Microsoft downplays XP activation
People who buy PCs with Microsoft's Windows XP operating system could find their machine disabled if they change or upgrade as few as four components.
Details of Microsoft's Product Activation technology, which is meant to prevent illegal copying and redistribution of the software, are contained in a document designed to debunk fears surrounding the technology. But some industry observers have predicted that the process could turn into a headache for PC users, forcing them to rely on either an Internet connection or a relatively complicated telephone transaction.
Microsoft insists the technology will be unobtrusive. Windows XP will be tied to a particular machine's configuration and will stop working if that configuration is "substantially altered."
People can activate in one of two ways: They can connect directly to Microsoft over the Internet, something many are reluctant to do, or they can call a help desk and relay their "Installation ID" in exchange for a 42-digit "confirmation ID."
Businesses, at least, should not have to deal with the process at all. The version of XP sold with volume licenses does not include Product Activation technology.
Most of the controversy generated by Product Activation since it was first revealed this spring has revolved around the process by which Microsoft gathers information about the PC user's hardware configuration and the way it monitors alterations. In July, a study by a German firm found that the process appears to protect user anonymity and allows for reasonable upgrades. But analysts say that consumers will have to be convinced.
In July, Microsoft wasn't giving details about how the process works, but recently the company bowed to consumer demand and revealed some of the technical details behind Product Activation.
When people buy a PC with XP pre-installed, they will probably not have to initially activate the operating system. Manufacturers can either activate in the factory using a process called System Locked Pre-installation (SLP) or activate it the same way a retail customer would.
SLP ties the software to information stored in a PC BIOS (basic input-output system), and therefore doesn't need to examine the PC's hardware. With an SLP-activated system, all hardware can be replaced. However, if the user replaces the motherboard, it has to be from the same manufacturer and must use the correct BIOS.
If the BIOS doesn't match, for whatever reason, the user would have to reactivate Windows XP via the usual retail method.
Installation and confirmation
Activating a boxed, retail version of XP involves two numbers: an "Installation ID," which the PC user submits to Microsoft, and a "Confirmation ID," which is used to activate the software.
If the PC user activates the software via telephone, he or she must read out the Installation ID--composed of a 20-digit product ID and an 8-byte value generated by the hardware configuration--and receive the 42-digit Confirmation ID. If Windows is activated online, the activation code is delivered as a digital certificate.
Microsoft is anxious to assure customers that the hardware-identification portion of the Installation ID is completely anonymous and can't be used to determine what hardware the PC user is running. It is what is called a "hash"--a number derived through a mathematical formula based on different, original values.
The mathematical transformation is supposed to be one-way, so that even if you know the formula, you can't work out the original values. In other words, the hardware hash is designed to be able to monitor changes in the hardware configuration without being able or needing to know exactly what the components are. In fact, Microsoft says two different PCs could conceivably create the same hardware hash.
For example, XP looks at the microprocessor serial number, a 96-bit number, and hashes it to create a 128-bit number. Six bits from this resulting number are used in XP's hardware hash.
The 10 devices used to create the hardware hash are the display adapter, the SCSI adapter, the IDE adapter, the network adapter, the RAM amount range, processor type, processor serial number, hard drive type, hard drive volume serial number, and CD-ROM/CD-RW/DVD-ROM drive type.
The hash also indicates the version of the algorithm used and whether the PC is "dockable," or able to be joined with a device that connects it to a network or other hardware.
In determining how much hardware can be changed, XP gives special weight to the network adapter.
Specifically, if a PC has a network adapter and the adapter is not changed, five of the other hardware values could be changed before reactivation would be required. If the same PC never had a network adapter, or the network adapter were changed, only three other hardware devices could be altered.
Adding new devices doesn't alter the hardware hash, although adding or removing RAM would make a difference.
XP treats dockable PCs--laptops, for example--more leniently. If a dockable PC has an unchanged network adapter, eight of the other values could be changed before product activation is required. If the network adapter is changed, only six other changes could be made. However, connecting or disconnecting from the dock could make alterations in the hardware hash.
Changing the same device several times counts as one alteration.
Microsoft's Internet clearinghouse system allows people who upgrade their hardware frequently to automatically reactivate the operating system up to four times per year.
Staff writer Matthew Broersma reported from London.