Windows key leak threatens mass piracy
A key code for installing Microsoft's Windows Server 2003 leaks onto the Internet, a loss that could lead to widespread piracy of the software.
A Microsoft representative confirmed the leak late Monday and said Microsoft was investigating the matter. The leak comes more than two weeks before the software's scheduled release on April 24.
The leaked code appears to be from a Microsoft corporate customer that subscribes to one of the company's volume-licensing programs, the representative said. Rumors circulating on enthusiast Web sites, such as Neowin and WinBeta, identified the leak as a 3-in-1 code, meaning that it would work with three different versions of Windows Server 2003.
The Microsoft representative made clear that the company will scour the Internet looking for the leaked code. "Our legal department works aggressively on that kind of thing," the representative said. Stolen codes are often traded with the software, typically on Web sites, newsgroups or Internet Relay Chat (IRC).
The leaked code casts an unexpected shadow over the launch of Windows Server 2003. Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise market. But the stolen code show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves.
The use of the code is a two-step process and it is the second one that will cause Microsoft the most problems, analysts say. The code is first used to install the software and is then used to activate the software with Microsoft via the Internet.
With the release of Office XP in May 2001 and Windows XP about six months later, Microsoft added a piracy-fighting tool known as product activation. Before then, businesses or consumers needed a key code to install Microsoft software, and the process stopped there. Product activation took it a step further. The computer would need to contact Microsoft over the Internet. The hardware configuration and license information would be collected and associated together in an anonymous database.
The process essentially locked the activation code to hardware, in theory, preventing the key from being used to install the software onto another computer. Microsoft banked on the process for reducing widespread piracy of its Windows products. For example, the Redmond, Wash.-based company estimates that about half the copies of Office in use worldwide are pirated.
But Microsoft's piracy-fighting tool has a potential flaw. For convenience, subscribers to Microsoft's volume-licensing program are issued keys that do not need activation. This makes it easier for businesses to quickly install the same software on many computers at the same time, without the laborious process of activation for each and every one. Should a code leak onto the Internet, as it has with Windows Server 2003, the single code can be used to install an unlimited number copies of the software.
"That's the problem with this technology, you have to keep those keys safely guarded," said Michael Cherry, an analyst with market researcher Directions on Microsoft. Cherry said the leak could have happened any number of ways. "It could even have been a disgruntled employee," he speculated.
Microsoft could not confirm which Windows Server 2003 versions the code unlocks.
There is little Microsoft can do to stop the pirated software from spreading; the best it can do is contain the damage. Two volume-license code keys also leaked out ahead of the release of Windows XP, but the company was essentially powerless to respond.
With the release of Windows XP Service Pack 1, the first collection of bug and security fixes for the operating system, Microsoft put a lock on software installed with the stolen codes. Service Pack 1 would not install on pirated versions, but Microsoft offered no mechanism for turning off pirated copies. The company estimates that 90 percent of Windows XP piracy can be traced back to those two codes.
A Microsoft representative said there is no Windows Server 2003 mechanism for disabling software identified as having been installed using a stolen code. In theory, such a mechanism might be capable of disabling software during a routine update with one of Microsoft's Web servers.
Those copies of the software installed using the leaked code "won't be able to install future updates or service packs of access Windows Update," the representative said.
"They're caught between a rock and a hard place," Cherry said.
Software piracy is not just a Microsoft problem. Washington-based Business Software Alliance estimates that 25 percent of software used in the United States is pirated. West Virginia, Mississippi and Wyoming have the biggest problems, with piracy rates of 47 percent or more. Meanwhile, the worldwide piracy rate increased for the second year in a row. The software alliance estimates that 40 percent of software in use worldwide is pirated. China, Indonesia, Nicaragua, Pakistan, Russia, Thailand, Ukraine and Vietnam had piracy rates of 78 percent or more.