Microsoft has revised the way it authenticates copies of Windows 7, the company announced Thursday.
Microsoft is adding to Windows 7 a new signature-based approach for checking if an OS is properly licensed. This signature checking will happen in addition to the key-based verification process.
The new procedures are necessary to thwart the new bypasses to the verification process that have been developed, said Joe Williams, general manager of the worldwide Windows Genuine Advantage program.
"The counterfeiters have evolved their methods and we've evolved what we do," Williams said.
Windows 7 users with automatic updates will have their copies reinspected by the company's new activation process. Those running validly obtained copies of Windows 7 should not notice the check at all, Williams said.
This is the first update to the Windows Activation Technologies for Windows 7. Microsoft will post the update on Tuesday and will publish it to Windows Update a week later, as an "important" update for the Windows 7 Ultimate, Enterprise, Professional and Home Premium editions.
Although any edition of Windows 7 can use the activation, Microsoft won't initially push it out to Windows Starter and Windows Basic, as those two editions aren't pirated that often, Williams said. Nor will it be pushed out to enterprise customers.
Like the signatures used by antivirus software, the new signature-based inspection will look for clusters of related changes to the OS that indicate the licensing procedures have been circumnavigated.
Prior to Windows 7 and Vista, counterfeiters largely used the OEM product keys for validating multiple copies or reverse engineered the algorithm for generating keys. Since then, Microsoft has stopped issuing product keys to license multiple copies and has improved the key-generation algorithm, Williams said.
As a result, counterfeiters have moved on to other techniques, many of which involve tricking Windows 7 into thinking it is a preactivated, preinstalled OEM copy. This approach could involve changing registry entries, key settings, the core licenses, and/or information on the boot sector.
Microsoft, which purchases or obtains pirated copies of the OS to pick apart how the counterfeiters thwart the key registrations, has created about 70 different signatures thus far.
For the user, the process of re-validating Windows 7 should be painless, Williams promised. For those with automatic updates, the program will be downloaded, installed and run automatically. Those who selected to install windows updates manually will have to download the program manually. Once the update is installed, it will look for known activation hacks. If none are found, it will go dormant for 90 days, wake up, check Microsoft for new signatures, and run a scan again.
If the software does find the characteristics of a hacked copy of Windows, it will then place the OS in the unactivated mode, which means the desktop wallpaper will be changed to black, and various pop-ups and tray messages will persistently remind the user of the OS' unverified state. No functionality will be hindered, Williams said.
What about the chances of false positives -- where the computer is identified as hacked, but in reality, it has a genuine key but has been reconfigured in such a way that it matches a signature? Williams said the chances of this happening are "very low," due to the fact that the signatures all require multiple actions. "We would not switch the system to nongeniune unless all the other aspects of the exploit were present," Williams said.
Still, Windows 7 users may be wary of re-scrutinizing their copies of the OS under the chance, however slim in Williams' estimation, that their genuine verification will be revoked. Williams offered a few reasons why to reverify anyway. People might have purchased their machines from, what Williams said, were "nefarious resellers" who used pirated copies of Windows.
Since the copies were pirated, perhaps from the Internet, these copies may be embedded with malicious code, such as with viruses, Trojan horses or keyloggers. Williams pointed to a study conducted by Media Surveillance that found that 32 percent of illegally downloaded copies of Windows contained malicious code.
Also, hacked copies of Windows can be unstable. An activation hack of Windows Vista that involved spoofing the grace timer caused more than a million system crashes, according to a compilation of report crashes that came in through Microsoft's Watson error-collection tool, Williams said.