Mary Jo Foley (who has been excellent recently, a must-read) reports that both Windows Vista and Office 2007 have a “Kill Switch”; if you can’t prove you’re properly licensed, the software turns itself off. Maybe I’m missing something, but this seems like complete batshit-looney territory. Let’s see, suppose I’m a black-hat profiteer sitting beyond the reach of Western law but with control over a few botnets. If I can get my hands on your Kill Switch, I’ll have a nice little extortion business, as in “Pay up or all your desktops will decide they’re unlicensed and turn off.” It’d work best in a sales-centric business near end-of-quarter. Another potential victim would be any government (or company even) that has a lot of enemies; they don’t want your money, they just want to take you down. So, without thinking too hard, here are some attack vectors I’d consider: If I can subvert your network routing, gotcha! If I can subvert the registry on your desktop machines, gotcha! If I can subvert the NTP protocol (how most computers learn what time it is), gotcha! I’m sure that an actual seasoned network engineer could think up a half-dozen more attack scenarios over a cup of coffee. Finally, never ascribe to malice that which can be explained by incompetence; WGA is software and software has bugs and if one of those bugs flipped the Kill Switch on your sales infrastructure offline during the Christmas rush, well, there wouldn’t be any malice involved, but it’d sure be a pity. What prudent businessperson, I wonder, is going to install critical infrastructure that can be turned off remotely, trusting the claims that only the good guys will be able to find the key to the “off” switch?
Contributions
· Business (126 fragments)
· · Intellectual Property (48 more)
· Technology (90 fragments)
· · Microsoft (28 more)
Comment feed for ongoing:
From: Adam Kalsey (Nov 20 2006, at 11:42)
The interesting thing about Microsoft's previous attempts at validation and verification to prevent piracy is that they tend to be aimed at home users only.
The first version of Office that had phone-home features had them only in retail editions. Corporations that buy site licenses of Office suites can't be bothered to maintain several thousand serial numbers and activation keys. So they got a version that would run on an unlimited number of different machines, instead of the retail Office that only would run on a single configuration.
Guess which version was released on the pirate airwaves?
I haven't seen any indications on whether corporate editions of Vista will have the kill switch.
[link]
From: Colin Jeanne (Nov 20 2006, at 13:15)
Note: I dont know the inner workings of the WGA software. I'm speculating based off of my experiences and http://en.wikipedia.org/wiki/Windows_Genuine_Advantage (mostly Wikipedia entry). However, your entry was speculation so I think it evens out.
The first attack vector is when you have access to the machine you want to take down. If you're able to flip the switch and make Vista or Office believe that it is pirated then you probably already have administrator rights on the machine. In that case, flipping the switch is not the best method for taking down a group of computers - why not do real damage and delete the data? If you have administrator rights on the machine then the story is already over.
The other attack vector would be to trick WGA into thinking that MS thinks that the OS or Office is pirated. Since WGA initiates the connection to MS and not the other way around you'll need to be able to intercept WGA connections leaving whoever you want to pester.
Current versions of WGA seem to trip the pirate switch only if there is a successful connection to MS and if during that session WGA is notified that the copy of Windows is not valid. If you block WGA from contacting MS then no switch is thrown: when the connection fails the software sides with the user and assumes that the copy of Windows isnt pirated. If you think about it, this is the only way the software can work since otherwise you'd cut off people who dont have an Internet connection. Given that WGA must initiate the connection, it seems that if you block WGA with a firewall on the OS then whoever is listening for WGA connections wont be able to do anything.
I'd also like to remind you that a similar discussion happened when Windows XP was released with its anti-pirating technology. Although it was much less invasive than WGA everything seemed to work out fine with that so I think that right now most of the arguments against the WGA is FUD.
[link]
From: Steven M. (Nov 20 2006, at 14:03)
It seems companies like to hide behind the EULA boilerplate which seems to often say something to the effect of, "You can claim nothing in damages, should your jurisdiction say otherwise then you agree that you damages are capped at the cost of this software." But that doesn't seem like it would help here.
Assuming for the sake of argument that the courts upheld those EULA provisions I see two things happening. First some of the worst bad publicity in years for a software company, and second an almost certain backlash. One could probably do well taking bets on how nasty the Californian Anti Kill Switch law would be.
And an article at Harvard's Cyber Law website at http://cyber.law.harvard.edu/property00/alternatives/roditti.html discusses the use of logic bombs and other kinds of kill switches for what the lawyers are calling self help remedies. While admittedly a decade old article it raises questions I'd want a good lawyer answering before I thought about using a kill switch.
[link]
From: Toby (Nov 20 2006, at 16:58)
<i>If you block WGA from contacting MS then no switch is thrown: when the connection fails the software sides with the user and assumes that the copy of Windows isnt pirated. If you think about it, this is the only way the software can work since otherwise you'd cut off people who dont have an Internet connection.</i>
Numerous anecdotes about Office Deactivations (not to mention Adobe product Deactivations) -- including one which occurred to a laptop user in-flight -- would contradict this.
[link]