Microsoft's Own Tool May Fake Out Windows' Anti-Piracy

According to Debasis Mohanty, an independent vulnerability researcher attributed with discovering a number of vulnerabilities, who posted a proof-of-concept walk-through in Word format on the Full Disclosure security mailing list, a tool provided by Microsoft itself can be used to generate a code that will let systems running pirated copies of Windows to download and use software that Microsoft has said will work only with legitimate operating systems.

Microsoft dismissed the impact of the WGA work-around. "We don't see this as being substantial, and poses very little threat to our customers or to us," said a Microsoft spokesman. "We anticipated counterfeiters would try several different measures [to circumvent WGA], so we weren't surprised to see something like this."

Windows Genuine Advantage (WGA) is an anti-piracy scheme targeting consumer and small business customers that Microsoft debuted to some criticism in September 2004. This summer, it will require users to validate their copy of Windows to download any files from Microsoft's Download Center or use the Windows Update security patch service for anything but security updates. (Automatic Update, which Microsoft has been aggressively pushing, will continue to deliver security updates to all, even those with illegal copies of Windows.)

Mohanty said that by using a secondary validation tool -- GenuineCheck.exe, which can be downloaded as a backup to WGA's by-default ActiveX control -- users can fool WGA. When run on a machine hosting a legit copy of Windows, GenuineCheck.exe generates a code that can then be manually entered on a system running counterfeit Windows, allowing that machine to download and run formerly-banned software.

GenuineCheck.exe is offered by WGA as an alternative to ActiveX verification, since not all browsers -- read "Firefox" -- support ActiveX.

The Microsoft spokesman defended the use of GenuineCheck. "We need to make it as easy as possible to stay updated [via Download Center]."

Keys cranked out by GenuineCheck expire "very quickly," added the Microsoft spokesman, "so they'll be very difficult to share" on, for instance, a Web site. The software downloaded to a PC running an illegal copy of Windows using a GenuineCheck key, however, will continue to run even after that WGA key has expired, Microsoft confirmed.

Because WGA has to walk a line between ease of use and effectiveness, Microsoft's anti-piracy efforts will never be perfect. ""Certainly we have to stay ahead of pirates in the cat and mouse game," the spokesman concluded, "but we seek to balance ease of access to updates for our customers while still protecting our intellectual property."