Anonymous
    February 26, 2007
    The comment has been removed

  • Anonymous
    February 28, 2007
    The comment has been removed

  • Anonymous
    March 26, 2007
    I wrote: > As for being locked out of the full paid-for > functionality of a genuine Microsoft product > (Office XP), you ought to have read about it > in or near year 2001. Found it. http://review.zdnet.com/4520-6033_16-4206106.html

  • Anonymous
    April 01, 2007
    Friday, January 05, 2007 2:10 PM by alexkoc > I have yet to see anyone be 'locked out' of > Windows because of WGA. Got it.  On April 1, 2007, Microsoft proved that I am a fool. Several times for myself or friends I've bought used PCs that have Windows XP product stickers attached to the bottoms of the cases.  Most of the time I've been able to reinstall Windows XP with no problem.  One time Microsoft's automated system rejected it and I had to make a 15 minute phone call.  Well, then came April Fools Day and a 15 minute phone call wasn't enough any more.  Microsoft confirmed that the product sticker attached to the bottom of the case matched the model of computer (made in 2003), but they refused to give me a confirmation code for activation.  I want to send the PC to Microsoft, let them remove the sticker and let them give me a refund for the licence.