Virtualization and confusing array of Vista legal restrictions to haunt Microsoft and users alike
According to fellow ZDNet blogger Mary Jo Foley, Vista's licensing is confusing enough. She literally ends up screaming for help. But, over at SecurityFocus, Scott Granneman is drawing attention to some of the more objectionable (and seemingly arbitrary) terms in Microsoft's End User License Agreement for the new version of Windows. In his analysis, there are some dots that remain unconnected. So, in the process of connecting them for you, I'll spotlight a very large and looming problem that Microsoft will have to face in the years to come.
Of the clauses Granneman covers, the best he needed to save for last (in his mind) is the one where Windows Vista can only be legally transferred to another computer one time. After that, you need to acquire another copy. There was a fair amount of flame traffic on the Web after news of that restriction first appeared. The official language in Vista's EULA goes like this:
Software Other than Windows Anytime Upgrade. The first user of the software may reassign the license to another device one time. If you reassign the license, that other device becomes the "licensed device."
Larger enterperises won't feel the pinch of this proviso as much as the smaller businesses and consumers who don't have volume agreements with Microsoft will. I also suspect that this rule has more to do with the short-comings of how Microsoft's product activation infrastructure works more than anything else. Today, if you legitimately transfer your copy of Windows to another system and Windows thinks it has been pirated, it takes a call to Microsoft to flip whatever bits have to be flipped on the Microsoft side in order for that copy of Windows to stop thinking it has been pirated. At the end of the day, it comes down to a judgement call on behalf of the person at Microsoft who takes that call. He or she must decide how truthful you are being and any time that sort of subjectivity exists within the context of a revenue stream (and knowing how clever pirates can be), there's little question as to whether this is a fool-proof process. It isn't.
The one system move rule eliminates the subjectivity. Not only will it force some users to go out and buy new copies of Windows, it will save Microsoft money on the support side. Calls to its support personnel, for example, won't take nearly as long once it has been determined that "the customer" is attempting to make a second or third transfer. Where things could get tricky is when it's not a transfer, but rather a reload into an existing system that has undergone (or routinely undergoes) major hardware upgrades. Even without a reload, there have already been reports of how hardware upgrades to existing systems are awakening Microsoft's anti-piracy technology (the Windows Genuine Advantage software), and mistakenly tricking it into thinking Windows has been pirated.
It my mind, this raises the question of what exactly constitutes a new system? When the parts are in a new chassis? Or, when they're moved to a new motherboard? As it turns out, my colleague Adrian Kingsley-Hughes has the gorey details on just exactly how Microsoft scores hardware changes in its attempt to detect potential piracy. Sure, the new rule gives pirates less wiggle room. But, since there continues to be no standard way of uniquely identifying "a system" (TPMs were supposedly the utopia for this but they're not in very system). At some point, Microsoft's support personnel will be back to making judgement calls. More than likely though, it'll be fewer of them. Incidentally, over on Adrian's blog, he's running a poll to see how often ZDNet's readers have had to reinstall Windows. At last count 47 percent have had to reinstall Windows two or more times with 31 percent saying they've never reinstalled.
I, for one, was less interested in Granneman's discussion of system reassignment and more interested in Microsoft's rules regarding the usage of Vista with virtualization technologies like VMware's VMWare Workstation.
The first relevant exerpt Granneman points to is found in the EULAs for the Home Basic and Home Premium versions of Windows Vista and it says:
USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.
It's a humdinger given the rising importance and benefits of virtualization technology, even to users of consumer versions. My next system, whenever I get it, will start fully virtualized. Looking out a bit, Vista will very likely be in use by many millions of people in the 2010 to 2012 timeframe and my guess is that the many benefits of virtualization technology will have trickled down to the consumer level by then. What I mean by that is that the benefits will be easily realized by consumers who opt to take advantage of them. Today, you need to be a bit of a rocket scientist to use virtual machines (VMs). By 2010, it'll be child's play and the benefits of using VMs will far outweigh the downsides of not. But, if the EULA prevents usage and Microsoft enforces its EULA through its technology, many Vista users may find themselves on the outside looking in.
Knowing how virtualization technology works, it's easy to see why Microsoft would want to put a clause like this in Vista's EULA. One of the key advantages of virtualization is connected to the way that it converts an entire system into a file (or a series of files) that lives on a hard drive. A file that can be copied. An, in fact, that's one reason to virtualize a system. Let's say the hardware is having a problem and has to be fixed or replaced. Today, the headaches in moving all of your personalizations from one system to the next make for an aggravating excercise in futility. There are all sorts of utilities for making the move and even Microsoft is coming up with some tools. But in the end, not everything makes it. Particularly little nook and cranny stuff that's very important to end-users. But when your entire computer is contained within a VM, you just copy the VM from one computer to another, and voila: you have your entire system exactly the same way you had it before on the previous computer.
So far so good. Unfortunately, what's good for the goose (you) is also good for the gander (the pirates). Virtualization technology means that a pirate can encapsulate a clean, pristine version of Windows into a VM and then make as many copies of it as he or she wants. Today, most VM technologies pass through unique identifying attributes of the underlying hardware to the virtual machine. So, today, a movement of a VM from one system to another will very likely trigger Microsoft's anti-piracy software into action. But, my guess is that tomorrow, especially given the open source nature of certain VM technologies like Xen, those sort of system sensitivities will be ameliorated in some abstracting layer of virtualization technologies. In fact, to realize the benefits of virtualization technology, it has to be this way. For example, I should be able to move a VM from an Intel-based computer to an AMD one without running into any hitches whatsoever.
So, VMs are (or will be) a technological loophole to all the hard work that Microsoft is putting into protecting its intellectual property (IP) -- a loophole that the software giant probably isn't sure what to do about. In other words, there's no easy technological answer. Short of technologicial answers to IP protection, the only choice for a vendor to fall back on is to encode "protection" into its license agreements. Do you need further evidence of the wrestling match that lies ahead when it comes to Microsoft and virtualization? Granneman points to that as well. As it turns out, you are allowed to use virtualization technologies with the more expensive versions of Windows Vista like Windows Vista Ultimate (draw your own conclusions as to why). But, judging by the following clause, even that poses problems for Microsoft:
USE WITH VIRTUALIZATION TECHNOLOGIES. You may use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system on the licensed device. If you do so, you may not play or access content or use applications protected by any Microsoft digital, information or enterprise rights management technology or other Microsoft rights management services or use BitLocker. We advise against playing or accessing content or using applications protected by other digital, information or enterprise rights management technology or other rights management services or using full volume disk drive encryption.
For starters, note the restriction on "licensed device." It's legal language that theoretically prevents virtualization users from taking full advantage of virtualization technologies (the ability to move VMs around), even if it's for legitimate reasons. But, based on the language discussed earlier, this was almost to be expected. What comes next has one of Microsoft's fears (in my opinion) written all over it.
Microsoft is the purveyor of digital rights management (DRM) technologies. In its most common usage today, DRM is copy protection technology that's designed to prevent the piracy of copyrighted content like music and video. In terms of computers (as opposed to portable playback devices like Apple's iPod or Microsoft's soon-to-be released Zune), DRM is what prevents content from being played back or viewed on anything but the right software (eg: Windows Media Player or iTunes) on "authorized" systems. But, once an entire system can be virtualized into copyable files the way they can with commonly available virtualization technologies, then Microsoft has a new problem. That's because instead of distributing illegal copies of the actual content (like what was done with Bittorrent or Napster), pirates can simply distribute entire collections of content inside of freely copyable "pre-authorized" VMs. Five years from now, PCs will be powerful enough to support hundreds if not thousands of VMs which means from the pirate's point of view, a VM could easily contain one album, one playlist, or even one song.
The net result is a complete end-run around all that DRM, as we know it today, has to offer. The reason this is a senstive situation for Microsoft (as well as any other purveyor of DRM technology) is that an entire business strategy -- one that involves promises of protection to the entertainment confab -- falls apart if it can't guarantee that protection. So, for now, at the very least, one way to try to guarantee it is to erect legal barriers to using "copy" technology like virtualization with supposedly uncopyable content.
Next up, I'll do a 100,000-foot take on the complex technological and legal labyrinth that's being woven here.