Users login

Create an account »


Users login

Home » Hacking News » Pirated Copies Of Windows XP Pose Security Risk - Microsoft

Pirated Copies Of Windows XP Pose Security Risk - Microsoft

by Majik on October 31st, 2001 Microsoft [NYSE:MSFT] has confirmed that pirated copies of its Windows XP operating system exist on the Web, but warned users of the potentially serious security risks they run if they download and install the software.

Microsoft's warning comes in the wake of IT security firm Bit-Arts' claims that cracked versions of the commercial edition of WinXP started appearing on the Net within hours of the new operating system being put on sale last week.

Duncan Reid, Microsoft's U.K. and Ireland product licensing manager, told Newsbytes that the software giant is continuing to monitor instances where the WinXP product activation system appears to have been compromised.

So far, while allegedly cracked editions have appeared on the Web for download, Reid said that they appear to be "imaged" or similar copies of a volume license edition.

"When we developed product activation, we designed it for retail customer applications and not for major commercial customers. So far as we're aware, the product activation system itself has not been compromised," he said.

Reid acknowledged that there are imaged copies of WinXP available on several Web sites, but warned that, by downloading these pirate editions, users leave themselves wide open to viruses and other malicious code if they then install the rogue editions.

John Safa, chief technology officer of Bit-Arts, who has been monitoring developments on the WinXP product activation front for some time, told Newsbytes Usenet postings last week indicated that the anti-piracy system on WinXP has been thoroughly cracked.

The problem, Safa said, stems from the Microsoft's choice to ship an unprotected version of WinXP to major companies, while its small business and consumer versions have the product activation function.

"This (product activation feature) stops users installing the operating system on more than one machine, but crackers have done a byte-by-byte comparison between the major company and the protected edition. From there, it's obviously been a simple matter to take the protection code out of the software," he said.

Because of Microsoft's claims that its product activation system had not been compromised, Safa said that his research staff purchased a single user copy of WinXP from a local store earlier today and installed the operating system.

"Our IT team has been running the WinXP cracker utility with the operating system and we can confirm the product activation system has been compromised," he said, adding that he was not pleased with Microsoft's claims the system remains intact.

"We've told Microsoft of our findings. We've been trying to help them, and now they're saying the system hasn't been compromised. It has," he said.

Safa obtained the cracker utility, which is about 250 kilobytes long, by running a search on the Web using Morpheus - a file sharing Internet utility - late yesterday.

The utility, he said, allows protected versions of WinXP to be fooled into thinking it is always day zero of the 14-day introductory period since XP was installed on a users' PC.

Safa said that Microsoft's use of the product activation system on WinXP has effectively thrown down a challenge to the software cracking community.

That strategy may have backfired on Microsoft, he added, as there are now pirate versions of XP - and utilities - widely available on the Internet.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »