Activation, anyone?

I wrote recently that Microsoft Corp.'s new Windows XP operating system, scheduled for wide distribution on Oct. 25, has so few real benefits and so many irritations -- especially Passport, an insecure and relentless scheme to vacuum up users' e-mail addresses -- that I instead recommend buying new PC systems with Windows 2000 installed.

But you're likely to face XP sooner or later, whether you like it or not. That's because PC manufacturers almost universally plan to install the new operating system unless buyers specifically request Windows 2000 or Windows Me.

As a result, you'd better know a thing or two about XP's most irritating feature of all: Windows Product Activation, or WPA.

WPA is a peculiar method of generating a numeric key that users must report to Microsoft via an Internet connection or a telephone call to continue to use XP after the first 30 days. The user receives a new code number that "activates" XP.

Fortunately, purchasers of volume licenses from Microsoft won't have to activate XP systems. And PC makers can preactivate the PCs they sell to buyers. Ideally, a PC maker will choose to "tie" an XP installation to its BIOS. This permits end-users to make any number of hardware changes (except a different BIOS) with no complaints from XP.

But problems arise if a user installs XP and then changes several hardware components of his or her system. In that case, XP use is restrained until Microsoft is contacted again for a fresh number.

I've found that this method of generating the original code is so lame that it will have no effect, as Microsoft claims, on stopping true software pirates. I'll explain why in next week's column.

This week, however, I want to address a different concern people have about WPA -- that it's a profiling system designed to reveal all your software and hardware details to Microsoft. This fear is unfounded. Although Microsoft itself hasn't been completely forthcoming about how WPA works, third parties have examined the communication between Windows XP and Microsoft on a bit-by-bit level. This shows that nothing more is transmitted than a few bytes that XP generates using a rough formula. No useful list of hardware or software can be deduced from the resulting string, which isn't unique to a single machine.

The best paper I've seen on the actual process of generating and interpreting the codes used by WPA is from a software-licensing company called Fully Licensed. See To analyze your own byte stream, a free tool called XPDec is provided in a Zip file at

A broader study of WPA is at

Will all this impede serious pirates, though? Not a bit.

Brian Livingston's latest book is Windows Me Secrets. Send tips to

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about LivingstonMicrosoft

Show Comments