It probably isn't news to you that Microsoft is seeking to recoup billions of dollars lost each year to software piracy. The software maker has spent a lot of time and effort over the past several years developing technologies to prevent software piracy, but until now those efforts have curtailed only casual piracy.

With Windows Vista and Longhorn Server, however, that's all going to change. Microsoft is going after enterprise software piracy for the first time, and it's organizing its efforts around a new antipiracy initiative consisting of programs and strategies such as Windows Genuine Advantage (WGA), unique new schemes for limiting functionality in pirated software, and providing corporations with volume-license keys. In the future, no matter how you obtain Microsoft software, the company will have ways to keep you honest. Here's what you need to know about Microsoft's antipiracy efforts.

Reason, Rationale, and Method


As Microsoft likes to point out, software piracy is responsible for billions of dollars of lost revenue per year. Although it's impossible to gauge the precise amount of that loss, the Business Software Alliance (BSA) estimates that up to 35 percent of all software installed in 2006 was pirated or at least unlicensed.

It's understandable that even a company of Microsoft's steady financial gains has a fiscal imperative to rein in software piracy and further increase its revenues. But Microsoft has chosen to position its antipiracy efforts as a customer win rather than a self-serving corporate objective. According to Microsoft, counterfeit copies of Windows products often contain additional non-Microsoft code and can result in personal-or business-data loss and identity theft.

Whether this assertion is correct matters little. The reality is that Microsoft is attacking software piracy with a new zeal. Microsoft describes its antipiracy initiative as a three-pronged effort. The first prong is education: The company believes that more customers will purchase licensed products if they understand the legal implications of using pirated software. Microsoft is working with numerous industry associations, including the BSA, to promote its views.

Second, Microsoft is working with law enforcement agencies around the world to pursue large-scale software counterfeiters. Each quarter, it seems, the company is able to point to various legal actions taken against software pirates, and it has been using the information-collected from associated raids to develop forensic-data for use in future cases.

Third, Microsoft is pursuing a series of engineering initiatives to help combat piracy. These initiatives include edge-to-edge holographic media, WGA, and the new Software Protection Platform. Microsoft's biggest advances in antipiracy, naturally, are software-related, so let's take a look at the major changes you can expect in Vista and Longhorn Server.

Windows Genuine Advantage


WGA appeared in the wake of Windows XP Service Pack 2 (SP2) and became a mandatory download in July 2005. Users who want to download most XP-based software from Microsoft's corporate Web site and noncritical security updates and other software from Windows Update and Microsoft Update now must agree to install various WGA components on their desktops to ensure that the underlying Windows is genuine. When it is, the user will be able to download software from Microsoft.

If the Windows version is invalid, WGA displays messages indicating that the OS is suspected to be counterfeit and provides Microsoft links to help the user attempt to resolve the problem. Microsoft also limits the system to downloading only critical security updates through any of the company's software updating mechanisms.

Prior to Vista, WGA advertisements were an annoyance only. Aside from the downloading restrictions, users weren't limited in any way: They could run applications; open, save, and change data files; and access network resources normally. (Microsoft also launched Office Genuine Advantage, to help prevent piracy of the Microsoft Office productivity suite.)

In 2006, however, Microsoft began surreptitiously distributing the WGA software as a critical security update through Windows Update, Microsoft Update, and Automatic Updates, thus causing millions of customers around the world to unknowingly install WGA. Because of this tactic and the fact that WGA was silently uploading data from customer PCs to a Microsoft server, many analysts declared WGA to be spyware. As a result, Microsoft modified WGA to be less aggressive about collecting personal information. Given its poor reputation, many had hoped that WGA would be quietly exorcised from subsequent Windows versions. But instead, it's been significantly enhanced and will be included in Vista.

Software Protection Platform


To take WGA to the next level, Microsoft has been working on the Software Protection Platform, a "new set of technologies that will help Microsoft make software piracy harder, help protect consumers from the risks of counterfeit software, and better enable small to large businesses to manage their software assets," according to Cori Hartje, director of Microsoft's Genuine Software Initiative. The Software Protection Platform lets WGA actually reduce Vista's functionality when the software is suspected to be non-genuine.

On a genuine, activated copy of Vista, users will have access to certain features, such as the Windows Aero user experience (which enables glass-like translucency effects and other visual niceties), Windows ReadyBoost (a performance-enhancement feature for systems with a USB-based flash memory device), some Windows Defender antispyware functionality, and optional downloadable updates from Windows Update. However, if a system is found to be non-genuine or hasn't been activated within 30 days of installation, the user will lose access to those features and will receive persistent WGA advertisements. Furthermore, users will be forced to reactivate Windows under certain circumstances, such as when a product key has been stolen.

Unlike XP and WGA, Vista will operate in a reduced functionality mode when found to be non-genuine. The Vista version of WGA will prevent users from performing tasks such as running applications and opening or editing documents. Further, a non-genuine Vista version will let users browse the Web with Internet Explorer (IE) for only an hour and use the Windows shell only to perform data management tasks, such as backing up files.

Microsoft points out that it will not take steps to completely lock users out of their PCs even in circumstances when the underlying Windows version has been found to be non-genuine. That is, users can still access their data files and back up important information. This is somewhat positive news, given the number of WGA false-positives that have arisen in the months since the service became mandatory. Although Microsoft doesn't like to highlight these numbers, millions of users succumbed to WGA false-positives in 2006 alone. We can only hope that improvements to the Software Protection Platform will correct this problem with the Vista release.

Volume Activation 2.0


Although the Software Protection Platform can be seen as an evolution of WGA, Microsoft's most distressing antipiracy changes going forward will affect enterprise customers. For the first time, Microsoft is applying its antipiracy know-how to its largest and most lucrative market. Hang on to your hats.

For Windows volume-license customers, Microsoft is introducing a new set of technologies called Volume Activation 2.0, which will allow enterprises to generate and distribute Vista product keys for the machines in their environments. There will be two methods for doing so. Businesses with fewer than 25 client PCs will be able to use new multiple activation keys that can be applied to multiple PCs. Like individual product keys, multiple activation keys will be activated directly on a Microsoft server. But businesses that purchase the keys can optionally install a proxy server that provides an internal, centralized gateway to Microsoft's public activation service. For this reason, multiple activation keys can also be useful for larger businesses that have Windows clients that are used only infrequently. Microsoft specifies that multiple activation keys should be used only on client PCs that connect to the corporate network 210 or fewer days each year.

Organizations that have 25 or more PCs or more than five Windows Server systems can use a new Key Management Service option in a Longhorn Server?based Microsoft activation server to distribute Vista product keys. Clients that utilize Key Management Service must access the activation server once every 180 days to remain genuine.

Note that bit about Longhorn Server carefully: Large businesses that roll out multiple Vista clients will have to install a preproduction version of Longhorn Server in their environments, a fact Microsoft isn't broadcasting. If you're not particularly excited at that prospect, you should know that Key Management-Services can be installed at a solution-provider's or managed service partner's facilities instead. Microsoft is also creating a Key Management Service add-on for Windows Server 2003, but this service, confusingly, will actually debut in 2007.

So why is Microsoft going through all this hassle? One of the largest groups of pirated XP product keys came from enterprise-based volume license keys, which didn't need to be activated. Starting with Vista, all Windows versions will need to be activated regardless of how they were acquired. This requirement should cut down dramatically on the sheer number of outlets at which thieves can obtain Vista versions and make counterfeit copies. Unfortunately, Microsoft's antipiracy measures will make the enterprise IT administrator's job—your job—more difficult.

Recommendations


Make no mistake, we're in a new era of software antipiracy. With Vista and Longhorn Server, Microsoft is stepping well beyond the software-based controls it instituted with Windows 2003 and XP SP2. Now, Microsoft customers will need to make sure their software is genuine if they expect to get software updates, support, and even the full functionality of the OS they're using.

As an advocate for the user, I find these draconian measures upsetting, but I suspect that Microsoft's customers will largely accept the changes as inevitable. It's unfortunate that the situation has progressed to this point, but I suspect that Microsoft will need to make many changes to its Software Protection Platform and Volume Activation 2.0 technologies during the first year of Vista deployments.

My recommendation? Don't be a Microsoft guinea pig: Understand Microsoft's antipiracy stance and resolve problems before you upgrade to Vista or Longhorn Server. Enterprises beware: You probably haven't had to deal with such technologies in the past.