Language Selection

English French German Italian Portuguese Spanish

Another way past Windows antipiracy found

Filed under

The check is meant to prevent people with pirated copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe," it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is pirated, according to a Web site publicized on Thursday in a posting to the popular Full Disclosure security mailing list.

Microsoft would not confirm that the method works, but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.

Microsoft last week made the Windows piracy check mandatory for all customers who want to download add-ons for Windows XP and 2000. The effort, dubbed Windows Genuine Advantage, requires users to verify that they have a legitimate copy of the operating system before they can get files from Microsoft's download Web sites.

Tricking the check

For the software maker, the news could be another episode of people finding a way to get around WGA. Last week, several Web sites said it was possible to bypass the piracy lock by several means, including pasting a JavaScript string into the Web browser. Earlier this year, during WGA's pilot phase, a security researcher outlined another way to trick the check.

The GenuineCheck.exe tool is meant to provide an alternative way for people to prove that their copy of Windows is an official Microsoft version. The primary WGA checking mechanism uses ActiveX, which is not supported in all Web browsers. The popular open-source Firefox Web browser, for example, does not support ActiveX.

"To make the validation experience as user-friendly as possible, Microsoft engineered a process that enables customers to validate their systems easily, and unfortunately, unscrupulous users are able to exploit that," the Microsoft representative said.

According to the Thursday posting, all a PC user apparently has to do to have GenuineCheck.exe generate a valid code on a machine with pirated Windows XP is to run it in Windows 2000 compatibility mode. This is done by downloading the tool, right-clicking on the file and selecting "properties." Then select the "compatibility" tab in the menu and change the compatibility mode.

If the method actually works, it may be short-lived. "Microsoft will be updating the validation system from time to time and plans to address these issues," the Microsoft representative said.

WGA is a stepped-up effort by Microsoft to increase the number of Windows users that are actually paying Microsoft for its software. At the moment, the company estimates that roughly a third of Windows copies worldwide are not legitimate.

By Joris Evers

More in Tux Machines

KDE Leftovers

  • Choose Your Own Experience in Plasma 5.8 and beyond
    One of the key points of Plasma is while giving a simple default desktop experience, not limiting the user to that single, pre-packed one size fits all UI.
  • KDevelop 5.0.2 released for Windows and Linux
    Four weeks after the release of KDevelop 5.0.1, we are happy to announce the availability of KDevelop 5.0.2, a second stabilization release in the 5.0 series. We highly recommend to update to version 5.0.2 if you are currently using version 5.0.1 or 5.0.0.
  • Wayland improvements since Plasma 5.8 release
    Two weeks have passed since the Plasma 5.8 release and our Wayland efforts have seen quite some improvements. Some changes went into Plasma 5.8 as bug fixes, some changes are only available in master for the next release. With this blog post I want to highlight what we have improved since Plasma 5.8.
  • Wayland For KDE Plasma 5.9 Should Shape Up Quite Nicely
    Plasma 5.8 was only released at the beginning of October but already there has been a number of Wayland improvements queuing up for the next milestone, Plasma 5.9. KWin maintainer Martin Gräßlin wrote a blog post yesterday about some of the early Wayland changes coming for Plasma 5.9. Some of this early work for the next KDE Plasma 5 release includes resize-only borders, global shortcut handling, support for keyboard LEDs via libinput, relative pointer support, the color scheme syncing to the window decoration, window icon improvements, multi-screen improvements, panel imporvements, and more.
  • Autumn Sale in the Krita Shop
  • .

Linux/FOSS Events

  • FOSDEM Desktops DevRoom 2016 all for Participation
    FOSDEM is one of the largest (5,000+ hackers!) gatherings of Free Software contributors in the world and happens each February in Brussels (Belgium, Europe). Once again, one of the tracks will be the Desktops DevRoom (formerly known as “CrossDesktop DevRoom”), which will host Desktop-related talks. We are now inviting proposals for talks about Free/Libre/Open-source Software on the topics of Desktop development, Desktop applications and interoperability amongst Desktop Environments. This is a unique opportunity to show novel ideas and developments to a wide technical audience.
  • LatinoWare
    Yesterday, Wednesday 19 oct, was the first day of LatinoWare thirteen edition hosted in the city of Foz do Iguaçu in Parana state with presence of 5155 participants and temperature of 36ºC. Currently this is the biggest event of free software in Brazil.
  • Attending a FUDcon LATAM 2016
    From my experience I will share my days at FUDcon 2016 held on Puno last week. There were 3 core days, and 2 more days to visit around.

Linux Graphics

Games for GNU/Linux