February 11, 2010

Who Owns Your PC? New Anti-Piracy Windows 7 Update "Phones Home" to Microsoft Every 90 Days

Greetings. Sometimes a seemingly small software update can usher in a whole new world. When Microsoft shortly pushes out a Windows 7 update with the reportedly innocuous title "Update for Microsoft Windows (KB971033)" -- it will be taking your Windows 7 system where it has never been before.

And it may not be a place where you want to go.

Imagine that you're sitting quietly in your living-room at your PC, perhaps watching YouTube. Suddenly, a pair of big, burly guys barge into your house and demand that you let them check your computer to make sure that it's "genuine" and not running pirated software. You protest that you bought it fair and square, but they're insistent -- so you give in and let them proceed.

Even though you insist that you bought your laptop from the retail computer store down the street many months ago, and didn't install any pirate software, the visitors declare that your computer "isn't genuine" according to their latest pirated systems lists, and they say that "while we'll let you keep using it, we're modified your system so that it will constantly nag in your face until you pay up for a legit system!" And they head out the door to drop in on the eBay-loving grandmother next door.

You then notice that the wallpaper on your PC has turned black, and these strange notifications keep popping up urging you to "come clean."

Ridiculous? Well, uh, actually no.

Microsoft most definitely has a valid interest in fighting the piracy of their products. It's a serious problem, with negative ramifications for Microsoft and its users.

But in my opinion, Microsoft is about to embark on a dramatic escalation of anti-piracy efforts that many consumers are likely to consider to be a serious and unwanted intrusion at the very least.

It's important for you to understand what Microsoft is going to do, what your options are, and why I am very concerned about their plans.

Back in June 2006, in a series of postings, I revealed how Microsoft was performing unannounced "phone home" operations over the Internet as part of their Windows Genuine Advantage authentication system for Windows XP. (The last in that series of postings describes Microsoft's reaction to the resulting controversy.) The surrounding circumstances even spawned a lawsuit against Microsoft, which coincidentally was recently dismissed by a judge.

But Microsoft has continued to push the anti-piracy envelope, now under the name Windows Activation Technologies (WAT).

This time around, to the company's credit (and many thanks to them for this!) Microsoft reached out to me starting several months ago for briefings and discussion about their plans for a major new WAT thrust -- on the basis, to which I agreed, that I not discuss it publicly until now.

The release of Windows 7 "Update for Microsoft Windows (KB971033)" will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic "phone home" operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days.

The purpose? To verify that you're not running a pirated copy of Windows, and to take various actions changing the behavior of your PC if the WAT system believes that you are not now properly authenticated and "genuine" -- even if up to that point in time it had been declaring you to be A-OK.

Note that I'm not talking about the one-time activation that you (or your PC manufacturer) performs on new Windows systems to authenticate them to Microsoft initially. I'm talking a procedure that would "check-in" your system with Microsoft at quarterly intervals, and that could take actions to significantly change your "user experience" whenever the authentication regime declares you to have fallen from grace.

These automatic queries will repeatedly -- apparently for as long as Windows is installed -- validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft).

If your system matches -- again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine -- then your system will be "downgraded" to "non-genuine" status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. In some cases you might be able to get this for free if you can convince Microsoft that you were the victim of a scam -- but you'll have to show them proof. Otherwise, you'll need to pull out your wallet.

I'm told that the KB971033 update is scheduled to deploy to the manual downloading "Genuine Microsoft Software" site on February 16, and start pushing out automatically through the Windows Update environment on February 23. Blog Update 5:05 PM: This blog entry originally listed the KB number without the leading 9, since that was the way it was provided to me verbally and confirmed by Microsoft. They have now notified me that Update for Microsoft Windows (KB971033) is the actual designation, so I have made the appropriate change to the KB number throughout this posting.

The update will reportedly be tagged simply as an "Important" update. This means that if you use the Windows Update system, the update will be installed to your Windows 7 PC based on whatever settings you currently have engaged for that level of update -- it will not otherwise ask for specific permission to proceed with installation.

If your Windows Update settings are such that you manually install updates, you can choose to decline this particular update and you can also uninstall it later after installation -- without any negative effects per se. But don't assume that this will always "turn back the clock" in terms of the update's effects. More on this below.

Also, reportedly if the 90-day interval WAT piracy checking system "calls" are unable to connect to the Microsoft servers (or even if they are manually blocked from connecting, e.g. by firewall policies) there will reportedly be no ill effects.

However -- and this is very important -- if the update is installed and the authentication system then (after connecting with the associated Microsoft authentication servers at any point) decides that your system is not genuine, the "downgrading" that occurs will not be reversible by uninstalling the update afterward.

The WAT authentication system also includes various other features, such as the ability to automatically replace authentication/license related code on PCs if it decides that the official code has been tampered with (Microsoft rather euphemistically calls this procedure "self heal").

I've mentioned that Windows 7 systems will be "downgraded" to "non-genuine" status if they're flagged as suspected pirates. What does this mean?

Essentially, they'll behave the same way they would if they had failed to be authenticated and activated initially within the grace period after purchase.

Downgraded systems will still function much as usual fundamentally, but there will be some very significant (and very annoying) changes if your system has been designated non-genuine.

The background wallpaper will change to black. You can set it back to whatever you want, but once an hour or so it will reset again to black.

Various "nag" notifications will appear at intervals to "remind" you that your system has been tagged as a likely pirate and offering you the opportunity to "come clean" -- becoming authorized and legitimate by buying a new Windows 7 license. Some of these nags will be windows that appear at boot or login time, others will appear frequently (perhaps every 20 minutes or so) as main screen windows and taskbar popup notices.

Systems that are considered to be non-genuine also have only limited access to other Microsoft updates of any kind (e.g., access to high priority security updates, but not anything else, may be permitted).

And of course, under the new WAT regime you run the risk of being downgraded into this position at any time during the life of your PC.

In response to my specific queries about how downgraded systems (particularly unattended systems) would behave vis-a-vis existing application environments, Microsoft has said that they have taken considerable effort to avoid having the downgrade "nag system" interfere with the actual running of other applications, including stealing of windows' focus. It remains to be seen how well this aspect turns out in practice.

All of this brings us to a very basic question. Why would any PC owner -- honest or pirate -- voluntarily participate in such a continuing "phone home" authentication regime?

Obviously, knowledgeable pirates will avoid the whole thing like the plague any way that they can.

Microsoft's view, as explained to me and as primarily emphasized in their blog posting that will appear today announcing the WAT changes, is that honest Windows 7 users will want to know if their systems are running unauthentic copies of the operating system, since (Microsoft asserts and indeed is the case) those systems have a significant likelihood of also containing dangerous viruses or other potentially damaging illicit software that "ride" onto the PC along with the unauthentic copy of the OS.

But even if we assume that there's a noteworthy risk of infections on systems running pirated copies of Windows 7, the approach that Microsoft is now taking doesn't seem to make sense even for honest consumers.

If Microsoft's main concern were really just notifying users about "contaminated" systems, they could do so without triggering the non-genuine downgrading process and demands that the user purchase a new license (demands that will be extremely confusing to many users).

As I originally discussed in How Innocents Can Be Penalized by Windows Genuine Advantage, it's far more common than many people realize for completely innocent users to be running perfectly usable -- but not formally authenticated -- copies of Windows Operating Systems through no fault whatever of their own.

OK, let's review where we stand.

The new Microsoft WAT regime relies upon a series of autonomous "cradle to grave" authentication verification connections to a central and ever-expanding Microsoft piracy signature database, even in the absence of major hardware changes or other significant configuration alterations that might otherwise cause the OS or local applications to query the user for explicit permission to reauthenticate.

Microsoft will trigger forced downgrading to non-genuine status if they believe a Windows 7 system is potentially pirated based on their "phone home" checks that will occur at (for now) 90 day intervals during the entire life of Windows 7 on a given PC, even months or years after purchase.

That Microsoft has serious piracy problems, and has "limited" the PC downgrading process to black wallpaper, repeating nagging at users, and extremely constrained update access isn't the key point. Nor is the ostensibly "voluntary" nature of the update triggering these capabilities (I say ostensibly since almost certainly most users will have the update installed automatically and won't even realize what it means at the time).

The new Microsoft WAT update and its associated actions represent unacceptable intrusions into the usability of consumer products potentially long after the products have been purchased and have been previously declared to be genuine.

Microsoft is not entirely alone in such moves. For example, a major PC game manufacturer has apparently announced that their games will soon no longer run at all if you don't have an Internet connection to allow them to authenticate at each run.

Still, games and other applications are one thing, operating systems are something else altogether. And regardless of whether we're talking about games or Windows 7, it's unacceptable for consumers to be permanently shackled to manufacturers via lifetime authentication regimes -- particularly ones that can easily impact innocent parties -- that can degrade their ability to use the products that they've purchased in many cases months or even years earlier.

Fundamentally, for Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner -- declaring their systems to be non-genuine and downgrading them at any time -- is rather staggering.

Make no mistake about it, fighting software piracy is indeed important, but Microsoft seems to have lost touch with a vast swath of their loyal and honest users if the firm actually believes their new WAT anti-piracy monitoring system is an acceptable policy model.

My recommendations to persons who currently run or plan to run Windows 7 are simplicity themselves.

I recommend that you strongly consider rejecting the manual installation of the Windows Activation Technologies update KB971033, and do not permit Windows Update to install it (this will require that you not have your PC configured in update automatic installation mode, which has other ramifications -- so you may wish to consult a knowledgeable associate if you're not familiar with Windows Update configuration issues).

And if at some point in the future you find that the update has been installed and your PC is still running normally, remove the update as soon as possible.

While I certainly appreciate Microsoft's piracy problems, and the negative impact that these have both on the company and consumers, I believe that the approach represented by this kind of escalation on the part of Microsoft and others -- into what basically amounts to a perpetual anti-piracy surveillance regime embedded within already purchased consumer equipment -- is entirely unacceptable.


Posted by Lauren at February 11, 2010 09:01 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein