Microsoft last week confirmed that it is overhauling its antipiracy technology for Windows Vista in an effort to plug a potential software license security hole among corporate users and avoid the problems associated with Windows XP's antipiracy tools.
But the new technology will impose more stringent penalties on users who fail to validate their copies of Vista. And it likely will force many companies to tighten up the procÂesses they have for installing Windows on PCs and tracking the use of their software license keys. That prospect, and the possibility that valid users could be deemed illegitimate, didn't sit well with some IT managers.
Frank Yawn, an IT manager at Time Warner Cable's office said he expects the new Software Protection Platform technology that Microsoft is building into Windows Vista to "add another layer of complexity" to his work.
"I personally feel the security of our keys is pretty adequate," Yawn said. "If I can't trust my employees with the key and a Windows CD, then maybe I need to re-evaluate my employees."
"While I fully understand the need for Microsoft to protect its licensing, I have concerns when more and more restrictions are placed on enterprise customers," said Steven Bastille, IT director for server and desktop systems at Station Casinos.
The Las Vegas-based casino chain runs more than 3,000 Windows PCs and servers, many in a high-availability environment. Bastille worries that increased oversight of software license keys by Microsoft through the SPP technology will increase the chances that legitimate users will be asked to revalidate their Windows installations -- a scenario he said he could ill afford.
"If there's an error somewhere outside of my control, and all 3,000-plus machines are suddenly not working, I could end up looking for a new job," Bastille said.
Currently, companies that buy large amounts of software from Microsoft under volume licenses are issued a single key for each application or operating system, no matter how many machines the products will be installed on. Many store their license keys as unencrypted strings in plain-text files, making the keys vulnerable to theft.
Stolen keys often end up on the Internet, where they can be reused millions of times by software pirates and unwitting users. In July, Microsoft said that of the 300 million copies of Windows XP that had been scanned by its Windows Genuine Advantage (WGA) tool at that point, 48 million had failed the piracy test because they were installed with stolen volume-license keys.
Starting with Windows Vista and Windows Server Longhorn, which is expected to be released next year, companies will have to choose one of two options under the SPP program. The first, primarily for smaller customers, is to be validated via the Internet by receiving a Multiple Activation Key from a Microsoft server during installation.
The second option, geared toward larger companies, is to install a Microsoft-developed Key Management Service on an internal server to validate PCs during the installation process and every 180 days thereafter. The KMS application will also encrypt the license keys and hide them on the server, according to Microsoft.
Roger Kay, an analyst at Endpoint Technologies Associates said the SPP technologies should "significantly tighten" the leakage of volume-license keys to software pirates. He added that doesn't think SPP will prove to be "that much of a hassle" for companies.
Cori Hartje, director of Microsoft's Genuine Software Initiative, said companies that lose their Windows Vista volume keys or have them stolen and used by pirates won't be penalized, although they may be required to reinstall and change their keys. That process will be simplified by the KMS offering, she said.
The potential consequences are more dire for Vista users who ignore SPP's validation requests or fail its test. And they go beyond those that are now faced by Windows XP users who run afoul of WGA's validation component.
XP users who don't pass the WGA test are blocked from downloading software add-ons such as the Windows Defender security tools. In contrast, users who decline or fail to validate their copies of Windows Vista via SPP will be blocked from using some of the operating system's features, Hartje said. That includes Aero, Vista's graphical user interface, and ReadyBoost, an application that uses flash memory to increase system performance.
After 30 days, the operating system will go into what Kay described as an "ugly mode" that provides reduced functionality, similar to Windows Safe Mode. Users then will be given one final hour of Web access as a last chance to validate the software or buy a legitimate license.
SPP will not be included in Office 2007, which is expected to ship by year's end. However, Microsoft said that the technology will eventually be built into more of its products.