I hate to burst everyone's bubble, but there is going to a rude awakening in a few months.

It's true that the KMS server (host) supplies keys completely detached from MS, but the keys it serves to clients are STILL traceable back to that specific (VM) server. The reason: The KMS key of the KMS server itself (the VM) is encoded into all ProductKeyID keys served to the VM's clients. (The KMS of the parent is encoded in the child).

In other words, the KMS key of the VM lives on in the clients--and MS obviously knows the fingerprint of this pirated VM server. And that KMS key fingerprint from the pirate VM will be the same in all clients activated by it.

Read the MS Partner Step-by-Step "Recovery from Non-Genuine State for Invalid or Blocked Product Key" section if you don't believe me that MS has already thought this out.

The gotcha scenario will work like this using WGA (Windows Genuine Advantage):

A Vista Enterprise client that was authorized by hacked VM KMS server will eventually go to Windows Update. WGA ActiveX control will be installed by website. That Active X control will look for fingerprint in ProductKeyID of the client for known pirate VM KMS servers. If Microsoft has added the "MelindaGates" or "JAZZ" VM fingerprint, the WGA ActiveX will find it. Error code 0x8004C40B will be written into the application event log.

If MS chooses, they will force the client into "Non-Genuine Grace" mode, and the desktop will be watermarked.
If left alone, it will be followed by RFM 30 days later.

Bottom Line:

If the KMS Server VM never has Windows Genuine Advantage run, then it's functionality is never disrupted. But the keys served up by it will eventually become tainted (from the thousands of other pirate VM installations out there). MS will take notice of the warez postings, and their WGA logs will show how may tainted clients there are that have been authorized by the pirated VM KMS servers.

If a Vista Enterprise client uses keys served up by these pirated VMs, they will work fine until WGA is run on them (Windows Update). At some point, it's a good bet that MS will turn these non-Genuine boxes "off".

The KMS server hack was an ingenious product activation workaround, but MS has already got it nailed. That's why MS is not commenting about it.

;o) Stuff it all, move over to LINUX. Ubuntu is easy enough for newbies and the learning curve is really no steeper than switching over to Vista. I don't get why so many companies plough their money into M$' never ending spiral of upgrades and abandoned support. I'm happy for the hackers but I won't be touching Vista if I can avoid it; WinXP+Linux for me and anything that requires Vista can go take a flying leap because they won't be getting my custom.

Exactly. I think the best thing for Microsoft is to get a really good copy-protection strategy and stick to it.

If people had to pay the real price of Windows... they wouldn't.

I think that we all need to, instead of pirating Windows, not buy it.

MS should have the right to price themselves out of their own market - it's a win/win for consumers: either Windows will fall to a price that people are willing to pay, or MS will go out of business and all our favorite apps will be ported to another OS.

would it be possible to authenticate to a KMS server over the internet?

could we be seeing rogues KMS servers hiding out there? maybe we'll see some hacked free ones hiding on the internet, or maybe even some that will charge a small fee. or maybe a legit KMS server will be found 'wide open' and hand out activations that way.

i guess the key to MS curbing piracy is in their updates, if they can make it so that you need to be legit to update (or very difficult to update illegitimately) people won't have much choice

because the double edge of hacking is that sure one group might hack Vista so anyone can have it without paying, but then the next group of hackers will find and exploit vulnerabilities meaning Vista is insecure unless constantly updated.. so it works both ways

Tell microsoft there's no such thing as hacker proof...

I doubt MS considers this a big deal. This is not the crack that will allow the kind of organized piracy (pressed CDs and pirate copies installed on whitebox PCs) that MS worries about. It won't even do much to enable casual copying (friend to friend) among ordinary users. Having a VM start up and a server run inside -- even if it's entirely automated, and only happens twice a year -- is not exactly like having a legit retail copy. If it's not entirely automated, expect to see people on forums asking for help with it (or simply asking what's going on, because they got this copy from somebody and they think it's legit). Meanwhile, that copy of Vista is going to need to go through WGA for any significant updates. And it's quite possible MS can push an update that disables validation against this particular KMS server copy. They could even push an update to all the legit KMS servers to make them handshake slightly differently, and a complementary non-WGA update to all clients to match, so the updated pirated client would stop talking to the VM'd server (which didn't get updated). Since the client only checks in with the server every 180 days, it wouldn't be immediately obvious MS had disabled it.

I know everybody likes to believe all the people at Microsoft are a bunch of idiots, but I'm quite sure they expected something like this was going to happen. They know they can't make a bulletproof system: they know the warez dweebs and "M$ is teh suxor evile!" folks will always find a way around it. Their goal is simply to raise the bar enough so that a pirate copy is more trouble than it's worth for joe average user. It has largely worked with XP (compliance rates are far higher than they were with previous versions of Windows), and it will likely work with Vista too.

Of course, the real crack for Vista -- the one where you get a CD that works exactly like the retail version, except you don't have to activate it with MS -- could still be coming.

MS had challenged Hackers ... Hackers proved there skills.. Nothing new move on...

This is not a crack, its just a 180days grace period. So in 180days you are screwed if you use it.

http://apcmag.com/node/4769
http://www.dailytech.com/article.aspx?newsid=5299
http://www.microsoft.com/downloads/details.aspx?familyid=9893f83e-c...

In other words, if you wanna use it. Have fun reinstalling each 180 days. The socalled "crackers" kinda forgot that the KMS server also need to proxy it to MS before giving yet another 180days. So no crack involved, no special thing anyone in here couldnīt already do by themselves.

I'll have to dig up my post on Usenet back in June or so where I guessed this would be the first big activation bypass. As soon as MS made the details of volume licensing 2.0 public, it was apparent what was getting cracked. The 'road warrior' VLM/VLK pairs are no good, since they still phone home to MS to activate and would be too hard to obfuscate and avoid blacklists/WGA. KMS VLM, on the other hand, is just begging to get warezed. The KMS server is just too weak a link. MS activates the KMS server *once*, and then the KMS server is 100% independant of Redmond, and is in the end-user's hands as well! It'll be very difficult for MS to get anything like WGA to red flag this, as well, since key revocation works only for individual keys or ranges of keys, and MS *doesn't even get to see those* this time around! Now all you need is a cracked KMS server anywhere on your LAN plus some Vista VLM, and you don't even need a CD key anymore! Piracy doesn't get much easier than that.

MS wanted a new and more powerful activation 2.0, but they forgot that what the volume license folks get legitimately, warez monkeys get by burning a DVDR and carrying home from work. The big corps won't accept individual PCs contacting MS to activate, and their paranoia and security-mindedness guarantee that pirates will be able to pirate for many OS versions to come.

How did M$ not see this coming...or maybe they did and chose to do nothing about it, choosing rather to more aggressively pursue ELA violations?

#12, You have never worked at a real company. At least one that is larger than a 1000 employees.

1000 employees? How about merely 100 employees? Or 10 employees? The business world doesn't give a rat's ass about the OS, only that the applications they use every day to make money are available and increase their productivity. It just isn't there for Linux, and given the constant fissures in development of Linux (GUI wars, anyone?), do we expect that to change anytime soon?

The biggest asset Linux has is its community; it's also its greatest obstacle to widespread acceptance and adoption, since the continued separatist elitism from all familiar quarters combined with an appalling lack of a standardized codebase is what deters individuals and companies from spending time and money on the platform.

The volume license version of Vista requires you to report usage every month? Sheesh.

Personally I was hoping the new scheme would be uncrackable. If that's what MS really wants, let them do it and let the chips fall where they may. Cracks only serve to encourage people to continue embracing this platform.

Why MS is wasting their efforts on copy protection? It is a losing battle against pirates. Average Joe usually gets his copy of a MS OS via OEM system license. It is annoying that OEM verison gets such a sweet discount while retail verison is borderline rape.

The best way to deal with software piracy is to make it economically impractical. I bet Vista would get a far more warmer welcome by the enthusiast ring if their was a large price cut for retail verison (30-50%) and get rid of the whole WPA nonsense. MS would still make a crap load of $$$$ via volume.

I'll pay for Ultimate reguardless, so FIA.

Talk aboot a digital expression of Newton's Third.
As for me I'll just carry on with my XP and Vista brico pack, all the flavour, half the calories.

yet again, Microsoft treats legit customers as criminals, while pirates still get a free OS.

bring on more draconian measures!
apparently it isn't enough.

maybe the OS should re-activate itself every 5 minutes, monitor all your actions via a keylogger, and format itself within 30 seconds of even thinking you might have pirated it, while reporting all your activities to the FBI and labeling you as a muslim terrorist and freezing your bank account to give all your money directly to Microsoft.
conveniently you end up with no rights whatsoever, due to loopholes in the law system giving accused terrorists no rights as human beings, and you are tortured and all your possessions are taken, while tying you up in the red tape for years.
there ya go.
and for the resistant, spread fud and sue like the RIAA.
Microsoft drm 2.0.
or more accurately WGA 2.0.
lol.

or even better go the payment route: charge 300$ a year/ 50$ a mo.
guaranteed profits there.
if you can't stop piracy, wring out your lost profits from the people who actually pay for it.

p.s. of course I'm exaggerating, but how close from the truth is it? :P

bill gates is the king of the world!!!!!!!!!

Corporate Edition 2: Warez Jubilee Day? "Yohr keys. Gib dem to me, now."

Funny thing is, I know a lot of legitimate Windows XP owners who run or have ran with a pirated CorpEd install, notably those who indulge in frequent hardware changes for fun and profit, just to avoid the WPA nonsense.

I sympathize -- after a hardware upgrade process that tripped activation twice, followed by a subsequent secondary hard drive failure that turned into another reinstall, my activations (about five total on that key, I think) ran out and this past morning I had to convince a call center drone that the copy really was installed on only one machine.

That Microsoft has evidently outsmarted itself with the Vista activation scheme really has a nice poetic touch. (And to think, all this garbage from the company which, a long time ago, wrote an Office97 EULA that explicitly permitted the user to install the same copy on a mobile computer used as a secondary machine by said user...)

Another case of doing things because you can...not because you should.
The mantra of hackers and crackers....no matter what the cost....usually to someone else.

Too late: a friend of mine has had ultimate edition for over a week now. Also, I can't believe Microsoft did not see this coming! It was totally inevitable and is imposible to be stopped. Oh well. That's just better news for us.

Oh yes: And while the VLMs and KMS only allow Vista Business and Enterprise versions right now, it's only a matter of time till a KMS server authorized for Ultimate Edition gets warezed out. MS is giving KMS servers that do business to all the big corporate OEMs right now, but MS has said a few times that they can and will add Ultimate to any corp's KMS if the corporation requests it.

Just as soon as one of them does, that puppy will get cracked and dropped onto Usenet and P2P as well, and the cat will be irretrievably gone from the bag.

Wow. Who'da thunk it?

wewt ... (blah blah 10 character limit)