[CTS] Microsoft allows bypass of Vista activation/Sniped from windows secrets newsletter.
- From: "Surfin Suzy" <surfin_suzy@xxxxxxx>
- To: "CTS" <computertalkshop@xxxxxxxxxxxxx>
- Date: Thu, 15 Mar 2007 13:17:51 -0500
Microsoft allows bypass of Vista activation
By Brian Livingston
Microsoft always says it opposes "software pirates" who sell thousands of
unauthorized copies of Windows.
But the Redmond company has made things a lot easier for pirates by adding a
line to the Registry that can be changed from 0 to 1 to postpone the need to
"activate" Vista indefinitely.
Activation doesn't stop true software piracy
As most Windows users know, Microsoft has required "product activation" since
the release of Windows XP in 2001. XP must be activated by communicating with
servers in Redmond within 30 days of installation. By contrast, Microsoft
Office XP, 2003, and 2007 require activatation before the package is used 5 to
50 times, depending on the version, according to a company
FAQ<http://windowssecrets.com/links/vefrtjkt5oc2d/130126h/?url=support.microsoft.com%2Fkb%2F293151>.
If a PC has no Internet connection, a user may activate a product by dialing a
telephone number in various countries.
The activation process will complete successfully only if the software has not
been previously activated, such as on a different machine. If activation isn't
completed within the trial period, Microsoft products temporarily shut down
some of their features. MS Office loses the ability to edit and save files.
After Vista's activation deadline runs out, the user can do little other than
use Internet Explorer to activate the operating system or buy a new license.
Microsoft describes its product activation scheme as a way to foil software
pirates. However, as I previously described in an InfoWorld Magazine article on
Oct. 22,
2001<http://windowssecrets.com/links/vefrtjkt5oc2d/5a3c99h/?url=brianlivingston.com%2Fwindowmanager%2Farchive%2Farticles%2Fop%2Fxml%2F01%2F10%2F22%2F011022oplivingston.xml.html>,
activation does nothing to stop mass piracy. The Redmond company actually
included in Windows XP a small file, Wpa.dbl, that makes it easy for pirates to
create thousands of machines that validate perfectly.
Far from stopping software piracy, product activation has primarily been
designed to prevent home users from installing one copy of Windows on a home
machine and a personal-use copy on a laptop. As I explained in an article on
Mar.
8<http://windowssecrets.com/links/vefrtjkt5oc2d/0fbc55h/?url=www.windowssecrets.com%2Fcomp%2F070308%23intro3>,
buying a copyrighted work and making another copy strictly for personal use is
specifically permitted to consumers by the U.S. Copyright Act and the copyright
laws of many other countries.
For example, courts have repeatedly ruled that consumers can make copies of
copyrighted songs or television programs for personal use (not for distribution
or resale). This principle is legally known as "fair use." The home edition of
Microsoft Office 2007 reflects this principle, allowing consumers to activate
three copies of a single purchased product. Microsoft Windows XP and Vista,
however, allow only one activation.
Surprisingly, Microsoft has embedded into its new Vista operating system a
feature that makes things easier than ever for true, mass software pirates.
These tricksters will be able to produce thousands of Windows PCs machines that
won't demand activation indefinitely - at least for a year or more.
Leaving the activation barn door open
I reported in a Feb. 1<http://windowssecrets.com/comp/070201/#story1> article
that the upgrade version of Windows Vista allows itself to be clean-installed
to a new hard drive. The new Microsoft operating system completely omits any
checking for a qualifying previous version of Windows. This allows the upgrade
version of Vista to successfully upgrade over a nonactivated, trial version of
itself.
After my article appeared, ZDnet blogger Ed Bott summarized the secret in a
post on Feb.
15<http://windowssecrets.com/links/vefrtjkt5oc2d/3192c0h/?url=blogs.zdnet.com%2FBott%2F%3Fp%3D196>.
He flatly states, "You satisfied every condition of the license agreement and
aren't skating by on a technicality. The fact that you have to use a kludgey
workaround to use the license you've purchased and are legally entitled to is
Microsoft's fault."
In my own piece, I had speculated that clean-installing the upgrade version of
Vista "probably violates the Vista EULA (End User License Agreement)." But more
and more computer experts are saying that the procedure is fully compliant with
the EULA and, in any event, is perfectly legal.
I wrote a follow-up story on Feb.
15<http://windowssecrets.com/comp/070215/#story1>. I reported that Microsoft
includes in Vista a one-line command that even novices can use to postpone the
product's activation deadline three times. This can extend the deadline from
its original 30 days to as much as 120 days - almost four months.
PCWorld.com posted a report on my story on Feb.
17<http://windowssecrets.com/links/vefrtjkt5oc2d/e4446eh/?url=www.pcworld.com%2Farticle%2Fid%2C129148%2Farticle.html>.
The magazine quotes a Microsoft spokeswoman as saying that extending Vista's
activation deadline as I described it "is not a violation of the Vista End User
License Agreement." I'm glad that's clear.
The feature that I've revealing today shows that Microsoft has built into Vista
a function that allows anyone to extend the operating system's activation
deadline not just three times, but many times. The same one-line command that
postpones Vista's activation deadline to 120 days can be used an indefinite
number of times by first changing a Registry key from 0 to 1.
This isn't a hacker exploit. It doesn't require any tools or utilities
whatsoever. Microsoft even documented the Registry key, although obtusely, on
its Technet
site<http://windowssecrets.com/links/vefrtjkt5oc2d/ee7939h/?url=technet2.microsoft.com%2FWindowsVista%2Fen%2Flibrary%2Faefc41f4-a3ec-4f98-a1dc-88a0d045172b1033.mspx%3Fmfr%3Dtrue>.
But dishonest PC sellers could use the procedure to install thousands of copies
of Vista and sell them to unsuspecting consumers or businesses as legitimately
activated copies. This would certainly violate the Vista EULA, but consumers
might not realize this until the PCs they bought started demanding activation -
and failing - months or years later.
The following describes the Registry key that's involved.
Step 1. While running a copy of Windows Vista that hasn't yet been activated,
click the Start button, type regedit into the Search box, then press Enter to
launch the Registry Editor.
Step 2. Explore down to the following Registry key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ SL
Step 3. Right-click the Registry key named SkipRearm and click Edit. The
default is a Dword (a double word or 4 bytes) with a hex value of 00000000.
Change this value to any positive integer, such as 00000001, save the change,
and close the Registry Editor.
Step 4. Start a command prompt with administrative rights. The fastest way to
do this is to click the Start button, enter cmd in the Search box, then press
Ctrl+Shift+Enter. If you're asked for a network username and password, provide
the ones that log you into your domain. You may be asked to approve a User
Account Control prompt and to provide an administrator password.
Step 5. Type one of the following two commands and press Enter:
slmgr -rearm
or
rundll32 slc.dll,SLReArmWindows
Either command uses Vista's built-in Software Licensing Manager (SLMGR) to push
the activation deadline out to 30 days after the command is run. Changing
SkipRearm from 0 to 1 allows SLMGR to do this an indefinite number of times.
Running either command initializes the value of SkipRearm back to 0.
Step 6. Reboot the PC to make the postponement take effect. (After you log in,
if you like, you can open a command prompt and run the command slmgr -xpr to
see Vista's new expiration date and time. I explained the slmgr command and its
parameters in my Feb. 15<http://windowssecrets.com/comp/070215/#story1>
article.)
Step 7. To extend the activation deadline of Vista indefinitely, repeat steps 1
through 6 as necessary.
Any crooked PC seller with even the slightest technical skill could easily
install a command file that would carry out steps 1 through 6 automatically.
The program could run slmgr -rearm three times, 30 days apart, to postpone
Vista's activation deadline to 120 days. It could then run skip -rearm every 30
days, for a period of months if not years, by first resetting the SkipRearm key.
The program could be scheduled to check Vista's activation deadline during
every reboot, and to remind the user to reboot once a month if a deadline was
nearing. The buyer of such a PC would never even see an activation reminder,
much less be required to go through the activation process.
If you happen to buy a Vista PC from a little-known seller, and the price was
too good to be true, use Vista's search function to look for the string
SkipRearm in files. You may discover that your "bargain" computer will
mysteriously start demanding activation in a year or two - but your product key
won't be valid.
I asked Microsoft why SkipRearm is included in Vista if it can be used to
create machines that appear not to need activation for long periods. A
Microsoft spokewoman replied, "I connected with my colleagues and learned,
unfortunately, we do not have information to share at this time." (I can't
identify the speaker because the policy of Waggener Edstrom, Microsoft's
public-relations firm, prohibits the naming of p.r. spokespersons.)
In my testing of Microsoft's back-door loophole, I've found that the technique
can be used to postpone the activation deadline one year or longer. It may or
may not, however, work forever, as I describe below.
Why does SkipRearm even exist in Vista?
The Vista development teaam apparently inserted the SkipRearm loophole to help
major corporations work around Microsoft's new Volume Licensing Agreement. This
new program, which the Redmond company calls "Volume Licensing 2.0," requires
buyers to set up a Key Management Service (KMS) host, as described by a
Microsoft
FAQ<http://windowssecrets.com/links/vefrtjkt5oc2d/bee976h/?url=www.microsoft.com%2Ftechnet%2Fwindowsvista%2Fplan%2Ffaq.mspx>.
Companies must choose from two types of digital keys and three different
methods of activation to validate thousands of individual Vista machines within
the corporate LAN.
Activation of Windows XP, by comparison, requires merely that volume purchasers
use a single product key. Corporate buyers obtain a unique key when signing a
Volume Licensing Agreement. Microsoft has said, however, that most Windows XP
piracy involves stolen product keys that are used by others to activate
unauthorized machines.
The new KMS requirement is intended to discourage such piracy, but it places a
heavy burden on corporate IT administrators. For example, Microsoft provides a
tool called System Preparation (sysprep.exe) to prepare Vista machines for use.
If a system can't be completely prepped within 30 days after installation, an
admin can run the command sysprep /generalize to postpone the activation
deadline another 30 days. However, like the slmgr -rearm command, sysprep
/generalize will only succeed three times.
To work around this, as a Technet
document<http://windowssecrets.com/links/vefrtjkt5oc2d/30b2b7h/?url=technet2.microsoft.com%2FWindowsVista%2Fen%2Flibrary%2Ffd2f79c9-3049-4b8c-bcfd-4e6dc5771ace1033.mspx%3Fmfr%3Dtrue>
states, "Microsoft recommends that you use the SkipRearm setting if you plan
on running Sysprep multiple times on a computer." This is echoed by Microsoft
Knowledge Base article
929828<http://windowssecrets.com/links/vefrtjkt5oc2d/fbb7b3h/?url=support.microsoft.com%2Fkb%2F929828%2Fen-us>.
Contributing editor Susan Bradley points out, "The good guys have to go through
this stupid implementation of a KMS deployment because of bad guys abusing the
system." She strongly feels that users should comply with Microsoft's EULA
provisions. "The operating system license has always been a one-machine
install. ... Many of us forget the multiple-install rule [for Microsoft Office]
since we are so used to the one license, one install rule," she adds.
In its TechNet documents, Microsoft recommends the repeated use of SkipRearm.
How many times is "multiple times"? My testing revealed that the answer is,
well, indefinite.
On a copy of Vista Ultimate that Microsoft released in New York City on Jan.
29, I found that changing SkipRearm from 0 to 1 allowed the command slmgr
-rearm to postpone Vista's activation deadline eight separate times. After
that, changing the 0 to 1 had no effect, preventing slmgr -rearm from moving
the deadline. The use of slmgr -rearm 3 times, plus using SkipRearm 8 times
would eliminate Vista's activation nag screens for about one year (12 periods
of 30 days).
On a copy of the upgrade version of Vista Home Premium that I bought in a
retail store on Jan. 30, slmgr -rearm also worked 3 times and SkipRearm worked
8 times before losing their effect. This combination would, as with Vista
Ultimate, permit a one-year use of Vista without nag screens appearing.
On a copy of the full version of Vista Home Premium that I bought in a retail
store on Mar. 14, SkipRearm had no effect on extending the use of slmgr -rearm
at all. This suggests that Microsoft has slipstreamed a new version into
stores, eliminating the SkipRearm feature in Vista Home. That could mean that
changing the key from 0 to 1 will now work only in the business editions of
Vista - Business, Enterprise, and Ultimate - so corporations can use the
loophole.
Where is the usage count of slmgr -rearm stored? Where is the usage count of
SkipRearm stored? These bytes won't be hard for expert users to find. The use
restrictions may be easily lifted. If so, this would allow crooked PC sellers
to truly create machines that would never need activation, ever.
The financial impact of SkipRearm on Microsoft
I'd like to repeat here that I'm not advocating that anyone use the above
technique to violate Microsoft's EULA or avoid paying for Vista. Any company
that used SkipRearm to install Vista on multiple machines for as long as
possible would have little defense against a surprise inspection by the
Business Software
Alliance<http://windowssecrets.com/links/vefrtjkt5oc2d/401023h/?url=wwwbsa.org%2Fusa%2Fantipiracy%2FTools-Resources.cfm>.
This coalition of software makers, which includes Microsoft, investigates
reports of unlicensed software and obtains warrants to conduct audits.
As a journalist, my job is to report the facts. SkipRearm was specifically
built into Vista to be used. Microsoft executives made Vista's activation
overly complex and cumbersome. So the development team apparently invented a
Registry key to lift the burden of Vista's activation deadline, for at least a
year and probably more.
The technique is so powerful and basic, however, that hackers around the world
may soon use the feature to install millions of extra copies of Vista without
buying them. This could have a major impact on Microsoft's revenues. The
company's employees and shareholders might want to be aware of this.
Product activation does little or nothing to stop mass software piracy. It's
become so convoluted, the way Microsoft has implemented it, that it's more of
an irritation to legitimate users than a worthwhile antipiracy measure. In my
opinion, Microsoft should concentrate on legal action against true pirates
instead of inventing more ways to drive honorable users bonkers.
Other related posts:
- » [CTS] Microsoft allows bypass of Vista activation/Sniped from windows secrets newsletter.
