Feeds

back to article Microsoft 'wait-and-see' on Vista BIOS hack

Microsoft has no immediate plans to tackle a reported hack to Windows Vista product activation that could allow illegal copies of Windows to be widely installed. The hack is not yet viewed as a wide-scale threat, although Microsoft indicated it may act if more hackers view breaking Windows Vista's OEM product activation as a …

COMMENTS

This topic is closed for new posts.

law-abiders punished

As with many anti-piracy efforts, the Vista activation process requires significant resources to be spent by companies that have acquired the software legally while allowing the criminals an easy bypass.

0
0

Easy Bypass? You can't be serious...

Heck, most users can't even _update_ their BIOSes themselves safely, giving rise to BIOS Saviour, and scores of OEM BIOS auto-update utilities. And MS is right - this isn't really a scalable hack, as there are too many variations in OEM BIOSes, and the risk of an inoperable motherboard if you get it wrong. Temptest in a teapot anyone?

0
0
Anonymous Coward

A simple hack

is to run the os under a hypervisor that is hidden from the software. This way the windows activation can be bypasssed and the system is already root-ed for hacking the hd playback code. All it needs is an open source virtualization package, the right modifications on it to make it work and a pc capable of hardware based virtualization. (like most new intel cpus)

0
0

"Wait and see approach" my ass

More like "Wait and see if we can work out a way to fix this mess".

They didn't think it through as a "hacker" (pirate more like it) would, and now they have a problem. Millions of legitimate users are out there with legitimate hardware sold with Vista. MS can't simply pull the carpet out from under these users. They will need to devise a way that all users can continue using their systems without having to do something drastic like reinstall or update the BIOS because many users simply don't know how to. Even locating the product key on the sticker would be difficult for some.

MS can't simply pull the OEM keys and try again.

But on MS's side, the number of users using this method is very low. And MS have said they'd prefer we pirate Windows than use MacOS or Linux.

0
0
Anonymous Coward

Yes, easy bypass

You no longer have to update the BIOS - as mentioned in the article, there is another hack going around that lets you leave the BIOS alone but convinces Vista that its using an OEM one. Any OEM one.

It seems like a pretty easy bypass to me, though from what I've heard it wouldn't be easily automated into a single-button install process for the commercial-scale pirates to sell (I'm not upgrading to Vista, so it doesn't bother me either way - it has nothing I need until at minimum DX10 games become the norm).

0
0

Re: law-abiders punished

If Microsoft priced their products reasonably then the benefits and therefore the attraction of piracy would be far smaller. I know that I could no longer *afford* to use Microsoft software even if I wanted to, which is one of the reasons I became a 100% Open Source shop many years ago.

0
0
Anonymous Coward

Not a tempest in a tea pot, merely the calm before the storm

Tempest in a tea pot if you believe that it actually takes a flashing of a BIOS to hack Vista.

Purely out of scientific interest, ahem, I tried the available OEM-BIOS activation of Vista Ultimate and it requires the littlest of technical expertise apart from an understanding of how the process works and seems infinitely scaleable.

It is a three step process, done entirely in software without any ROM flashing.

The hackers have aquired OEM product keys and BIOS images for ALL of the vista versions from manufacturers like Acer, ASUS, DeLL and HP.

But they have removed the need for flashing the BIOS by ingeniously writing a software device driver that emulates an OEM Activation 2.0 Vista activated motherboard BIOS.

Then an accompanying XML license file from the same OEM system needs to be placed in a system licensing directory. From this point Vista's own built in VBS CLI licensing system can be used to verify this license and submit the OEM license key. As there is no need for the computer to contact Microsoft for this as it checks the key against the emulated OEM BIOS driver, Vista permanently activates itself.

This flaw in the new and improved (!) activation process for to combat piracy by M$ is made mostly possible by the fact that you can install Vista Ultimate without a product and already indefinately "re-arm" your copy. Whilst you still get all the updates and extras, you are then free to basically "virtualise" the required OEM BIOS information.

Investigate this more and you'll realise that the MS spokeman is full of BS, and its something they should be real worried about. The only reason its not prolifically happening already is that Vista is not installed as widespread as XP.

Windows Piracy is dead! Long live Windows Piracy!

0
0
Silver badge

You don't have to touch the physical BIOS

This hack has been around for at least a month. Vi$ta needs convincing that the machine on which it is installed is a OEM rollout. iirc a software image of an OEM BIOS containing the OEM pre-installed data is used with software redirection code to make Vi$ta use this instead of the real BIOS.

At the moment I believe ( I am writing as a kook here not someone who has actually done this) the process is fiddly and Robert Hill is correct most users are barely beyond first line support staff when it comes to doing anything with an m$ OS beneath the condescending pretty picture interface.

You can be sure though that soon enough a scripted install will make this OA simple to bypass.

I expect OA is just as bullet proof as the rest of m$ software.

0
0
Anonymous Coward

Its very easy hack to use

Again, purely in the spirit of scientific research, I had a go with this about a month ago.

I fitted an old hard disk in the machine, just in case it fouled other partitions up, and installed a copy of Vista (home premium) without a product key. Then ran the hack ... voila! Activated Vista. No problems. Didn't have to enter any product keys or answer any questions. It really is *that easy*.

I think that MS is downplaying this, because if they make a lot of fuss - "All is lost", wailing and gnashing of teeth stuff - a lot more people will pay attention and the crack will spread (no pun intended).

Incidentally, Vista didn't detect my onboard 3com network port, Intel video or sound chipsets. So its kinda useless to me, but that's an issue that's been done to death already.

0
0
Silver badge

Just Another Reason to Say No

Of course Microsoft aren't all that bothered about people pirating Vista -- they'd rather you were using pirated Microsoft software (and thus still locked-in to the machine) than any competitor's software (which might actually make you realise just how abysmal Microsoft's products really are).

Having been a penguin-shagger since just before the release of XP, I've absolutely zero intention of using any Microsoft software -- or for that matter, *any* software where the vendor isn't prepared to let me (or a competent programmer whom I trust) inspect the Source Code.

There's just no good reason for anyone to run closed-source software anymore (if there ever even was one in the first place). Two thirds of web servers are Apache, all mail servers that *actually work* are either Sendmail or Postfix, and don't forget BIND which you use everytime you enter a hostname as opposed to an IP address.

You CAN live without Microsoft. Go on, try a live Linux CD.

0
0
Anonymous Coward

Better to fix the bugs!

If USoft spent their cash pile on fixing the many bugs in Windows instead of trying to stop fraudulent copying then we would feel better about paying for it.

Their attitude to licensing is getting more paranoid by the day.

We have now weaned most of our PC's off IE and Outlook Express onto Firefox and Thunderbird and hardly anyone noticed.

The database went MySQL some time ago on a Windows 2000 box and recently that was upgraded to SuSE. Again, no-one noticed.

Our new users get Open Office and existing users are trying it. No complaints so far.

These are small measures but, if enough users make the switch, it will add up to a dent in their coffers.

Bill Gates is like Tony Blair; someone we can't wait to see the back of!!

0
0
Silver badge

Fix the bugs? Thou Kiddest!

You can't expect Microsoft to fix bugs in their software! If it was right in the first place, they'd never be able to sell you a newer, improved version five years down the line.

0
0
Anonymous Coward

Good way to test popularity...

Hmmmm. This could simply be a way for M$ to see how popular their new baby really is. If no one shows any interest in the hack then they have a pig in a poke, if piracy using this method becomes popular then they can close the door and they know they have a potential winner.

Personally I think they have shot themselveds in the foot with this one, but only time will let us know for sure. To those thinking of going with Vista I suggest you read (and understand) your End User Licence Agreement (EULA), don't just 'click-through', the things are agreeing too might not sit well with you.

0
0
Anonymous Coward

Hard to do - don't make me laugh!

Hard to install the pirated Vista? Thats a laugh. As with others, purely out of achademic interest I, too, tried the Vista Ultimate DVD image and patch that is easily found in P2P networks. Before burning the DVD a patch utility is run which does the OEM hack. Then burn the DVD and you've a full version of VU which will install as easily as the legit version (I've done both). Vista installs are easier in terms of user interaction than XP or any of its forerunners. It is only beaten by Mac OS X for simplicity of install. If I were to hand this over to any of my tech-illiterate friends (I won't) they could have Vista up and running on their PCs within 30 minutes max!

The DVD has now been processed in the office shredder, I'm back on my Mac, my ageing [licenced] copy of XP is doing the little I will allow it to these days. Peace reigns again.

0
0
This topic is closed for new posts.