Language Selection

English French German Italian Portuguese Spanish

Another way past Windows antipiracy found

Filed under
Microsoft

The check is meant to prevent people with pirated copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe," it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is pirated, according to a Web site publicized on Thursday in a posting to the popular Full Disclosure security mailing list.

Microsoft would not confirm that the method works, but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.

Microsoft last week made the Windows piracy check mandatory for all customers who want to download add-ons for Windows XP and 2000. The effort, dubbed Windows Genuine Advantage, requires users to verify that they have a legitimate copy of the operating system before they can get files from Microsoft's download Web sites.

Tricking the check

For the software maker, the news could be another episode of people finding a way to get around WGA. Last week, several Web sites said it was possible to bypass the piracy lock by several means, including pasting a JavaScript string into the Web browser. Earlier this year, during WGA's pilot phase, a security researcher outlined another way to trick the check.

The GenuineCheck.exe tool is meant to provide an alternative way for people to prove that their copy of Windows is an official Microsoft version. The primary WGA checking mechanism uses ActiveX, which is not supported in all Web browsers. The popular open-source Firefox Web browser, for example, does not support ActiveX.

"To make the validation experience as user-friendly as possible, Microsoft engineered a process that enables customers to validate their systems easily, and unfortunately, unscrupulous users are able to exploit that," the Microsoft representative said.

According to the Thursday posting, all a PC user apparently has to do to have GenuineCheck.exe generate a valid code on a machine with pirated Windows XP is to run it in Windows 2000 compatibility mode. This is done by downloading the tool, right-clicking on the file and selecting "properties." Then select the "compatibility" tab in the menu and change the compatibility mode.

If the method actually works, it may be short-lived. "Microsoft will be updating the validation system from time to time and plans to address these issues," the Microsoft representative said.

WGA is a stepped-up effort by Microsoft to increase the number of Windows users that are actually paying Microsoft for its software. At the moment, the company estimates that roughly a third of Windows copies worldwide are not legitimate.

By Joris Evers
CNET News.com

More in Tux Machines

Cinnamon 2.4 to Feature New Theme Selection and Options for Linux Mint 17.1

Cinnamon is the default desktop environment in Linux Mint and it's built by the same developers who are making the Linux distro. It stands to reason that the best implementation for Cinnamon will be on Linux Mint. It's also the place that integrates the latest updates for Cinnamon as soon as they are made available. Usually, the latest iterations of Cinnamon are integrated quickly in Mint, but the developers are also working on an updated Linux Mint version, 17.1. The new Cinnamon 2.4 DE might arrive there by default and not in Linux Mint 17. Read more

Knoppix 7.4.1 Is Now Available For Download

Knoppix developers have released a major version of their operating system Knoppix 7.4.1 based on the usual picks from Debian stable (wheezy) and newer Desktop packages from Debian/testing and Debian/unstable (jessie). According to the official release note, this distro version uses kernel 3.16.2 and xorg 7.7 (core 1.16.0) for supporting current computer hardware. Read more

First Tizen phone now expected in India

Samsung’s postponed Tizen Linux-based smartphone is now heading for a launch in India by the end of the year, reports India’s Economic Times. Everybody, it seems, wants a piece of the Indian smartphone market. The latest company with plans to jump headlong into South Asia is Samsung, which aims to ship a Tizen Linux-based smartphone in India after the Diwali festival in November, according to the Economic Times (ET). Read more

GNOME: 3.14 almost there

Speaking of gedit, after the major changes of 3.12, 3.14 has been a cycle focused on stabilization and polishing. Overall the revised user interface got mostly positve feedback.. I for one, as a heavy gedit user, adapted to the new UI without problems. 3.14 will have a few incremental changes, that among other things try to address some of the issues pointed out by Jim Hall’s usability study presented at GUADEC: “Open” will be a single button removing the dichotomy between the open dialog and recent files and providing quick search among recent files. “Save” now uses a text label since it turns out a lot of people did not grok the icon (and no, I am not going back to the floppy image!) and the view menu has been reorganized and now uses a popover. With regard to the “Open” button, we know things are not perfect yet, search among recent is great, but when the “cache misses”, going through a double step is painful… we already have a few ideas on how to improve that next cycle, but for now I can vividly recommend to try the “quickopen” plugin, one of the hidden gems of gedit, which already provides some of the things we would like to integrate in the next iteration. Read more