Code leak spurs Windows Server 2003 piracy

Will anyone be forced to walk the plank?

A key code for installing Microsoft's Windows Server 2003 has leaked onto the internet, a move that could lead to widespread piracy of the software. A Microsoft spokeswoman confirmed the leak late on Monday and said Microsoft was investigating the matter. The code key leak comes more than two weeks before the software's scheduled release on 24 April. The leaked code appears to be from a Microsoft corporate customer subscribing to one of the company's volume-licensing programmes, the spokeswoman said. Rumours circulating on enthusiast websites, such as Neowin and WinBeta, identified the leak as a '3-in-1 code', meaning that it would work with three different versions of Windows Server 2003. The Microsoft spokeswoman made clear that Microsoft would scour the internet looking for the leaked code. "Our legal department works aggressively on that kind of thing," she said. Stolen codes are often traded with the Microsoft software, typically on websites, newsgroups or Internet Chat Relay (IRC). The leaked key codes cast an unexpected shadow over the launch of Windows Server 2003 later this month. Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise. But the stolen codes show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves. The use of the code is a two-step process and it is the second one that will cause Microsoft the most problems, analysts say. The code is first used to install the software and the second step uses the code to activate the software with Microsoft via the internet. With the release of Office XP in May 2001 and Windows XP about six months later, Microsoft added a piracy-fighting tool known as product activation. Before then, businesses or consumers needed a key code to install Microsoft software, and the process stopped there. Product activation went a step further: the computer needed to contact Microsoft over the internet. During this process, hardware configuration and licence information were collected and associated together in an anonymous database. The process essentially locked the activation code to hardware, in theory preventing the key from being used to install the software onto another computer. Microsoft banked on the process for reducing widespread piracy of its Windows products. For example, the company estimates that about half the copies of Office in use worldwide are pirated. But Microsoft's piracy fighting tool has a potential flaw. For convenience, subscribers to Microsoft's volume-licensing program are issued keys that do not need activation. This makes it easier for businesses to quickly install the same software on many computers at the same time, without the labourious process of activation for each one. Should a code leak onto the internet, as it did with Windows Server 2003, the single code can be used to install an unlimited number copies of the software. "That's the problem with this technology, you have to keep those keys safely guarded," said Michael Cherry, an analyst with market researcher Directions on Microsoft. Cherry said that the leak could have happened any number of ways. "It could even have been a disgruntled employee," he speculated. Microsoft could not confirm which Windows Server 2003 versions the code unlocked, but unconfirmed reports circulating the Web on Monday identified the Standard, Enterprise and Web editions. There is little Microsoft can do to stop the pirated software from spreading; the best it can do is contain the damage. Two volume-licence code keys also leaked out ahead of the release of Windows XP, but the company was essentially powerless to respond. With the release of Windows XP Service Pack 1, the first collection of bug and security fixes for the operating system, Microsoft put a lock on software installed with the stolen codes. Service Pack 1 would not install on pirated versions, but Microsoft offered no mechanism for turning off pirated copies. The company estimates that 90 per cent of Windows XP piracy can be traced back to those two codes. A Microsoft spokeswoman said there is no Windows Server 2003 mechanism for disabling software identified as having been installed using a stolen code. In theory, such a mechanism might be capable of disabling software during a routine update with one of Microsoft's Web servers. Those copies of the software installed using the leaked code "won't be able to install future updates or service packs of access Windows Update", the spokeswoman said. "They're caught between a rock and a hard place," Cherry said. Software piracy is not just a Microsoft problem. The Business Software Alliance (BSA) estimates that 25 per cent of software used in the United States is pirated and that the worldwide figure is 40 per cent. China, Indonesia, Nicaragua, Pakistan, Russia Thailand, Ukraine and Vietnam have piracy rates of 78 per cent or more, according to the organisation. Joe Wilcox writes for News.com