• Windows 7 Wallpapers
• Vista Wallpapers
• Windows Wallpapers

Last month, Microsoft rolled out an update to its Windows Activation Technologies (WAT) platform in Windows 7. Everything you’ve read about KB971033 so far, including my report last week, has been based on what Microsoft said it was going to do; in my earlier coverage, I gathered information from blog posts, published privacy policies, a Knowledge Base article, and some one-on-one interviews. But can you really believe everything Microsoft tells you about its new Windows Activation Technologies update?

Now that the update has been publicly available for a few weeks, I’ve been able to dig into it and determine exactly what it does. You don’t have to take my word for it, either. You can download the same tools I used and check for yourself. (And don’t miss my post from yesterday, Confessions of a Windows 7 pirate, which takes a similarly detailed look at the pirates’ toolkit for cracking Windows activation.)

I tested on multiple PCs, running both x86 and x64 editions of Windows 7. To observe its activity, I collected traces using two tools:

* Process Monitor is the flagship utility from Sysinternals.com, originally developed by Mark Russinovich and Bryce Cogswell. (The company was purchased in 2006 by Microsoft. The Sysinternals utilities are currently hosted on Microsoft-run servers but are still maintained and regularly updated by Russinovich and Cogswell, both of whom are now Microsoft employees. ) I used the most recent release of Process Monitor, v2.8, to save a trace of all file, registry, and process activity associated with the installation and operation of the WAT Update.
* Wireshark is a free, open-source network protocol analyzer. I used version 1.2.6 with WinPcap version 4.1.1 to capture all network traffic while the WAT Update was running.

I installed the KB971033 update on multiple systems using both the downloaded version and the one delivered through Windows Update. I also uninstalled the update and observed what happened.

From a technical standpoint, I was able to confirm that the WAT update does what Microsoft says it does. I was not able to read the contents of the signed, encrypted packets going across the wire, but I did locate the stored information in the registry and compared it to Microsoft’s published privacy policy.