Language Selection

English French German Italian Portuguese Spanish

Another way past Windows antipiracy found

Filed under
Microsoft

The check is meant to prevent people with pirated copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe," it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is pirated, according to a Web site publicized on Thursday in a posting to the popular Full Disclosure security mailing list.

Microsoft would not confirm that the method works, but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.

Microsoft last week made the Windows piracy check mandatory for all customers who want to download add-ons for Windows XP and 2000. The effort, dubbed Windows Genuine Advantage, requires users to verify that they have a legitimate copy of the operating system before they can get files from Microsoft's download Web sites.

Tricking the check

For the software maker, the news could be another episode of people finding a way to get around WGA. Last week, several Web sites said it was possible to bypass the piracy lock by several means, including pasting a JavaScript string into the Web browser. Earlier this year, during WGA's pilot phase, a security researcher outlined another way to trick the check.

The GenuineCheck.exe tool is meant to provide an alternative way for people to prove that their copy of Windows is an official Microsoft version. The primary WGA checking mechanism uses ActiveX, which is not supported in all Web browsers. The popular open-source Firefox Web browser, for example, does not support ActiveX.

"To make the validation experience as user-friendly as possible, Microsoft engineered a process that enables customers to validate their systems easily, and unfortunately, unscrupulous users are able to exploit that," the Microsoft representative said.

According to the Thursday posting, all a PC user apparently has to do to have GenuineCheck.exe generate a valid code on a machine with pirated Windows XP is to run it in Windows 2000 compatibility mode. This is done by downloading the tool, right-clicking on the file and selecting "properties." Then select the "compatibility" tab in the menu and change the compatibility mode.

If the method actually works, it may be short-lived. "Microsoft will be updating the validation system from time to time and plans to address these issues," the Microsoft representative said.

WGA is a stepped-up effort by Microsoft to increase the number of Windows users that are actually paying Microsoft for its software. At the moment, the company estimates that roughly a third of Windows copies worldwide are not legitimate.

By Joris Evers
CNET News.com

More in Tux Machines

CoreOS Releases Building Block For Distributed Systems

Hyperscale Linux operating system specialist CoreOS said it is releasing its latest open source component for sharing and managing configuration data and other functions used in distributed systems. San Francisco-based CoreOS announced its first stable release of etcd, or “etc distributed,” an open-source distributed key value store that provides the backbone of CoreOS clusters and the etcd clients that run on each machine in a cluster. “Our goal with etcd has been to make building and using distributed systems easier,” CoreOS CTO Brandon Philips said Wednesday (January 28) in announcing the release. Read more

The 5 best open source email clients for Linux

Windows users have Outlook; Mac users have Mail. What options are there for Linux users? As it turns out, Linux land is rich with email clients. I have chosen five of the best, fully open source email clients (with two exceptions) for Linux users. Each has its pros and cons, and which email client is best for you is heavily dependent upon your needs. Read more

LibreOffice 4.4 Released With Major UI Revamp

A new version of open-source office suite LibreOffice is now available for download and the hands behind it are calling it ‘the most beautiful’ release ever. Jan Holesovsky, leader of the LibreOffice design team, says “LibreOffice 4.4 has got a lot of UX and design love, and in my opinion is the most beautiful ever.” The productivity suite, which was spun out of the slow moving OpenOffice project back in 2010, has certainly upped its game in the design department over the past few years, with each release of the 4.x series adding finesse. Read more

Android shipments in 2014 exceed 1 billion for first time

Google's Android mobile operating system has reached a major milestone. For the first time ever, worldwide shipments of smartphones packing Android exceeded 1 billion units in 2014, a significant gain from the 780.8 million units that shipped around the world in 2013, researcher Strategy Analytics announced Thursday. Android dwarfed its second-place competitor, Apple's iOS, which mustered 192.7 million worldwide shipments in 2014. Read more