NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Who Owns Your PC? New Anti-Piracy Windows 7 Update "Phones Home" to Microsoft Every 90 Days



           Who Owns Your PC? New Anti-Piracy Windows 7 Update 
               "Phones Home" to Microsoft Every 90 Days

            ( http://lauren.vortex.com/archive/000681.html )
 

Greetings.  Sometimes a seemingly small software update can usher in a
whole new world.  When Microsoft shortly pushes out a Windows 7 update
with the reportedly innocuous title "Update for Microsoft Windows
(KB71033)" -- it will be taking your Windows 7 system where it has
never been before.

And it may not be a place where you want to go.

Imagine that you're sitting quietly in your living-room at your PC,
perhaps watching YouTube.  Suddenly, a pair of big, burly guys barge
into your house and demand that you let them check your computer to
make sure that it's "genuine" and not running pirated software.  You
protest that you bought it fair and square, but they're insistent --
so you give in and let them proceed.

Even though you insist that you bought your laptop from the retail
computer store down the street many months ago, and didn't install any
pirate software, the visitors declare that your computer "isn't
genuine" according to their latest pirated systems lists, and they say
that "while we'll let you keep using it, we're modified your system so
that it will constantly nag in your face until you pay up for a legit
system!"  And they head out the door to drop in on the eBay-loving
grandmother next door.

You then notice that the wallpaper on your PC has turned black, and
these strange notifications keep popping up urging you to "come
clean."

Ridiculous?  Well, uh, actually no.

Microsoft most definitely has a valid interest in fighting the piracy
of their products.  It's a serious problem, with negative ramifications
for Microsoft and its users.

But in my opinion, Microsoft is about to embark on a dramatic
escalation of anti-piracy efforts that many consumers are likely to
consider to be a serious and unwanted intrusion at the very least.

It's important for you to understand what Microsoft is going to do,
what your options are, and why I am very concerned about their plans.

Back in June 2006, in a series of postings, I revealed how Microsoft
was performing unannounced "phone home" operations over the Internet
as part of their Windows Genuine Advantage authentication system for
Windows XP.  (The last in that series of postings, which describes
Microsoft's reaction to the resulting controversy is here:
http://lauren.vortex.com/archive/000184.html ).  The surrounding
circumstances even spawned a lawsuit against Microsoft, which
coincidentally was recently dismissed by a judge.

But Microsoft has continued to push the anti-piracy envelope, now
under the name Windows Activation Technologies (WAT).

This time around, to the company's credit (and many thanks to them for
this!) Microsoft reached out to me starting several months ago for
briefings and discussion about their plans for a major new WAT 
thrust -- on the basis, to which I agreed, that I not discuss it 
publicly until now.

The release of Windows 7 "Update for Microsoft Windows (KB71033)" will
change the current activation and anti-piracy behavior of Windows 7 by
triggering automatic "phone home" operations over the Internet to
Microsoft servers, typically for now at intervals of around 90 days.

The purpose?  To verify that you're not running a pirated copy of
Windows, and to take various actions changing the behavior of your PC
if the WAT system believes that you are not now properly authenticated
and "genuine" -- even if up to that point in time it had been
declaring you to be A-OK.

Note that I'm not talking about the one-time activation that you (or
your PC manufacturer) performs on new Windows systems to authenticate
them to Microsoft initially.  I'm talking a procedure that would
"check-in" your system with Microsoft at quarterly intervals, and that
could take actions to significantly change your "user experience"
whenever the authentication regime declares you to have fallen from
grace.

These automatic queries will repeatedly -- apparently for as long as
Windows is installed -- validate your Windows 7 system against
Microsoft's latest database of pirated system signatures (currently
including more than 70 activation exploits known to Microsoft).

If your system matches -- again even if up to that time (which could
be months or even years since you obtained the system) it had been
declared to be genuine -- then your system will be "downgraded" to
"non-genuine" status until you take steps to obtain what Microsoft
considers to be an authentic, validated, Windows 7 license.  In some
cases you might be able to get this for free if you can convince
Microsoft that you were the victim of a scam -- but you'll have to
show them proof.  Otherwise, you'll need to pull out your wallet.

I'm told that the KB71033 update (this is the KB number provided to
me, if it changes I'll let you know!) is scheduled to deploy to the
manual downloading "Genuine Microsoft Software" site
( http://www.microsoft.com/genuine ) on February 16, and start
pushing out automatically through the Windows Update environment 
around February 23.  

The update will reportedly be tagged simply as an "Important" update.
This means that if you use the Windows Update system, the update will
be installed to your Windows 7 PC based on whatever settings you
currently have engaged for that level of update -- it will not
otherwise ask for specific permission to proceed with installation.

If your Windows Update settings are such that you manually install
updates, you can choose to decline this particular update and you can
also uninstall it later after installation -- without any negative
effects per se.  But don't assume that this will always "turn back the
clock" in terms of the update's effects.  More on this below.

Also, reportedly if the 90-day interval WAT piracy checking system
"calls" are unable to connect to the Microsoft servers (or even if
they are manually blocked from connecting, e.g. by firewall policies)
there will reportedly be no ill effects.

However -- and this is very important -- if the update is installed
and the authentication system then (after connecting with the
associated Microsoft authentication servers at any point) decides that
your system is not genuine, the "downgrading" that occurs will not be
reversible by uninstalling the update afterward.

The WAT authentication system also includes various other features,
such as the ability to automatically replace authentication/license
related code on PCs if it decides that the official code has been
tampered with (Microsoft rather euphemistically calls this procedure
"self heal").

I've mentioned that Windows 7 systems will be "downgraded" to
"non-genuine" status if they're flagged as suspected pirates.  What
does this mean?

Essentially, they'll behave the same way they would if they had failed
to be authenticated and activated initially within the grace period
after purchase.

Downgraded systems will still function much as usual fundamentally,
but there will be some very significant (and very annoying) changes if
your system has been designated non-genuine.

The background wallpaper will change to black.  You can set it back
to whatever you want, but once an hour or so it will reset again to black.

Various "nag" notifications will appear at intervals to "remind" you
that your system has been tagged as a likely pirate and offering you
the opportunity to "come clean" -- becoming authorized and
legitimate by buying a new Windows 7 license.  Some of these nags will
be windows that appear at boot or login time, others will appear
frequently (perhaps every 20 minutes or so) as main screen windows and
taskbar popup notices.

Systems that are considered to be non-genuine also have only limited
access to other Microsoft updates of any kind (e.g., access to high
priority security updates, but not anything else, may be permitted).

And of course, under the new WAT regime you run the risk of being
downgraded into this position at any time during the life of 
your PC.

In response to my specific queries about how downgraded systems
(particularly unattended systems) would behave vis-a-vis existing
application environments, Microsoft has said that they have taken
considerable effort to avoid having the downgrade "nag system"
interfere with the actual running of other applications, including
stealing of windows' focus.  It remains to be seen how well this
aspect turns out in practice.

All of this brings us to a very basic question.  Why would any PC
owner -- honest or pirate -- voluntarily participate in such a
continuing "phone home" authentication regime?

Obviously, knowledgeable pirates will avoid the whole thing
like the plague any way that they can.

Microsoft's view, as explained to me and as primarily emphasized in
a blog posting that will appear today announcing the WAT changes 
( http://windowsteamblog.com ), is that honest Windows 7 users will 
want to know if their systems are running unauthentic copies of the
operating system, since (Microsoft asserts and indeed is the case)
those systems are have a significant likelihood of also containing
dangerous viruses or other potentially damaging illicit software that
"ride" onto the PC along with the unauthentic copy of the OS.

But even if we assume that there's a noteworthy risk of infections on
systems running pirated copies of Windows 7, the approach that
Microsoft is now taking doesn't seem to make sense even for honest
consumers.  

If Microsoft's main concern were really just notifying users about
"contaminated" systems, they could do so without triggering the
non-genuine downgrading process and demands that the user purchase a
new license (demands that will be extremely confusing to many users).

As I originally discussed in "How Innocents Can Be Penalized by
Windows Genuine Advantage" 
( http://lauren.vortex.com/archive/000181.html ), it's far more common
than many people realize for completely innocent users to be running
perfectly usable -- but not formally authenticated -- copies of Windows
Operating Systems through no fault whatever of their own.

OK, let's review where we stand.

The new Microsoft WAT regime relies upon a series of autonomous
"cradle to grave" authentication verification connections to a central
and ever-expanding Microsoft piracy signature database, even in the
absence of major hardware changes or other significant configuration
alterations that might otherwise cause the OS or local applications to
query the user for explicit permission to reauthenticate.

Microsoft will trigger forced downgrading to non-genuine status if
they believe a Windows 7 system is potentially pirated based on their
"phone home" checks that will occur at (for now) 90 day intervals
during the entire life of Windows 7 on a given PC, even months or
years after purchase.

That Microsoft has serious piracy problems, and has "limited" the PC
downgrading process to black wallpaper, repeating nagging at users,
and extremely constrained update access isn't the key point.  Nor is
the ostensibly "voluntary" nature of the update triggering these
capabilities (I say ostensibly since almost certainly most users will
have the update installed automatically and won't even realize what it
means at the time).

The new Microsoft WAT update and its associated actions represent
unacceptable intrusions into the usability of consumer products
potentially long after the products have been purchased and have been
previously declared to be genuine.

Microsoft is not entirely alone in such moves.  For example, a major
PC game manufacturer has apparently announced that their games will
soon no longer run at all if you don't have an Internet connection to
allow them to authenticate at each run. 

Still, games and other applications are one thing, operating systems
are something else altogether.  And regardless of whether we're
talking about games or Windows 7, it's unacceptable for consumers to
be permanently shackled to manufacturers via lifetime authentication
regimes -- particularly ones that can easily impact innocent 
parties -- that can degrade their ability to use the products that they've
purchased in many cases months or even years earlier.

Fundamentally, for Microsoft to assert that they have the right to
treat ordinary PC-using consumers in this manner -- declaring their
systems to be non-genuine and downgrading them at any time -- is
rather staggering.

Make no mistake about it, fighting software piracy is indeed
important, but Microsoft seems to have lost touch with a vast swath of
their loyal and honest users if the firm actually believes their new
WAT anti-piracy monitoring system is an acceptable policy model.

My recommendations to persons who currently run or plan to run Windows 7
are simplicity themselves.

I recommend that you strongly consider rejecting the manual
installation of the Windows Activation Technologies update KB71033,
and do not permit Windows Update to install it (this will require that
you not have your PC configured in update automatic installation mode,
which has other ramifications -- so you may wish to consult a
knowledgeable associate if you're not familiar with Windows Update
configuration issues).

And if at some point in the future you find that the update has been
installed and your PC is still running normally, remove the update
as soon as possible.

While I certainly appreciate Microsoft's piracy problems, and the
negative impact that these have both on the company and consumers, I
believe that the approach represented by this kind of escalation on
the part of Microsoft and others -- into what basically amounts to a
perpetual anti-piracy surveillance regime embedded within already
purchased consumer equipment -- is entirely unacceptable.

--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition 
   for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein