Sent: Monday, October 15, 2001 12:23 PM


Subject: BRIAN LIVINGSTON: “Window Manager” from, Monday,

October 15, 2001


BRIAN LIVINGSTON: “Window Manager”


Monday, October 15, 2001

– – – – – – – – – – – – – – – – – – – – – – – – – – – – 


Posted October 12, 2001 01:01 PM Pacific Time

I WROTE LAST week that Microsoft’s new Windows XP

operating system, scheduled for wide distribution on

Oct. 25, has so few real benefits and so many

irritations — especially Passport, an insecure and

relentless scheme to vacuum up users’ e-mail addresses

— that I instead recommend buying new PC systems with

Windows 2000 installed.

But you’re likely to face XP sooner or later, whether

you like it or not. That’s because PC manufacturers

almost universally plan to install the new operating

system unless buyers specifically request Windows 2000

or Windows Me.

As a result, you’d better know a thing or two about

XP’s most irritating feature of all: Windows Product

Activation, or WPA.

WPA is a peculiar method of generating a numeric key

that users must report to Microsoft via an Internet

connection or a telephone call to continue to use XP

after the first 30 days. The user receives a new code

number that “activates” XP.

Fortunately, purchasers of volume licenses from

Microsoft won’t have to activate XP systems. And PC

makers can preactivate the PCs they sell to buyers.

Ideally, a PC maker will choose to “tie” an XP

installation to its BIOS. This permits end-users to

make any number of hardware changes (except a

different BIOS) with no complaints from XP.

But problems arise if a user installs XP and then

changes several hardware components of his or her

system. In that case, XP use is restrained until

Microsoft is contacted again for a fresh number.

I’ve found that this method of generating the original

code is so lame that it will have no effect, as

Microsoft claims, on stopping true software pirates.

I’ll explain why in next week’s column.

This week, however, I want to address a different

concern people have about WPA — that it’s a profiling

system designed to reveal all your software and

hardware details to Microsoft. This fear is unfounded.

Although Microsoft itself hasn’t been completely

forthcoming about how WPA works, third parties have

examined the communication between Windows XP and

Microsoft on a bit-by-bit level. This shows that

nothing more is transmitted than a few bytes that XP

generates using a rough formula. No useful list of

hardware or software can be deduced from the resulting

string, which isn’t unique to a single machine.

The best paper I’ve seen on the actual process of

generating and interpreting the codes used by WPA is

from a software-licensing company called Fully

Licensed. See To

analyze your own byte stream, a free tool called XPDec

is provided in a Zip file at

A broader study of

WPA is at

Will all this impede serious pirates, though? Not a

bit. Tune in next week to see why.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – 

Copyright 2001 InfoWorld Media Group Inc.

Copyright ©2001-2003, Walter Wimberly – 
Instructor – IADT

 Learn from other people’s mistakes. You don’t live long enough to make
them all yourself.