The ‘Frankenbuild’ monster


Over the last few weeks, we’ve seen a number of attempts at workarounds for Vista product activation.   As of now there are at least two distinct workarounds that have worked to some degree, but I’m sure there are more on the way.  One of these workarounds we have affectionately named “frankenbuild” because it involves cobbling together files from an RC build and with an RTM build to create a hybrid that bypasses activation.  The other workaround involves the use of some virtualization technology and our practices for activating larger business customers.

For me, it’s an interesting moment.  We’ve been investing a lot of resources into continuously evolving our approach to piracy.  One of the key “pillars” we focus on is what we call the Engineering pillar – this is essentially the body of work that shows up in the products themselves (as opposed to policy or education efforts).   With the release of Windows Vista we’re putting into place a number of new anti-piracy innovations.  And with these first work arounds we’re getting to see those innovations in action.


I thought it would be useful to walk through what our plan is for the “frankenbuild” systems.


Windows Vista will use the new Windows Update client to require only the “frankenbuild” systems to go through a genuine validation check.  These systems will fail that check because we have blocked the RC keys for systems not authorized to use them. In other words, the wrong key is being used. The systems will then be flagged as non-genuine systems and the experience will be what we announced back in October (direct link to doc)– including losing certain functionality (e.g. Aero, ReadyBoost) and the system will have 30 days to activate with a good product key.  If they don’t produce a new product key within 30 days, they will then only be able to access their system in what we call reduced functionality mode – a mode which limits their use to one hour with their default web browser.  I want to be clear here that even though they can only use their browser for an hour, we will never limit their access to their data.  A user can always -boot their PC into what is called Safe Mode.  Safe Mode is a mode of using Windows that has limited driver, display and networking support – but allows a user access to all their files.


We hope that this action will help get the message out that pirating Windows Vista will have real consequences and will, in turn, encourage people to check before they buy.

Comments (28)

  1. Microsoft went on the offensive today regarding the recent Vista pirating efforts coming out of China

  2. Some enterprising individuals were able to work around Windows Vista retail activation by mixing DLL’s

  3. fusion94 says:

    I agree that piracy for MS products is an issue. However I do believe that you guys have no clue as to how to solve the problem.

    Yesterday I spent over an hour either on hold or talking to 3 different support reps at Microsoft trying to get a legitimate copy of XP Home to activate.

    The copy of XP Home in question came from a desktop machine that was purchased at Best Buy. It has a valid Product Key certificate. Yesterday morning I installed it’s copy of XP Home on my Macbook Pro and tried to activate only for MS to tell me it was a bad product key and that I’d have to activate by phone. After 3 people and almost an hour (including getting a new product key from MS) I was told that it was a problem with my hardware. Oddly enough I’m typing this message on the same hardware running Vista RC1. Somehow I seriously doubt it’s a hardware issue.

    The other idea the braintrust told me to do was to uninstall XP Home off the desktop system then try again. I told them that would be fine if that machine had a power supply. They asked me again if I was certain the machine would not boot. I stated that yeah since I threw the power supply away over a week ago I was pretty sure it wouldn’t boot.

    Regardless, it’s experiences like this that really soil the experience for legit users with legit copies that ultimately make them use cracks or workarounds.

  4. kitwaites says:

    Regarding fusion94’s comment, I agree that Microsoft’s method of tackling piracy seems to be blunter than trying to remove a splinter with a baseball bat. Last week my legit copy of XP Home failed validation due to "Cryptographic Errors" – MS support told me that because it’s an OEM version they can’t possibly help at all with their software’s shortcomings and I need to return it to the system builder, who will happily repair it… for £65, more than another OEM version of XP.

    Meanwhile, my brothers and friend’s pirated copies of XP Pro work flawlessly because the pirates are always several steps ahead of MS’s efforts to harass their customers – efforts that have locked me out of functionality from an operating system I have paid for. By going legit Microsoft has put me at a Windows Genuine Disadvantage.

  5. alphaneko says:

    The best way MS can counter piracy is to STOP CHARGING SO MUCH for their OS. Asking the Chinese to pay what amounts to their annual salary for an OS is ridiculous. Asking everyone else to pay more than them, even more so. Flat pricing at 1/10th the current US retail price is probably the only way piracy of the windows os will ever be rendered a nonissue, but obviously greed gets in the way of that. The other factor is trust. It took Gates 5 years to deliver on the promises he made with windows 95. Why would anyone want to buy a product they KNOW will be flawed out of the box, as I’m sure Vista will be? Hence the Frankenstein versions, and probably even more hacks before too long.

  6. User6-14 says:

    Ok, I understand that you don’t like piracy. But, the "frankenbuild" works only for 6 month. Who is working on such a system? Who is installing Vista two month before it’s out? Who is having a heck of trouble to get these systems working, finding drivers, testing software?

    It’s us, who have to help all our friends, family and colleagues starting January to work with Vista. Us, who will have to know where all the settings are hidden, because average Joe does not find them anymore. Us, who still give comments on the bunch of bugs still in Vista.

    Heck, it works only for 6 month with RC keys! If you will kill my Vista before I even can buy one, I swear I will never install Windows anymore and change to Linux with the next install.

    (BTW this is posted on a public computer, no use to track IPs…)

  7. dpbsmith says:

    You spend a lot of effort and ingenuity try to avoid what might be called in statistical parlance "Type I" errors; that is, errors in which an unauthorized user is able to activate Vista.

    How much time and effort do you spend on "Type II" errors–that is, those in which an AUTHORIZED user is UNable to activate Vista?

    My past sad experience with DRM and activation schemes is that it is _by no means_ rare for authorized users to have difficulty getting access to their 100% legitimate, paid-for products. I wonder whether you are getting accurate feedback on the extent of these problems, or whether they are being filtered out by support staff who automatically assume what customers reporting problems are lying (but help the customer anyway).

  8. myxiplx says:

    lol @ fusion94…  

    Your problem basically is that your software isn’t legitimate if you’re installing it on another computer.

    I’m afraid that pre-installed copy is going to be OEM software, if you check the terms of the licence, it’s licenced *only* for the particular machine it’s sold with.  And I’m afraid that means your attempt to install it on another computer is not legitimate, which probably explains the problems you’ve had getting it to work.

    I’m not saying I agree with Microsoft’s licence here, but I’m afraid that is the way it works.

  9. mhornyak says:

    Dpbsmith,

    I think they spend way less time and effort on Type II (false-deactivation) than they should.  

    Certainly, we see NOTHING from Microsoft in the way of compensation for users hit with false deactivation.  We see empty apologies from them.

    Thankfully I am at a university, so at least for XP, I have a Volume License Key.  No activation headaches for me–and no way I’d move to Vista, where activation headaches are unavoidable.

    The worst part about all this: we see another smug post from Alex, dripping with arrogance about how he’s stopped the hacker kiddies from using Vista.

    Great job Alex! Now we know priority one for you: not the users, but the hackers.  Way to focus your attention on paying customers!

    And also, great job screwing over users who legitimately paid for XP with false deactivations.

    Until Microsoft puts a compensation system in place for users affected by false deactivations, I see no reason to treat Alex or anyone at Microsoft responsible for Windows Genuine Activation with even a drop of respect.

    These people are the reason people are moving to other operating systems.  Where Windows could be known for ease-of-use and a no-hassle experience, we have hall monitor-style coding, and employees with a corresponding level of intelligence and tact.

  10. zephzoota says:

    i dont think microsoft will ever be able to defeat the pirated versions of windows for one the real copy costs way to much and second you really dont need to update. yeah some bad things can happen. i admit i had a pirated copy windows xp but im on the straight and narrow now and have been for awhile and i just turned off the updates that way i didnt have to deal with that sort of stuff i ran xp pro sp1 for 3 yrs and never updated and never had any problems but now  ive got a genuin copy the main reason and basically the only reason i had a pirated copy was simply because of the price of the genuin copy.

  11. Besides upselling pricey new versions of its Windows Vista operating system, Microsoft is also committed to increase the return on its Windows franchise by reducing the “shrinkage” from piracy. To that end, Microsoft yesterday rolled out a..

  12. noter says:

    Frankenbuild was an initial attempt to pirate Vista. There are now alternate methods and working cracks available that do not use old beta/RC files.

    MS is fighting an uphill battle because every increase in security creates an increase in problems for customers and businesses. There is only so much that can be done before Vista becomes such a hassle to use that people won’t bother.

    It’s also ironic how pirated versions are now *less* of a hassle to use than legitimate ones where you have to go through activation and other various checks. I know of many people who  have legitimate keys but use the volume license and academic versions to avoid all of MS’s draconian security nonsense.

    Keep it up MS, these new security schemes are a great incentive to use OS X!

  13. war59312 says:

    Yeah give it up Microsoft. Pirates will always win!

    Stop waisting your money and effort trying to stop people who would never ever buy your product in the first place. Your not losing any money! Again, the real pirates never intended to buy your product in the first place!!!!

    Stopping casual piracy is one thing, but going after the "real deal" is just stupid! Give it up! You will never ever win! Sorry! One would think Microsoft would have finally figured that out by now and gave this BS up.

    Work harder and spend more money on the product, not on pirates who will never buy your product anyways! Fix bugs and adds features consumers want, not just the "big guns" who pay your salaries. Anyways, one of these days Microsoft will not have a choice and will finally give it all up; you mark my words. They  will finally realize it really is not worth it.

  14. badpill says:

    I have a legal copy of XP and am questioning whether the upgrade to Vista is even worth it.

    Purchasing Vista will cost me two months of my disposable income.  I can’t see a Killer App for it.  Even the Microsoft Zune doesn’t work with Vista, but that’s another story.

    And the Vista license is so damn restrictive that I doubt I’ll ever buy one.  I can’t reinstall it on an upgraded machine, I can’t pass it on, I can’t… There are so many "I can’t"’s with Vista that I wonder what I can do?

    There is no real advantage to using legal Vista over legal XP.  I use a free firewall (ZoneAlarm) and a free antivirus (AVG) and use non-MS browsers and email clients.  Haven’t had any sort of security trouble that would be worth canceling my Christmas holiday to buy Vista for.  And with XP I don’t need a new graphics card, mine is just fine, thank you.

    When I do upgrade my computer I’m looking forward to fighting with Microsoft to get my money back for the OEM Vista whose license I decline.

    The sad thing is that my friends consider me a Microsoft fan.

  15. Naturally, those that want to hack the any process and take the time and effort to focus on it can find a way. Given the huge target Microsoft is for such attacks, you may not find it surprising that ways to circumvent the process have already begun to

  16. BSitko says:

    I’m the first to tell you that doing what you can to stop piracy is necessary for your bottom line and to protect your resources.  The ideas and effort you have put forth certainly have changed the way companies address piracy.  I have tested RC1 and RC2 of Windows Vista.  After using these builds for many months I only wish your inventiveness and ideas were used more effectively.  Vista is nothing but a gui patch on top of XP.  Now I know it was built from the ground up.  I know all of the time and effort that went into it.  I’m just not seeing anything that makes me HAVE to own it.  I’ve reinstalled XP because my copy of Vista stopped connecting to the internet.  (Nasty unfixable bug)  Now that I’m using XP again I find that I don’t miss Vista.  There was nothing with it that I needed.  No killer app.  I shut Defender off, limited the indexing capabilities (slowed the machine down), and disabled the annoying User Control nonsense.  My point is that Vista to me seems to be an upgrade for those businesses who purchased the software assurance AND for a way for MS to boost their profits.  With the peer to peer network MS has created with this "piracy" scheme, I can’t help but wonder why I really need it?  Flip 3d?  Search in my Start menu?  Aero?  Vista was a good idea 5 years ago when most of its features weren’t available as a download.  Perhaps in the future MS should put the piracy team in charge of creating actual OS features.  Maybe then we’d get fresh ideas and an even better way of telling us we all need it.  

  17. mgerben says:

    Lots of Microsoft-bashing here, and not all of it deserved.

    People, no-one is twisting your arm to buy it.

    Having said that, Alex, could you enlighten us on one issue:

    Do I understand correctly that business-versions of Vista can still install without activation, that is, install only with a proper key?

    How are you going to tackle widespread misusage of business-editions with ‘borrowed’ or ‘generated’ product keys?

  18. BSitko says:

    mgerben… you’re right, no one is twisting my arm right now to buy it.  Soon MS will cutoff your ability to purchase XP (not sure know when but it will happen).  You will not be able to buy a brand new machine from OEM’s soon with XP instead of Vista.  Right now I can choose not to buy it… what about next year when my computer dies and the XP licenses aren’t available?  It’s either use Vista or switch to Linux.  I just don’t like the idea of being forced to switch to an OS that acts as a giant MS peer to peer network.  We can argue semantics here but by definition that is what it is.  It offers almost nothing that can’t be downloaded to XP.  As an IT Manager I’m not switching my company to an OS which requires me to have a separate machine converse with MS weekly/monthly or at any other time they deem necessary just because they don’t trust me.  When is enough enough?  Imagine buying a CD and then having to call a 1-800 number every day to make sure I’m still the original owner.  The idea here is the same… it doesn’t bother you because you never know it happens.

  19. rdamiani says:

    mgerben"

    Nope. Volume licenses of Vista will still need to be activated. If you are a large enough orginazation to need 25+ seats, you can go with an internal server to manage the client licenses or do individual activations. Fewer than 25 seats will need to do indiviual activations about like retail and OEM versions do.

  20. mnicol819 says:

    I certainly have some issues with the licensing strategy and this particular update. However, unlike others commenting here I think Microsoft should cut down on piracy and charge a fair amount for licenses. The problem is that there is no means to obtain a legit RTM release before the end of January for people like me who have installed each public test build, sent error reports, and participated in the community helping to understand and resolve bugs. By RC2 I was able to use Vista as my primary OS and see no reason why I should deal with the bugs in RC2 until the consumer release.

    What is the point of Microsoft restricting me to a version of the product that is only going to cause frustration and decrease the positive perception that I pass on when people ask about Vista? It seems perfectly logical to make a version like Frankenbuild available to all Vista beta testers that allows the limited beta key to be used. I have no issues buying the software once it’s available but also have no desire to go back to XP for 2 months.

    It’s makes sense to release this update as a PR move to ensure the public perception is that buying Vista is the only way to use it in the long run. At the same time, the issue could have been avoided in the first place by giving testers a copy through the consumer release date. It would also be an additional sign of goodwill to the beta testers that spent tens of hours, as I did, working through issues in early releases. Last, I can’t seem to understand why it wouldn’t be advantageous to have as many users as possible sending error reports in these early release stages.

  21. Merle Zimmermann says:

    Hiya!

    I found the page that Microsoft has with the actual licenses on it here (under Windows Vista):

    http://www.microsoft.com/about/legal/useterms/default.aspx

    Buying it through the online upgrade thing looks like it doesn’t allow transfers to new computers, but the boxed version does.

    (There are a lot of confusing old webpages left over from previous versions of the license agreement, I had trouble finding the actual text of it at first 🙁 .. I wish it were easier to track down, since the EULA was actually readable this time around :O.)

    [What are your holiday plans?  I’m going to be playing around with the XNA kits and trying to beat the Jak and Daxter games.]

  22. WGAisagreatidea says:

    That’s great Alex!!

    I’m so glad you guys have been using your billions to figure out more ways to screw your customers.

    WGA and related non-sense is potentially the biggest security hazard facing Vista. Not only have you guys exposed a network service which has the permissions to basically kill the OS, but you constantly are changing your code both in XP and Vista, which only means you have less control of what is going on with your product.

    Eventually some hacker is going to create a virus which is going to screw almost every Vista and XP computer and is going to make you all look like morons.

    And don’t tell us, like you did 5 months ago, that the WGA service "won’t and does not have the capability" of disabling the OS. Come on, this is your development forum. We know better, any process with admin privs could just hook API and system calls and mess everything up.

    THINK ABOUT IT: not a good idea. And sadly, will not make you all much more money.

  23. mhornyak says:

    Excellent–there’s now another hack for Vista.  It’s being reported on major news sites.  Alex gets the big bucks to stop the hackers, so I’m not linking to it.

    Looks like I know how he’ll be spending New Years.  Yay!

  24. ioniancat21 says:

    It’s two months since the last post, let me make you all aware of the cracks that exist for Vista:

    1. Obviously the "Frankenbuild": basically RC activation files mixed in with your RTM Vista to activate you, if you have disabled Windows Updates, your invulnerable for a year until the RC keys expire.

    2. The KMS server VMware image: the most dangerous, provided you avoid WGA-based Windows Updates, this version provides endless activation to unlimited hosts, clearly the most dangerous crack of all to MS profits and can be faced out to the .net to activate thousands as they are doing in China and Russia.

    3. Finally the 2099 BIOS trick: basically, it pins the 30-day trial leaving you with a never ending trial, similar to Frankenbuild in concept, files will eventually be discovered using a file hash so crack filename won’t matter.

    I figure the next incarnation will either be a phone activation crack or a crack that provides activated status rather than an extended trial.

  25. Resuna says:

    "It’s also ironic how pirated versions are now *less* of a hassle to use than legitimate ones where you have to go through activation and other various checks. I know of many people who  have legitimate keys but use the volume license and academic versions to avoid all of MS’s draconian security nonsense."

    Back around 1982 I got my first pirated copy of a computer game, because I had bought that game and the copy protection was so stringent that after several plays it was only possibly to boot the game on one particular computer. I did some research and discovered that their copy protection depended on the layout of sectors on adjacent tracks, and apparently writing to the floppy disc on an out-of-spec drive changed the timing enough that only that drive could read some part of the data correctly.

    Setting aside the insanity of a copy protected game writing to the boot disk, this was the same kind of "deliberate fragility" that Vista uses to protect its "secure audio path".

    So I found the local "pirate" and had him write a cracked copy of Wizardry on top of the original "gold labelled" floppy that came in the package. He thought this was hilarious.

    When I griped about this at the time people told me not to make a big deal out of it. It was only a game. Well, it’s a quarter of a century later, and it’s not just a game any more.

    Microsoft: please, for god’s sake, step back from the brink.

  26. Russellfap says:

    The fact is that Windows Vista is very very expensive, for this reason many downloaded Beta 2 and RC1 and RC2, and now want to circumvent the activation condition. I got my copy through my own finance, a legit copy, but even so, once upgrading after driver failure I got the notice that my copy of Vista was not genuine and my Aero interface would not be available, after activating sucessfully, my aero did not activate, and had enormous problems with antispyware Windows Defender giving error exception errors. I opted therefore to install from the root Windows XP Home, activating before installing Vista in upgrade mode, and since then have had less trouble than the 2 times I installed Vista from the root.

  27. semfox says:

    myxiplx

    Not true. If you have a valid license and it will no longer activate because you changed the mobo after it burns out like some do for no reason. Just don’t talk about that and they will re-activate it for you. I know this from my personal experience with XP Home.

  28. Esta build (7100. 0. winmain_ win7rc. 090421- 1700) foi compilada na passada Terça- Feira e ao que parece já começou a ser distribuída a parceiros OEM.