Microsoft Responds to Reported OEM BIOS Hacks

The WGA team have finally provided a written response to the reported OEM BIOS Hacks regarding Vista:

I know many of you are aware of reports of hacks that attempt to exploit our OEM BIOS based activation. We're aware of this type of hack and I wanted to take a minute to describe how these work and how we plan to respond.

First, what is OEM BIOS based activation?

Here's a little more information on how OEM BIOS based activation works. This form of product activation is also known as OEM Activation or just OA, which is how Microsoft refers to it and how I will refer to it in this post. Back at the launch of Windows XP when Microsoft introduced Windows Product Activation, we recognized that as easy as end-user activation is, it still represented an extra step.

View: Full Article @ WinBeta
Link: WGA MSDN Blog

Report a problem with article
Previous Story

Windows XP to be phased out by year's end

Next Story

Vista: Whatever happened to fast boot?

16 Comments

I think that's fair enough.
Let the people go to the whole way to get Windows for free, but protect end-users from getting pirated Windows on their new machines without realising.

They have?

I skimmed the article and they seemed to be saying:
1. Direct mobo BIOS editing is very risky, but also harder to detect.
2. The other software-based crack in circulation should be a bit easier to detect for them.
3. They will always try to respond to threats that scale well (due to commercial piracy); method #1 doesn't, #2 does.

So... All taken together... They may try to go after the crack based on Paradox's work.

AFAIK, that crack is just a system driver, so Windows Update could perhaps have its hash signature added for detection and have Windows not load that one at next startup. That would let crackers respond and fix it up of course, which would turn it into a cat & mouse game. But that's essentially what Genuine Advantage is all about. Setting up an annyoing cat & mouse game so it's a chore to pirate.

Ok, so provided the hack is not easy to do and not mass re-sold its not used by casual disk to disk user they are not concerned!

Read between lines they cannot stop bios hack, but fake bios which is easy they can and will.

Their approach scare casual user to not doing real bios hack, but new MB cheaper than Vista Ultimate you can ruin 3-4 MBs cheaper than buying Vista Ult...

if they did disable the system driver for the fake bios isnt that classed as malware? i dont think microsoft would want to be accused of that, look at what the reaction was to Sonys rootkit

mcloum said,
if they did disable the system driver for the fake bios isnt that classed as malware? i dont think microsoft would want to be accused of that, look at what the reaction was to Sonys rootkit

Doubt it, remember it's microsoft OS, they can do what they want.

GatorV said,

Doubt it, remember it's microsoft OS, they can do what they want.

It does give them the right to disabled software that isnt theirs.

mcloum said,

It does give them the right to disabled software that isnt theirs.

True, but you have to be the one to push the button to say OK update me!
Unless you are someone who leaves the automatic update on. I have it set to download but never install on its own because i'd like to know what they put into the update before they go and dump something on me. And yes I am legal user of Vista/XPx8/MediaCenter x2. :P

They'll just push out some windows update to fix it, and everyone running pirated windows will just not install that update, except the people who have been 'victims' of software piracy and were actually SOLD a pirated version and didn't know it. The 'mad scientists' will continue running their Vista Ultimates

What I find funny is this:

There's people dumb enough to hack their BIOS just to run a pirated OS and risk completely screwing their system when all they'd have to do is run the trial for 120 days, backup everything and then format and be running again for another 120 days and there's no crack involved.

That's a mistake Microsoft made by giving the option to use a trial period when you don't enter a key. At first I saw it as a cool thing, but soon realized how it can be abused. If a mod feels that I gave away too much info above they can delete that if they wish. I understand why, but most people would figure that out in 5 minutes anyway.

I still think of it as a nice feature. Want to know if Vista will run good on your system before buying it? Borrow a friends disk and install the trial. If it runs fine you can go out and buy it. That's a good thing, but they should have put more thought into that. That Vista Upgrade Advisor isn't the best way to check IMO. It said my 256mb GeForce 6200 wouldn't run Aero when on it's packaging it clearly says Vista Ready and runs Aero perfectly fine.

For your info, the end-user doesn't even need to hack their bios. The newest installs have everything automated and the bios is hacked and vista installed without any user intervention or knowledge. No errors or failures have been reported as far as I know from this fool-proof method.

No need to reformat every 3 months either.

Even Windows 9x lasted longer than 120 days. If you can reformat every 120 days you're probably better off with a Linux Live CD or an X-terminal.

Last I heard the software hack uses grub and installs a small program to replace the bios image in RAM. If they did any detection, it would be easily changed and would be hard to distinguish it from something innocent like memtester in the bootloader...

Commenting is disabled on this article.