A security expert says Windows Vista can be run for at least a year without being activated, but Microsoft calls the process an antipiracy 'hack'.
Windows Vista can be run for at least a year without being activated, a serious end run around one of Microsoft's key antipiracy measures, Windows expert Brian Livingston said Thursday.
Livingston, who publishes the Windows Secret newsletter, said that a single change to Vista's registry lets users put off the operating system's product activation requirement an additional eight times beyond the three disclosed last month. With more research, said Livingston, it may even be possible to find a way to postpone activation indefinitely.
"The [activation] demands that Vista puts on corporate buyers is much more than on XP," said Livingston. "Vista developers have [apparently] programmed in back doors to get around time restrictions for Vista activation."
Microsoft Calls it a Hack
Microsoft promptly labeled the registry change a "hack," a loaded word that is usually synonymous with "illegal."
"Recently it has been reported that an activation hack for Microsoft's Windows Vista operating system has been identified," said David Lazar, the director of the company's Genuine Windows program, in an e-mail. "Although these reports are purely speculative at the moment, we are actively monitoring attempts to steal Microsoft intellectual property."
"This is not a hack," Livingston shot back when Lazar's e-mail was read to him. "This is a documented feature of the operating system." To back up his view, Livingston pointed out links to online support documents where Microsoft spells out the pertinent registry key. Nor is it speculative; Livingston demonstrated the procedure live via a Web conference session Thursday and claimed "we have run this dozens of times."
Postpone Activation
Livingston last month revealed that a one-line command lets users postpone Vista activation up to three times. Combined with Vista's initial 30-day grace period, that meant users could run Vista for as long as 120 days before they had to activate the OS. At the time, Microsoft seemed unconcerned with the disclosure, and flatly stated that using it would not violate the Vista End User License Agreement (EULA).
"The feature that I'm revealing today shows that Microsoft has built into Vista a function that allows anyone to extend the operating system's activation deadline not just three times, but many times," Livingston said.
Microsoft documented the key on its support site in a description of what it calls "SkipRearm". In it, Microsoft explains that "rearming a computer restores the Windows system to the original licensing state. All licensing and registry data related to activation is either removed or reset. Any grace period timers are reset as well."
By changing the SkipRearm key's value from the default "0" to "1," said Livingston, the earlier-revealed "slmgr -rearm" command can be used over and over.
In tests with several editions of Vista purchased at different times, Livingston found that copies of Vista Ultimate and Vista Home Premium obtained at the end of January would accept the SkipRearm change only eight times. Together with the three postponements made possible with slmgr -rearm and the opening 30-day grace period, that would give users nearly a year (360 days) of activation-free use. A copy of Vista Home Basic bought March 14, however, ignored the SkipRearm registry change.
"Microsoft has slipstreamed something into Home Basic and Home Premium," Livingston said. "But from my reading of the support documents, Microsoft needs to keep this feature in its business editions, Vista Business, Enterprise and Ultimate. It seems that Microsoft is sympathetic to enterprises' difficulty in rolling out Vista within the activation deadlines."
Lazar did not answer several questions e-mailed to him Thursday, including one that asked why Microsoft had included the SkipRearm feature in the first place. However, he indicated that the feature could be blocked if Microsoft desired. "It is important to note that these hacks are, at best, temporary. Microsoft has systems in place to detect and block piracy."
The following describes the Registry key that's involved.
Step 1. While running a copy of Windows Vista that hasn't yet been activated, click the Start button, type regedit into the Search box, then press Enter to launch the Registry Editor.
Step 2. Explore down to the following Registry key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ SL
Step 3. Right-click the Registry key named SkipRearm and click Edit. The default is a Dword (a double word or 4 bytes) with a hex value of 00000000. Change this value to any positive integer, such as 00000001, save the change, and close the Registry Editor.
Step 4. Start a command prompt with administrative rights. The fastest way to do this is to click the Start button, enter cmd in the Search box, then press Ctrl+Shift+Enter. If you're asked for a network username and password, provide the ones that log you into your domain. You may be asked to approve a User Account Control prompt and to provide an administrator password.
Step 5. Type one of the following two commands and press Enter:
slmgr -rearm
or
rundll32 slc.dll,SLReArmWindows
Either command uses Vista's built-in Software Licensing Manager (SLMGR) to push the activation deadline out to 30 days after the command is run. Changing SkipRearm from 0 to 1 allows SLMGR to do this an indefinite number of times. Running either command initializes the value of SkipRearm back to 0.
Step 6. Reboot the PC to make the postponement take effect. (After you log in, if you like, you can open a command prompt and run the command slmgr -xpr to see Vista's new expiration date and time. I explained the slmgr command and its parameters in my Feb. 15 article.)
Step 7. To extend the activation deadline of Vista indefinitely, repeat steps 1 through 6 as necessary.
Any crooked PC seller with even the slightest technical skill could easily install a command file that would carry out steps 1 through 6 automatically. The program could run slmgr -rearm three times, 30 days apart, to postpone Vista's activation deadline to 120 days. It could then run skip -rearm every 30 days, for a period of months if not years, by first resetting the SkipRearm key.
The program could be scheduled to check Vista's activation deadline during every reboot, and to remind the user to reboot once a month if a deadline was nearing. The buyer of such a PC would never even see an activation reminder, much less be required to go through the activation process.
If you happen to buy a Vista PC from a little-known seller, and the price was too good to be true, use Vista's search function to look for the string SkipRearm in files. You may discover that your "bargain" computer will mysteriously start demanding activation in a year or two — but your product key won't be valid.
I asked Microsoft why SkipRearm is included in Vista if it can be used to create machines that appear not to need activation for long periods. A Microsoft spokewoman replied, "I connected with my colleagues and learned, unfortunately, we do not have information to share at this time." (I can't identify the speaker because the policy of Waggener Edstrom, Microsoft's public-relations firm, prohibits the naming of p.r. spokespersons.)
In my testing of Microsoft's back-door loophole, I've found that the technique can be used to postpone the activation deadline one year or longer. It may or may not, however, work forever, as I describe below.
Activation Deadline Extensions
"This is somewhat of a threat to Microsoft," Livingston said. "But the extent to what it can retroactively patch, I don't know. Maybe they will want to change this. But that would only call more attention to activation, and perhaps reveal the mechanism Vista is using to count SkipRearm."
Livingston has not been able to find where Vista stores the SkipRearm count; conceivably, that count is what restricts its use to a maximum of eight. If someone was to find the count location, however, and manage to change that as well as the SkipRearm registry key, users might be able to postpone activation forever, said Livingston.
"The problem I see with this is that unscrupulous system builders will use it [to install counterfeit copies of Vista], but that Vista will start demanding activation a year or more out, when the guy is long gone with your money," said Livingston. "And then the activation key wouldn't work, because he would have used it on hundreds or even thousands of systems and Microsoft would have blocked it."
Background
Microsoft introduced product activation in 2001's Office XP and also used it in that year's Windows XP. Activation was toughened up for Vista, however; After the grace period, nonactivated PCs running Vista drop into what Microsoft calls "reduced functionality" mode. In reduced mode, users can only browse the Web with Internet Explorer, and then only for an hour before being forced to again log on.
Livingston's work-around, however, may do away with activation altogether. "[Activation] has become so convoluted, the way Microsoft has implemented it, that it's more of an irritation to legitimate users than a worthwhile antipiracy measure," Livingston concluded.
Naturally, Microsoft's Lazar sees it differently. "The new anti-piracy technologies in Windows Vista are designed to protect customers and prevent the software from working correctly when it is not genuine and properly licensed," he said. "Systems utilizing these hacks will not provide the benefits of genuine Windows, nor will they work as expected."
Computer Works
No comments:
Post a Comment