A Microsoft spokeswoman confirmed the leak late Monday and said Microsoft was investigating the matter. She could offer not "offer any specifics at this time."
ZDNet Australia's parent company CNET News.com has seen the 25-character key code, which would appear to be authentic. The leaked code would appear to be from a Microsoft corporate customer subscribing to one the company's volume-licensing programs. Rumours circulating on enthusiast Web sites, such as Neowin and WinBeta, identified the leak as a 3-in-1 code, meaning that it would work with three different versions of Windows Server 2003.
Using the code is a two-step process and it is the second one that will cause Microsoft the most problems, analysts say. With the release of Office XP in May 2001 and Windows XP about six months later, Microsoft added a piracy-fighting tool known as product activation. Before then, businesses or consumers needed a key code to install Microsoft software, but the process stopped there. Product activation went a step further. The computer would need to contact Microsoft over the Internet. The hardware configuration and license information would be collected and associated together in an anonymous database.
The process essentially locked the activation code to hardware, in theory, preventing the key from being used to install the software onto another computer. Microsoft banked on the process for reducing widespread piracy of its Windows products. For example, the Redmond, Wash.-based company estimates that about half the copies of Office in use worldwide are pirated.
But Microsoft's piracy-fighting tool has a potential flaw. For convenience, subscribers to Microsoft's volume-licensing program are issued keys that do not need activation. This makes it easier for businesses to quickly install the same software on many computers at the same time, without the laborious process of activation for each and everyone. Should a code leak onto the Internet, as it did with Windows Server 2003, the single code can be used to install an unlimited number copies of the software.
"That's the problem with this technology, you have to keep those keys safely guarded," said Michael Cherry, an analyst with market researcher Directions on Microsoft. Cherry said that the leak could have happened any number of ways. "It could even have been a disgruntled employee," he speculated.
A Microsoft spokeswoman said that Microsoft was tracing the source of the leak, but had not yet identified the volume-license subscriber.
Microsoft could not confirm which Windows Server 2003 versions the code unlocked, but unconfirmed reports circulating the Web on Monday identified the Standard, Enterprise and Web editions.
Assessing the impact depends in part on how Microsoft is prepared to respond to the leak. Two volume-license code keys also leaked out ahead of the release of Windows XP, but the company was essentially powerless to respond. With the release of Windows XP Service Pack 1, the first collection of bug and security fixes for the operating system, Microsoft put a lock on software installed with the stolen codes. Service Pack 1 would not install on pirated versions, but Microsoft offered no mechanism for turning off pirated copies. The company estimates that 90 percent of Windows XP piracy can be traced back to those two codes.
A Microsoft spokeswoman said there is no Windows Server 2003 mechanism for disabling software identified as having been installed using a stolen code. In theory, such a mechanism might be capable of disabling software during a routine update with one of Microsoft's Web servers.
Those copies of the software installed using the leaked code "won't be able to install future updates or service packs of access Windows Update," the spokeswoman said.
"They're caught between a rock and a hard place," Cherry said.
The Microsoft spokeswoman made clear that Microsoft would scour the Internet looking for the leaked code. "Our legal department works aggressively on that kind of thing," she said. Stolen codes are often traded with the Microsoft software, typically on Web sites, newsgroups or Internet Chat Relay (IRC).
The leaked key codes cast an unexpected shadow over the launch of Windows Server 2003 later this month. Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise. But the stolen codes show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves.
Software piracy is not just a Microsoft problem. Washington-based Business Software Alliance (BSA) estimates that 25 percent of software used in the United States is pirated. Virginia, West Virginia, Mississippi and Wyoming are the highest, with piracy rates of 47 percent or more. For the second year in a row, the worldwide piracy rate increased. BSA estimates that 40 percent of software in use worldwide is pirated. China, Indonesia, Nicaragua, Pakistan, Russia Thailand, Ukraine and Vietnam had piracy rates of 78 percent or more.
Why bother....I haven'y used M$ s/w for 4 years. Miss It...nah.
Linux - & forget the licencing woes.