Over the weekend we learned that the widely covered 'Vista Brute Force Keygen' turned out to be a hoax. It's nice that the originator has come forward and is encouraging everyone to buy and use genuine copies of Windows Vista.

As you can imagine we receive reports of hacks every week. Many turn out to be ineffective, but to determine that we review and investigate every report. One of the first questions we ask ourselves with each reported hack is 'does this represent a real risk to our customers?' As we learned with XP, counterfeit software can be quite risky to obtain and run.

The next question we ask is ‘can this be commercialized'? Some hacks are highly technical to implement and can require significant engineering on the part of the end user. These are obviously interesting to us and we do spend time looking closely at them. At the same time it's possible for a hack to be scaled and used by organized rings of counterfeit software traffickers to profit by exploiting innocent victims. Our priority is in evaluating against scalability and risk to our customers and working to help customers that might have been victimized.

I would also like to point out that people seem to get pretty excited at any reported possible hack. And while it's always fun to have the attention, having worked on these issues for several years I've learned that it can take a while to learn how real a reported hack is...or not (e.g. the Brute Moot Force attack).