Why pirated Vista has Microsoft champing at BitTorrent

Microsoft is struggling to tackle the threat coming from P2P service BitTorrent
  • Eric Lai (Computerworld)
  • 29 January, 2007 08:05

As Microsoft gets ready to launch Windows Vista and Office 2007 to consumers, it claims a formidable new foe it lacked at its last major consumer software launch five years ago: the popular filesharing network known as BitTorrent.

This third-generation peer-to-peer (P2P) service, already used by tens of millions of Internet users to swap digital music and movies for free, is becoming a popular mechanism for those looking to obtain pirated software.

"Any software that is commercially available is available on BitTorrent," according to Mark Ishikawa, CEO of BayTSP, an antipiracy consulting firm.

Piracy and prerelease

Or in the case of Vista and Office 2007, before they were commercially available. Both products were released to corporations almost two months ago, but won't be officially launched to consumers until Jan. 29.

But as early as mid-November, "cracked" copies of both products were available via BitTorrent. As of mid-January, more than 100 individual copies of Office 2007 and more than 350 individual copies of Windows Vista were available on the service, according to BigChampagne, a Los Angeles-based online media-tracking firm.

The pirates that cracked early copies of Vista all sidestepped Microsoft's latest antipiracy technology, the Software Protection Platform. SPP is supposed to shut down any copy of Vista not registered to Microsoft over the Internet with a legitimate, paid-up license key within the first 30 days.

Microsoft has quietly admitted that it has already found three different workarounds to SPP. It says it can defeat one, dubbed the Frankenbuild because of its cobbling together of code from beta and final versions of Vista. It hasn't yet announced success against several other cracks, including one seemingly inspired by Y2k, which allows Vista to run unactivated until the year 2099 rather than for just 30 days.

"Pirates have unlimited time and resources," BayTSP's Ishikawa says. "You can't build an encryption that can't be broken."

Page Break

Microsoft popular with pirates

According to BayTSP's most recent figures from 2005, six out of the 25 most widely pirated software packages on BitTorrent and eDonkey, another P2P network, originated at Microsoft. Office 2003 was the second most-pirated software behind Adobe Systems's Acrobat 7. Other widely pirated Microsoft software includes InfoPath 2003, FrontPage 2003, Visio 2003, Office XP and Windows XP.

Cori Hartje, director of Microsoft's Genuine Software Initiative, remains confident that SPP, along with another effort by Microsoft to clamp down on the abuse of corporate volume license keys by pirates, can reduce the rate of piracy of Microsoft's latest products compared to previous ones.

But the company is taking no chances, fighting back on multiple fronts. To distract downloaders who may only be seeking a sneak peek at the new software, the company's offering free online test drives of Vista and 60-day trials of Office 2007.

To reach young people, who are the most enthusiastic users of P2P, Microsoft is putting comics up on the Web, mostly in foreign languages, decrying software piracy.

And on Monday, the company released statistics purporting to show that users downloading pirated software from P2P networks are at great risk infecting themselves with viruses or spyware.

According to an October 2006 report conducted by IDC and commissioned by Microsoft, nearly 60 percent of key generators and crack tools downloaded from P2P networks contained malicious or unwanted software. Similarly, one quarter of Web sites offering key generators -- software that create alphanumeric strings that users can type in to activate their pirated Microsoft software -- had such hidden software.

The perils of P2P?

Hartje claims that many pirates are irresponsibly uploading malware along with their cracked goods to BitTorrent.

"They may not be running a clean shop, and don't care if viruses are on the software," she says.

IDC researchers used popular antivirus packages from McAfee and Symantec to detect malware. However, the researchers did not differentiate between more serious viruses and spyware and less harmful unwanted code such as adware. IDC also conceded that some P2P networks deploy built-in virus scanning that "strip[s] out most of the malicious software" before it reaches users.

Some skeptics say that Microsoft's "education" campaign is primarily an attempt to sow FUD -- fear, uncertainty and doubt -- in the minds of consumers, a tactic the company has been called out for in the past, and which could backfire.

"Warning customers about viruses and spyware in counterfeit software is a nice PR thing for Microsoft, but for the most part, I doubt that it's really effective," says Paul DeGroot, an analyst at Directions on Microsoft, an independent consulting firm, who applauds Microsoft's other antipiracy efforts.

Microsoft hopes to scare consumers straight, he says, because efforts to guilt and shame consumers into not downloading, have had little success. Moreover, the company rarely targets end users of counterfeit software with lawsuits for fear of alienating customers.

"Our main concern is preventing pirates from putting counterfeits in the hands of unsuspecting customers," says Matt Lundy, a senior attorney at Microsoft.

Page Break

The technology advances

P2P technology, meanwhile, has advanced greatly since Microsoft released Windows XP in late 2001. At the time, P2P networks such as Napster and Gnutella were solely used to exchange music files. Since that time, Napster has been closed and re-opened as a legitimate pay music service similar to Apple Inc.'s iTunes. The second-generation Gnutella has waned in popularity because of aging technology and partial neutering by the record companies, which have flooded Gnutella with decoy files masquerading as songs, Ishikawa says.

Enter BitTorrent, which boasts faster file transfers and more reliable downloads than other P2P networks. BitTorrent was not the first P2P network to host pirated DVDs and software, but it was the first to make the trade of such hefty files practical. Moreover, BitTorrent claims it automatically cleanses its network of both viruses as well as decoy files. The latter defeats related antipiracy efforts by the music industry.

BitTorrent's other great advantage is its ease of use compared to "darknet" services used by more sophisticated pirates, such as Internet Relay Chat channels, private FTP sites and Usenet newsgroups. For most Internet users, darknets remain hard to find -- you can't simply Google them -- and intimidating to use.

Microsoft's worst nightmare would come to pass if P2P software piracy becomes as pervasive as the movie and music piracy. Already, the number of songs swapped illegally online surpasses the number sold in stores or online at sites like iTunes, says BigChampagne CEO Eric Garland, citing music industry estimates.

Victory by assimilation?

Faced with this situation, music and movie companies are starting to co-opt P2P. Record companies are using services like BigChampagne to scout music trends and sign up-and-coming bands, while movie studios such as Paramount and Fox have linked up with BitTorrent to sell movies via downloads.

The software industry lags by comparison. Microsoft is allowing consumers to download and buy Vista from its own Web site for the first time. Otherwise, Microsoft has "nothing new to announce in regards to any new distribution channels," Hartje says.

BitTorrent did not return a call and an e-mail seeking comment.

For Microsoft to ink a deal with BitTorrent to sell full software or even put up free trials would send out mixed messages, Ishikawa says.

"If you ever want to litigate, don't send out any freeware," he says.

Still, people like BigChampagne's Garland point out that P2P software piracy today remains a drop in the bucket compared to video piracy, which involve similarly hefty files. His reason: downloaded movies are just entertainment, but business software is used to run companies, do people's taxes and other important things. For those, most users still prefer the security blanket of technical support, access to software fixes and updates -- even manuals -- that only buying the software can provide, Garland says.

"Forget backdoor viruses or trojans," he says. "There are some things that are worth paying for."