Share via


'Brute' Force Attack on Windows Vista now 'Moot' Force Attack

Over the weekend we learned that the widely covered 'Vista Brute Force Keygen' turned out to be a hoax. It's nice that the originator has come forward and is encouraging everyone to buy and use genuine copies of Windows Vista.

As you can imagine we receive reports of hacks every week. Many turn out to be ineffective, but to determine that we review and investigate every report. One of the first questions we ask ourselves with each reported hack is 'does this represent a real risk to our customers?' As we learned with XP, counterfeit software can be quite risky to obtain and run.

The next question we ask is ‘can this be commercialized'? Some hacks are highly technical to implement and can require significant engineering on the part of the end user. These are obviously interesting to us and we do spend time looking closely at them. At the same time it's possible for a hack to be scaled and used by organized rings of counterfeit software traffickers to profit by exploiting innocent victims. Our priority is in evaluating against scalability and risk to our customers and working to help customers that might have been victimized.

I would also like to point out that people seem to get pretty excited at any reported possible hack. And while it's always fun to have the attention, having worked on these issues for several years I've learned that it can take a while to learn how real a reported hack is...or not (e.g. the Brute Moot Force attack).

Comments

  • Anonymous
    March 05, 2007
    It is great that you put such effort in protecting your investment. I saw Windows Vista in action, and, as a developer, I was extremely impressed. I think that DRM is a has a significant role in protecting honest consumers from fraud, and at the same time, it is essential to keep us from risking our jobs and positions due to revenue loss within the software industry. I do see that the consumer market is not fond of accepting DRM, but it seems like as there is no other choice, and DRM is here to stay - and rightfully so; content creators have every right to protect their intellectual property. I am following your blog closely, and it is a nice read. Keep up the good work. P.S. could you open up a WGA chat room? Thanks!

  • Anonymous
    March 05, 2007
    The comment has been removed

  • Anonymous
    March 05, 2007
    The comment has been removed

  • Anonymous
    March 11, 2007
    The comment has been removed

  • Anonymous
    March 12, 2007
    The comment has been removed

  • Anonymous
    March 13, 2007
    rdamiani, I appreciate your articulate comments. Let me respond to a couple of points.

  • To the point about treating a validation failure as a marketing opportunity:   - First, our program is targeted primarily at individuals who are in fact victims of counterfeiters and those who resell counterfeit including bad PC builders/resellers. After research and feedback from thousands of customers we have learned that messages that are simple, clear and are actionable such as 'you have counterfeit software - you should get legal software instead - here's how' are preferred by customers and encourage more customer participation in solving the problem than messages about licensing services encountering an issue.   - Second, we're working hard to make sure that the scenarios we're aware of that might be confusing or might be perceived as a false positive have support options and additional information available to help sort through the issues. Also, we do not want people who already have a legitimate license to purchase another one. As I have said before, if anyone has purchased a license unnecessarily because of WGA we will gladly refund the customer's money.
  • On the point of Windows Genuine Advantage being doublespeak? I disagree. Aside from the additional downloads, WV Ultimate Extras and better support WGA provides a valuable service to users of Windows particualrly when the user is an unwitting victim. The fact is there are millions of victims worldwide. We have chosen to offer the communications and solutions we do through WGA what else should we do for them? Lastly, I appreciate your five suggested improvements and I believe SA is available for OEM licensed Windows.
  • Anonymous
    March 13, 2007
    The comment has been removed

  • Anonymous
    March 14, 2007
    What to do about the victims of counterfeiting: Change your mindset. If the response from Microsoft wasn't "you stole that software, didn't you" then there would be no talk of 'false positives'. By replacing 'licensing error' with 'Genuine Validation Failure' you are letting a lazy approach to writing error messages look like a value judgment, even though that's not actually possible.

  • Anonymous
    March 15, 2007
    The comment has been removed

  • Anonymous
    March 16, 2007
    The comment has been removed

  • Anonymous
    March 16, 2007
    The comment has been removed

  • Anonymous
    March 19, 2007
    The comment has been removed

  • Anonymous
    March 19, 2007
    The comment has been removed

  • Anonymous
    March 23, 2007
    The comment has been removed

  • Anonymous
    March 24, 2007
    The comment has been removed