2

I downloaded Windows from Microsoft website. Then I type in (or paste) a product key that I bought from an unofficial seller to activate Windows. Can that lead to any security issues?

  • 4
    I would tend to say no. The product key itself is never executed or otherwise able to execute malicious behavior. However, when you buy from an "unofficial reseller", it's possible that the same key is sold multiple times. If Microsoft sees that one key is used for hundreds of activations all across the globe, that key might get blocked, leaving you with nothing. –  Jan 29 '20 at 10:26
  • 2
    Theoretically if you just copy a block of text that they give you it could trigger a buffer overflow in whatever verification code is run when you paste it into the product key textbox. – user Jan 29 '20 at 18:25

2 Answers2

4

No, the product key has nothing to do with the security part of the OS.

If you do not activate a Windows 10 copy, the only practical inconvenient is that you cannot make desktop-related background customization. Everything else work exactly the same.

As for a key brought at a discount, it may very well work and let you activate and use your product on unlimited time or stop working later. In both cases, there no influence on the security part.

But that being said, you should note that owning a product key that works does not mean your software is licensed. The fact that MS does not care is another matter.

Overmind
  • 8,779
  • 3
  • 19
  • 28
1

It might be illegal, you might (in the Windows license) agree to pay a fine if you enter an invalid product key and be legally held to that, or it might seem to work but later be deactivated if it turned out to be illegitimate, but harming your computer in terms of viruses: not really. There is a super small chance that someone found a buffer overflow vulnerability (or something similar) in the key validator, but I would say that risk is negligible, especially if the key looks normal and is not longer than the key field was designed to hold.

Luc
  • 31,973
  • 8
  • 71
  • 135
  • 2
    Can you please show where in the EULA the user agrees to pay a fine for entering an invalid key? Because I could accidentally type `S` instead of `5` and don't think Microsoft has the legal authority to ask money from me for that. –  Jan 29 '20 at 12:58
  • 1
    There is no such thing in the EULA. – Overmind Jan 29 '20 at 13:35
  • 1
    @ overmind & @ mechmk1: Indeed there isn't, I said there might. They might put it in tomorrow, I don't know. Heck, I'm not a lawyer, in some jurisdictions I can't legally advise anyone on what the consequences of this might or might not be, including monetary repercussions. What OP is asking is what might happen when entering random license keys into software and I'm answering the general question. – Luc Jan 29 '20 at 13:51