Networking Notes: Microsoft's IP Protection Is Risky Business
When a Vista-based PC fails software authentication, the user continues on in a 'reduced functionality mode.' We'd be better off, collectively, if an invalidated copy of Vista stopped working altogether.
Quick ... what does the U.S. Constitution have to say about intellectual property?
Hint: It's in Article I, Section 8.
Another hint: It doesn't take up a whole section, so if you're cheating and consulting an online copy somewhere, you're going to have to look more closely.
Give up? OK. Here it is. I hope it's not so large that the editor decides to stretch us to two pages this week:
It comes right after the part about establishing a post office and right before the parts about constituting tribunals beneath the Supreme Court that punish piracy. Not, mind you, "software piracy." Our Founding Fathers were more concerned about the "eye-patch and parrot" variety.
I wanted everyone to read that because over the weekend a key anti-piracy service Microsoft uses went belly up, threatening to invalidate thousands of copies of Windows. In the end, a Microsoft blogger reported, "fewer than 12,000 systems" suffered ill effects from failing validation through Windows Genuine Advantage (WGA):
In other words, Vista took away the eye candy (which is a striking comment on what really matters about Vista, especially when it tops the list), slowed itself down, then refused to remove some kinds of malware and wouldn't let invalidated systems get security patches, though, apparently, Internet Explorer 7 downloads were just fine.
I want to make it clear, before proceeding, that I don't envy Microsoft's situation when it comes to illegal copies of its software. I've been using computers since VIC-20s were popular, and I especially remember the copy protection arms race of the 8-bit computing era. Even without the benefit of widespread Internet access, it wasn't that hard to get a cracked copy of just about any Commodore 64 game within a week of its release. As the crackers got more sophisticated, the companies took to increasingly clumsy protection schemes ... discarding outright copy protection, which sometimes relied on messing with the integrity of the floppy disk's formatting, in favor of mid-game demands to consult baroque "decoder wheels" and pop quizzes on what the third word in the fifth paragraph on the twentieth page of the manual might be.
It has to be frustrating: A company comes up with a product that, despite all our complaining, is very popular. Because the product isn't a chair, table or something else occupying physical space or requiring sophisticated mechanical skills to replicate, it's easier to make copies and pass around. It's natural that a company will think in terms of stopping that.
In the absence of ubiquitous Internet connectivity, serial numbers were just a stopgap because they were easily copied and shared without any mechanism to detect compromised numbers. More sophisticated solutions that relied on the integrity of a local mechanism were doomed the same way copy protected floppies fell to nibblers. So we get WGA, which relies on a server Microsoft can control more completely than an individual PC. Because Microsoft is well-aware that things will sometimes go wrong with software authentication, it takes what it imagines to be the high road in cases where a system fails to validate: It just dumbs Vista down a bit but lets the user keep on using in "reduced functionality mode."
But did you read what that entails? Among other things, it breaks Windows Update in such a way that it won't download "security and other critical updates."
A few weeks ago, I wrote about the changing nature of malware. I compared what it meant to have an infected system ten years ago, when viruses were generally built to be stupid and destructive, to today, when the name of the game is quietly compromising systems in the service of a much larger goal: DDoS attacks or more sophisticated identity theft and fraud.
Deactivating Windows Update in the context of malware a decade ago might have seemed like a sensible sanction, since users more often paid for getting infected swiftly and obviously. Now, though, it's the height of irresponsibility.
Let's go back to the Constitution and its unfortunately brief consideration of why we have intellectual property laws: "To promote the Progress of Science and useful Arts."
The Constitution's authors identified a way to use individual benefit (monopolies that lasted a "limited time") to promote a broader societal good: progress of science and useful arts (which are often taken to mean practical crafts with a commercial application).
While I empathize with Microsoft's apparent frustration over wide-spread copyright infringement as a writer, I would not like people to assume control over the distribution of my work without my say-so the company has annual revenues that exceed the GDPs of several oil-producing countries. In other words, it's making money. Plenty of it. But in its obsessive quest to protect its intellectual property, it's ignoring the reason we have intellectual property: To promote a collective good.
If unpatched Windows machines are anything, they are a menace to the collective good. When compromised they become the tools of criminal enterprises. The annual cost of identity theft alone, elements of which involve a large role for compromised Windows systems, exceed Microsoft's annual revenue.
We would be better off, collectively, if an invalidated copy of Vista stopped working at all rather than the current situation, where it continues to work but slowly accretes an increasingly poor security profile the longer it remains unpatched. Impeding automatic security updates is the last thing Microsoft should be doing.
Should Microsoft simply give up on its attempts to stop illegal copying of its software? No. But it does need to adopt an anti-piracy policy that acknowledges its copyrights are as much, maybe more, for the common good as they are its own enrichment.
Smart people work there, they should get to work on a better approach to their problem.Add to del.icio.us | DiggThis
For more help, don't forget to try one of our PracticallyNetworked Forums.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|