Microsoft is enhancing software license enforcement for Windows Vista and Longhorn Server products with an updated version of Windows Genuine Advantage (WGA). The new program, dubbed the Windows Software Protection Platform (SPP), promises to thwart the advances of software pirates, but will also cause headaches for IT managers. Tougher activation requirements – as well as a built-in "kill switch" to force compliance – mean greater diligence is required when it comes to license management, software migrations, and hardware changes.

Even now, WGA is still causing problems for many users, despite having been rolled back after initial criticism. For examples, refer to the official "Windows XP Genuine Advantage Validation Issues" page, which includes reports of legitimate enterprises and university campuses that have had their Windows XP volume license keys blocked by WGA for a variety of reasons. Given the widely reported false positives with the existing scheme, it is reasonable to expect some legally licensed machines under SPP to endure similar problems.

A Line in the Sand

About one-third of software worldwide is pirated, according to the Business Software Alliance (BSA). This gives all software vendors good reason to want to protect their intellectual property. SPP sends a clear message to the industry that Microsoft is serious about piracy and is willing to do whatever is needed to protect their intellectual property. Specifically, SPP includes anti-tampering, anti-reverse engineering, and elaborate activation components. Consider the following notable features included in SPP:

• Aggressive detection and blocking of software considered to be running with unauthorized license keys. For Premium versions of Vista this means denying unauthorized users access to features such as the new Aero user interface, ReadyBoost performance enhancements, and the Windows Defender anti-spyware tool.

• A "kill switch" for illegitimate copies of Vista. Continued non-compliance can result in Reduced Functionality Mode (RFM), which locks out the Start menu and desktop icons, and limits users to Internet access so that they may contact Microsoft to obtain a "genuine" copy of the software.

• New policy-based product activation. Microsoft Volume Activation 2.0 is the new activation scheme for enterprise customers that use volume license keys for Vista and Longhorn Server. For more information about Volume Activation 2.0, refer to the Info-Tech Advisor research note, "Vista License Activation Requirements: New Options Create Confusion."

• Continued commitment to security. Based on the premise that it is the consumer that ultimately suffers from software piracy, Microsoft has stated that all users will continue to receive Microsoft security upgrades regardless of the authenticity of their Vista software (although, how this will occur in RFM remains to be seen).

SPP also carries competitive implications. Although few IT decision makers would consider Linux for the desktop, alternatives to Microsoft Windows Server are more plentiful. Adding another barrier like SPP to Vista or Longhorn adoption will certainly cause many enterprises to pause and reconsider the business value of upgrading. Migrating to the new operating system already requires that enterprises absorb high licensing costs, contend with hardware upgrades to support the enhanced video requirements of Vista, and manage the complexity associated with migrating and testing applications.

Windows Vista and Longhorn Server are only the first of many products to incorporate SPP. Going forward, all Microsoft products are expected to adopt this technology for product activation.

Reduced Functionality Mode

The presence of RFM in Windows XP (i.e. limited screen resolution, colors, sounds, and peripheral features) is a lamb when compared to the toothy RFM experience associated with SPP non-compliance. With Windows Vista, users that do not activate their copy within an allotted time period or that are deemed to have unauthorized license keys are presented with three options: activate the software online, retype the product key, or enter RFM.

Once in RFM, Vista users will not be able to view the Start menu or any of their desktop icons. The only application available to them will be the Web browser; the only option will be to purchase a new product key. After an hour in RFM, the system will automatically log the user out without warning; however, it will not shut down the machine and the user has the option of logging back into RFM.

Actions that can result in Windows Vista or Longhorn Server entering RFM include:

• Failure to activate within 30 days of installation.
• Failure to renew activation after a major hardware replacement.
• With OEM-licensed machines, failure to activate within three days of switching to a non-OEM motherboard.
• Failure to renew activation under a new Volume Activation 2.0 scheme that requires periodic reactivation.

The updated anti-piracy tool also includes new code to detect tampering. If SPP determines that the core binaries of the operating system have been tampered with, users will be alerted and the system will go into RFM. In this case, reinstallation is the remedy.

Recommendations

1. Seek genuine copies of Vista. While few enterprises consciously purchase pirated software, making all acquisitions (especially those for overseas operations) through an authorized Microsoft reseller is a surefire way to guarantee authenticity.
2. Understand the limitations of OEM activation. Enterprises that use OEM activation should note that significant hardware changes to OEM machines will require new activation keys. Failure to enter a new key within three days of the change will result in RFM.
3. Take a "wait and see" approach to Vista migration. Info-Tech maintains that the best approach for vetting Vista-related issues is to wait until all preliminary problems and bugs are resolved before adopting the new operating system. The majority of issues will be experienced by early adopters, and eventually resolved through patches and service packs. The same is true for licensing and activation stumbling blocks.
4. Add SPP validation test procedures. Any Vista application development that affects system configuration could trigger the alarm. Be sure to test new Vista and Longhorn applications against SPP before rolling them out to prevent RFM. Get Microsoft on board to help with troubleshooting and patches.
5. Consider additional planning for deployment, support, and disaster recovery initiatives. SPP creates new challenges for IT staff.
   • SPP requirements will have to be baked into disaster recovery. If a server goes down, the last thing support staff are worried about is contacting the vendor to get the operating system activated. However, failure to do so in this case could result in further outages due to RFM.
   • The help desk will need new support scripts to manage issues such as handling activation warning messages and recovering from RFM.
   • New activation methods for Vista and Longhorn will require updates to license management systems. While enterprises using Microsoft System Management Server (SMS) are likely to receive (or have to purchase) updates to support Activation 2.0, enterprises using other vendors' solutions may not be so lucky.
   • One remaining question is how RFM will play out in virtualized environments where the software is abstracted from the underlying hardware and multiple operating systems can be associated with a single physical machine.

Bottom Line

As the "cat and mouse" game between the vendor and hackers continues, it is the customers that suffer most. Plan ahead for SPP before migrating to Windows Vista or Longhorn products.