Designed to put a halt on the "casual copying" of Microsoft software, the controversial Windows product activation system (WPA) has been continually refined for the imminent release of Windows XP, creating a loophole along the way.
When installing Windows XP, you're only required to give your country, while the fields to fill in personal details are optional. Behind the scenes however, XP does take a full audit of your hardware. The activation process creates a "unique" numeric identifier of a PC's hardware by looking at 10 different components. These include the serial number of the system volume, network interface card (NIC) and media access control (MAC) address, CD-ROM drive, CPU, hard drive, SCSI adaptor, graphics adaptor, IDE controller, processor model and the amount of RAM.
This identifier is then transmitted over the internet (or read out over the telephone) to Microsoft along with the 25 digit product key usually printed somewhere on the CD packaging. So while it is possible for more than one PC to generate the same number, the product key is what actually differentiates one PC from another. Microsoft insists there is no way for them to discover what hardware is installed in an individual PC because the code is generated using a "one-way mathematical transformation". Besides this, only a portion of the resultant code is actually transmitted to Microsoft assuring "complete anonymity".
After drawing heavy criticism from the many frequent hardware upgraders who feel they may be tagged as pirates, Microsoft have relaxed the routine meaning WPA won't trigger a challenge unless multiple components are changed within a short time period. Users now start with a clean slate every 120 days. In theory, you could install Windows XP on a second PC 120 days after the first one was activated and the duplicate alphanumeric identifier wouldn't be challenged. In terms of what hardware can actually be changed before WPA kicks in, it seems to revolve around the presence of a network card. Network cards all have a unique factory created "hardware" or "MAC" address. WPA can identify this and use it as a control sample. For instance, if the network card isn't replaced, at least six additional components would have to be changed before WPA requests a re-activation. If a network card is not present or changed, this figure drops to around three or four components.
The process is different when XP is factory-installed on a PC. In this situation it identifies the machine solely by looking at its BIOS.
