Microsoft Downplays Activation Whitepaper
In the first comprehensive study of its kind, an Internet start-up has released a whitepaper providing technical insight into the inner workings of Windows Product Activation. The study's conclusion agrees with Microsoft's assertions that typical hardware modifications will not require re-activation, and that end user privacy is protected. Despite the open analysis, Microsoft is not concerned about details exposed in the paper, citing the inevitability of the technology being reverse engineered. The software giant stands behind WPA as "well engineered work" that will not be harmed by this publication.
Research conducted by Fully Licensed GmbH, a start-up focusing on software licensing, reveals that an ID composed of ten different hardware components and the Windows product key is the only information sent to Microsoft servers during the activation process. A user will be able to change up to three of the ten hardware components before having to re-activate Windows.
In line with privacy claims, deciphering the actual hardware configuration of a given machine from the ID is an impossible task, as a random three-digit number is used to create the final encrypted string.
When questioned about the significance of the study, Microsoft Product Manager Mark Croft told BetaNews the company has no problem with the whitepaper having reviewed it prior to publication. Downplaying its importance, he stated, "I don't think it is that big of a deal - something of this nature was bound to happen sooner or later."
Additionally, Croft contends that the report, "is largely accurate technically, but it also contains some errors. The errors, in our
opinion, do not however affect the report's conclusions." He goes on to say, "The contents or conclusions do not surprise us. The conclusions in fact support many of the statements we have made already about product
activation: we respect user's privacy and the vast majority of users will never have to reactivate once they activate initially."
According to Croft, potential misuse of technical details outlined in the report is not of concern to Microsoft. He also dismisses claims
that product activation can now be more easily subverted, declaring "There is no security issue here. Companies and individuals research,
decompile, and review our code all the time. There is nothing in the report that can aid hackers."