May 23, 2005 2:46 PM PDT

Bypass found for Windows piracy check

A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional software from the company, according to a security researcher.

Researcher Debasis Mohanty outlined what he said was a technique to trick Microsoft's Windows Genuine Advantage validation check in a posting to the Full Disclosure security mailing list on Monday. WGA is a software tool that verifies whether a particular copy of the operating system is properly licensed.

Using a secondary Microsoft validation tool called "GenuineCheck.exe," it may be possible for people to trick the checking mechanism, Mohanty said in the posting. They could then download and run supposedly restricted software from Microsoft's Download Center on a PC running a pirated version of Windows, Mohanty wrote.

Microsoft confirmed that the technique could circumvent the piracy check, but a representative said Monday that the company is not worried.

"This represents very little threat to Microsoft," the representative said. "We expected counterfeiters to try a number of different methods to circumvent the safeguards provided by Windows Genuine Advantage."

The company has been testing the WGA piracy lock on its Download Center and Windows Update Web sites for several months. It has said that by an unspecified date in the middle of this year, all Windows XP and Windows 2000 users will have to validate their copy of Windows before they can download from the Web sites.

The GenuineCheck.exe tool used to bypass the check is meant to provide an alternative way for users to prove that their copy of Windows is genuine. The primary Windows Genuine Advantage checking mechanism uses ActiveX, which is not supported in all Web browsers.

GenuineCheck generates a code that can subsequently be used to validate a pirated copy of Windows, according to Mohanty's posting. However, a PC running a legitimate version of Windows is required to run the GenuineCheck tool.

The threat is mitigated because the keys generated by the GenuineCheck tool expire "rapidly," the Microsoft representative said. Consequently, it would not do anyone much good to put up a Web page with a list of keys. Still, somebody would be able to generate a key and use it immediately on a PC with a pirated copy, or pass it on to a friend.

"This is more of an individual method of pirating. We don't see this as too different from people who take legitimate software, burn it to a CD and distribute it to their friends that way," the Microsoft representative said.

Microsoft's Download Center and Windows Update Web sites offer applications such as Windows Media Player and the Windows AntiSpyware product, as well as security updates for Microsoft products. The trick with the GenuineCheck tool works only on Download Center, according to Microsoft.

When the Windows Genuine Advantage pilot program began last year, it was purely optional, with no benefit for verifying one's operating system and no penalty if the OS was found not to be genuine. Microsoft has gradually expanded the piracy check and is now withholding downloads for users of some international versions of Windows XP.

18 comments

Join the conversation!
Add your comment
So, is it time to switch to Linux?
No more updates. Better switch to Linux.

I actually run Linux on one of my PCs that has a legal copy of Windows installed, just because making Windows usable means several hours of installing all drivers and software one by one, rebooting each time, and using Linux just means inserting a Knoppix CD, waiting about 3 minutes, and then have a full OS with loads of applications already installed and working, with all hardware recognized. Why cannot MS do it in 3 minutes instead of 3 hours (or days)?
Posted by hadaso (468 comments )
Reply Link Flag
who cares?
who cares about Windows Update? i don't use it. never will. the only thing they can scare anyone is by blocking their downloads on DirectX 9.0c which i need to play games. oh well, just download the redistribution copy from another website. of course they'll want to put a stop to that as well. and they'll have to stop people putting it on CDs and bundlng it with their games. but that'll never happen as, even now, people would rather install it from a CD. so what next for MS? but validation in that? probably. when that days comes, windows will leave my machine for good.
Posted by Scott W (419 comments )
Link Flag
So, is it time to switch to Linux?
No more updates. Better switch to Linux.

I actually run Linux on one of my PCs that has a legal copy of Windows installed, just because making Windows usable means several hours of installing all drivers and software one by one, rebooting each time, and using Linux just means inserting a Knoppix CD, waiting about 3 minutes, and then have a full OS with loads of applications already installed and working, with all hardware recognized. Why cannot MS do it in 3 minutes instead of 3 hours (or days)?
Posted by hadaso (468 comments )
Reply Link Flag
who cares?
who cares about Windows Update? i don't use it. never will. the only thing they can scare anyone is by blocking their downloads on DirectX 9.0c which i need to play games. oh well, just download the redistribution copy from another website. of course they'll want to put a stop to that as well. and they'll have to stop people putting it on CDs and bundlng it with their games. but that'll never happen as, even now, people would rather install it from a CD. so what next for MS? but validation in that? probably. when that days comes, windows will leave my machine for good.
Posted by Scott W (419 comments )
Link Flag
Microsoft 's problems with XPand Upgrade
The real problem Microsoft has is that 1.they have not sold as many copies of XP as they had hoped. Most people and companies do not consider it necessary to upgrade to Win XP; 2. there are no innovations from Microsoft within the last couple of years consumers want and need; 3.the highly propagated SP2 with their new security features (??)causes more problems and crashes than it remedies, as reality shows. Microsoft postpones 'Longhorn' by giving lame explanations about the 'new' content and the actual appearance. The reason being that they have nothing new to offer and the bad reception of XP by the public and the constant hacker attacks tell them that they have to come up with a new 'device' to fill their coffers. What better than to deceive the public by telling them how much money Microsoft ( and the government from taxes!?!) looses through software pirates? I only believe the statistics I have forged myself! Microsoft has legally a monopoly and thanks to a lot of money and lobbyists enhances its position through constant false information through the public media. Beware the beginnings, should this still be posssible!
Posted by Fire1946 (2 comments )
Reply Link Flag
Microsoft 's problems with XPand Upgrade
The real problem Microsoft has is that 1.they have not sold as many copies of XP as they had hoped. Most people and companies do not consider it necessary to upgrade to Win XP; 2. there are no innovations from Microsoft within the last couple of years consumers want and need; 3.the highly propagated SP2 with their new security features (??)causes more problems and crashes than it remedies, as reality shows. Microsoft postpones 'Longhorn' by giving lame explanations about the 'new' content and the actual appearance. The reason being that they have nothing new to offer and the bad reception of XP by the public and the constant hacker attacks tell them that they have to come up with a new 'device' to fill their coffers. What better than to deceive the public by telling them how much money Microsoft ( and the government from taxes!?!) looses through software pirates? I only believe the statistics I have forged myself! Microsoft has legally a monopoly and thanks to a lot of money and lobbyists enhances its position through constant false information through the public media. Beware the beginnings, should this still be posssible!
Posted by Fire1946 (2 comments )
Reply Link Flag
Even easier work around...
I hope Microsoft didn't pay the guys who developed this Genuine authentication crap. All you have to do to get around it is disable the ActiveX control for it and you can get updates like normal.
Posted by (2 comments )
Reply Link Flag
how to disable the activex control?
through the updates system this validation tool came up on my pc and discovered that my xp is not genuine. now i have got this annoying pop up, everytime i boot my pc, that reminds me that my copy is not original or someting like that. it keeps coming up and its really annoying. any idea on how to eliminate tis pop up. it also appears in the task bar as a little icon (bleu star). Any help will be appreciated. thanks
Posted by betty73 (2 comments )
Link Flag
Even easier work around...
I hope Microsoft didn't pay the guys who developed this Genuine authentication crap. All you have to do to get around it is disable the ActiveX control for it and you can get updates like normal.
Posted by (2 comments )
Reply Link Flag
how to disable the activex control?
through the updates system this validation tool came up on my pc and discovered that my xp is not genuine. now i have got this annoying pop up, everytime i boot my pc, that reminds me that my copy is not original or someting like that. it keeps coming up and its really annoying. any idea on how to eliminate tis pop up. it also appears in the task bar as a little icon (bleu star). Any help will be appreciated. thanks
Posted by betty73 (2 comments )
Link Flag
Microsoft is Poo
Even though this piece of crap validation thing was being developed for a year, it came out Yesterday, and it was defeated by the end of the day. So, I appreciate that MS did this really, it gives the hackers something to work on. And they did a smooth job defeating it, really, it is like butter.
Posted by weAponX (9 comments )
Reply Link Flag
Microsoft is Poo
Even though this piece of crap validation thing was being developed for a year, it came out Yesterday, and it was defeated by the end of the day. So, I appreciate that MS did this really, it gives the hackers something to work on. And they did a smooth job defeating it, really, it is like butter.
Posted by weAponX (9 comments )
Reply Link Flag
Microsoft screws the public again
I have a legal version of windows 2000 and for the past couple of years I have faithfully kept everything updated. Now Microsft's new system has screwed up my system so I cannot get updates. I don't know what the problem is but I know I am totally fed up with Microsoft and their obsession with gouging the public for their last dollar. They couldn't care less about the legal customers who they have already gouged. The only solution is to break once and for all Microsoft's monopoly over the operating system market.
Posted by HughT (28 comments )
Reply Link Flag
I Agree
For the past few years, Microsoft has been "screwing" us out of our money. They just keep turning the gears of our patience. I belong to an online forum, of which there are over 50,000 people who use windows, and the vast majority agree that Microsoft is just money hungry. (Figures, it's no wonder with 'him' in charge of microsoft) The majority of this group also have stated their intentions of switching OS and leaving Microsoft's corruption and ignorance behind...
Posted by halo2_fablefan (4 comments )
Link Flag
I Agree
For the past few years, Microsoft has been "screwing" us out of our money. They just keep turning the gears of our patience. I belong to an online forum, of which there are over 50,000 people who use windows, and the vast majority agree that Microsoft is just money hungry. (Figures, it's no wonder with 'him' in charge of microsoft) The majority of this group also have stated their intentions of switching OS and leaving Microsoft's corruption and ignorance behind...
Posted by halo2_fablefan (4 comments )
Link Flag
Microsoft screws the public again
I have a legal version of windows 2000 and for the past couple of years I have faithfully kept everything updated. Now Microsft's new system has screwed up my system so I cannot get updates. I don't know what the problem is but I know I am totally fed up with Microsoft and their obsession with gouging the public for their last dollar. They couldn't care less about the legal customers who they have already gouged. The only solution is to break once and for all Microsoft's monopoly over the operating system market.
Posted by HughT (28 comments )
Reply Link Flag
I Agree
For the past few years, Microsoft has been "screwing" us out of our money. They just keep turning the gears of our patience. I belong to an online forum, of which there are over 50,000 people who use windows, and the vast majority agree that Microsoft is just money hungry. (Figures, it's no wonder with 'him' in charge of microsoft) The majority of this group also have stated their intentions of switching OS and leaving Microsoft's corruption and ignorance behind...
Posted by halo2_fablefan (4 comments )
Link Flag
I Agree
For the past few years, Microsoft has been "screwing" us out of our money. They just keep turning the gears of our patience. I belong to an online forum, of which there are over 50,000 people who use windows, and the vast majority agree that Microsoft is just money hungry. (Figures, it's no wonder with 'him' in charge of microsoft) The majority of this group also have stated their intentions of switching OS and leaving Microsoft's corruption and ignorance behind...
Posted by halo2_fablefan (4 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.