Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Update on our Piracy Strategy - Important Changes to WGA

Update on our Piracy Strategy - Important Changes to WGA

  • Comments 3
  • Likes

From time to time people ask me about piracy and security.

Let's start with piracy first. If you look at the 2007 Global Piracy Study by BSA, the numbers are frightening. Looking at EMEA, it starts with Moldova on 94% pirated software to Denmark with 25% (which is still every fourth copy!) - the rest is somewhere in between! This is pretty significant and I think it is clear that we are flighting against people stealing our property.

If it come to the relation between security and privacy, I would love to have any figures. All the figures about malware we have are mainly from the Malicious Software Removal Tool (which is mainly delivered through Automatic Update) and somebody who is deliberately using a pirated copy would most probably not switch on AU (even though we do not look at the machines). This makes it pretty bad - probably - as the machines will not be patched. To make the point clear: We are delivering critical security updates even to people who have stolen our software in order to protect the ecosystem from their machines!

Now, we got some feedback with regards to the "Reduced Functionality Mode" in Vista. This basically means that if your copy of Windows Vista as seen as pirated it will go back to mode where you can mainly just copy your data. There are two announcement we made today with regards to Windows Genuine Advantage:

  1. Within SP1 we will fix two areas that have been exploited in Vista
  2. We will change the user experience on how you get notified if you are using a pirated copy. We will not use the Reduced Functionality Mode anymore but use the same user experience we already used in Windows XP with regular Pop-Ups

The reason why we are doing this is pretty simple: We got good and constructive feedback from our customers, that they support our efforts with regards to counterfeit software but that they have concerns with regards to RFM.

As I often say: Our products are driven by our customers

Roger

Comments
  • Roger,

    Quick question, With the help of Windows Genuine Advantage: Microsoft is able to block down pirated software to get updates from Microsoft Automatic Updates. Ofcourse, these machines will not be patched with all the latest vulnerabilities out there. As you mention in your blog

    "We are delivering critical security updates even to people who have stolen our software in order to protect the ecosystem from their machines!"

    I think if you are not using Genuine Windows, Microsoft doesnt provide critical updates. Correct me if i am wrong.

    Cheers

    Shoaib

    Australia

  • Hi Shoaib,

    thank you for your feedback. Let's get straight on the terms first:

    We have Microsoft Update (the mechanism you go to the Website or you kick off manually), where you get all the application add-ons, drivers, patches, etc. Additioanlly we have Automatic Updates (the thing you switch on to automatically receive the update, especially the critical ones). Looking at the updates we have to distinguish between critical security updates and the rest.

    So, putting it all together: With a pirated copy of Windows, you cannot access our download center nor Microsoft Update. However, if you decide to switch on Automatic Updates, you will get the critical Security Updates. We even decided to ship Windows XP SP2 to stolen installations.

    However my guess is that the people knowingly having a pirated copy will not switch on Automatic Updates as they fear to be caught - in Automatic Updates we do not care whether you are pirated or not and there are governmental organizations that certy that.

    Last point: A lot of people ask me, what I mean be unknowningly pirated copies: There are people buying a new PC (including the software licenses they think), where the seller actually puts a pirated copy onto the machine. This happes more often than you might probably think. Those customers might have AU switched on.

    I hope this clarifies my points above

    Cheers

    Roger

  • Hi Roger,

    Thanks for your explaination. Yes, i can better understand what you were trying to explain in your post above.

    Thanks for that.

    Cheers

    Shoaib

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment