Another Vista Activation Crack Appears

[Mobo]

Buzz about a Windows Vista zero-day vulnerability is troubling enough (although probably overblown). Now, there appears to be a second product activation hack, this one designed to fool the activation timer into not counting down.
The activation hack is quite different from the first one, which involved setting up a Key Management Service server. Microsoft also released an update blocking hybrid testing/final Vista "Monster" code that could bypass product activation.
"Recently it has been reported that activation of Microsoft's Windows Vista operating system has been compromised," a Microsoft spokesperson said in a statement in response to a Microsoft Watch inquiry. "Microsoft is investigating this reported activation breach; however, there is no concrete evidence that this breach has been automated to the point that it is widely deployable."
The not "widely deployable" statement, while likely true, isn't denial of an actual activation breach.
I've read instructions, which I won't link to, and comments from people successfully trying the so-called Time Stopper hack; I haven't tested it and wouldn't because of possible security breach when applying a downloaded crack as part of the process. As the Microsoft spokesperson acknowledged, there are reports about the crack, which requires setting a computer's BIOS clock to 2099. The hack does work on 32-bit Windows Vista installations but not necessarily 64-bit versions. The process requires some other Windows changes and eventual clock reset from within Vista leading to a perpetual state of 30 days to activation.
With Vista, Microsoft introduced anti-piracy mechanism Software Protection Platform, or SPP, which supposedly raises the activation bar to a higher level. End users must activate within 30 days of installation or the software throttles back functionality. For enterprises purchasing through volume licensing, there is a reactivation required within every 180 days.
Clearly, crackers are taking on the challenge of circumventing the anti-piracy technology.
"Microsoft will take action against known hacks and workarounds and will utilize the Software Protection Platform technologies in Windows Vista in order to protect consumers from being defrauded by counterfeit versions and putting their systems at risk," said the Microsoft spokesperson.
Cracks introduce unnecessary security risk, as thwarted activation could undermine Automatic Update functionality. If the system fails to update on its own, cracked systems could become more vulnerable to unpatched Windows vulnerabilities. Users of hacked systems might also choose to turn off Automatic Update, leading to similar vulnerabilities. With the Monster Vista builds, Microsoft issued an update to disable product activation hacks. Microsoft could take similar action with the Time Stopper hack by way of Automatic Update.
A secondary security consideration is the cracking process itself, which in at least one iteration requires software download and installation. Hackers can use cracks like this one to infect the Windows installation with malware.
I agree with the Microsoft spokesperson who cautioned that "pirated software can install Trojans, spyware, or other malware, and some enable installation of Windows but leave the system vulnerable to take over of administrative rights so that it can be controlled or watched remotely."
During Windows development, I had several conversations with Microsoft executives about User Account Control (UAC) warnings, which were ridiculously numerous. The one I found perplexing: UAC warning for changing the time or date. While Microsoft throttled back the number of UAC pop-ups, the time and date warning remained.
The newest activation hack is a deliberate changing of the time, by the end user. Some malware also fiddles with the user clock.