Microsoft Corp. plans to severely curtail the ways in which people running pirated copies of its dominant Windows operating system can receive software updates, including security fixes.
The new authentication system, announced Tuesday and due to arrive by midyear, will still allow people with pirated copies of Windows to obtain security fixes, but their options will be limited. The move allows Microsoft to use one of its sharpest weapons -- access to security patches that can prevent viruses, worms and other crippling attacks -- to thwart a costly and meddlesome piracy problem.
But some security experts said the crackdown also could increase Internet security problems in general, if there is a spike in unsecured computers open to attack, which then could be used to attack others.
David Lazar, a director of the effort, said Microsoft would monitor that potential problem closely. But the company actually considers its authentication requirement one possible way to boost Internet security -- countering the idea it may increase threats. That's because pirated copies of Windows could contain viruses or other security threats, he said.
Over the next few months, the software behemoth will begin to more broadly adopt the program, called Windows Genuine Advantage, that urges users to provide proof their Windows copy is authentic before receiving some software updates.
(MSNBC is a Microsoft - NBC joint venture.)
By mid-2005, the program will become mandatory for Windows users to get virtually all updates, including security fixes available through the company's Windows Update Web site. But users who have pirated copies of Windows will be able to continue to get security fixes if they sign up to automatically receive security updates.
Russ Cooper, a senior scientist with Cybertrust Inc., said completely cutting off access to security fixes for pirated machines could cause a spike in malicious, Internet-based attacks. He lauded Microsoft for mitigating that problem by continuing to allow all users to get the automatic updates, regardless of whether they're running pirated versions.
Still, Cooper said he expected Microsoft to eventually cut off that security update avenue for pirated copies. He said the company may feel it has few other options as it tries to stop the millions of users who are running pirated copes of Windows.
The operating system is one of the company's major cash cows, and the move comes as Microsoft is moving aggressively into emerging markets where piracy is thought to be more common.
"The reality is that shareholders of Microsoft would like to see them get all the money they are owed," Cooper said.
Microsoft said the company has no current plans to require users running automatic updates to provide proof that their copies of Windows are genuine.
Lazar said piracy has cost the Redmond-based company "billions of dollars over the past 10 years," but he would not be more specific.
"Our desire is to enhance the value of genuine Windows, to create a differentiation (and) to add more value in the form of greater security and reliability," Lazar said.
Customers who visit the manual Windows Update site will be asked to prove that their copies of Windows are legitimate by allowing Microsoft's system to automatically run a check, or by providing a product identification number. Users who have lost that number will be asked three basic questions, and if they are deemed to be acting in good faith they will be given a free replacement key.
The company also said it will begin providing discounted versions of Windows to users in China, Norway and the Czech Republic who discover they have a counterfeit version of Windows XP.
Rob Enderle, principal analyst with the Enderle Group, is expecting the more stringent authentication system to be successful, as Internet attacks become ever more sophisticated and users with pirated copies of Windows become helpless to stop them.
"It will create an environment where the pirated machines, if they're connected to the Internet, won't really work," he said.
On the Net: http://www.microsoft.com/security