One of the most ‘anticipated’ feature in Windows Vista SP1 by hacker community is probably the promise by Microsoft to kill and disable two common crack and bypass method to activate pirated copy of Windows Vista installation without valid product key. “OEM BIOS cracks” emulate OEM computer’s BIOS to mimic OEM product activation and fool Windows Vista that it’s in fact an genuinely purchased Windows Vista while “Grace Timer hack” exploits loopholes in Vista activation grace period so that the default 30 days free-usage period can be extended, normally to 2099.

To much rejoice, and to much people’s surprise too, install and update to Windows Vista SP1 does not cause much problem for users using these two exploit cracks, and generally the system activated by these methods continue to be stayed in activated status without going to reduced functionality mode or getting counterfeit copy alert message. Many assumes Microsoft probably has dropped that plan to counter more activation bypass exploits and cracks to make conversion rate to Vista faster.

Now finally more news on how Microsoft going to tackle OEM BIOS and Grace Period exploits is explained by Alex Kochis on MSDN WGA Blog. Microsoft plans to release an update through Windows Update, probably as part of Windows Genuine Advantage initiative, that will detect the presence of the Grace Timer and OEM BIOS exploits then alert the customer of their presence with, probably, consistent and annoying dialog box which saying “Windows must be repaired. Windows has found software that circumvents Windows activation and interferes with its normal operation. The presence of this software may indicate your copy of Windows is counterfeit.

OEM BIOS and Grace Timer Cracks Detection

From sample figure above, the detected software been named as SL07-006 with type as activation exploit. It’s not clear SL07-006 is Grace Timer extender, OEM BIOS emulator or OEM BIOS mod.

Thing to stress here is now both Windows Vista Gold (RTM without SP1 version) and Windows Vista SP1 will be installed with the exploit detector, scheduled to be rolled out end February. So users can no longer not upgrading to SP1 to avoid the exploits been disabled and turned off.

But the ‘detector’ or the ‘sniffer’ does not immediately remove the exploit software as it found them. “This update does not disable the exploits it finds –it simply alerts customers that exploits exist. When we first release the update that enables Windows Vista to detect the exploits we will also make available a separate removal tool as a download. In the future we will integrate the removal of the exploits with the detection. I’m expecting to see that integration in our next release.” Explained Alex Kochis. Else, users can click on a Web link to go online to learn more details about the exploit, how to disable and remove the exploit, fix the non-genuine issue and how to get genuine software.

The KB940510 update has been released on February 26, 2008.