As it did previously for Windows Vista, Microsoft will update the anti-piracy technologies in Windows 7 after the initial release of the OS in a bid to thwart common product activation hacks and exploits. However, unlike with the Vista update--see my article New WGA Behavior in Windows Vista Service Pack 1 for more information--Microsoft isn't changing the user experience in any way. And, best of all, this update will be completely optional, now and in the future.
Dubbed the Windows Activation Technologies Update (WATU) for Windows 7, this update will be delivered worldwide via the Windows Genuine web site on February 16, 2010 and then as an optional important update on Windows Update starting February 23. (See below for information on how you can prevent this update from auto-installing.) It affects all versions of Windows 7, but will be delivered to Windows 7 Home Premium, Professional, Enterprise and Ultimate customers first since those are the versions that experience the most piracy.
As its name suggests, WATU is an update to the product activation feature in Windows 7, which requires users to electronically activate each copy of the OS with Microsoft and, in effect, tie a product key to a particular computer. As was the case with Vista before it, Windows 7 has experienced a spate of new activation hacks and exploits since the broadly tested public beta. So WATU is designed primarily to overcome these new attempts to bypass product activation.
When product activation debuted in Windows XP, hackers created key generators and passed around volume licensing keys, so Microsoft changed the way things worked in Vista. Then, with Vista, hackers began devising ways to mimic Genuine Windows systems in order to fool the anti-piracy technology. Now, unfortunately, with Windows 7, malware has entered the picture as well.
"Starting with the release candidate [RC] version of Windows 7 last summer, we saw a lot of non-genuine copies on web sites and networks," Joe Williams the Worldwide Genuine Windows General Manager at Microsoft told me during a recent briefing. "And a lot of those came with malware, much more so than in the past. We're concerned about the prevalence of malware in counterfeit copies of course." According to IDC, 25percent of counterfeit Windows versions available on the web contained malware packages four years ago. But now, that figure has jumped to 32 percent.
WATU thwarts over 70 new activation hacks that have arisen since last year. If a system has been activated illegally using such a method, this update will disable the offending code, trigger the built-in activation code in Windows 7, and then constantly monitor the system, looking for new bypass attempts.
"The key thing is, there's no new user experience," Williams said. "This basically enables Windows to alert the user if the system hasn't been properly activated. Not changing things for legitimate users is a big part of our strategy."
And, as you might imagine, given the number of false positives that occurred after earlier product activation changes, Microsoft is very careful now to only go after those bypass attempts that are known hacks. "The risk of false positive is exceptionally tiny," he said. "We're only looking for the fingerprints of known hacks and exploits: Changes to key files, the boot loader, and Registry." (And if you're worried that the clean install with Upgrade media "hack" I wrote about falls into this category, don't. I verified with Microsoft that this method is both safe and unaffected by WATU.)
Here's how it works.
WATU examines the licensing files in Windows 7 to determine whether any have been tampered with. If not, nothing happens, and the update won't change a thing.
If files have been tampered with, the update will retrieve known good files from a known good file store and heal them. Regardless, WATU will automatically reconnect back to the activation and validation servers at Microsoft (or, in a corporation, internally) every 90 days to check for new signatures, much as anti-virus software works. If new signatures are found, the check is run again against the new versions.
Here, Windows has detected and fixed modified licensing files.
Occasionally, an activation hack may be able to prevent WATU from replacing tampered files. In such a case, the update will rerun every 7 days until it is able to recover and heal the files.
The 90 day grace period is interesting. If the PC is offline on the 90th day, the check will reset for 90 days later. In other words, it doesn't fail and then check again the next day. It fails and then waits another 90 days. Williams said that Microsoft didn't want to hog bandwidth at corporations by continually checking with the activation and validation servers. So the 90 day time period is designed as a balance between extremes.
"We know this is a game of cat and mouse," Williams said. "Counterfeiters will come up with new stuff going forward. So we'll figure it out and fix it as it happens."
The most interesting aspect of WATU is that it's completely voluntary. If you are worried that you somehow acquired a counterfeit version of Windows 7, you can proactively visit the Microsoft web site starting next week and download the update. With the Windows Update release, WATU will simply be provided along the lines of the user's preferences. So if you have configured Windows Update to automatically download and install optional updates, WATU will be installed. If you haven't, it won't, and it can be hidden like any other update. You can even uninstall the update if it gets installed before you have a chance to hide it.
WATU will appear as an important update in Windows Update.
There is one catch here. If you do install WATU and it finds that your system was not properly activated, uninstalling the update will not return your PC to its previous activated state. You will still need to activate Windows 7 again. "The license state doesn't change as a result of uninstalling the update," Williams told me.
So there you have it: Microsoft, committed to the anti-piracy technologies in Windows, is updating the technology to better handle modern threats. This makes sense and, unlike with the similar Vista update, at least we don't have to worry about any major functional changes. That this update is completely optional speaks to the company's intentions here as well. In the past, side discussions about such things as malware seemed like a way to cloak true intentions. But here, it's very clear that Microsoft is providing something that shouldn't bite legitimate customers. With the understanding that I'd prefer not to have to deal with this kind of thing at all, at least it seems innocuous if not beneficial. And if you're worried that you might have been scammed by a white box PC maker or online software seller, this is a great way to find out.
