October 04, 2006

Microsoft Plans For Automatic Hobbling of "Pirated" Vista Systems

Greetings. Back in June when I first revealed the "phone home" behavior of Microsoft's Windows XP "Genuine Advantage" (WGA) anti-piracy system, a number of people asked me a very provocative question.

To wit, did I believe that Microsoft would use such facilities to actually disable XP systems that they felt might be pirated?

My answer at the time was that given the significant potential for massive disruption of important applications, the certain intense backlash, and the lawyers' litigation bonanza that would likely result from such actions, it seemed that such a course would be an extremely unwise move.

Well, that was XP. Now comes Vista, the next generation of Microsoft Windows. And here's the executive summary, based on my best information to date: With Windows Vista, MS is dramatically escalating their anti-piracy methodology, and even more deeply attaching users at the hip to MS' ongoing supervision. The days of simply buying Windows software go by the wayside -- from now on Microsoft is your permanent "overseer" when it comes to computing policies.

In particular, Vista will include technologies that can be used by MS to drastically reduce the functionality of systems that they believe to be pirated. This restricted environment will give users a choice between running Windows in its very limited "Safe Mode" (apparently with networking disabled), or alternatively running a Web browser that will exit automatically after each hour or so of usage.

If you want your full system functionality back after being tagged as running a possibly pirated system, you will need to prove yourself to Microsoft.

The implications are enormous.

This situation doesn't come to me as a complete surprise. In the months since my public discussions regarding WGA, I've been in cordial communications with a key executive at Microsoft within their anti-piracy unit. During these conversations, I did my best -- unsuccessfully -- to dissuade them from taking this kind of course. Unfortunately, my leverage with Microsoft is something akin to sticking a small, blunt toothpick into Godzilla's big toe in an attempt to get his attention.

MS' view -- as I understand it -- is that so long as people get sufficient warning before their systems are hobbled (the hobble plans include a 30-day cycle of escalating alerts before the actual drastic capability downgrade is initiated), people will come to accept this "new world order" for a new operating system.

That's interesting theory. But the real world isn't such a tidy place -- the WGA experience showed that dramatically. Even if a small percentage of systems are flagged as possible pirated systems, on an absolute basis we're still talking about very large numbers of systems and users.

We already know that an array of issues (details in my WGA thread) can cause false positives marking someone as a possible pirate. Microsoft asserts that they make it relatively easy to demonstrate your lack of culpability if you happen to end up with a non-authentic or pirated copy of Windows. Even if we accept this for the sake of the argument, the hassles and potential disruptions in these situations are extremely substantial.

Even worse, the specter of hackers possibly gaining control over system hobbling mechanisms is straight out of the darkest scenes of science fiction. Low probability? Couldn't happen? Do you really want to bet your computerized life on that? What a challenge for the hacking community!

As I've often noted, software piracy is indeed a major problem. MS is within their rights to implement reasonable means to control it. But by any definition, their plan for active system hobbling is unacceptable and beyond the pale.

A month's worth of warnings, or even six months or a year -- won't ameliorate the negatives of this scheme. Too many people ignore such announcements. They're bombarded with warnings already from all sorts of software, and it's easy to assume that even repeated ones are in error and don't really apply to them. It's amazing what people will just ignore and put up with when they believe that they're in the right, or that it's really somebody else's problem in the corporate hierarchy.

Then we have the issue of "embedded" systems. Innumerable applications, some of them in extremely important venues (government operations, medical offices and hospitals, plus a practically endless list of others) use Windows systems that are buried in boxes and closets, configured in ways such that no human being would ever even normally see the desktop warnings that would precede an MS ordered hobbling of an underlying Vista operating system. In many such cases, there'd be no indication of a problem until the application just stopped working -- boom -- and wouldn't start up again normally.

Microsoft does suggest that most or all applications running as Windows system services would probably in general not be hobbled from normal operations (at least until a user chose to login to the desktop "safe mode" option, then there may be networking issues -- this isn't entirely clear), since the primary target of this "downgrading" mechanism appears to be the desktop and more typical user applications. But this does mean that an immense range and number of applications would indeed be affected.

MS notes that there are two basic ways that a system might be flagged as a possible pirate (exact policies for this to be tuned on an ongoing basis).

First, a system that has had major hardware changes might trigger the authentication alert and start the 30-day warning countdown to the hobbled state (it should be mentioned that several highly promoted but largely cosmetic new features in Vista are immediately disabled once the warning sequence begins).

The second way to possibly find yourself marked as a pirate will be related to connecting with various Microsoft Web sites either on an automatically scheduled or a manual (e.g. Web browser) basis. It is through this vector that Microsoft would send the "begin hobbling warning sequence" command to systems whose license keys had found their way onto MS' suspected piracy database. The set of Microsoft sites enabled for this capability will likely start relatively small (e.g., particular download and system validation sites) and expand over time to a broader range of Microsoft download and update sites.

This second scenario suggests that embedded systems with Internet connections that were permitted to contact Microsoft could be at possible risk for hobbling, even if their hardware configurations were left completely untouched for long periods.

In any case, the entire concept of significantly reducing the functionality of running systems is saturated with risks. Microsoft notes that their products aren't supposed to be used for "critical" types of applications. That's a fine sentiment, but Microsoft has succeeded all too well in getting developers to use their operating systems in all manner of exceptionally important applications. That's the reality.

Of course, just because Microsoft says that they can use such drastic anti-piracy measures in any particular situation, doesn't mean that they necessarily will, but can we really afford to take that chance? Even if you are the most 100% squeaky-clean human on planet Earth, and would never even dream of running pirated software, you may want to think twice (or more than twice) before jumping into bed with Microsoft on this one.

And to Microsoft, I again urge you to reconsider this path. By pushing the anti-piracy envelope so far into dangerous territory, you are ultimately undermining your own valid concerns about piracy, and potentially damaging not only computer users, but yourselves as well. That doesn't help you, it doesn't help your customers, and it does a grave disservice to the entire global community that works directly or indirectly with your products. Piracy is real, but you can do so much better.

--Lauren--

Posted by Lauren at October 4, 2006 07:45 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein