As I said in this post, all of the results I collected here were done independently, using tools you can download.
If you have performed similar tests, or if you have other experiences to report involving the latest activation technologies from Microsoft, please share them here.
Trust, but verify. That was good advice for dealing with the Soviet Union in its heyday, and it’s equally sound policy today when dealing with that other Evil Empire. You know, the one in Redmond?
Last month, Microsoft rolled out an update to its Windows Activation Technologies (WAT) platform in Windows 7. Everything you’ve read about KB971033 so far, including my report last week, has been based on what Microsoft said it was going to do; in my earlier coverage, I gathered information from blog posts, published privacy policies, a Knowledge Base article, and some one-on-one interviews. But can you really believe everything Microsoft tells you about its new Windows Activation Technologies update?
Now that the update has been publicly available for a few weeks, I’ve been able to dig into it and determine exactly what it does. You don’t have to take my word for it, either. You can download the same tools I used and check for yourself. (And don’t miss my post from yesterday, Confessions of a Windows 7 pirate, which takes a similarly detailed look at the pirates’ toolkit for cracking Windows activation.)
I tested on multiple PCs, running both x86 and x64 editions of Windows 7. To observe its activity, I collected traces using two tools:
- Process Monitor is the flagship utility from Sysinternals.com, originally developed by Mark Russinovich and Bryce Cogswell. (The company was purchased in 2006 by Microsoft. The Sysinternals utilities are currently hosted on Microsoft-run servers but are still maintained and regularly updated by Russinovich and Cogswell, both of whom are now Microsoft employees. ) I used the most recent release of Process Monitor, v2.8, to save a trace of all file, registry, and process activity associated with the installation and operation of the WAT Update.
- Wireshark is a free, open-source network protocol analyzer. I used version 1.2.6 with WinPcap version 4.1.1 to capture all network traffic while the WAT Update was running.
I installed the KB971033 update on multiple systems using both the downloaded version and the one delivered through Windows Update. I also uninstalled the update and observed what happened.
From a technical standpoint, I was able to confirm that the WAT update does what Microsoft says it does. I was not able to read the contents of the signed, encrypted packets going across the wire, but I did locate the stored information in the registry and compared it to Microsoft’s published privacy policy.
You can see the full results of my tests on the next three pages. As I said, you don’t have to take my word for it. I encourage you to do this for yourself so you can make your own decision based on your own evidence. If you see something different, let me know in the Talkbacks.
Page 2: What files does it install? What else does it do to your system? I was able to observe exactly which files it installed, and I also recorded changes it made to the registry and in Task Scheduler.
Page 3: What does the Windows Activation tool do when it runs? How does it communicate with Microsoft? I used details from the Process Monitor trace to identify which system licensing files are being checked, and I also confirmed that all communications with Microsoft servers were over secure connections.
Page 4: What information does it exchange? What happens when you uninstall it? I examined the privacy policy for the information exchange (and also verified a crucial certification for it). I also confirmed Microsoft’s claim that the update can be uninstalled.
For details about what the installer does to your system, see the next page.
