Microsoft Corp plans to severely curtail the ways in which people running pirated copies of its dominant Windows operating system can receive software updates, including security fixes.
The new authentication system, announced on Tuesday and due to arrive by midyear, will still allow people with pirated copies of Windows to obtain security fixes, but their options will be limited. The move allows Microsoft to use one of its sharpest weapons -- access to security patches that can prevent viruses, worms and other crippling attacks -- to thwart a costly and meddlesome piracy problem.
But some security experts said the crackdown also could increase Internet security problems in general, if there is a spike in unsecured computers open to attack, which then could be used to attack others.
David Lazar, a director of the effort, said Microsoft would monitor that potential problem closely. But the company actually considers its authentication requirement one possible way to boost Internet security -- countering the idea it may increase threats. That's because pirated copies of Windows could contain viruses or other security threats, he said.
Over the next few months, Microsoft will begin to more broadly adopt the program, called Windows Genuine Advantage, that urges users to provide proof their Windows copy is authentic before receiving some software updates.
By the middle of the year, the program will become mandatory for Windows users to get virtually all updates, including security fixes available through the company's Windows Update Web site.
But users who have pirated copies of Windows will be able to continue to get security fixes if they sign up to automatically receive security updates.
Russ Cooper, a senior scientist with Cybertrust Inc, said completely cutting off access to security fixes for pirated machines could cause a spike in malicious, Internet-based attacks.
He lauded Microsoft for mitigating that problem by continuing to allow all users to get the automatic updates, regardless of whether they're running pirated versions.
Still, Cooper said he expected Microsoft to eventually cut off that security update avenue for pirated copies. He said it may feel it has few other options as it tries to stop the millions of users who are running pirated copies of Windows.
The operating system is one of the company's major cash cows, and the move comes as Microsoft is moving aggressively into emerging markets where piracy is thought to be more common.
"The reality is that shareholders of Microsoft would like to see them get all the money they are owed," Cooper said.
Microsoft said the company has no current plans to require users running automatic updates to provide proof that their copies of Windows are genuine.
Lazar said piracy has cost the company "billions of dollars over the past 10 years," but he would not be more specific.
"Our desire is to enhance the value of genuine Windows, to create a differentiation [and] to add more value in the form of greater security and reliability," Lazar said.
Customers who visit the manual Windows Update site will be asked to prove that their copies of Windows are legitimate by allowing Microsoft's system to automatically run a check, or by providing a product identification number. Users who have lost that number will be asked three basic questions, and if they are deemed to be acting in good faith they will be given a free replacement key.