Vista Crack Means Big Trouble

In a somewhat deja vu circumstance, crackers may have put the kibosh on Windows Vista product activation...

In a somewhat deja vu circumstance, crackers may have put the kibosh on Windows Vista product activation, as they did before Microsoft made Windows XP's widely available.

The exploit doesn't break Microsoft's anti-piracy mechanism, but falsely activates some Windows Vista versions.

The Windows Vista crack, if definitely proven effective, is rather ingenious. Because I haven't personally tried it out and Microsoft is confirming nothing --absolutely nothing --I can't definitely say it works. But, conceptually, the crack should work, although it's a whole lot of trouble for average folks. Paying up for a legit copy of Vista would be better way to go, if for no other reason than it's the right thing to do.

In a statement, Cori Hartje, director of Microsoft's Genuine Software Initiative, described the crack as "purely speculative."

I can confirm the cracking tools are out there. I easily found Web links to torrents of the crack. Supposedly the software contains a VMware image and visual basic script that acts as a pseudo activation server for Windows Vista. The user obtains a Windows Vista image file--also available on torrents--and activates against the pseudo server.

The crack exploits Microsoft's Volume Activation 2.0, which Windows Vista supports. The newer anti-piracy mechanism requires Windows Vista versions obtained through volume licensing to phone home every so often to essentially reactivate. Microsoft chose the approach to combat the ongoing problem of leaked or stolen volume-licensing keys. Five years ago, the first keys leaked even before Windows XP shipped, allowing for mass pirating of the operating system. Conceptually, the reactivation mechanism would allow Microsoft to revoke some keys and then invalidate pirated Windows Vista copies.

Volume Activation 2.0 uses two reactivation mechanisms. The crack supposedly takes advantage of the Key Management Service, or KMS. Businesses would set up KMS servers for activating Windows Vista and reactivating within every 180 days.

The service is only designed for software distributed through volume licensing, which would mean Windows Vista Enterprise. The consumer versions of Windows Vista activate in single fashion, so the cracking technique shouldn't work. Besides, Enterprise is the ultimate version to steal, so to speak.

"We are actively monitoring these types of piracy and counterfeit situations, and will take action on any Key Management Service or Multiple Activation Key keys that have been reported as stolen or abused," Hartje said.

The crack isn't without its flaws. Pirated Windows Vista versions would have to be pseudo-reactivated within every 180 days. Vista copies that aren't activated or fail to reactivate all but shut down in about 30 days.

From a security perspective, the Vista crack is deeply disturbing. Suppose a pirate distributed hacked versions of Windows Vista that redirected product activation to its own servers. Conceptually, the hacker could distribute pirated software preloaded for participation in botnets. A little pseudo-activation here, some added remote-access Trojans (RATs) there, and the hacker-pirate has a botnet distribution platform.

There would be little consolation in people stealing Vista paying the hacker pirate by another means, because of all the trouble botnets cause.

No doubt, Microsoft will respond to this crack, assuming it's real, quite possibly by modifying how KMS works. It's not like there have been massive deployments of legitimate copies of Windows Vista yet. The customer impact would be minimal right now.

As for the crack, Microsoft anti-piracy mechanisms aren't perfect, nor are they meant to be. Microsoft probably could make Windows a really tough nut to crack--maybe impossible to pirate. But the cost would be huge reduction in the operating system's utility and usability.

As an end user, I dislike Microsoft's anti-piracy mechanisms. They're a hassle, and they feel like Microsoft either doesn't trust or must punish legitimate users. But Microsoft could have made the mechanisms much more burdensome. Each time hackers, crackers and pirates (Oh my!) undermine these mechanisms, Microsoft must make them tougher and in the process more burdensome for legitimate users. That's the price we pay for people who steal.