Language Selection

English French German Italian Portuguese Spanish

Another way past Windows antipiracy found

Filed under
Microsoft

The check is meant to prevent people with pirated copies of the operating system from downloading additional software from Microsoft. By changing a setting in a Microsoft validation tool called "GenuineCheck.exe," it's possible to generate a code that will validate the Windows software on a machine as genuine even if it is pirated, according to a Web site publicized on Thursday in a posting to the popular Full Disclosure security mailing list.

Microsoft would not confirm that the method works, but the software maker is investigating the issue, a company representative said. "It is not a surprise for us that those who never intended to pay for software would try to find some way to circumvent Windows Genuine Advantage," the representative said.

Microsoft last week made the Windows piracy check mandatory for all customers who want to download add-ons for Windows XP and 2000. The effort, dubbed Windows Genuine Advantage, requires users to verify that they have a legitimate copy of the operating system before they can get files from Microsoft's download Web sites.

Tricking the check

For the software maker, the news could be another episode of people finding a way to get around WGA. Last week, several Web sites said it was possible to bypass the piracy lock by several means, including pasting a JavaScript string into the Web browser. Earlier this year, during WGA's pilot phase, a security researcher outlined another way to trick the check.

The GenuineCheck.exe tool is meant to provide an alternative way for people to prove that their copy of Windows is an official Microsoft version. The primary WGA checking mechanism uses ActiveX, which is not supported in all Web browsers. The popular open-source Firefox Web browser, for example, does not support ActiveX.

"To make the validation experience as user-friendly as possible, Microsoft engineered a process that enables customers to validate their systems easily, and unfortunately, unscrupulous users are able to exploit that," the Microsoft representative said.

According to the Thursday posting, all a PC user apparently has to do to have GenuineCheck.exe generate a valid code on a machine with pirated Windows XP is to run it in Windows 2000 compatibility mode. This is done by downloading the tool, right-clicking on the file and selecting "properties." Then select the "compatibility" tab in the menu and change the compatibility mode.

If the method actually works, it may be short-lived. "Microsoft will be updating the validation system from time to time and plans to address these issues," the Microsoft representative said.

WGA is a stepped-up effort by Microsoft to increase the number of Windows users that are actually paying Microsoft for its software. At the moment, the company estimates that roughly a third of Windows copies worldwide are not legitimate.

By Joris Evers
CNET News.com

More in Tux Machines

Is Microsoft engaging in digital imperialism?

Windows, the common carrier of Microsoft, is such a sordid mess that it suffers regular glitches and conducts mass surveillance on users. Microsoft knows that without Windows it cannot survive, so dirty tricks resume in a very big way. This is not a beep on the radar but somewhat of a surge. Nothing is going to change in Munich, but Microsoft is trying to maintain an international/universal perception that the migration to GNU/Linux was a disaster. Numerous anonymous blogs were created to attack Munich over this and provocateurs of Microsoft loved citing them, only to be repeatedly proven wrong. Microsoft is trying to make an example out of Munich in all sorts of nefarious ways. We need to defend Munich from this malicious assault by the convicted monopolist and corrupt enterprise that’s acting as though it fights for its very survival (while indeed laying off tens of thousands of employees). Read more

Shortlist of open source software used at NASA lab

Yes! We use a lot of open source. The short list includes Python, GitHub, Processing, VLC, jQuery, D3.js, Blender, VRUI, ImageJ, VMD, ParaView, MeshLab, VNC, ImageMagick, SWIG, Emacs, and many more. We like using open source because it gives us more flexibility because of licensing and allows us the opportunity to contribute back to the community using our expertise. Our favorite open source project that we work on is OpenMDAO. This project is run out of another Division at our Center. Our team provides some programming support. OpenMDAO is an open source Multidisciplinary Design Analysis and Optimization (MDAO) framework, written in Python. You can use it to develop an integrated analysis and design environment for your engineering challenges. Read more

GSoC: Thumping the Malaria and voyaging in cosmos with KStars

Let's talk about my project now. KStars is desktop planetarium application under KDE Education Projects. I developed QML based cool interface to enable users to browse through image database of community of astrophotographers (i.e. astrobin.com) which contains more than 1,20,000 (number is increasing everyday) real time and very high resolution images along with various information related to them (i.e. Date on which image was captured, Bortle Dark-Sky Scale, RA Centre, DEC Centre, Telescope or Camera used, Description added by astrophotographer etc). I am sure that this browser will enthrall school children by showing them real time images of stars and galaxies located at hundreds of light year far from earth. Read more

Meet Cornelius Schumacher - Akademy Keynote Speaker

At Akademy 2014, outgoing KDE e.V. Board President Cornelius Schumacher will give the community keynote. He has attended every Akademy and has been amazed and inspired at every one of them. If you want more of what KDE can bring to your life, Cornelius's talk is the perfect elixir. Here are glimpses of Cornelius that most of us have never seen. They give a sense of what has made him a successful leader of KDE for several years. Read more