http://blogs.zdnet.com/Bott/?p=1817#more-1817I’ve been hanging out with a bad crowd lately.
In the interest of research, I’ve been digging into message boards and forums run by unabashed Windows enthusiasts who are intent on breaking Microsoft’s activation technology. I’ve had these forums bookmarked for years and stop in every once in a while just to see what’s new. This time I decided to drop by and actually try some of tools and utilities to see if I could become a pirate, too.
Unfortunately, I succeeded.
In this post, I’ll share my experiences, including close encounters with some very nasty malware and some analysis on how the latest showdown between Microsoft and the pirates is likely to play out.
You won’t find names or direct links here—although these guys seem like genuine enthusiasts, I have no intention of giving them any free publicity. But if you’re interested in tracking down the tools I tested you should have no trouble finding them using the clues available in screenshots and descriptions here.
On the 4th page he makes this observation about the hacks involved:
The latest salvo from Microsoft in the war against pirates is the Windows Activation Technologies Update (KB971033). In its default configuration, it performs an initial validation check and then repeats the process every 90 days, downloading new signatures to detect exploits that flew under the radar in the previous scan. When I initially wrote about this subject last month, the question I heard most often was, “Why does it need to keep checking? If I get validated, shouldn’t that be good enough?â€
Unfortunately, the experiences I’ve written about here prove why that strategy doesn’t work. If you used a copy of RemoveWAT that was created in 2009, you were able to fool Microsoft validation servers with a 100% success rate. However, as the anguished cries of forum participants proved, the KB971033 update in February exposed all of those hacks, restoring the correct license files and causing the systems to (correctly) fail validation. As a result, the RemoveWAT developer modified his code and released a version last week that trumped the new update and once again allowed hacked machines to pass the activation test.
In the past, that would have been counted as a win for the pirates. But with its new signature-based system, Microsoft can improve its exploit-detection code and, at least in theory, identify the updated hacks in 90 days (or, in the worst case, 90 days after that). The point is that pirates can’t count on getting a permanent free pass on activation. If you’re a hobbyist obsessed with pirating Windows, you have to put up with the nuisance of updating your hacking tools every few months. But if you’re selling pirated software (in a box or preloaded on a system), you risk getting put out of business and maybe sent to jail when the systems you sold in March are detected as pirated in June or July.
