Cpx24.com CPM Program

Download is available to customers running genuine Microsoft Windows

My RSS feed just passed along news of a Critical Update for Windows XP. When I clicked the link, it took me to this page: Download details: Critical Update for Windows XP (KB887822). So far, perfectly normal. But then I saw a yellow box in the center of the page, with this text:

This download is available to customers running genuine Microsoft Windows. Please click Continue to begin Windows validation.

Windows Validation? First I've heard of this. I clicked the link and found another link to a Why Validate? page that sorta kinda explains what's going on.

This is separate and distinct from Windows Product Activation. So far, it's not a required step. You have to go through the validation screen, where you are prompted to install an ActiveX control on your computer. You can choose not to validate and still get the download.

It looks like this is the next step in Microsoft's anti-piracy program. The broader effort, called Windows Genuine Advantage, was very quietly announced last month. So quietly, in fact, that I missed this report from Microsoft Monitor:

Under the Windows Genuine program, Microsoft would require an extra step before users would be able to use the Download Center--that's assuming the program evolves as conceived. At Download Center, Microsoft provides updates to all its software. Users with product-activated Windows would go through a fairly seamless process to the Download Center, since Microsoft had already collected anonymous information associated with the operating system and hardware. Apparently, both mechanisms, activation and validation, would deposit an ActiveX control on the PC. Microsoft hasn't said whether Windows validation would be required to download its other products running on the operating system.

Users that had not activated--and that could be a whole bunch of people given that most PCs ship without need of the process--would have to go through an anonymous process to validate their copy of Windows, basically by the Certificate of Authenticity key. Once validated, users would have access to Download Center. If not validated, downloads would be restricted to critical updates.

Hmmm. I know a lot of people who are opposed to installing any ActiveX control, and it's hard to convince them to trust this one, no matter how many assurances of safety and anonymity you provide. I sympathize with the goal of stopping piracy, but it cannot interfere in any way with the goal of making security patches readily available for all versions of Windows.

I'll keep you posted as I learn more.

Update: I went through the validation process using Firefox. The validation routine required that I download and run a very small executable program - no ActiveX required. After the program ran, it popped up a small box with a seven-character alphanumeric code in it. I pasted that code into a matching box on the validation page and that was it.

I can't wait to read all the protests about how intrusive and offensive this process is. Wanna take bets on how many of the people screaming the loudest never actually go through this process?

http://www.edbott.com/weblog/