WindowManagerBreakingWPA

From: WindowManager@bdcimail.com

Sent: Monday, October 22, 2001 12:35 PM

To: wwimberly@iadt.edu

Subject: BRIAN LIVINGSTON: “Window Manager” from InfoWorld.com, Monday,

October 22, 2001



========================================================

BRIAN LIVINGSTON: “Window Manager” InfoWorld.com

========================================================



Monday, October 22, 2001





– – – – – – – – – – – – – – – – – – – – – – – – – – – – 



SHIVER ME TIMBERS



Posted October 19, 2001 01:01 PM Pacific Time





ONE OF THE few truly new features in Microsoft’s

forthcoming Windows XP operating system is called

Windows Product Activation, or WPA. As I’ve written

for the past two weeks, WPA is an irritating control

scheme that can, under certain circumstances, require

that you contact Microsoft via the Internet or

telephone to obtain a new numeric key that “activates”

(unhinders) XP’s operation.



Microsoft has promoted this new behavior as a means to

reduce mass software piracy, a goal we all share. But

I’ve found that WPA won’t slow down software pirates

at all. Instead, it has a different purpose, which

I’ll explain momentarily.



As described by independent sources — and recently

confirmed in a Microsoft white paper (see

http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/xpactiv.asp)

— WPA examines the value of 10 hardware components

when XP is first activated on a PC. These components

are: (1) CPU type; (2) CPU serial number; (3) boot

drive; (4) boot drive serial number; (5) network

adapter; (6) RAM amount range, such as 0-64MB,

65-128MB, etc.; (7) display adapter; (8) IDE adapter;

(9) SCSI adapter; and (10) CD or DVD drive. XP

identifies some of these devices by reading their

actual serial numbers and identifies others by their

embedded text strings, such as "scsi-ibm."



WPA is dependent on Wpa.dbl, a file stored in XP’s

System32 folder. This file is so easy for software

counterfeiters to reproduce that it poses no barrier

to them at all, as first revealed by tecChannel, an

IDG publication in Germany.



In an installation of XP made from a retail CD,

changing four out of 10 components triggers a need for

“reactivation.” But if a PC is configured as

"dockable," then its display, IDE, and SCSI adapters

are ignored and don’t count if they change.



Software pirates, therefore, need only configure a PC

as "dockable" (a simple matter), switch off the serial

number of the CPU, and alter the serial number of the

boot drive. Pirates can then create thousands of

working PCs using a single Wpa.dbl file. The

counterfeiters can build PCs that vary as many as

three of the following components: CPU, RAM amount,

network adapter, boot drive, and CD/DVD drive. As far

as WPA is concerned, no reactivation is needed (see 

http://www.tecchannel.de/betriebssysteme/746/0.html).



tecChannel’s testing was originally based on XP’s

Release Candidate 1. Senior Editor Mike Hartmann

confirmed to me, however, that the shipping version of

XP still acts the same way.



WPA is not weak due to poor programming. It was

deliberately made weak to permit the kinds of hardware

changes people make in the real world.



WPA, in truth, wasn’t designed to impede true pirates

but to stop novice users from installing a second copy

on a laptop or a child’s PC. The fallout will be huge,

as we’ll see next week.



Brian Livingston’s latest book is Windows Me Secrets.

Send tips to tips@brianlivingston.com. Go to

http://www.iwsubscribe.com/newsletters to get Window

Manager and E-Business Secrets free each week via e-mail.







– – – – – – – – – – – – – – – – – – – – – – – – – – – – 



MORE WINDOW MANAGER 

For a complete archive of his InfoWorld columns visit 

http://www2.infoworld.com/cgi/component/columnarchive.wbs?column=window



INFOWORLD OPINIONS

Weekly commentary from the most trusted voices in 

IT at: http://www.infoworld.com/community/t_opinions.html



– – – – – – – – – – – – – – – – – – – – – – – – – – – – 



To join, or start, a discussion on this or any IT-related

topic, please visit our InfoWorld forums at 

http://forums.infoworld.com. Here you can interact and 

exchange ideas with InfoWorld staff and other readers.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – 

QUOTE OF THE DAY:



“Will national ID cards give people that same false

sense of security and allow us to lower our guard,

operating under the illusion that the government has

everything well in hand?”



–“Ethics Matters” columnist Carlton Vogt, questioning

the wisdom of national identity cards.



http://www.infoworld.com/articles/op/xml/01/10/22/011022opethics.xml?1022mnlv



– – – – – – – – – – – – – – – – – – – – – – – – – – – – 



SUBSCRIBE

To subscribe to any of InfoWorld’s e-mail newsletters,

tell your friends and colleagues to go to:

http://www.iwsubscribe.com/newsletters/



To subscribe to InfoWorld.com, or InfoWorld Print,

or both, go to http://www.iwsubscribe.com



UNSUBSCRIBE

If you want to unsubscribe from InfoWorld’s Newsletters,

go to http://iwsubscribe.com/newsletters/unsubscribe/



CHANGE E-MAIL

If you want to change the e-mail address where

you are receiving InfoWorld newsletters, go to

http://iwsubscribe.com/newsletters/adchange/



– – – – – – – – – – – – – – – – – – – – – – – – – – – – 



Innovative. Insightful. Invaluable.



Every week InfoWorld print delivers visionary analysis 

of Internet and enterprise strategies, updates on current 

business conditions, and test-proven IT solutions that 

build revenues, deepen customer relationships and 

increase productivity. Apply for your FREE subscription 

today at http://www.iwpriority.com/MN1001A



– – – – – – – – – – – – – – – – – – – – – – – – – – – – 



Copyright 2001 InfoWorld Media Group Inc.





This message was sent to: wwimberly@iadt.edu


Copyright ©2001-2003, Walter Wimberly – 
Instructor – IADT

 Learn from other people’s mistakes. You don’t live long enough to make
them all yourself.