[Infowarrior] - New Anti-Piracy Windows 7 Update "Phones Home"

Richard Forno rforno at infowarrior.org
Thu Feb 11 19:10:58 UTC 2010


February 11, 2010
Who Owns Your PC? New Anti-Piracy Windows 7 Update "Phones Home" to  
Microsoft Every 90 Days


http://lauren.vortex.com/archive/000681.html
Greetings. Sometimes a seemingly small software update can usher in a  
whole new world. When Microsoft shortly pushes out a Windows 7 update  
with the reportedly innocuous title "Update for Microsoft Windows  
(KB71033)" -- it will be taking your Windows 7 system where it has  
never been before.

And it may not be a place where you want to go.

Imagine that you're sitting quietly in your living-room at your PC,  
perhaps watching YouTube. Suddenly, a pair of big, burly guys barge  
into your house and demand that you let them check your computer to  
make sure that it's "genuine" and not running pirated software. You  
protest that you bought it fair and square, but they're insistent --  
so you give in and let them proceed.

Even though you insist that you bought your laptop from the retail  
computer store down the street many months ago, and didn't install any  
pirate software, the visitors declare that your computer "isn't  
genuine" according to their latest pirated systems lists, and they say  
that "while we'll let you keep using it, we're modified your system so  
that it will constantly nag in your face until you pay up for a legit  
system!" And they head out the door to drop in on the eBay-loving  
grandmother next door.

You then notice that the wallpaper on your PC has turned black, and  
these strange notifications keep popping up urging you to "come clean."

Ridiculous? Well, uh, actually no.

Microsoft most definitely has a valid interest in fighting the piracy  
of their products. It's a serious problem, with negative ramifications  
for Microsoft and its users.

But in my opinion, Microsoft is about to embark on a dramatic  
escalation of anti-piracy efforts that many consumers are likely to  
consider to be a serious and unwanted intrusion at the very least.

It's important for you to understand what Microsoft is going to do,  
what your options are, and why I am very concerned about their plans.

Back in June 2006, in a series of postings, I revealed how Microsoft  
was performing unannounced "phone home" operations over the Internet  
as part of their Windows Genuine Advantage authentication system for  
Windows XP. (The last in that series of postings describes Microsoft's  
reaction to the resulting controversy.)  The surrounding circumstances  
even spawned a lawsuit against Microsoft, which coincidentally was  
recently dismissed by a judge.

But Microsoft has continued to push the anti-piracy envelope, now  
under the name Windows Activation Technologies (WAT).

This time around, to the company's credit (and many thanks to them for  
this!) Microsoft reached out to me starting several months ago for  
briefings and discussion about their plans for a major new WAT thrust  
-- on the basis, to which I agreed, that I not discuss it publicly  
until now.

The release of Windows 7 "Update for Microsoft Windows (KB71033)" will  
change the current activation and anti-piracy behavior of Windows 7 by  
triggering automatic "phone home" operations over the Internet to   
Microsoft servers, typically for now at intervals of around 90 days.

The purpose? To verify that you're not running a pirated copy of  
Windows, and to take various actions changing the behavior of your PC  
if the WAT system believes that you are not now properly authenticated  
and "genuine" -- even if up to that point in time it had been  
declaring you to be A-OK.

Note that I'm not talking about the one-time activation that you (or  
your PC manufacturer) performs on new Windows systems to authenticate  
them to Microsoft initially. I'm talking a procedure that would "check- 
in" your system with Microsoft at quarterly intervals, and that could  
take actions to significantly change your "user experience" whenever  
the authentication regime declares you to have fallen from grace.

These automatic queries will repeatedly -- apparently for as long as  
Windows is installed -- validate your Windows 7 system against  
Microsoft's latest database of pirated system signatures (currently  
including more than 70 activation exploits known to Microsoft).

If your system matches -- again even if up to that time (which could  
be months or even years since you obtained the system) it had been  
declared to be genuine -- then your system will be "downgraded" to  
"non-genuine" status until you take steps to obtain what Microsoft  
considers to be an authentic, validated, Windows 7 license. In some  
cases you might be able to get this for free if you can convince  
Microsoft that you were the victim of a scam -- but you'll have to  
show them proof. Otherwise, you'll need to pull out your wallet.

I'm told that the KB71033 update (this is the KB number provided to  
me, if it changes I'll let you know!) is scheduled to deploy to the  
manual downloading "Genuine Microsoft Software" site on February 16,  
and start pushing out automatically through the Windows Update  
environment on February 23.

The update will reportedly be tagged simply as an "Important" update.  
This means that if you use the Windows Update system, the update will  
be installed to your Windows 7 PC based on whatever settings you  
currently have engaged for that level of update -- it will not  
otherwise ask for specific permission to proceed with installation.

If your Windows Update settings are such that you manually install  
updates, you can choose to decline this particular update and you can  
also uninstall it later after installation -- without any negative  
effects per se. But don't assume that this will always "turn back the  
clock" in terms of the update's effects. More on this below.

Also, reportedly if the 90-day interval WAT piracy checking system  
"calls" are unable to connect to the Microsoft servers (or even if  
they are manually blocked from connecting, e.g. by firewall policies)  
there will reportedly be no ill effects.

However -- and this is very important -- if the update is installed  
and the authentication system then (after connecting with the  
associated Microsoft authentication servers at any point) decides that  
your system is not genuine, the "downgrading" that occurs will not be  
reversible by uninstalling the update afterward.

The WAT authentication system also includes various other features,  
such as the ability to automatically replace authentication/license  
related code on PCs if it decides that the official code has been  
tampered with (Microsoft rather euphemistically calls this procedure  
"self heal").

I've mentioned that Windows 7 systems will be "downgraded" to "non- 
genuine" status if they're flagged as suspected pirates. What does  
this mean?

Essentially, they'll behave the same way they would if they had failed  
to be authenticated and activated initially within the grace period  
after purchase.

Downgraded systems will still function much as usual fundamentally,  
but there will be some very significant (and very annoying) changes if  
your system has been designated non-genuine.

The background wallpaper will change to black. You can set it back to  
whatever you want, but once an hour or so it will reset again to black.

Various "nag" notifications will appear at intervals to "remind" you  
that your system has been tagged as a likely pirate and offering you  
the opportunity to "come clean" -- becoming authorized and legitimate  
by buying a new Windows 7 license. Some of these nags will be windows  
that appear at boot or login time, others will appear frequently  
(perhaps every 20 minutes or so) as main screen windows and taskbar  
popup  notices.

Systems that are considered to be non-genuine also have only limited  
access to other Microsoft updates of any kind (e.g., access to high  
priority security updates, but not anything else, may be permitted).

And of course, under the new WAT regime you run the risk of being  
downgraded into this position at any time during the life of your PC.

In response to my specific queries about how downgraded systems  
(particularly unattended systems) would behave vis-a-vis existing  
application environments, Microsoft has said that they have taken  
considerable effort to avoid having the downgrade "nag system"  
interfere with the actual running of other applications, including  
stealing of windows' focus. It remains to be seen how well this aspect  
turns out in practice.

All of this brings us to a very basic question. Why would any PC owner  
-- honest or pirate -- voluntarily participate in such a continuing  
"phone home" authentication regime?

Obviously, knowledgeable pirates will avoid the whole thing like the  
plague any way that they can.

Microsoft's view, as explained to me and as primarily emphasized in  
their blog posting that will appear today announcing the WAT changes,  
is that honest Windows 7 users will want to know if their systems are  
running unauthentic copies of the operating system, since (Microsoft  
asserts and indeed is the case) those systems have a significant  
likelihood of also containing dangerous viruses or other potentially  
damaging illicit software that "ride" onto the PC along with the  
unauthentic copy of the OS.

But even if we assume that there's a noteworthy risk of infections on  
systems running pirated copies of Windows 7, the approach that  
Microsoft is now taking doesn't seem to make sense even for honest  
consumers.

If Microsoft's main concern were really just notifying users about  
"contaminated" systems, they could do so without triggering the non- 
genuine downgrading process and demands that the user purchase a new  
license (demands that will be extremely confusing to many users).

As I originally discussed in How Innocents Can Be Penalized by Windows  
Genuine Advantage, it's far more common than many people realize for  
completely innocent users to be running perfectly usable -- but not  
formally authenticated -- copies of Windows Operating Systems through  
no fault whatever of their own.

OK, let's review where we stand.

The new Microsoft WAT regime relies upon a series of autonomous  
"cradle to grave" authentication verification connections to a central  
and ever-expanding Microsoft piracy signature database, even in the  
absence of major hardware changes or other significant configuration  
alterations that might otherwise cause the OS or local applications to  
query the user for explicit permission to reauthenticate.

Microsoft will trigger forced downgrading to non-genuine status if  
they believe a Windows 7 system is potentially pirated based on their  
"phone home" checks that will occur at (for now) 90 day intervals  
during the entire life of Windows 7 on a given PC, even months or  
years after purchase.

That Microsoft has serious piracy problems, and has "limited" the PC  
downgrading process to black wallpaper, repeating nagging at users,  
and extremely constrained update access isn't the key point. Nor is  
the ostensibly "voluntary" nature of the update triggering these  
capabilities (I say ostensibly since almost certainly most users will  
have the update installed automatically and won't even realize what it  
means at the time).

The new Microsoft WAT update and its associated actions represent  
unacceptable intrusions into the usability of consumer products  
potentially long after the products have been purchased and have been  
previously declared to be genuine.

Microsoft is not entirely alone in such moves. For example, a major PC  
game manufacturer has apparently announced that their games will soon  
no longer run at all if you don't have an Internet connection to allow  
them to authenticate at each run.

Still, games and other applications are one thing, operating systems  
are something else altogether. And regardless of whether we're talking  
about games or Windows 7, it's unacceptable for consumers to be  
permanently shackled to manufacturers via lifetime authentication  
regimes -- particularly ones that can easily impact innocent parties  
-- that can degrade their ability to use the products that they've  
purchased in many cases months or even years earlier.

Fundamentally, for Microsoft to assert that they have the right to  
treat ordinary PC-using consumers in this manner -- declaring their  
systems to be non-genuine and downgrading them at any time -- is  
rather staggering.

Make no mistake about it, fighting software piracy is indeed  
important, but Microsoft seems to have lost touch with a vast swath of  
their loyal and honest users if the firm actually believes their new  
WAT anti-piracy monitoring system is an acceptable policy model.

My recommendations to persons who currently run or plan to run Windows  
7 are simplicity themselves.

I recommend that you strongly consider rejecting the manual  
installation of the Windows Activation Technologies update KB71033,  
and do not permit Windows Update to install it (this will require that  
you not have your PC configured in update automatic installation mode,  
which has other ramifications -- so you may wish to consult a  
knowledgeable associate if you're not familiar with Windows Update  
configuration issues).

And if at some point in the future you find that the update has been  
installed and your PC is still running normally, remove the update as  
soon as possible.

While I certainly appreciate Microsoft's piracy problems, and the  
negative impact that these have both on the company and consumers, I  
believe that the approach represented by this kind of escalation on  
the part of Microsoft and others -- into what basically amounts to a  
perpetual anti-piracy surveillance regime embedded within already  
purchased consumer equipment -- is entirely unacceptable.

--Lauren--


More information about the Infowarrior mailing list