trickery.net

trickery.net (http://www.trickery.net/vb/index.php)
-   Discussion (http://www.trickery.net/vb/forumdisplay.php?f=10)
-   -   Windows 7 Anti-Piracy Update "Phones Home" (http://www.trickery.net/vb/showthread.php?t=55177)

Belgarath 11-Mar-2010 20:25

Windows 7 Anti-Piracy Update "Phones Home"
 
The following is taken from a forum post on a torrent site hence the lack of link:

Quote:

New Anti-Piracy Windows 7 Update "Phones Home" to Microsoft Every 90 days
Sometimes a seemingly small software update can usher in a whole new world. When Microsoft shortly pushes out a Windows 7 update with the reportedly innocuous title "Update for Microsoft Windows (KB971033)" -- it will be taking your Windows 7 system where it has never been before.
And it may not be a place where you want to go.

Imagine that you're sitting quietly in your living-room at your PC, perhaps watching YouTube. Suddenly, a pair of big, burly guys barge into your house and demand that you let them check your computer to make sure that it's "genuine" and not running pirated software. You protest that you bought it fair and square, but they're insistent -- so you give in and let them proceed.
Even though you insist that you bought your laptop from the retail computer store down the street many months ago, and didn't install any pirate software, the visitors declare that your computer "isn't genuine" according to their latest pirated systems lists, and they say that "while we'll let you keep using it, we're modified your system so that it will constantly nag in your face until you pay up for a legit system!" And they head out the door to drop in on the eBay-loving grandmother next door.

You then notice that the wallpaper on your PC has turned black, and these strange notifications keep popping up urging you to "come clean."
Ridiculous? Well, uh, actually no.

Microsoft most definitely has a valid interest in fighting the piracy of their products. It's a serious problem, with negative ramifications for Microsoft and its users.

But in my opinion, Microsoft is about to embark on a dramatic escalation of anti-piracy efforts that many consumers are likely to consider to be a serious and unwanted intrusion at the very least.

It's important for you to understand what Microsoft is going to do, what your options are, and why I am very concerned about their plans.

Back in June 2006, in a series of postings, I revealed how Microsoft was performing unannounced "phone home" operations over the Internet as part of their Windows Genuine Advantage authentication system for Windows XP The surrounding circumstances even spawned a lawsuit against Microsoft, which coincidentally was recently dismissed by a judge.

But Microsoft has continued to push the anti-piracy envelope, now under the name Windows Activation Technologies (WAT).

This time around, to the company's credit (and many thanks to them for this!) Microsoft reached out to me starting several months ago for briefings and discussion about their plans for a major new WAT thrust -- on the basis, to which I agreed, that I not discuss it publicly until now.

The release of Windows 7 "Update for Microsoft Windows (KB971033)" will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic "phone home" operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days.

The purpose? To verify that you're not running a pirated copy of Windows, and to take various actions changing the behavior of your PC if the WAT system believes that you are not now properly authenticated and "genuine" -- even if up to that point in time it had been declaring you to be A-OK.

Note that I'm not talking about the one-time activation that you (or your PC manufacturer) performs on new Windows systems to authenticate them to Microsoft initially. I'm talking a procedure that would "check-in" your system with Microsoft at quarterly intervals, and that could take actions to significantly change your "user experience" whenever the authentication regime declares you to have fallen from grace.

These automatic queries will repeatedly -- apparently for as long as Windows is installed -- validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft).

If your system matches -- again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine -- then your system will be "downgraded" to "non-genuine" status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. In some cases you might be able to get this for free if you can convince Microsoft that you were the victim of a scam -- but you'll have to show them proof. Otherwise, you'll need to pull out your wallet.

I'm told that the KB971033 update is scheduled to deploy to the manual downloading "Genuine Microsoft Software" site on February 16, and start pushing out automatically through the Windows Update environment on February 23. Blog Update 5:05 PM: This blog entry originally listed the KB number without the leading 9, since that was the way it was provided to me verbally and confirmed by Microsoft.

The update will reportedly be tagged simply as an "Important" update. This means that if you use the Windows Update system, the update will be installed to your Windows 7 PC based on whatever settings you currently have engaged for that level of update -- it will not otherwise ask for specific permission to proceed with installation.

If your Windows Update settings are such that you manually install updates, you can choose to decline this particular update and you can also uninstall it later after installation -- without any negative effects per se. But don't assume that this will always "turn back the clock" in terms of the update's effects. More on this below.

Also, reportedly if the 90-day interval WAT piracy checking system "calls" are unable to connect to the Microsoft servers (or even if they are manually blocked from connecting, e.g. by firewall policies) there will reportedly be no ill effects.

However -- and this is very important -- if the update is installed and the authentication system then (after connecting with the associated Microsoft authentication servers at any point) decides that your system is not genuine, the "downgrading" that occurs will not be reversible by uninstalling the update afterward.
The WAT authentication system also includes various other features, such as the ability to automatically replace authentication/license related code on PCs if it decides that the official code has been tampered with (Microsoft rather euphemistically calls this procedure "self heal&quot.

I've mentioned that Windows 7 systems will be "downgraded" to "non-genuine" status if they're flagged as suspected pirates. What does this mean?
Essentially, they'll behave the same way they would if they had failed to be authenticated and activated initially within the grace period after purchase.
Downgraded systems will still function much as usual fundamentally, but there will be some very significant (and very annoying) changes if your system has been designated non-genuine.

The background wallpaper will change to black. You can set it back to whatever you want, but once an hour or so it will reset again to black.
Various "nag" notifications will appear at intervals to "remind" you that your system has been tagged as a likely pirate and offering you the opportunity to "come clean" -- becoming authorized and legitimate by buying a new Windows 7 license. Some of these nags will be windows that appear at boot or login time, others will appear frequently (perhaps every 20 minutes or so) as main screen windows and taskbar popup notices.

Systems that are considered to be non-genuine also have only limited access to other Microsoft updates of any kind (e.g., access to high priority security updates, but not anything else, may be permitted).

And of course, under the new WAT regime you run the risk of being downgraded into this position at any time during the life of your PC.

In response to my specific queries about how downgraded systems (particularly unattended systems) would behave vis-a-vis existing application environments, Microsoft has said that they have taken considerable effort to avoid having the downgrade "nag system" interfere with the actual running of other applications, including stealing of windows' focus. It remains to be seen how well this aspect turns out in practice.

All of this brings us to a very basic question. Why would any PC owner -- honest or pirate -- voluntarily participate in such a continuing "phone home" authentication regime?

Obviously, knowledgeable pirates will avoid the whole thing like the plague any way that they can.

Microsoft's view, as explained to me and as primarily emphasized in their blog posting that will appear today announcing the WAT changes, is that honest Windows 7 users will want to know if their systems are running unauthentic copies of the operating system, since (Microsoft asserts and indeed is the case) those systems have a significant likelihood of also containing dangerous viruses or other potentially damaging illicit software that "ride" onto the PC along with the unauthentic copy of the OS.

But even if we assume that there's a noteworthy risk of infections on systems running pirated copies of Windows 7, the approach that Microsoft is now taking doesn't seem to make sense even for honest consumers.

If Microsoft's main concern were really just notifying users about "contaminated" systems, they could do so without triggering the non-genuine downgrading process and demands that the user purchase a new license (demands that will be extremely confusing to many users).

As I originally discussed it's far more common than many people realize for completely innocent users to be running perfectly usable -- but not formally authenticated -- copies of Windows Operating Systems through no fault whatever of their own.

OK, let's review where we stand.
The new Microsoft WAT regime relies upon a series of autonomous "cradle to grave" authentication verification connections to a central and ever-expanding Microsoft piracy signature database, even in the absence of major hardware changes or other significant configuration alterations that might otherwise cause the OS or local applications to query the user for explicit permission to reauthenticate.

Microsoft will trigger forced downgrading to non-genuine status if they believe a Windows 7 system is potentially pirated based on their "phone home" checks that will occur at (for now) 90 day intervals during the entire life of Windows 7 on a given PC, even months or years after purchase.

That Microsoft has serious piracy problems, and has "limited" the PC downgrading process to black wallpaper, repeating nagging at users, and extremely constrained update access isn't the key point. Nor is the ostensibly "voluntary" nature of the update triggering these capabilities (I say ostensibly since almost certainly most users will have the update installed automatically and won't even realize what it means at the time).

The new Microsoft WAT update and its associated actions represent unacceptable intrusions into the usability of consumer products potentially long after the products have been purchased and have been previously declared to be genuine.

Microsoft is not entirely alone in such moves. For example, a major PC game manufacturer has apparently announced that their games will soon no longer run at all if you don't have an Internet connection to allow them to authenticate at each run.

Still, games and other applications are one thing, operating systems are something else altogether. And regardless of whether we're talking about games or Windows 7, it's unacceptable for consumers to be permanently shackled to manufacturers via lifetime authentication regimes -- particularly ones that can easily impact innocent parties -- that can degrade their ability to use the products that they've purchased in many cases months or even years earlier.

Fundamentally, for Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner -- declaring their systems to be non-genuine and downgrading them at any time -- is rather staggering.
Make no mistake about it, fighting software piracy is indeed important, but Microsoft seems to have lost touch with a vast swath of their loyal and honest users if the firm actually believes their new WAT anti-piracy monitoring system is an acceptable policy model.

My recommendations to persons who currently run or plan to run Windows 7 are simplicity themselves.

I recommend that you strongly consider rejecting the manual installation of the Windows Activation Technologies update KB971033, and do not permit Windows Update to install it (this will require that you not have your PC configured in update automatic installation mode, which has other ramifications -- so you may wish to consult a knowledgeable associate if you're not familiar with Windows Update configuration issues).

And if at some point in the future you find that the update has been installed and your PC is still running normally, remove the update as soon as possible.
While I certainly appreciate Microsoft's piracy problems, and the negative impact that these have both on the company and consumers, I believe that the approach represented by this kind of escalation on the part of Microsoft and others -- into what basically amounts to a perpetual anti-piracy surveillance regime embedded within already purchased consumer equipment -- is entirely unacceptable.
Obviously it's hearsay and this guy's opinions, but if true it's as disturbing as the Ubisoft DRM, if not more so.

Harry Palmer 11-Mar-2010 20:28

you think you have a right to steal software?

Inertiaman 11-Mar-2010 20:43

Not really the issue given that if you're getting that update you're post-install of wga and have already paid for it. The issue seems to be the right to use w7 when and how you please once you've paid for it.

Belgarath 11-Mar-2010 20:49

The issue is that even if you have genuine software if your system doesn't report back to MS correctly every 90 days you will be "downgraded" and there may not be much you can do about it.

Calling it stealing also implies material deprivation, installing Windows without a license would be copyright infringement.

Blood God 11-Mar-2010 20:54

~

Someone care to summarise?

Scrobbs 11-Mar-2010 20:55

I don't see how it's substantially different from WGA, plus if you're that bothered, there's already a hack to bypass it.

Be that as it may, the issue about using the software as you like may be up for discussion here, but as far as the EULA's are concerned, you're only effectively 'renting' the use of the software anyway, as by ticking that box when you install you agree to all their terms, whether you think they're draconian or not.

Scrobbs 11-Mar-2010 20:56

Quote:

Originally Posted by Blood God (Post 1121537)
~

Someone care to summarise?

Pretty much what Bel said.

Harry Palmer 11-Mar-2010 21:01

Quote:

Originally Posted by Belgarath (Post 1121536)
The issue is that even if you have genuine software if your system doesn't report back to MS correctly every 90 days you will be "downgraded" and there may not be much you can do about it.

Calling it stealing also implies material deprivation, installing Windows without a license would be copyright infringement.

Ah, semantics. call it what you like.

Harry Palmer 11-Mar-2010 21:05

I have several instances of Win 7 running with no problem, even ones with infrequent access to the internet. I have just re-installed Win 7 on my home pc with no problem, and the Windows Virtual PC that I use to vpn to the office has just popped up the WGA notice and I have re-validated. do I care? no. do I care if it does it again? no. will I ever care? no. do I think they have a right to check? yes. Do I care? no.

Chef_uk 11-Mar-2010 21:13

I don't have a problem with it as i've never had updates turned on. I've yet to see a system thats worse off with no updates ever installed to ones that have every one of them installed. The number of software apps out there to protect us negates any protection the updates offer. That might be a very naive of me but is there any hard evidence that suggests a pc with the basic security software setup become compromised due to lack of windows updates? I'm happy to stand corrected.

StarMonkey 11-Mar-2010 21:14

This has been around for a few weeks now, basically the new genuine advantage (optional) windows update will check for known hacks, bios mods etc.. and disable them, making your windows 'not genuine'

It's optional, so just dont install it if you don't want to. Or alternatively, RemoveWAT and Daz's Windows7 loader both seem to get around it.

Inertiaman 11-Mar-2010 21:17

Quote:

Originally Posted by Harry Palmer (Post 1121542)
I have several instances of Win 7 running with no problem, even ones with infrequent access to the internet. I have just re-installed Win 7 on my home pc with no problem, and the Windows Virtual PC that I use to vpn to the office has just popped up the WGA notice and I have re-validated. do I care? no. do I care if it does it again? no. will I ever care? no. do I think they have a right to check? yes. Do I care? no.

Of course the validation itself is no inconvenience. Most seem to be annoyed by their personal computers being treated as wholly owned extensions of Microsoft/Adobe/Ubi/insert developer here. You say they have the right - but you seem to accept their intrusion only because it causes little inconvenience to you. Whilst the silly example in the OP of people busting your door down is too much, there is a case to be answered before, rather than after overreaching drm becomes inconvenient to you.

StarMonkey 11-Mar-2010 21:17

As a side note, pretty much all the major manufactures oem keys have been leaked now, but windows 7 checks slic tables in the bios to make sure that you have an oem system.

Daz's loader inserts a grub bootloader before windows which emulates slic2.1 and basically software mods your bios to think the motherboard is an oem one, so the manufacturers certificate will be accepted.

RemoveWAT is more crude, and just removes the activation files from windows and creates dummy ones in its place.

Or you could just pay for windows and not have to worry :D

StarMonkey 11-Mar-2010 21:20

For more info, read this forum - its where all the hacks are located, and details the way in which they and windows activation works. It's an interesting read if you're tech minded.

http://forums.mydigitallife.info/forums/16-Windows-7

Harry Palmer 11-Mar-2010 21:32

Quote:

Originally Posted by Inertiaman (Post 1121546)
Of course the validation itself is no inconvenience. Most seem to be annoyed by their personal computers being treated as wholly owned extensions of Microsoft/Adobe/Ubi/insert developer here. You say they have the right - but you seem to accept their intrusion only because it causes little inconvenience to you. Whilst the silly example in the OP of people busting your door down is too much, there is a case to be answered before, rather than after overreaching drm becomes inconvenient to you.

The simple fact is if you paid, and agreed to the Ts&Cs then there is no problem.

Is there a single case of anyone worldwide having a problem with the validation?

A few years ago when they introduced this with XP I had to re-install due to a Mboard failure - even though it was an OEM copy of XP, a simple phone call to Microsoft got me re-validated, bloody good service IMHO.

Inertiaman 11-Mar-2010 21:41

Quote:

Originally Posted by Harry Palmer (Post 1121555)
The simple fact is if you paid, and agreed to the Ts&Cs then there is no problem.

Is there a single case of anyone worldwide having a problem with the validation?

A few years ago when they introduced this with XP I had to re-install due to a Mboard failure - even though it was an OEM copy of XP, a simple phone call to Microsoft got me re-validated, bloody good service IMHO.

So basically if you've done nothing wrong...

Of course you're (still) right that it's no great inconvenience (barring anyone hoping to use w7 in a network limited environment) but let's not pretend that the communication enabled by this and similar validation practices is limited to a legit cd key. Your pc, registry and network setup gets raped for all it's worth.

Inertiaman 11-Mar-2010 21:50

KMS servers are aimed at 1000 licences and above though. And can be used from outside of a network. My example in that case was more aimed at nuclear power stations at the extreme, and say, defence contractors, field engineers etc. Those who's pc's will never see the outside world. It was a side point really.

BBW 11-Mar-2010 22:23

It all boils down to people who buy Microsoft products then whine like fuck about them. Silly people.

Harry Palmer 11-Mar-2010 22:31

Quote:

Originally Posted by Inertiaman (Post 1121564)
KMS servers are aimed at 1000 licences and above though. And can be used from outside of a network. My example in that case was more aimed at nuclear power stations at the extreme, and say, defence contractors, field engineers etc. Those who's pc's will never see the outside world. It was a side point really.

Do corporate licenses now go through WGA? I'm sure that for defense (etc.) stuff there was no requirement....

Inertiaman 11-Mar-2010 23:16

No idea on defence.

Corps use an internal keyserver now in most cases (KMS volume licencing) or hold a MAK licence which can be activated x times on the normal public keyserver.

Inertiaman 11-Mar-2010 23:18

internal kms's have to dial every six months as well out of interest.

Inertiaman 12-Mar-2010 00:25

http://www.mydigitallife.info/2006/1...lf-activation/

Excellent write up here - albeit with a less than official tone. The KMS server itself will communicate outside I think so it's not insulated. Don't know in practice though.

Lord Fondlemaid 12-Mar-2010 01:34

So... I have a legit, paid for Win 7 Pro which came with my new laptop.

What's the panic?

Inertiaman 12-Mar-2010 01:41

None. It's more mild indignance.

DizMatt 12-Mar-2010 09:50

people don't like being checked up on even if they're legit
I don't care really. it would be an issue years ago before always on etc.
but now most people are on BB then it's not a problem.
having read the above I think it said that if you can't validate then nothing happens
it's only a negative trigger that sets everything off

Inertiaman 12-Mar-2010 12:10

No, if you can't validate you're warned then locked up but nm.

Bilbo Fraggins 12-Mar-2010 14:28

Quote:

Originally Posted by BBW (Post 1121570)
It all boils down to people who buy Microsoft products then whine like fuck about them. Silly people.

Replace buy for pirate and I would agree :P

Solex 12-Mar-2010 14:54

I don't like the idea of a periodic phone home system if I've paid for the OS or not. As much as they have the right to ensure software isn't stoled, I have the right to privacy, and if/when a program accesses the internet at all.

Scrobbs 12-Mar-2010 15:31

You sign that right away when you tick the EULA.

Harry Palmer 12-Mar-2010 20:32

Quote:

Originally Posted by SoleX (Post 1121753)
I don't like the idea of a periodic phone home system if I've paid for the OS or not. As much as they have the right to ensure software isn't stoled, I have the right to privacy, and if/when a program accesses the internet at all.


heh, you are worried about privacy and you stick personal details on a website?


All times are GMT +1. The time now is 02:55.

Powered by vBulletin® Version 3.7.0 Release Candidate 3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 2003 - 2013, trickery.net