KB940510 highlights some counterfeit Windows installations
Yesterday Microsoft released a new update for Windows Vista via Windows Update - KB940510. This update, when installed, will detect certain software used to bypass Windows product activation. Let's take a look at how it works ...
Here's how Microsoft describes this latest update:
This update enables Windows Vista to detect activation exploits that bypass product activation and that interfere with usual Windows operation. An exploit is a form of software that replaces or modifies authentic Windows components. When exploits are present on a system, it indicates that a software or hardware vendor may have tampered with genuine Windows to enable the sale of counterfeit software. Therefore, the security and the privacy of the computer are put at risk. After this update is installed, you will know if exploits are present on the system.
And here's what it does:
When the update is installed, no functionality of your operating system will be affected. If no exploits are detected, the update silently exits. If exploits are detected, you will be provided a link to a Web site that describes how you can remove the exploits. When the exploits are removed, you may be asked to use a valid product key to activate your copy of Windows. If you do not want to remove the exploits, Windows may disable the exploits and then ask you to use a valid product key to activate Windows.
Let's take a look at this update in action. To do that we need a Windows installation that's cracked by one of the hacks that this new update picks up on - I'll be using the Paradox OEM BIOS hack.
Then we have to wait for the update to appear ... this came in yesterday on some systems but not on others, so it's a waiting game ...
BINGO! It finds that the paradox OEM BIOS hack has been installed and flags the install as possibly being counterfeit.
The wording is pretty gentle:
Windows has found software that circumvents Windows activation and interferes with its normal operation. The presence of this software may indicate that your copy of Windows is counterfeit.
Despite the gentle wording, I don't feel that the information here is very clear - it certainly doesn't offer a victim who has been sold a non-genuine copy of Windows much information to go on and I think that a lot of people will freak out at this stage.
Also, the "Go online and learn how to repair Windows" option isn't all that enlightening:
To maintain the security of your computer and get the latest Windows updates, get a genuine copy of Windows Vista.
Microsoft also offers some information about activation exploits:
What is an activation exploit?
An exploit is software that replaces or modifies authentic Windows components. Activation exploits bypass product activation and interfere with normal Windows operation.
How did activation exploits appear in my copy of Windows?
Occasionally, software or hardware vendors may tamper with genuine Windows by placing activation exploits in the copy of Windows to enable the sale of a counterfeit product. Using counterfeit Windows may create security and stability issues for your computer.
What happens if the activation exploits are not removed from my copy of Windows?
If activation exploits are not removed, Windows may disable these exploits, and you will be asked to activate your copy of Windows with a valid product key. Having these exploits in your copy of Windows may cause security and stability issues for Windows. Learn more about risks of counterfeit software.
To get rid of the dialog window you have to check the box next to "I understand that this notice may only appear once" and then click Close.
A few notes about this update:
I can confirm that it DOES NOT carry out any form of stealth install. However, if you have updates set to come in automatically, this will be downloaded and installed as normal.
This update DOES NOT disable any functionality in Windows.
This update DOES NOT detect all activation bypass cracks.
Once installed, this update cannot be uninstalled - this is because it is a run-once application. Once it checks your system, and its work is done.
Even after detecting a bypass hack, Windows still reports itself as a genuine, activated copy.
This is a step in the right direction in protecting users from pirated software, but I can't help but feel that it's half-hearted, doesn't go far enough (in that there are plenty of activation hacks out there that it doesn't pick up on) and doesn't offer victims of counterfeit software enough information.