SP1 won't outsmart Vista copiers
Microsoft had announced that Service Pack 1 for Windows Vista, the successor to Windows XP, would give it better protection against unlicensed use, and would disable the activation crack circulating on the internet. But the developers have only partly succeeded: a back door in Vista's activation method can still be exploited to enable systems fully, without online activation.
The technical hurdle is relatively low, because Microsoft issues big PC manufacturers (OEMs) general codes they can use on all preinstalled PCs. This lets manufacturers copy the same hard-disk image to thousands of machines, so customers don't have to enable their PCs online.
Shortly after the introduction of Windows Vista, a number of methods turned up on the internet to fool a system on any hardware into thinking it was running on an OEM PC. And one of them still works with SP1: the crack installs a boot loader containing a few kilobytes on the system drive, and it runs before Vista's own one gets a chance. The loading program adds a PC manufacturer's licence information to the BIOS. Since this method doesn't use manipulated drivers, even Vista's x64 version, which accepts only signed drivers, can be fooled.
Once the manufacturer's data are in the BIOS, the cracker script can activate Vista with its own on-board resources by installing the appropriate manufacturer's certificate and the general code. These certificate files are openly available on the recovery media supplied with PCs that have Windows Vista preinstalled.
Microsoft has disarmed a handful of other Vista cracks with SP1, among them a variant that uses a device driver to insert the BIOS data. It remains a mystery why Microsoft has not included a countermeasure to the loader in SP1 for it, too, has already been going the rounds since mid-2007. Microsoft can still plug this hole subsequently, however, with either a software update or a WGA (Windows Genuine Advantage) test.