Can Microsoft make pirated Windows unusable with a click?

[The Day Dreamer]

I hear everywhere on social media that if Microsoft wanted, they could just disable all PIRATED Windows user's installation by a click or something

On top of that, they put weak security for letting pirates do piracy. Is this true???

 

[OrionMaster]

Probably yes. They rather have you use a pirated Windows than OSX or Linux. But of course, they can't admit that in public

 

[lxskllr]

Of course they can. They can do anything they want since the code is hidden, and they retain control.

 

[corkyg]

I wish they would!

 

[ninaholic37]

I imagine that legitimate copies could still be copied and "tricked" into being seen as legitimate by hackers eventually. Most hackers don't even want to install Windows 8 let alone pirate it and there's already Bing version (Free) so it will take more than pirates to get people on board new Windows imo.

 

[matricks]

They could probably do something to anyone with "suspicious" activation data, i.e. activated but if they dig enough they'll find a mismatch someplace. But because most of the methods utilize loopholes and design flaws in Microsofts licensing mechanisms, it is very likely that some suspicious users are legitimate paying customers. If they pressed a big red button, and only 99% of the disabled installations were actually pirated, the remaining 1% is a very large number of paying customers.

 

[shimpster]

MSFT has been filing law suits vs disabling the software

 

[DigDog]

they could certainly shut down any legal copy, or at worse, illegal copies assuming the pirate who released the copies didn't do any modification.

i dont have any experience with pirated software, but i once heard a guy on the subway saying that pirate versions of windows are far superior to legit copies, because they remove the bloatware, anachronistic components, and anti-piracy code, making for a smaller footprint, smaller size, and better performance.

 

[Morbus]

Simple answer? No. Not with a click, and probably not at all.

Complex answer? Yes, but only if they work very very hard and code very very hard. Because as weird as it might seem, Microsoft has NO WAY to telling legitimate copies of Windows apart from MOST pirated versions. At least for Windows 7, the way people pirate Windows 7 is to turn it into an "eternally activated OEM version of Windows". Similar to the versions of Windows that come with your computer when you buy it off the shelf? Yeah, Microsoft has no idea whether your version is legitimate or not.

 

[bradley]

Microsoft certainly can't disable, much less detect, a SLIC BIOS modification running Windows 7.

 

[JEDIYoda]

Most hackers don't even want to install Windows 8

you have no clue do you...

 

[bononos]

Simple answer? No. Not with a click, and probably not at all.

Complex answer? Yes, but only if they work very very hard and code very very hard. Because as weird as it might seem, Microsoft has NO WAY to telling legitimate copies of Windows apart from MOST pirated versions. At least for Windows 7, the way people pirate Windows 7 is to turn it into an "eternally activated OEM version of Windows". Similar to the versions of Windows that come with your computer when you buy it off the shelf? Yeah, Microsoft has no idea whether your version is legitimate or not.

I'm pretty sure MS can always update windows to better detect exploits and programs used to bypass it validation process. They had at least one update which did that.

 

[ArisVer]

What I've read some time ago is that MS is keeping a database and certain keys (usually OEM) that are used for cracking purposes appear in their database as multiples.

Regarding the OP I am sure they could do that. As another mentioned further up, it's better for them for people to use Windows, even pirated ones.

 

[Morbus]

I'm pretty sure MS can always update windows to better detect exploits and programs used to bypass it validation process. They had at least one update which did that.

they did, back in Windows XP. But, as I said, they can't do that with windows 7, because they'd be affecting thousands of legitimate costumers as well.

Basically Microsoft allowed for partners to freely and easily activate any copy of Windows at will, and the crackers stole that ability. Effectively, Microsoft allowed the crackers to freely and easily active any copy of Windows. Forever.

That said, think of the reasons behind Microsoft's potential ban on pirated versions of Windows.

Why would they want that? All they want is market share, because that's what powers EVERYTHING Windows related. If anything, piracy is fueling sales, because developers focus on Windows, more people buy computers with Windows, companies need to buy their licenses anyway so they're not gonna pirate, and it's mostly small fry that pirate Windows anyway. Would Microsoft be so much better off pissing them off? I'd wager not.

 

[Morbus]

What I've read some time ago is that MS is keeping a database and certain keys (usually OEM) that are used for cracking purposes appear in their database as multiples.

That is not a thing. That's not what's happening.

As I said, most pirated version of Windows use the SAME key, yes. But they use the same key as LEGITIMATE versions of Windows. If you buy a computer from Asus and it comes with Windows? Your key is the same as some pirated versions of Windows. Microsoft can't tell your computers apart, basically.

But I may be wrong, I'm not cracker.

 

[synapsea]

Microsoft never can do it. i dont think is so smart. Microsoft is totally powerless...

 

[smakme7757]

That is not a thing. That's not what's happening.

As I said, most pirated version of Windows use the SAME key, yes. But they use the same key as LEGITIMATE versions of Windows. If you buy a computer from Asus and it comes with Windows? Your key is the same as some pirated versions of Windows. Microsoft can't tell your computers apart, basically.

But I may be wrong, I'm not cracker.

Yep, you'd be wrong .

Windows rings home at certain intervals and double checks its validation and license. If the same key is registered on multiple machines (or on more machines than the license is valid for) and both/all of these machines have "Called Home" within a certain time period; Microsoft presumes that it's a single key in use on multiple machines. The licenses are then deactivated.

I know this both because I've heard it from a Microsoft Premier Support engineer and i've had two machines with the same license get deactivated.

Due to the amount of pirating around it really isn't in Microsoft interest to deactivate these copies.

I would say the amount of Windows pirating in the working adult population is pretty small. Most people buy a PC and it already comes with a license. Additionally most people who will build a PC from scratch usually buy an OEM license which is cheap any way.

In my opinion if you have the money to pay for a license then pirating just isn't worth the hassle. Microsoft gives you more or less unlimited activations, so who gives a shit

 

[DigDog]

only legitimate copies of windows phone home, pirated copies don't.

(also, what Morbus said)

 

[matricks]

Windows rings home at certain intervals and double checks its validation and license. If the same key is registered on multiple machines (or on more machines than the license is valid for) and both/all of these machines have "Called Home" within a certain time period; Microsoft presumes that it's a single key in use on multiple machines. The licenses are then deactivated.

For NT 5.x era volume licensing and 5.x/6.x retail licensing, this is pretty accurate. However, until Windows 8, OEMs activated by what Microsoft called System Locked Preinstallation. OEMs put a marker/certificate into BIOS memory, which indicated what Windows version(s) the machine was licensed for. They then activated it with an SLP key, which just tells Windows to look in BIOS for license information, and find the license data. Windows will activate permanently if BIOS license data and Windows versions matches. Each OEM has one or a couple of SLP keys per Windows version, so millions of machines will use the same key. The license sticker on any machine has a unique key (COA key), but this isn't used when the OEM installs Windows, it's just there because doing an SLP activation isn't end-user friendly.

What pirates did was manipulate memory to put a license certificate in BIOS when one wasn't originally there, and activate with an SLP key. This was done either by modifying a BIOS update, or with a bootloader program that would put the certificate in memory before loading Windows. End result is that Windows thinks it's SLP activated by an OEM. There is no automatic way for Microsoft to detect this.

The only way is to find mismatches, for example an Asus X99-A motherboard is not sold with an OEM certificate in BIOS. If Asus sold it to an OEM who would need that in BIOS, they would rename the board, even if it physically was identical. If you put an OEM certificate in this boards BIOS, there is a mismatch, because a X99-A board isn't supposed to have that. Finding all these mismatches in a way that reliably identifies pirates and avoids identifying paying customers is a lot of manual work, and require a lot of research and testing.

With Windows 8 OEMs have to put a unique key in each machine BIOS, not just the generic license certificate. This makes OEM activation less useful, so pirates use fake key servers instead. Large businesses can set up key servers in their own premises, so they can manage licensing centrally. Pirates use programs that emulate keyservers, Windows can't tell the difference. Microsoft could implement extra checks if they found bugs in these emulated keyservers that would identify an unauthorized keyserver.

 

[pcgeek11]

Yep, you'd be wrong .

No actually he is correct.

Take a Dell Notebook Model XXX They all use the same Key in the BIOS SLIC to activate the OS. The OEM Sticker Code is Not used for activation. All of the Dell Notebook Model XXX uses the same SLIC Key for automatic activation via the certificate on the OS and key coded in the BIOS SLIC. It doesn't even need an internet connection to activate.

What a hacker does is modify the BIOS SLIC Table to a homemade computer with an appropriate code from a Dell or whatever OEM they choose and then flash it back into the BIOS. Then insert the matching certificate into the installation DVD. Now when the OS is installed it is activated automatically and will appear to be a prebuilt PC from whatever OEM Certification was used. Microsoft will not be able to tell the difference.

I did this before as a test to see if it works and it does.

 

[smakme7757]

For NT 5.x era volume licensing and 5.x/6.x retail licensing, this is pretty accurate. However, until Windows 8, OEMs activated by what Microsoft called System Locked Preinstallation. OEMs put a marker/certificate into BIOS memory, which indicated what Windows version(s) the machine was licensed for. They then activated it with an SLP key, which just tells Windows to look in BIOS for license information, and find the license data. Windows will activate permanently if BIOS license data and Windows versions matches. Each OEM has one or a couple of SLP keys per Windows version, so millions of machines will use the same key. The license sticker on any machine has a unique key (COA key), but this isn't used when the OEM installs Windows, it's just there because doing an SLP activation isn't end-user friendly.

What pirates did was manipulate memory to put a license certificate in BIOS when one wasn't originally there, and activate with an SLP key. This was done either by modifying a BIOS update, or with a bootloader program that would put the certificate in memory before loading Windows. End result is that Windows thinks it's SLP activated by an OEM. There is no automatic way for Microsoft to detect this.

The only way is to find mismatches, for example an Asus X99-A motherboard is not sold with an OEM certificate in BIOS. If Asus sold it to an OEM who would need that in BIOS, they would rename the board, even if it physically was identical. If you put an OEM certificate in this boards BIOS, there is a mismatch, because a X99-A board isn't supposed to have that. Finding all these mismatches in a way that reliably identifies pirates and avoids identifying paying customers is a lot of manual work, and require a lot of research and testing.

With Windows 8 OEMs have to put a unique key in each machine BIOS, not just the generic license certificate. This makes OEM activation less useful, so pirates use fake key servers instead. Large businesses can set up key servers in their own premises, so they can manage licensing centrally. Pirates use programs that emulate keyservers, Windows can't tell the difference. Microsoft could implement extra checks if they found bugs in these emulated keyservers that would identify an unauthorized keyserver.

No actually he is correct.

Take a Dell Notebook Model XXX They all use the same Key in the BIOS SLIC to activate the OS. The OEM Sticker Code is Not used for activation. All of the Dell Notebook Model XXX uses the same SLIC Key for automatic activation via the certificate on the OS and key coded in the BIOS SLIC. It doesn't even need an internet connection to activate.

What a hacker does is modify the BIOS SLIC Table to a homemade computer with an appropriate code from a Dell or whatever OEM they choose and then flash it back into the BIOS. Then insert the matching certificate into the installation DVD. Now when the OS is installed it is activated automatically and will appear to be a prebuilt PC from whatever OEM Certification was used. Microsoft will not be able to tell the difference.

I did this before as a test to see if it works and it does.

Ok, that's good info guys. The BIOS stuff was new to me. I haven't really spent much time looking at that sort of stuff in the last few years.

I stand corrected

 

[lamedude]

They rather have you use a pirated Windows than OSX or Linux. But of course, they can't admit that in public

Actually they did.

If they're going to pirate somebody, we want it to be us rather than somebody else.

 

[sbpromania]

"If they're going to pirate somebody, we want it to be us rather than somebody else" - Raikes from Microsoft.

I think what Microsoft wants now is to have a larger market share, hence the free Windows 10 upgrade for pirated copies.
​

 

[matricks]

Genuine Windows and Windows 10 (Blogging Windows)

Microsoft will watermark pirated Windows 10, as well as Windows 10 upgraded from earlier pirated editions. Wonder how that will work, I can't see them marking these installation without applying some form of restriction as well. If it's just a mark, why would people bother?

Do the forced reboot every two hours thing Windows 7 RC did. That got people running.

 

[Morbus]

Windows rings home at certain intervals and double checks its validation and license.

Well, I can you tell you as a fact that I've seen at least 3 different versions of pirated Windows 7 that don't phone home at all. A NONE of them had any key at all.

It is a key-less Windows version, that's what I'm saying.

And they all passed verification.

I don't think I'm explaining myself very well, because you either didn't read what I wrote or maybe something I'm saying is unclear, because we're not talking about the same thing, and we're going around in circles.

only legitimate copies of windows phone home, pirated copies don't.

Some legal versions of windows don't phone home either, and I've seen those as well, plenty of those actually. My old company had a bunch of machines with key-less versions of Windows. And they were legal versions.

No actually he is correct.

Take a Dell Notebook Model XXX They all use the same Key in the BIOS SLIC to activate the OS. The OEM Sticker Code is Not used for activation. All of the Dell Notebook Model XXX uses the same SLIC Key for automatic activation via the certificate on the OS and key coded in the BIOS SLIC. It doesn't even need an internet connection to activate.

What a hacker does is modify the BIOS SLIC Table to a homemade computer with an appropriate code from a Dell or whatever OEM they choose and then flash it back into the BIOS. Then insert the matching certificate into the installation DVD. Now when the OS is installed it is activated automatically and will appear to be a prebuilt PC from whatever OEM Certification was used. Microsoft will not be able to tell the difference.

I did this before as a test to see if it works and it does.

See? I knew the problem lied with me, I just wasn't explaining myself very well, mostly because of lack of knowledge, but there you go!