Microsoft's licensing check rounded again
Published: 08 Aug 2005 09:35 BST
Microsoft's efforts to fight counterfeiting have hit another snag with the posting of a new method claimed to get around a Windows piracy check.
The check is meant to prevent people with unlicensed copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe", it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is unlicensed, according to a Web site publicised on Thursday in a posting to the popular Full Disclosure security mailing list.
Microsoft would not confirm that the method works but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.
Microsoft last week made the Windows 'piracy' check mandatory for all customers who want to download add-ons for Windows XP and 2000. The effort, dubbed Windows Genuine Advantage, requires users to verify that they have a legitimate copy of the operating system before they can get files from Microsoft's download Web sites.
For the software maker, the news is not the first time people have attempted to outwit WGA. Last week, several Web sites said it was possible to bypass the lock by several means, including pasting a JavaScript string into the Web browser. Earlier this year, during WGA's pilot phase, a security researcher outlined another way to trick the check.
The GenuineCheck.exe tool is meant to provide an alternative way for people to prove their copy of Windows is an official Microsoft version. The primary WGA checking mechanism uses ActiveX, which is not supported in all Web browsers. The popular open source Firefox Web browser, for example, does not support ActiveX.
The Microsoft representative said: "To make the validation experience as user-friendly as possible, Microsoft engineered a process that enables customers to validate their systems easily, and unfortunately, unscrupulous users are able to exploit that."
According to the Thursday posting, all a PC user apparently has to do to have GenuineCheck.exe generate a valid code on a machine with pirated Windows XP is to run it in Windows 2000 compatibility mode. This is done by downloading the tool, right-clicking on the file and selecting "properties", and then selecting the "compatibility" tab in the menu and changing the compatibility mode.
If the method actually works, it may be short-lived. "Microsoft will be updating the validation system from time to time and plans to address these issues," according to the representative.
WGA is a stepped-up effort by Microsoft to increase the number of Windows users that are actually paying Microsoft for its software. At the moment, the company estimates that roughly a third of Windows copies worldwide are not legitimate.
Did you find this article useful?
54 out of 104 people found this useful
- Share this article:
