Pirates have already cracked Windows 7 just a week after the operating system made RTM and a week before it's scheduled to reach users, said Microsoft.
The product key posted on the web purportedly comes from Lenovo, one of Microsoft's major OEM partners, and allows users to activate downloaded copies of Windows 7 Ultimate RTM (release to manufacturing), which leaked to the Internet last week, shortly after Microsoft announced it had finished the operating system.
According to Windows enthusiast site Neowin, one of the first to report the crack, a Lenovo disk image of Windows 7 leaked to a Chinese website, then moved to English-language domains. Pirates proceeded to retrieve the master OEM key and the OEM activation certificate from the .iso file. Microsoft lets major computer makers like Lenovo, Dell and Hewlett-Packard pre-activate new PCs at the factory to save customers the hassle, and provides OEM master keys for that purpose.
Windows 7 uses an updated activation scheme, dubbed OEM Activation 2.1, which is an updated version of the activation software that first appeared in Windows Vista. The technology, ironically, has been the focus of a Microsoft lawsuit filed last January against a former employee charged with stealing company documents related to the anti-piracy software that computer makers use to lock Windows to their PCs.
The crack is not for the faint of heart, as it also requires a hack of the PC's BIOS; Activation 2.1 demands a BIOS that supports the new technology. In fact, forums on sites such as My Digital Life were full of questions from users unfamiliar with hacking a BIOS.
But scores of users on My Digital Life's forum have reported that the leaked key - and the process that others laid out to use it - activated their pirated copies of Windows 7 Ultimate. "Activated 3 computers with SLIC 2.1 (DELL) modified BIOS + DELL certificate for Vista + this key," said a user identified only as "thavmym."
This isn't the first time that Microsoft's copy protection technology has been cracked. Vista's activation has been hacked several times, and in volume sufficient to prompt Microsoft to issue updates that busted the most popular cracks. When it delivered Vista Service Pack 1 (SP1), for example, it cracked down on a pair of cracks that pirates had been using to activate downloaded copies of the OS.
Microsoft acknowledged the crack today, but its reaction was in line with past takes on the topic. "We are aware of reports of activation exploits that attempt to circumvent activation and validation in Windows 7," said a company spokeswoman. "[But] Microsoft strongly advises customers not to download Windows 7 from unauthorised sources," she added, then reminded users that "peer-to-peer websites exposes users to increased risks, such as viruses, Trojans, and other malware and malicious code."
In May, a leaked copy of Windows 7 Release Candidate (RC) turned out to be infected with a Trojan horse.
Windows 7 is scheduled for public release 22 October, but subscribers to the for-pay TechNet and MSDN services will be able to download the final code, along with legitimate product activation keys, starting next Thursday.