CyberTech Rambler

October 2, 2006

Software activation not scalable or is it bad implementation

Filed under: Uncategorized — ctrambler @ 4:24 pm

Windows Genuine (Dis)Advantage and now, Volume Activation, are two technologies that Microsoft intent to deploy on Vista to stop piracy. Both are reported to have high false positive rate. That begs a question: Is it the results of bad implementation on Microsoft behalf, or simply the technology used cannot scale up to cope with the large volume of Windows out in this world.

The latter is an important consideration. Take biometrics for access control as an example, a 1% error rate, leaning heavily towards false positive (incorrectly block access, rather than false negative, i.e. grant access wrongly) is acceptable for most businesses. Small businesses with fewer employees might find a 5% error rate insignificant. However,if the same biometrics is used at big airports such as Heathrow for immigration control, the 1% will amount to millions of people per month, thus, not acceptable. Hence, did WGA and Volume Activation simply pushed the activation technology beyond its limits?

Why did I mention this? Activation technologies has been around for a very long time. Most users like you and I already encounter it everyday with “Enter Registration Code” and in my case, authenticating online, via secure shell tunnelling, everytime I use my Matlab software. It is true that the authentication servers based approach is difficult to get startup, and frustrating when it goes down, but the last time I am aware of any problem with the servers are at least 4 years ago.

When the false positive is too high, Microsoft suffers as well. There is no point having call centre staff that listens and response to keywords such as “reinstall” by giving out new registration code to everyone that complains. It simply defeats the purpose of validation, and add cost.
Of course, another factor to consider is definitely Microsoft’s poor implementation of the activation technology. Are we seeing Microsoft sloppy work which will require Steve Ballmer realise it is a serious problem and send an internal memo to bulldoze through a concerted effort to solve this problem the way Bill Gates did with security.

However, Ms Foley’s article put it in writing what other journalists knows but dare not put on paper: Administrators hate authetication technology and most view authetication technology as something that, in the word of one tester, “Just more work, and no payback.”

It is, of course, possible to create “value-added” for administrators, should the vendors wish. It’s easy, step up software auditing effort. This “value-added” may be artificial but it might just create enough extra “complience” work  that administrators finds it easier to deploy validation technologies as instructed by vendors.

This is of course a delicate dance between administrators/software users and vendors. Push vendors too far and they can simply go out of business due to rampant piracy. Push users too far, and they will go in bed with your competition.
My opinion: Microsoft’s original strategy of not supplying pirate copies with updates is probably Microsoft best option in beating piracy without alienating genuine users. False positive can be high here, but the effect is mitigated by the fact that users still have access to the software they had paid for. Microsoft’s problems starts with it trying to expand validation across the whole Windows platform and into related programs, for example Office 2007 validating your copy of Office 2003. I always stress that Microsoft is entitled to validate your copy of Microsoft programs in whatever manner they choose. However, besides the arguement that Microsoft has the responsibility of ensuring it does not incorrectly identify legit copy of their software as pirated copies, this type of false validation results do nobody, including Microsoft, any favour.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: