As Microsoft gets ready to launch Windows Vista and Office 2007 to consumers, it faces a formidable new foe it lacked at its last major consumer software launch five years ago: the popular filesharing network known as BitTorrent.
This third-generation peer-to-peer (P2P) service, already used by tens of millions of internet users to swap digital music and movies for free, is becoming a popular mechanism for those looking to obtain pirated software.
"Any software that is commercially available is available on BitTorrent," according to Mark Ishikawa, chief executive of BayTSP, a California-baed antipiracy consulting firm.
Or in the case of Vista and Office 2007, before they were commercially available. Both products were released to business at the end of November, but even before that, ‘cracked’ copies of both products were available via BitTorrent.
As of mid-January, more than 100 individual copies of Office 2007 and more than 350 individual copies of Vista were available on the service. The pirates that cracked early copies of Vista all sidestepped Microsoft’s latest antipiracy technology, the Software Protection Platform (SPP), which is supposed to shut down any copy of Vista not registered to Microsoft over the internet with a legitimate, paid-for licence key within the first 30 days.
Microsoft has quietly admitted that it has already found three different workarounds to SPP. It says it can defeat one, dubbed the Frankenbuild because of its cobbling together of code from beta and final versions of Vista. It hasn’t yet announced success against several other cracks, including one seemingly inspired by Y2K, which allows Vista to run unactivated until the year 2099 rather than for just 30 days.
"Pirates have unlimited time and resources," BayTSP’s Ishikawa says. "You can’t build an encryption that can’t be broken."
According to BayTSP’s most recent figures from 2005, six out of the 25 most widely pirated software packages on BitTorrent and eDonkey, another P2P network, originated at Microsoft. Office 2003 was the second most-pirated software behind Adobe’s Acrobat 7. Other widely pirated Microsoft software includes InfoPath 2003, FrontPage 2003, Visio 2003, Office XP and Windows XP.
Cori Hartje, director of Microsoft’s Genuine Software Initiative, remains confident that SPP, along with another effort by Microsoft to clamp down on the abuse of corporate volume licence keys by pirates, can reduce the rate of piracy of Microsoft’s latest products compared to previous ones.
But the company is taking no chances, fighting back on multiple fronts. To distract downloaders who may only be seeking a sneak peek at the new software, the company's offering free online test drives of Vista and 60-day trials of Office 2007.
To reach young people, who are the most enthusiastic users of P2P, Microsoft is putting comics up on the web, mostly in foreign languages, decrying software piracy.
And at the end of January, the company released statistics purporting to show that users downloading pirated software from P2P networks are at great risk infecting themselves with viruses or spyware.
According to an October 2006 report conducted by IDC and commissioned by Microsoft, nearly 60 percent of key generators and crack tools downloaded from P2P networks contained malicious or unwanted software. Similarly, one quarter of websites offering key generators - software that create alphanumeric strings that users can type in to activate their pirated Microsoft software - had such hidden software.
Hartje claims that many pirates are irresponsibly uploading malware along with their cracked goods to BitTorrent. "They may not be running a clean shop, and don’t care if viruses are on the software," she says.
IDC researchers used popular antivirus packages from McAfee and Symantec to detect malware. However, the researchers did not differentiate between more serious viruses and spyware and less harmful unwanted code such as adware. IDC also conceded that some P2P networks deploy built-in virus scanning that "strip[s] out most of the malicious software" before it reaches users.
Some sceptics say that Microsoft’s ‘education’ campaign is primarily an attempt to sow FUD - fear, uncertainty and doubt - in the minds of consumers, a tactic the company has been called out for in the past, and which could backfire.
"Warning customers about viruses and spyware in counterfeit software is a nice PR thing for Microsoft, but for the most part, I doubt that it's really effective," says Paul DeGroot, an analyst at Directions on Microsoft, an independent consulting firm, who applauds Microsoft’s other antipiracy efforts.
Microsoft hopes to scare consumers, he says, because efforts to guilt and shame consumers into not downloading have had little success. Moreover, the company rarely targets end users of counterfeit software with lawsuits for fear of alienating customers.
"Our main concern is preventing pirates from putting counterfeits in the hands of unsuspecting customers," says Matt Lundy, a senior attorney at Microsoft.
P2P technology, meanwhile, has advanced greatly since Microsoft released Windows XP in late 2001. At the time, P2P networks such as Napster and Gnutella were solely used to exchange music files. Since that time, Napster has been closed and re-opened as a legitimate pay music service similar to Apple’s iTunes. The second-generation Gnutella has waned in popularity because of ageing technology and partial neutering by the record companies, which have flooded Gnutella with decoy files masquerading as songs, Ishikawa says.
Enter BitTorrent, which boasts faster file transfers and more reliable downloads than other P2P networks. BitTorrent was not the first P2P network to host pirated DVDs and software, but it was the first to make the trade of such hefty files practical. Moreover, BitTorrent claims it automatically cleanses its network of both viruses as well as decoy files. The latter defeats related antipiracy efforts by the music industry.
BitTorrent’s other great advantage is its ease of use compared to ‘darknet’ services used by more sophisticated pirates, such as Internet Relay Chat channels, private FTP sites and Usenet newsgroups. For most internet users, darknets remain hard to find - you can’t simply Google them - and intimidating to use.
Microsoft’s worst nightmare would come to pass if P2P software piracy becomes as pervasive as movie and music piracy. Already, the number of songs swapped illegally online surpasses the number sold in stores or online at sites like iTunes, says BigChampagne chief executive Eric Garland, citing music industry estimates.
Faced with this situation, music and movie companies are starting to co-opt P2P. Record companies are using services like BigChampagne to scout music trends and sign up-and-coming bands, while movie studios such as Paramount and Fox have linked up with BitTorrent to sell movies via downloads.
The software industry lags by comparison. Microsoft is allowing consumers to download and buy Vista from its own website for the first time. Otherwise, Microsoft has "nothing new to announce in regards to any new distribution channels," Hartje says.
For Microsoft to ink a deal with BitTorrent to sell full software or even put up free trials would send out mixed messages, Ishikawa says.
"If you ever want to litigate, don’t send out any freeware," he says.
Still, people like BigChampagne’s Garland point out that P2P software piracy today remains a drop in the ocean compared to video piracy, which involve similarly hefty files. His reason: downloaded movies are just entertainment, but business software is used to run companies, do people’s taxes and other important things. For those, most users still prefer the security blanket of technical support, access to software fixes and updates - even manuals - that only buying the software can provide, Garland says.
"Forget backdoor viruses or trojans," he says. "There are some things that are worth paying for."