Sunday, February 10, 2008

Breaking Vista: Psycho-analyzing Microsoft's mixed-message

Much has been written of late about Vista security, specifically the WGA/Windows Activation features. To date, there were two good hacks that worked great if you had a non-legal [pirated] copy of Vista, as briefly discussed here, on ZDNet. With Vista SP1 hitting, those two well-known hacks will no longer work, and I can understand why this is happening. What I don't understand is this mixed-message that Microsoft is sending.

First, Microsoft announced that it would remove the disabling feature within Windows Vista that would essentially [almost] completely disable Vista if it was not activated within the specified time-period, and replace that system with a system of "nags". That's odd. Now, Microsoft is moving aggressively to disable these hacks that have had some people running illegally installed versions of Vista, and thus creating a whole new set of problems for some unsuspecting (or some suspecting) folks. Interesting.

So why is Microsoft sending this mixed message? If you look at the big picture and recall that non-genuine versions of XP had the WGA validation removed for IE7 installations the picture gets even more "interesting".

I think I understand though - it's not about keeping hackers at bay, or beating those black-hats. It's about the larger-volume issues. It's about the home users (who would otherwise be legit) which have been OEM'd bad copies of Vista, and will now have to go spend the money to "buy" their legit versions. The IE7 bit is about market-share, that's hopefully obvious, in the wars between competing browsers.

So here's the big-picture analysis in a nutshell - Microsoft isn't after the "hackers" because they're basically (from what I can tell) admitting they won't beat them. This is a good move, playing the one-up game for the very small amount of licenses in the big picture is a losing proposition. Instead, Microsoft is after those home users who have unknowingly obtained a non-legal copy of their newest operating system, and are going to make them purchase a genuine license - but not at the price of shutting down their PC - MS wants to use the gentle prod versus the pointy stick... good move. I think overall, their strategy is solid - let's see what happens next.

1 comment:

Anonymous said...

Take a look at this classic DDOS attack, investigation and revenge story by Steve Gibson: