Switching to Vista may create waves

Microsoft's anti-piracy technology could have unpleasant consequences for overworked IT managers

It can’t have escaped the attention of many IT Week readers that the next version of Windows is creeping closer and closer. This month saw the availability of Release Candidate 2 (RC2) of Windows Vista, which should be the final test version of the code, barring the discovery of any major bugs between now and November.

This month also saw a couple of other Vista-related issues that sparked hot debate in the tech community. One was the outcry from security vendors over technology to protect the Windows kernel from changes, but which has the side effect of breaking many security tools. The second was the unveiling of anti-piracy mechanisms capable of crippling Windows if it does not pass Microsoft’s activation tests.

In the first case, Microsoft’s PatchGuard technology is designed to stop the kernel from being modified, except through authorised Microsoft-originated hot patches. This should stop malicious code from hooking itself deep into the operating system, but the security vendors also contend it will stop them from providing effective protection.

If you ask me, this sounds like a bizarre argument. It is akin to the police asking householders not to lock their doors and windows, just in case they should need to get in to apprehend a burglar. Of course, it’s always possible that at some point, a hacker might find a way to get around PatchGuard and compromise the kernel, but Microsoft’s retort is that it can simply update PatchGuard if this happens.

Incidentally, this only applies to 64bit versions of Windows, since Microsoft feared PatchGuard would break too many existing apps in the 32bit world. So unless you plan to deploy 64bit Windows on the desktop, you can rest easy in the knowledge that security vendors are free to mess with the kernel.

Perhaps more worrying for the IT department is Microsoft’s move to introduce continual validation for volume licensed software, starting with Windows Vista.

Firms are now faced with two options: buy Vista in a ready-activated state on new PCs, or deploy it themselves and install Microsoft’s key management service (KMS) to manage activation.

The sting in the tail with KMS is that Vista desktops will have to re-validate themselves at least once every 180 days, and failure to validate can ultimately lead to reduced functionality mode, where only the browser will work.

I believe IT managers should be very, very wary indeed of deploying any technology with this capability. If there are any bugs in the code, every desktop in your company could potentially start failing validation, resulting in a situation that doesn’t bear thinking about. Even if that scenario is unlikely, deploying and operating KMS is another administrative burden that overworked IT managers could do without, thank you very much.

Microsoft says that KMS will help companies, enabling them to prove they are fully licensed for all copies of Windows. But if this is Microsoft’s aim, why not simply provide IT departments with audit tools, instead of building a “kill switch” into Windows? Does it not trust its own customers?