Page 2

 
 
By Peter Galli  |  Posted 2006-10-05
 
 
 

New Anti-Piracy Tools Will Delay Enterprise Adoption of Vista


The new anti-piracy and validation tools that Microsoft plans to ship starting with Windows Vista and Longhorn Server will help ensure that there will be little corporate uptake of these operating systems in 2007, according to analysts.

That is because when Windows Vista is released to manufacturing in the next month, it will include the volume-license KMS (key management service), which will also be available for the beta of Windows Server Longhorn.

The same applies to Microsofts Volume Activation Management tool, which will help with proxy activation. That tool can be run on a single machine that talks to all the machines in, say, a lab, and harvests the hardware identity data from them.

The single proxy machine talks to Microsoft, gets the activation identities back for all the machines, and then shoots this out to those machines and activates them. Customers can also use this method to activate their entire organization.

Click here to read more about the moves Microsoft has made to combat Vista piracy.

But the problem is that many enterprises are not allowed to run client or beta server software in production environments, so they will not be able to use these new tools until they are made available for existing production servers like Windows Server 2003, which is expected some six months after Vista is released to manufacturing.

"Those who are affected by this will have to get a waiver from their IT organization, use MAK [Multiple Activation Keys] or even OEM-activated machines," Thomas Lindeman, senior product manager for Microsofts Software Protection Platform, told eWEEK.

"That has been the roughest thing we have gone through with this new platform and the new technologies, and we just couldnt get that worked on in time," he said.

But the consequence of the delay in getting the tool out for existing production servers will be a delay in the testing of Vista and Longhorn Server and the rollout of those technologies by enterprises, analyst Rob Enderle of the Enderle Group told eWEEK Oct. 4.

Is mandatory Windows validation a security risk? Click here to read more.

"The issue here is that KMS is what manages this, and you will have to run it on a Vista desktop machine or a beta of the Vista server. The proxy will not run on an existing Windows production server, like Windows Server 2003, at launch, only on the beta Windows Longhorn server," he said.

"Most IT folks dont deploy beta servers in production—some do, but they are clearly in a tiny minority. This does help assure that we are unlikely to get much corporate take-up in early 2007 outside of tests and early-adopter customers," Enderle said.

Next Page: Most enterprise are looking to a 2008 Vista rollout.

Page 2


Most corporations appear to be preparing for a 2008 rollout of Vista, and by then all tools should be fully tested and running on the appropriate platforms. As such, Enderle does not expect the delay in releasing the tool for existing production servers to have much impact on 2008 deployment plans.

Research firm IDC predicts that Vista will be installed on more than 100 million computers worldwide in its first year. Click here to read more.

"We think the impact of this on existing 2008 plans will be negligible, and early adopters, by nature, are more willing to take higher risks for the benefits of a new platform, and this shouldnt change that either," he said.

As such, Enderle said demand from small and medium-size businesses and consumers in 2007 will likely give the first indication of whether Vista "is hot or not." But, that being said, he still expects the big Vista and Longhorn Server deployment wave to come in 2008 and 2009.

A Vista tester who asked not to be named, told eWEEK that the delay in the tools is probably a good thing as it will give Microsoft time to work on the first service pack.

"Perhaps the delay is by design to give them time to get the code up to scratch and fix all the early issues that will undoubtedly show up once Vista starts being deployed," he said.

But both Enderle and Roger Kay, president of research group Endpoint Technologies Associates, expect these technologies to help corporations.

Microsofts WGA anti-piracy program attracts a copycat worm and a second lawsuit. Click here to read more.

Kay told eWEEK that while most enterprises probably do not yet understand the new activation process, once they do, they should find it quite useful for managing their fleets.

He also believes that these new technologies will ease the burden on IT administrators by allowing them to either administer the activation/validation themselves or have Microsoft do it.

"It will help them to know that every client that validates properly has a kernel with integrity. It represents a first-level health check," he said. "Also, they dont need to worry about rogue machines from ex-employees wandering around because theyll go dead after six months."

According to Enderle, proxy activation could actually result in some benefits, but the fact that the service currently does not run on a shipping server means that full testing will be off into the future, when it is expected to cover most hardware except that which is virtually always remote.

"The added benefits would be in asset tracking, which is an ongoing nightmare of a problem for enterprise and business, and this could provide a better fix than what many have," he said.

Vista is closer to the Unix/Linux security model in how it is being implemented, and that is probably where the vast majority of the security benefit will come.

Analyst firm Gartner says Vista will run on just about any PC available today, but it will only show its true colors on about half of them. Click here to read more.

"Still, not having to plaster the keys onto hardware will result not only in more attractive hardware, but it will lower the incidence of the problems related to stolen keys. So it should be more secure once the proxy is running on a secure server," he said.

But Enderle does caution that new problems will probably come from the proxy itself, and with mobile users where validation does not take place in a timely manner. It may also take awhile for this to become integrated with existing asset tracking tools, he said, while a redundant process can sometimes create problems for the primary process already in place.

"That is why it is important that we see some large, non-Microsoft production implementations before we recommend this. But, once fully tested and assuming it passes a high-volume test, I would recommend the use of this tool," he said. "I would also recommend it be integrated with whatever asset tracking solution was currently in place to more effectively track hardware."

Too much hardware is lost, and under current reporting rules that may actually be the bigger problem this helps solve. "But this recommendation will likely have to wait until after the proxy will run on a production server, which wont be until after mid-year 2007," Enderle said.

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Rocket Fuel