March 15, 2007 (Computerworld) -- Windows Vista can be run for at least a year without being activated, a serious end run around one of Microsoft Corp.'s key antipiracy measures, Windows expert Brian Livingston said today.
Livingston, who publishes the Windows Secrets newsletter, said that a single change to Vista's registry lets users put off the operating system's product activation requirement an additional eight times beyond the three disclosed last month. With more research, said Livingston, it may even be possible to find a way to postpone activation indefinitely.
"The [activation] demands that Vista puts on corporate buyers is much more than on XP," said Livingston. "Vista developers have [apparently] programmed in back doors to get around time restrictions for Vista activation."
Microsoft promptly labeled the registry change a "hack," a loaded word that is usually synonymous with "illegal."
"Recently it has been reported that an activation hack for Microsoft's Windows Vista operating system has been identified," said David Lazar, the director of the company's Genuine Windows program, in an e-mail. "Although these reports are purely speculative at the moment, we are actively monitoring attempts to steal Microsoft intellectual property."
"This is not a hack," Livingston shot back when Lazar's e-mail was read to him. "This is a documented feature of the operating system." To back up his view, Livingston pointed out links to online support documents where Microsoft spells out the pertinent registry key. Nor is it speculative; Livingston demonstrated the procedure live via a Web conference session today and claimed "we have run this dozens of times."
Livingston last month revealed that a one-line command lets users postpone Vista activation up to three times. Combined with Vista's initial 30-day grace period, that meant users could run Vista for as long as 120 days before they had to activate the OS. At the time, Microsoft seemed unconcerned with the disclosure and flatly stated that using it would not violate the Vista End User License Agreement (EULA).
"The feature that I'm revealing today shows that Microsoft has built into Vista a function that allows anyone to extend the operating system's activation deadline not just three times, but many times," Livingston said.
Microsoft documented the key on its support site in a description of what it calls "SkipRearm". In it, Microsoft explains that "rearming a computer restores the Windows system to the original licensing state. All licensing and registry data related to activation is either removed or reset. Any grace period timers are reset as well."
By changing the SkipRearm key's value from the default "0" to "1," said Livingston, the earlier-revealed "slmgr -rearm" command can be used over and over.
In tests with several editions of Vista purchased at different times, Livingston found that copies of Vista Ultimate and Vista Home Premium obtained at the end of January would accept the SkipRearm change only eight times. Together with the three postponements made possible with slmgr -rearm and the opening 30-day grace period, that would give users nearly a year (360 days) of activation-free use. A copy of Vista Home Basic bought March 14, however, ignored the SkipRearm registry change.
"Microsoft has slipstreamed something into Home Basic and Home Premium," Livingston said. "But from my reading of the support documents, Microsoft needs to keep this feature in its business editions, Vista Business, Enterprise and Ultimate. It seems that Microsoft is sympathetic to enterprises' difficulty in rolling out Vista within the activation deadlines."
Lazar did not answer several questions e-mailed to him today, including one that asked why Microsoft had included the SkipRearm feature in the first place. However, he indicated that the feature could be blocked if Microsoft desired. "It is important to note that these hacks are, at best, temporary. Microsoft has systems in place to detect and block piracy."
"This is somewhat of a threat to Microsoft," Livingston said. "But the extent to what it can retroactively patch, I don't know. Maybe they will want to change this. But that would only call more attention to activation and perhaps reveal the mechanism Vista is using to count SkipRearm."
Livingston has not been able to find where Vista stores the SkipRearm count; conceivably, that count is what restricts its use to a maximum of eight. If someone was to find the count location, however, and manage to change that as well as the SkipRearm registry key, users might be able to postpone activation forever, said Livingston.
"The problem I see with this is that unscrupulous system builders will use it [to install counterfeit copies of Vista], but that Vista will start demanding activation a year or more out, when the guy is long gone with your money," said Livingston. "And then the activation key wouldn't work because he would have used it on hundreds or even thousands of systems and Microsoft would have blocked it."
Microsoft introduced product activation in 2001's Office XP and also used it in that year's Windows XP. Activation was toughened up for Vista, however. After the grace period, nonactivated PCs running Vista drop into what Microsoft calls "reduced functionality" mode. In reduced mode, users can only browse the Web with Internet Explorer, and then only for an hour before being forced to again log on.
Livingston's work-around, however, may do away with activation altogether. "[Activation] has become so convoluted, the way Microsoft has implemented it, that it's more of an irritation to legitimate users than a worthwhile antipiracy measure," Livingston concluded.
Naturally, Microsoft's Lazar sees it differently. "The new antipiracy technologies in Windows Vista are designed to protect customers and prevent the software from working correctly when it is not genuine and properly licensed," he said. "Systems utilizing these hacks will not provide the benefits of genuine Windows, nor will they work as expected."