Passing the piracy buck downward

Microsoft Corp. has again launched an initiative to help it battle piracy — the scourge of the software market. It’s an issue to which the company is particularly sensitive, with a reported 10 million illegal copies of its software being used.

For the first time in recent memory, the Redmond, Wash.-based colossus is operating with a carrot instead of a stick mentality. It has introduced a new certification strategy requiring users to certify their version of Windows XP in order to use the auto-update feature. But what remains to be seen — carrot and stick issues aside — is how effective the plan will be.

Most users of Windows XP must activate their copy before using it. It is a simple procedure, essentially a validation of whether the copy installed matches a legitimate 25-character code. The solution has been relatively effective since it allows Microsoft to track copies that have been activated multiple times. Microsoft admits it isn’t concerned with “casual sharing.”

The Internet, on the other hand, has provided the network to turn casual sharing into large scale piracy. Though this is only part of the problem, it is certainly one of the biggest.

Many large companies and resellers have pre-activated versions of XP, designed to simplify large installs where individual machine activation would be a monumental headache. The reduction in help-desk calls alone makes this a smart business proposition. But what if a copy of the 25-character code, along with the OS, is pirated from a pre-activated machine?

Microsoft admits stolen pre-activated copies are a big problem and part of the reason for the introduction of the certification initiative. At the enterprise level, where huge numbers of pre-activated machines are often used, the certification can be pushed out to avoid end-user involvement.

To some extent, this initiative unfortunately hits individual consumers and small businesses more heavily, those more likely to have — knowingly or not — pirated, unauthenticated versions of XP. Soon, if they run auto update for a patch they will be asked to certify their copy of XP. Because it is pirated, they won’t be able to certify the copy to use the update service.

If all pirated versions were incapable of downloading patches, millions of machines would be potentially unprotected when the next Internet worm comes along. Microsoft admits it is fully aware of this. So, though auto update won’t be available to users of uncertified systems, they can still get patches from the download centre.

Here is the carrot. If you are using a legitimate copy, Microsoft will provide the added service of the update centre, or more correctly, not take it away. But do those millions of pirated-copy users have knowledge to figure out what patches they need from the more labour-intensive download centre? My guess is not.

During a 30-minute conversation I had with Microsoft about this initiative, the issue of OS pirates was brought up but seemed to me to be secondary. The main message was the advantages of certifying my copy of XP, and admittedly there are many. But the company’s actions seem a bit one sided — kind of like a police force going after casual pot smokers while ignoring the grow ops. Quick Link 056869

Correction: In this editorial I wrote that security patches using the auto-update feature would not be available to non-certified versions of Windows XP. A few days after writing this I had a conversation with Scott Charney, Microsoft Corp.’s vice-president, Trustworthy Computing. He admitted that Microsoft has had some problems clarifying this message but was adamant that security patches are extremely important for the health of the Internet. Any copy of XP presently getting security patches via auto-update will be able to get them with or without certification.

Related Download
EMC Data Protection For VMWare-Winning In The Real World Sponsor: EMC
EMC Data Protection For VMWare-Winning In The Real World
Download this white paper for a deep dive analysis based on truly real world comparison of EMC data protection vs. Veritas NetBackup for VMware backup and recovery.
Register Now