Microsoft is unwittingly screwing up in its fight against software piracy. Maybe I'm making a sweeping statement, but I've seen the results with my own eyes. People who would never before consider stealing software are more than eager to do so now. Microsoft is certainly converting software thieves: it's helping to create new ones.
Like Office XP, Windows XP will ship in two varieties: a retail version and one for enterprise customers. The retail edition requires product activation.
Windows Product Activation (WPA) ties a product key to a specific computer. After installation, you have 14 days to activate the product; if you fail to activate before the 14 days are up, the operating system won't start on day 15. When you do activate, WPA uploads a hash value that it calculates from your computer's hardware configuration--kind of a fingerprint. Microsoft stashes this fingerprint on its servers, signs it with the company's digital signature, and stores the result on your computer.
WPA seems bulletproof, too. Install Windows XP using the same product key on a different computer, and WPA knows that the key doesn't match the hardware. Try this frequently enough, and you'll have to call a toll-free number to activate over the phone. Think you can get around this by making a disk image and installing the image on a different computer? Think again; if the signed fingerprint doesn't match the current configuration, you must reactivate. Hacking the signed hash value invalidates the digital signature, requiring you to--once again--reactivate the product. Tight as a drum.
Here's the rub: Microsoft's enterprise customers carry big sticks, and they want nothing to do with WPA. Can you imagine the turmoil if 20,000 users individually activate Windows XP after a large-scale deployment? No way! That's why there's an enterprise edition, which doesn't require activation when used with the right product key. The last thing Microsoft wants to do is upset enterprise deployments of Windows XP.
So what's to stop a home user from getting hold of the enterprise version? Nothing really, and enterprise CDs won't be as hard to find as you may think. On the day that Microsoft released Office XP, I received numerous calls from colleagues--and even casual acquaintances--about product activation. These are people who normally pony up and buy software products and install them on a few of their home PCs. They're not average home users but technology tinkerers who install apps and OSs numerous times and on a few computers--to learn and, well, maybe just for the hell of it.
The phone calls went something like, "You have an unprotected copy of XP, right? Can I get a copy?" That was generally followed by "I don't want to hassle with product activation," "I can't afford multiple copies of the product," or "I reconfigure my hardware too much, and I don't want to beg to install software that I own." Then the bribes--uh, incentives--started. One offered money. Another wanted to swap a copy of Adobe Photoshop 6.0--an illegal copy, of course. A third went the hardware route, proffering two sticks of 128MB memory. But they all missed the point: in this activation scheme, you don't actually get to own the software, just a license.
It's inevitable that the same thing will happen with Windows XP. Even if my friends don't hit me up for an enterprise CD; they know other ways to get it. For example, you can already find enterprise Office XP CDs at the local flea market, and once it ships, enterprise Windows XP CDs are likely to fill the racks there, too. It won't be long before criminally minded entrepreneurs start burning CDs and passing them off as legitimate software. You should always be wary of bootlegged software, but be especially careful about anything with Windows XP on the label; you can be sure that Microsoft's first Windows XP service pack will include something to squash bootlegged product keys.
I think Microsoft is off the mark in the way it's addressing software piracy. The activation program will cramp the style of its most ardent cheerleaders--technology enthusiasts who don't have the same computer from one weekend to the next. And it probably won't really prevent hard-core piracy. Of course, Microsoft has a right to protect its assets. But this is the wrong way.
This story originally appeared in CNET Enterprise on 6/26/01.