Thoughts on the BIOS emulation crack for Vista

Thoughts on the BIOS emulation crack for Vista

Summary: A number of people have asked me about the BIOS emulation crack for Vista that allows the proper activation channels to be bypassed. Here's my take on this latest crack attack.

SHARE:
TOPICS: Microsoft
23

A number of people have asked me about the BIOS emulation crack for Vista that allows the proper activation channels to be bypassed.  Here's my take on this latest crack attack.

First off, I have to say that this is one clever crack.  I mean, extracting the OEM certificates and then emulating the BIOS.  That's pretty clever.  But it also goes to show how sloppy (or overconfident) Microsoft was when it came to handling how OEM systems are activated.  Microsoft gave the OEMs a shortcut and the crackers picked up on it and used it.  If Microsoft is this sloppy when it comes to their own intellectual property, draw your own conclusions when the subject is security.

[poll id=110]

But no matter how clever this crack is, it's ultimately doomed to being picked up on and disabled by WGA.  Not only does it seem tied to specific product keys (and we already know that Microsoft can deliver WGA updates directly to systems running certain keys), but it also relies on installing software drivers to emulate the BIOS.  That kind of hack is so not going to go underneath the radar.  Yeah, sure, Microsoft is going to lose a few bucks to this crack where people can avoid updates and such, but a a wide-scale piracy tool, it's doomed.  Anyone buying a pirated copy of Vista is eventually going to get a nasty surprise.

All this does is give Microsoft another chance to tighten WGA and make things harder for legitimate users.

Thoughts?

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion
  • Unfortunately for those who don't like WGA ....

    .... exploits like these demonstrate the need for it. If it weren't for all the miscreants there would be no need for locks and keys.
    ShadeTree
    • Not true

      We all know that if Windows were cheaper (preferably free) and would only follow standards, no one would ever pirate it. Putting anti-piracy measures into Windows is nothing more than a blatant provocation to pirates, who then are obligated to crack them. It's Microsoft's own fault for daring to think it should be able to control its own software.

      Carl Rapson
      rapson
      • Not true either

        "We all know that if Windows were cheaper (preferably free)"

        Who is going to pay for the development of software.




        "Putting anti-piracy measures into Windows is nothing more than a blatant provocation to pirates, who then are obligated to crack them."

        Are you saying that having banks and vaults in banks where cash is stored only provokes bank robbers into stealing.




        " and would only follow standards, no one would ever pirate it."

        Put 10 people in a room and try to get them to agree on 1 thing. Good luck, if you can succeed.

        Microsoft provides software, technologies that it considers better than the competition and the market thinks so too.
        zzz1234567890
        • Sorry...

          ...I forgot to add my "sarcasm" tags. I thought the sarcasm was obvious, but I guess it wasn't. :)

          But in this case:

          "Are you saying that having banks and vaults in banks where cash is stored only provokes bank robbers into stealing."

          I would have to say yes, because that's the attitude that many who are anti-Microsoft seem to have. Windows is a "challenge" to hack and crack as quickly as possible. Motivations are beyond me, however.

          Now to get serious: None of the so-called "flaws" in Windows are inherently a problem; they are only a problem if someone exploits them. Isn't it a shame that so many obviously intelligent people are spending their time and talents attacking Windows and its users rather than building the "better mousetrap"?

          Carl Rapson
          rapson
    • Show me a mountain

      that nobody will climb
      Anti-pirating software is such a mountain
      Perhaps the miscreants would find something else to do if the opportunity wasn't so juicy.
      The first to figure it out will plant his flag up there for all to see.
      And then give the two cheek salute
      zmud
    • Unfortunately for those who don't like WGA ....

      On the contrary I think WGA is a great tool, the only problem with it is that Microsoft haven't gone far enough.... yet. However smart cracks like this are helping Microsoft to improve this tool, and sooner or later WGA will fulfill it's true potential.

      The problem as I see it is that Microsoft are not trying hard enough.
      tracy anne
      • The crack is in your head

        [i]sooner or later WGA will fulfill it's true potential.[/i]

        A fangirl like few others, you must be quite proud (and no doubt a faithful stockholder to boot). Nothing like licking your WGA popsicle like a good little puppy girl. Did you get your customized picture of Bill & Melinda personally autographed and framed in gold too?

        PS> They're trying all right, they just haven't cornered all the "smarts" of the earth yet. That's only cuz they're so busy counting all their loot from their bottomless coffers. That still eats up an inordinate amount of their time.
        klumper
        • Ah, envy is still alive and well,

          wealth envy that is...
          markdean
    • They'll get it right next time for sure

      You seem to imply that WGA has been sucessful in any way of forcing those who steal to pay for it. It hasn't happened, and it won't happen. Those who want to steal (and it is stealing) will steal. I put it to you this way, if it weren't for MS wasting all this effort on a failing proposition, they could make the lives of their paying customers much more pleasant.

      Why does MS really need continual verification. If they could create a bulletproof FIRST TIME activation process, they could be done. Since that can never exist, they continue with the illusion that they can impact piracy, when in the end, they alienate and extract extra revenue from their actual customer base.

      Make it a one time, jump through hoops activation process, and then be done with it.

      TripleII
      TripleII-21189418044173169409978279405827
  • Another Poll

    Instead of a poll asking who is winning, crackers or Microsoft, how about a poll asking who is losing. You need only have one choice to vote for: consumers.

    Vista is the first major MS OS release since Win 95 that I won't be upgrading to until absolutely necessary. And I even got a free upgrade with my new computer.

    I'm just not eager to have to buy new HW & SW to run my "free" upgrade. I am also not eager for tilt the table even more in Microsoft's favor, license-wise. No thanks.
    bmgoodman
    • Vista non-upgrades

      [i]"Vista is the first major MS OS release since Win 95 that I won't be upgrading to until absolutely necessary."[/i]

      I know that tune. As I was explaining to Shadetree the other day that kind of logic is getting more and more common. What I *didn't* expect was to get an order from a new customer today stating on the purchase order "Supply of Windows XP PC". I phoned them up to tell them that XP machines are getting few and far between and I was told [i]"If you can't a new XP box, get a second hand one"[/i].

      Buy shares in resellers perhaps?
      bportlock
      • As amusing as your little anecdote is ...

        ... it hardly foretells a trend. We are having no problem selling Vista computers. Go read Ed Bott's blog on slow vista adoption and get some perspective.
        ShadeTree
    • won't be upgrading.....

      quote:: Vista is the first major MS OS release since Win 95 that I won't be upgrading to until absolutely necessary. ::quote

      With Linux and Mac to choose from, that will never be necessary surely.
      tracy anne
      • I've said for years

        I've said for years that when Linux can easily handle all my MAJOR PC uses, I'd switch. I'm still waiting.

        *Import Money 2001 into GNUCash or equivalent
        *Sync Outlook equivalent with my Timex Data Link watch
        *Sync Outlook equivalent with Sony w810i cell phone and/or Nokia N75
        *View photos and listen to music stored under Linux on my Tivo/TV.
        *Transfer shows from Tivo and easily transcode them to DVD using equivalent of Roxio Easy Media creator.


        On the last one, I am NOT looking to load 4 Linux packages and learn arcane commands, process and pre-process, fold, spindle, or mutilate. I want it to be easy.

        When I can do all these tasks, I can easily see myself leaving Microsoft.
        bmgoodman
  • A partridge in a money tree

    Greed makes the world go 'round, on both sides of this divide. Opportunistic impulses on the part of the pirates, aggrandizement on the part of the monolith (in lockstep with most global enterprises). So what's new?

    As I see it, the larger issue remains: how many of these pirate types would actual purchase (or could afford) these programs they plunder if the WGA and SPP style roadblocks truly worked, say to a bulletproof caliber? This has to be weighed against the inconvenience and "false-positive" hair pulling it brings to those who tread legitimately. It also assumes the roadblocks implemented will ultimately achieve bulletproof preventative status, and the pirates truly have a [i]need[/i] - as opposed to merely a want - for the product. If that doesn't exist to begin with, it's a shoo-in they won't be purchasing it anyway. If so, were the sales ever really lost? Round and round we go.

    But slice it or dice it, little will change in the end, as human greed knows no bounds. If M$ cut their inflated ticket prices in half, we might someday get to the bottom of this maddening conundrum. Yup, one more pipe dream, like a partridge in a money (pear) tree.
    klumper
    • greed is a funny thing

      "as human greed knows no bounds"

      It is almost impossible to accurately define. Usually, people call other people greedy out of envy. They say it's OK for them to have stuff but only an undefined or unknown amount. If it is a lot, again undefined or defined differently by different people, then they are called greedy.

      Microsoft is in the business to make money. They make a lot of money. They want to make more money. Does that make them greedy?


      Who owns Microsoft? It is a lot of people who invest in the company by buying stock. That includes the often-mentioned "working man and woman" who have parts of their retirement in stocks which may include Microsoft. If Microsoft didn't make a profit it would impact them.

      I make good money. I can pay my bills and save money-in other words, I don't live paycheck-to-paycheck. I still want more money and expect (demand actually) a raise every year and a bonus that is tied to my performance. If I don't get it (and I met the requirements), I will seek employment elseware no matter how it will impact the company I work for. Am I greedy?

      Who gets to decide when "enough" is "enough"? Who gets to decide how much is "too much"? Some people say it is wrong for someone like Bill Gates to make an 'obscene' amount of money. So, where should they stop? Is 1 billion enough and anything more too much and showing greed? what about 100 million? 10 billion?
      markdean
  • New a form of malware...

    I am waiting for the first wave of malware that makes legal Vista users fail WGA. You know that the pirates are angry and scheming (these are unemployed former-KGB bosses and Asian elite hackers who have very sophisticated means and nothing better to do than to grab a few crumbs from the table of plenty that M$ has created for itself). If you think the BIOS hack is impressive, well, I gotta tell you that my grandpa, that's right kiddos, my grandpa!, scoffs at the viruses out there because he could implement one that would blow out monitors, sparks and all! Now that's impressive!
    Cornhead
    • Your grandpa ....

      ... tells fibs. My grandpa can write one that turns on the computer completely over! ;)
      ShadeTree
  • Anyone buying a pirated copy of Vista ...

    [i]... is eventually going to get a nasty surprise.[/i]

    It's still too early in the game to say that for sure. I suspect SPP will make things more difficult in the long run, but I wouldn't hang the "impossible" sign out yet. Relax Adrian, there's still plenty of time and hope.

    I may live in SoCal, but in this game I'm routing for the [b]Pirates[/b] over the [b]Giants[/b]. ;)
    klumper
  • See? See?

    It's true! You DESERVE WGA spying on your computer periodically. Because someone
    else is a thief. So bend over and smile.
    frgough