Windows piracy check has a backdoor

A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional software from the company, according to a security researcher.

Researcher Debasis Mohanty outlined what he said was a technique to trick Microsoft's Windows Genuine Advantage (WGA) validation check, in a posting to the Full Disclosure security mailing list on Monday. WGA is a software tool that verifies whether a particular copy of the operating system is properly licensed.

Using a secondary Microsoft validation tool called "GenuineCheck.exe", it may be possible for people to trick the checking mechanism, Mohanty said in the posting. They could then download and run supposedly restricted software from Microsoft's Download Center on a PC running a pirated version of Windows, Mohanty wrote.

Microsoft confirmed the technique could circumvent the piracy check but a representative said the company is not worried.

"This represents very little threat to Microsoft," the representative said. "We expected counterfeiters to try a number of different methods to circumvent the safeguards provided by Windows Genuine Advantage."

The company has been testing the WGA piracy lock on its Download Center and Windows Update websites for several months. It has said that by an unspecified date in the middle of this year, all Windows XP and Windows 2000 users will have to validate their copy of Windows before they can download from the websites.

The GenuineCheck.exe tool used to bypass the check is meant to provide an alternative way for users to prove their copy of Windows is genuine. The primary Windows Genuine Advantage checking mechanism uses ActiveX, which is not supported by all web browsers.

GenuineCheck generates a code that can subsequently be used to validate a pirated copy of Windows, according to Mohanty's posting. However, a PC running a legitimate version of Windows is required to run the GenuineCheck tool.

The threat is mitigated because the keys generated by the GenuineCheck tool expire "rapidly", the Microsoft representative said. Consequently, it would not do anyone much good to put up a web page with a list of keys. Still, somebody would be able to generate a key and use it immediately on a PC with a pirated copy, or pass it on to a friend.

The Microsoft representative said: "This is more of an individual method of pirating. We don't see this as too different from people who take legitimate software, burn it to a CD and distribute it to their friends that way."

Microsoft's Download Center and Windows Update websites offer applications such as Windows Media Player and the Windows AntiSpyware product, as well as security updates for Microsoft products. The trick with the GenuineCheck tool works only on Download Center, according to Microsoft.

When the WGA pilot began last year, it was purely optional - with no benefit for verifying one's operating system and no penalty if the OS was found not to be genuine. Microsoft has gradually expanded the piracy check and is now withholding downloads for users of some international versions of Windows XP.

Joris Evers writes for CNET News.com