Language Selection

English French German Italian Portuguese Spanish

Another way past Windows antipiracy found

Filed under
Microsoft

The check is meant to prevent people with pirated copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe," it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is pirated, according to a Web site publicized on Thursday in a posting to the popular Full Disclosure security mailing list.

Microsoft would not confirm that the method works, but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.

Microsoft last week made the Windows piracy check mandatory for all customers who want to download add-ons for Windows XP and 2000. The effort, dubbed Windows Genuine Advantage, requires users to verify that they have a legitimate copy of the operating system before they can get files from Microsoft's download Web sites.

Tricking the check

For the software maker, the news could be another episode of people finding a way to get around WGA. Last week, several Web sites said it was possible to bypass the piracy lock by several means, including pasting a JavaScript string into the Web browser. Earlier this year, during WGA's pilot phase, a security researcher outlined another way to trick the check.

The GenuineCheck.exe tool is meant to provide an alternative way for people to prove that their copy of Windows is an official Microsoft version. The primary WGA checking mechanism uses ActiveX, which is not supported in all Web browsers. The popular open-source Firefox Web browser, for example, does not support ActiveX.

"To make the validation experience as user-friendly as possible, Microsoft engineered a process that enables customers to validate their systems easily, and unfortunately, unscrupulous users are able to exploit that," the Microsoft representative said.

According to the Thursday posting, all a PC user apparently has to do to have GenuineCheck.exe generate a valid code on a machine with pirated Windows XP is to run it in Windows 2000 compatibility mode. This is done by downloading the tool, right-clicking on the file and selecting "properties." Then select the "compatibility" tab in the menu and change the compatibility mode.

If the method actually works, it may be short-lived. "Microsoft will be updating the validation system from time to time and plans to address these issues," the Microsoft representative said.

WGA is a stepped-up effort by Microsoft to increase the number of Windows users that are actually paying Microsoft for its software. At the moment, the company estimates that roughly a third of Windows copies worldwide are not legitimate.

By Joris Evers
CNET News.com

More in Tux Machines

Why you should ditch OpenOffice and use the free LibreOffice suite

OpenOffice was the first big, mainstream free software competitor to Microsoft Office, and because of that, it still has mainstream name recognition—which is a problem. Developers have almost all moved to LibreOffice, the spiritual successor to OpenOffice. But OpenOffice continues to be operated as its own project, seeing little development and only drawing potential LibreOffice users to a defunct piece of software. Read more

Firefox Fading, Ditching OpenOffice, and Containers

Dissatisfaction with Mozilla's recent announcement to change its extension core code is being expressed across the Internet. Folks aren't happy. Elsewhere, Chris Hoffman explains why you should switch from OpenOffice to LibreOffice and the Canonical IP fight continues. In other news, several container headlines caught my eye recently. Read more

Today in Techrights

today's leftovers

  • GTX 760 Vs R7 370 4G In Company Of Heroes 2
    Liam has done his initial port reports and such so it's my turn to feed you some information. I'm once again putting my GTX 760 against the R7 370 to see what kind of performance we can expect from Company of Heroes 2.
  • KDE Plasma 5.4 Enhances Linux Desktop Experience
    The K Desktop Environment (KDE) is one of the earliest Linux desktop environments, dating all the way back to 1996, predating even the popular GNOME desktop environment, which was started in 1999. On Aug. 25, the core KDE desktop, Plasma, got an incremental update to version 5.4 that builds on the innovations that the first Plasma 5 release introduced in July. Among the many changes that users will notice with Plasma 5.4 are more than 1,400 new icons for all KDE applications, providing a more streamlined, modern look and feel to the desktop. Also new to Plasma 5.4 is an optional Application Dashboard that provides a different way to open up applications. Finding an application, or anything else on the KDE desktop, is also improved by way of enhanced search history in the integrated KRunner search tool that is part of the desktop. Plus, the 5.4 update now provides initial support for the Wayland display server that is intended to be a replacement for the decade-old X-Window server. KDE as a desktop environment is available on multiple Linux distributions, including Ubuntu, Fedora and openSUSE. In this slide show, eWEEK examines some of the key features of the KDE Plasma 5.4 desktop.
  • KDE Sprints - who wins?
    To start with, KDE sprints are intensive sessions centered around coding. They take place in person over several days, during which time skillful developers eat, drink and sleep code. There are breaks to refresh and gain perspective, but mostly sprints involve hard, focused work. All of this developer time and effort is unpaid. However travel expenses for some developers are covered by KDE. KDE is a frugal organization with comparatively low administrative costs, and only one paid person who works part time. So the money donated for sprints goes to cover actual expenses. Who gets the money? Almost all of it goes to transportation companies.
  • GNOME Developers Discuss Codenames, GNOME 3.18 Might be Dubbed "Gothenburg"
    Allan Day, a GNOME UX designer working for Red Hat and renowned GNOME developer/contributor, opened an interesting discussion on the official GNOME mailing list, about possible codenames for upcoming releases of the acclaimed desktop environment for GNU/Linux operating systems.
  • ReadySpace Joins Red Hat Certified Cloud and Service Provider Program
    Hong-Kong based cloud service provider ReadySpace announced Thursday that it has joined the Red Hat Certified Cloud and Service Provider program. The new Red Hat partner program, launched in July, allows ReadySpace to deliver solutions based on Red Hat’s open source technologies. ReadySpace CEO David Loke said customers building on open source software and Linux servers had been asking for Red Hat solutions by name to run critical workloads in private and hybrid environments. The company will now offer private cloud build-outs, Linux infrastructure and PaaS solutions based on Red Hat.
  • Ubuntu, Canonical, and IP
    Recently there has been a flurry of concerns relating to the IP policy at Canonical. I have not wanted to throw my hat into the ring, but I figured I would share a few simple thoughts.
  • Canonical urges customers to ditch Windows 10 for Ubuntu
    In a recent posting, Canonical has tried new methods to appeal to Chief Technology Officers (CTOs) and cost conscious home users that they should switch to Ubuntu in lieu of Windows 10.