On the article about a recent hack to the Windows Vista activation process, seeded at tom.newsvine.com, I posted a couple of comments to what I thought might be problems with assuming that this way of getting around the Vista activation process was a permanent solution in itself. This article is a further analysis of some of those issues.
The new hack is an elevation of a similar exploit that appeared when Windows Vista was first RTM'ed (Released to Manufacturing). At that time, the only "working" copies of Vista that were available were on the computers still running beta versions of the OS, since the product keys needed to actually activate the release version had not yet been made available.
What the earlier workaround did, was to figure out a means of applying a product key and activation code from the beta test phase to an RTM install of Vista (more explanation is available at http://apcmag.com/node/4560 ). The speed at which this workaround was produced is impressive, inasmuch as it may have been foreseeable by the hackers who created it months in advance of the final code. As impressive as that hack was though, it was still seen as limited by activating as a beta version, as all the beta keys and activations are set to expire on June 1, 2007; and beta code (or code that identifies itself as beta) is not subject to the same security and application updates as the final validated release.
This new hack involves working around an existing setup that allows for easy activation of certain versions of the OS. On Windows XP these volume license key versions did not have to be activated, which led to widespread piracy of the Home and Professional versions of the OS. A change made for Windows Vista was the introduction of the Volume Activation 2.0 system, a process under which one of the methods corporate installed versions of Vista can be activated is against a Key Management Service (KMS) host inside the corporate domain instead of needing a connection to Microsoft.
The new hack sets up a "fake" KMS Host server on a virtual machine, which one (or more) Vista machines can then be activated against. This does seem to be another impressive workaround, but again there are limits to how effective it may be in the long run; and some possibility that Microsoft was already prepared for this eventuality.
KMS activation is only valid for business and enterprise versions of Windows Vista. This means users of those versions do not have some of the consumer oriented bells and whistles of the Home editions of the OS; including Media Center support and XBox360 extensions among others. Early reports indicate that some business editions may also not be able to validate using the spoofed server. Beta product keys would seem to have been blocked in the release version of the KMS host software.
The systems activated though this method have to reactivate every six months (within a 180-day window), and if activated though an outside server, there is no guarantee that server will still be around long enough for a second activation. An additional hack allows for systems to validate from a local server, with that server based on a common image of a previously installed KMS host.
Computers activated though this KMS method appear to share a common key, and while they do not directly activate though a connection with Microsoft, it is possible to flag systems running that key (both client keys and the KMS server key) as running in what MS refers to as an unlicensed state. If that happens, then the client systems may no longer be able to validate against a KMS server without providing a new key, and the KMS Host itself may be disabled if its key is marked as invalid.
It will remain to be see if this hack has a lasting effect on the spread of pirated versions of Windows. While many supporters of the hacker community see the release of the "MelindaGates" KMS server as a significant blow against the MS activation policies, on further analysis it would appear that the new Volume Activation system is effective on limiting the version of Vista that hacks can be applied to, and keeps open the possibility that Microsoft may be able to pull a counter hack of their own in the future.