Forgot your password?
typodupeerror

Microsoft Misrepresenting WGA's Functionality? 458

Posted by Zonk
from the first-time-for-everything dept.
Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."
This discussion has been archived. No new comments can be posted.

Microsoft Misrepresenting WGA's Functionality?

Comments Filter:
  • Un-American (Score:3, Funny)

    by Anonymous Coward on Sunday June 11, 2006 @06:34PM (#15514041)
    This is a very UnAmerican story. We know that [shelleytherepublican.com]

    "P.J.": Runs the pro-Linux hate-site "Groklaw". His true identity is a secret, known only to the inner-circle of Linux hackers. His contributions to the Linux computer program are also a secret.
    .

    We also know that Linux is a European consipracy to attack our computers [shelleytherepublican.com].

    This story was probably planted by GOOGLE [shelleytherepublican.com], the America-hating empire.

    Bill Gates is a true patriot who has spread the American Way of Freedom and Capitalism around the world, and he is clearly far cleverer than this mysterious "P" "J". Friends, don't let the democ-rat lies stop you from getting the facts ;-)
  • by pawstar (930281) on Sunday June 11, 2006 @06:39PM (#15514051)
    And what can us consumers do about it? If we refuse it, we don't get updates. This is punishing us the legit users, while pirates will still be laughing at M$'s latest attempt at stamping them out!
    • by FudRucker (866063) on Sunday June 11, 2006 @06:41PM (#15514057)
      RE:"And what can us consumers do about it?"

      swich to something better, nobody is forceing you to use microsoft's product http://linux.com/ [linux.com]
      • Re:Better... (Score:5, Insightful)

        by hackwrench (573697) <hackwrench@hotmail.com> on Sunday June 11, 2006 @07:47PM (#15514261) Homepage Journal
        I wish people would quit acting as if anything was unqualifiably better. Life consists of trade-offs but to hear some people talk, life would just be a bowl of cherries if one were to just do this or that... Sheesh... Yes, Linux is better in some ways, but there's that trade-off thing at work there.
        • Trade-offs (Score:3, Funny)

          by soloport (312487)
          but there's that trade-off thing at work there.

          Real sorry games means so much.

          Otherwise, you're there, right? I understand. ;-)
          • Re:Trade-offs (Score:3, Informative)

            by iamdrscience (541136)
            It's not just games, I don't play any games and I find Linux totally unsuitable for use on my desktop (unfortunately). Many of the programs I use do not have linux versions nor comparable open source programs.
            • Adobe Photoshop - There are people running this with Wine, but I'd have to spend the time configuring it. If this were the only program I needed, I would consider switching. Gimp doesn't cut it BTW.
            • Adobe Illustrator - I've heard of people running this with Wine with not particularly great results.
            • Re:Trade-offs (Score:3, Insightful)

              by Korgan (101803)
              A while ago Adobe started a survey asking whether people wanted a Linux port of their mainstream applications (Photoshop/Flash/Illustrator and so on.)

              I suggest you get in touch with Adobe and see if they have released or actioned on any of the results of that survey. There might even still be the opportunity to participate in it.

              I think Adobe's (and most other dev houses) biggest issue right now is that they don't think there are enough people to justify porting their applications. If enough existing users
            • Re:Trade-offs (Score:5, Interesting)

              by Eivind (15695) <eivindorama@gmail.com> on Monday June 12, 2006 @02:07AM (#15515372) Homepage
              Sure there are programs only for Windows for which there's no exact linux replica.

              The same is true the other way though. I'm currently for practical reasons running Windows on my laptop (because current employer runs that, and it just ends up being easier overall getting the job done.)

              Privately, it drives me nuts, I regret not having made the thing dualboot.

              There's no Kphotoalbum, picasa is available from Google, and tries to solve sorta the same problem, but frankly it doesn't measure up. It has lots more eyecandy but much less funcionality. I'm not aware of any other sub-$1000 program even playing in the same ballpark.

              Mail clients is a hassle. Thunderbird is barely acceptable, yet fails to manage a lot of stuff I've been taking for granted for years. Simple stuff that mutt, pine and kmail all manage. Yes, it's possible it can be convinced to do something similar, but atleast it's not equally trivial.

              Development-tools all have to be installed manually. And they tend to be more opaque than I'm used to. When they fail, they do so with much less information that migth help. Frequently the best advice amounts to "reinstall".

              One can install CygWin, but the tools under cygwin are a lot less polished than under a real *nix.

        • Re:Better... (Score:5, Insightful)

          by killjoe (766577) on Sunday June 11, 2006 @10:31PM (#15514788)
          Yes. You trade off some functionality and eye candy for freedom. Any takers?
    • by mattyrobinson69 (751521) on Sunday June 11, 2006 @06:50PM (#15514085)
      install it
      disconnect from the internet
      open task manager
      kill the process 'wgatray'
      rename the file c:\windows\system32\wgatray.exe to something else (wgatray.exe.bastard, for example)

      There is also a file called wga.dll, or similar, but i didn't do anything with that, if anybody could shed some light on that, it'd be nice. I did the above on a machine that was wrongly reporting as 'pirated', and it worked fine.
      • by Frenchman113 (893369) on Sunday June 11, 2006 @07:35PM (#15514220) Homepage
        This "genuine advantage" notifier is remarkably easy to disable. Here's a link that documents numerous ways to defeat it. http://labnol.blogspot.com/2006/04/workarounds-to- disable-non-genuine.html [blogspot.com]
      • Isn't there a url we can add to our hosts file to block the phone-home call?

        Or an IP address?

        This shouldn't be that hard.
        • by peragrin (659227) on Sunday June 11, 2006 @08:14PM (#15514354)
          no MSFT bypasses windows hosts file when calling home. This is known. On one side it's a good thing, as windows update will always point to a MSFT based server allowing for clean updates. (can you imagine the problems if every infected windows machine couldn't get a patch)

          On the other side is that MSFT could solve a lot of their problems just be creating an easy, basic way to enforce security. Unix did that years ago on Unix you have basic file system level defaults seperating users. Then you can use other programs to create an ultra fine grained control.

          Under Windows all you have is a very complicated fine grain control system that a massive percentage of the apps break if you use it.

          Kill off Active X and add a simple yet effective file seperating on the Filesystem layer and the majority of windows viruses problem will vanish. It won't solve all things. it won't solve stupid users installing things they shouldn't, but It would stop most of those problems instantly.

          It's also the one thing MSFT won't do. Not even with Vista. They are keeping activeX and while they are trying to use their fine grained permissions control as a basic level they are finding that it doesn't work well. (just look at all the reviews on the vista Beta, 7 steps to delete an icon?)
          • It's also the one thing MSFT won't do. Not even with Vista. They are keeping activeX and while they are trying to use their fine grained permissions control as a basic level they are finding that it doesn't work well. (just look at all the reviews on the vista Beta, 7 steps to delete an icon?)


            This is already outdated information and partially incorrect. ActiveX is severly disabled and limited even in WindowsXP at this point. To install an ActiveX control after SP2 takes the user to approve it, and that is
          • Kill off Active X and add a simple yet effective file seperating on the Filesystem layer and the majority of windows viruses problem will vanish.

            Statements like this indicate that you don't undersand how viruses work. A virus can do plenty of damage running as a normal user. Your home directory is probably far harder to replace than the rest of your OS, but no special privileges are required to wipe it out. You don't need root to become a spam zombie, to install extensions or plugins in Firefox, or to steal
      • by zcat_NZ (267672) <zcat@wired.net.nz> on Sunday June 11, 2006 @07:52PM (#15514274) Homepage
        There's many ways to get rid of WGA. Here are the two easiest;

        Option one:
        Start in safe mode and find the file /WINDOWS/System32/WgaLogon.dll. Edit the
        file properties and remove the execute and write permissions for all users
        including System. The daily checkin and the WGA System Tray tool are both
        started from this DLL so making it non-executable kills the whole WGA
        Notification system. Making it read-only stops windows update from 'repairing
        it' and installing future versions.

        Option two:
        Download and burn Ubuntu Dapper Drake or order a FREE CD from
        shipit.ubuntu.com (downloading is quicker). Back up your important documents and
        completely replace Windows.

        Personally I chose option two many years ago, but I continue to watch Microsoft's antics with a degree of detatched amusement.

    • Why punish legit users in the "battle" to "stamp out piracy"?

      Because they're Microsoft. Because they can. Because they know that the majority of users are complacent and will continue to pay for Windows either way.

      If you don't like it, stop giving them your money.
    • by thrillseeker (518224) on Sunday June 11, 2006 @08:21PM (#15514374)
      Why punish legit users?

      Because Microsoft has never been punished for doing so.

  • Somewhat obvious. (Score:5, Informative)

    by Transcendent (204992) on Sunday June 11, 2006 @06:40PM (#15514054)
    I gave it some thought before I installed it earlier. I knew all it did was report to MS that I had a legal copy of Windows, but the bad part about it was that it seemed I had to install it before I could download any other critical updates.

    It's a damned-if-you-do and damned-if-you-don't situation...
    • And it doesn't work for it's stated intended purpose, either... (Or so a friend of mine told me!)
      • Re:Somewhat obvious. (Score:2, Informative)

        by Kasis (918962)
        Although I do own various versions of XP it's simply more convenient for me to use pirate copies.

        I had no problem with Windows Update, just used a well-publicised trick to gain entry and then told it not to install WGA and not to mention it to me again (there's a check-box for that purpose).
    • Re:Somewhat obvious. (Score:4, Interesting)

      by WhyCause (179039) on Sunday June 11, 2006 @07:47PM (#15514263)
      It's not entirely true that you have to install it.

      If you choose the 'Expert' installation option, you have the option of not installing the WGA update, Windows Update then asks if you'd like to turn off notification of that particular update.

      That is, of course, what I did.

      Of course, for all I know, WU goes ahead and installs it anyway.
  • by Anonymous Coward
    I don't know why this is even an issue these days. People, do yourselves a favor! Stay away from Microsoft!

    For most needs, Linux, Mac OS X, Solaris, and BSD are more than suitable. And far cheaper!

    If you depend on software that only runs on Windows, petition the developers to create a Linux/Solaris/BSD/Mac OS X edition, or a port to those platforms. Say straight out that you do not want to use Windows, but you do want to use their software. Give them an alternative they can contemplate.

    There is no need to b
  • That's interesting (Score:4, Interesting)

    by Poromenos1 (830658) on Sunday June 11, 2006 @06:42PM (#15514062) Homepage
    I had never thought of that. I just assumed that it's within a company's power to give people updates to ensure they've paid for the software, but come to think of it, the ones who have paid for it shouldn't have to put up with anything they don't want to, and the ones that haven't, well, they're probably not going to.
  • by plasmacutter (901737) on Sunday June 11, 2006 @06:44PM (#15514066)
    well?... last time some software package was reported doing this it was labelled spyware and the company was prosecuted..
  • huh (Score:4, Insightful)

    by Anonymous Coward on Sunday June 11, 2006 @06:44PM (#15514068)
    do we really need a play-by-play commentary of some jackass installing an update? 17 pages of ads and shit.
    • Re:huh (Score:5, Insightful)

      by BrynM (217883) * on Sunday June 11, 2006 @06:58PM (#15514107) Homepage Journal
      do we really need a play-by-play commentary of some jackass installing an update? 17 pages of ads and shit.
      Agreed. I won't even read content from ZDNet at all anymore. 17 pages is insane (thanks for letting me know how many I avoided). Even with blocking the ads and repaginating the article into one page, ZDNet assumes that the format is acceptable to users because the article generates hits. They won't change it when they think "it's still working". I've tried to complain to them as a (now former) print customer of their periodicals for years and a web user. They don't respond, so I assume they don't care. Calling them just leads to the phone-forward-runaround of "I'll connect you to...". They used to be a good company with good content, but now they are just ad whores (like most consumer computing sites - TOM!). /rant
      • Haha...
        I'm laughing, of course, at this:

        17 pages is insane (thanks for letting me know how many I avoided). Even with blocking the ads ...

        You must be new to this Interweb thing if you still think 17 pages is impressive [tomshardware.com]
        • by BrynM (217883) *
          You must be new to this Interweb thing if you still think 17 pages is impressive (link to tomshardware)
          Not impressive, but I'm still quite happy to avoid the click madness. I say again: "They used to be a good company with good content, but now they are just ad whores (like most consumer computing sites - TOM!). /rant"
      • Well, I don't know what to do about the 17 pages, but you can get rid of the adverts easily enough.

        http://blogs.zdnet.com/BTL/wp-mobile.php?page_id=3 170 [zdnet.com]

        The "wp-mobile.php" page gives you the PDA version, which means no ads.
    • Looking at the article, my innitial reaction was, "So THAT'S what windows looks like nowadays!". Of course, adblock had already taken care of the popups, banner ads, and .js stats collectors. Had the play-by-play not been there, I would have never known what XP looked like. Rather informative

      BBH
    • by Amouth (879122)
      yea,, when they said screen shots of how bad it could be i thought they had shots of it disabeling the computer or something.. that was normal update shit.. hardly news worthy.. now i would like to see what it does when it finds that the computer isn't legt
  • by Anonymous Coward on Sunday June 11, 2006 @06:46PM (#15514074)

    the question is when are the anti-malware community going to step up to the plate and provide protection from this software

    the fact its made by Microsoft should be irellavent, just analyse the behaviour of the application and judge it on that

    communicates unique information at any time to an American based advertising company (msn anybody?) with you the user having no idea of what data and what the implications are of giving this company that data

    can your business really risk an application like this on your systems ? are you prepared for the consequences of letting this program run unchallenged inside your companies infrastructure ?

  • by Digital Vomit (891734) on Sunday June 11, 2006 @06:49PM (#15514080) Homepage Journal

    If you want to be able to disable the Genuine Windows Advantage Add-on for IE (accessible via Tools|Manage Add-ons... in IE), you might be surprised (or not) to see that Microsoft will not let you do so. It gives you some sort of stupid "disabled by Administrator" message, even when you're logged on as Administrator (I guess MS thinks it's the administrator for your computer).

    To enable the radio button that allows you to disable this worthless add-on, follow these instructions I found:

    1. Open Group Policy Editor (gpedit.msc) go to User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management.
    2. Double click Add-on List and select enabled.
    3. Click on Show then on Add.
    4. In enter name put {17492023-C23A-453E-A040-C7C580BBF700} .
    5. In enter value put 2.
    6. OK, Apply, OK.
    7. Now you can disable/enable the add-on.
    • by Digital Vomit (891734) on Sunday June 11, 2006 @06:52PM (#15514092) Homepage Journal

      How to bypass and disable the Genuine Windows Validation Check (from http://www.mydigitallife.info/2006/03/07/bypass-an d-disable-genuine-windows-validation-check/ [mydigitallife.info]):

      1. Open Windows Explorer by clicking Start -> All Programs -> Accessories -> Windows Explorer.
      2. Browse to C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data folder.
      3. Delete (or backup or move to another folder, if you want) data.dat file.
      4. Create a new empty data.dat: You can create a new text file by (make sure you are at the right folder at above) clicking File -> New -> Text Document or right clicking on Windows Explorer window then click New -> Text Document. Then, either rename the file to data.dat. The original .txt extention of the text file need to be changed too. You can disable the hiding of extension of known file types, or follow the following steps to create a new file out of the text file:
        • Open the text document you just created.
        • Click on File -> Save As.
        • Change the Save as type to "All Files".
        • In the File name, type data.dat
        • Click Save.
        • Go back to the Windows Explorer, at folder C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data, check that data.dat exists.
        • Delete the text file you created previously.
      5. Set the attributes of data.dat to Hidden and Read-Only. Attributes can be set by right click on the data.dat file, and then click on Properties.
      6. Windows Genuine Advantage (WGA) validation check has been disabled.

      Note: The data.dat that are replacing the original data.dat can be blank text file or empty, or you may type whatever you want there.

      With this hack (or crack if you want), Windows WGA piracy check will be bypassed and you can now download software from Download Center or apply updates from Microsoft/Windows Updates.

    • Now, I have one purely academic question related to this.

      Can it work on reverse?

      In other words, suppose we have a piece of spyware that installs itself as an IE extension. Can it mark itself to have same sort of "stickiness" as the WGA add-on?

      If so, it might be a bit of a headache for spyware-cleaner types...

      And a practical corollary to that academic question, and a follow-up to your instructions: Exactly how long before there will be a tool that allows you to nuke an IE extension from the orbit, no

    • That, OR (Score:5, Informative)

      by mobby_6kl (668092) on Sunday June 11, 2006 @07:11PM (#15514155)
      That method sounds good for widescale, corporate deployment, but here's a simpler method:
      • Use Autoruns [sysinternals.com] (everybody should have it already) to disable wgalogon.exe on the winlogon page.
    • If you want to be able to disable the Genuine Windows Advantage Add-on for IE (accessible via Tools|Manage Add-ons... in IE), you might be surprised (or not) to see that Microsoft will not let you do so.

      Don't worry just yet, we're still in the good times. I mean, you can at least SEE it's there, and you can't turn it off.

      In Vista, it'll be a part of the core OS and completely invisible. And we all know we're getting Vista sooner or later (if we depend on Windows software).
  • by Vegeta99 (219501) <rjlynn@@@gmail...com> on Sunday June 11, 2006 @06:49PM (#15514081)
    That stupid icon has been bitching at me to install the new WGA Tool for days now. Considering I ALREADY installed it and verified my installation, I figured the reboot wasn't worth it and have not installed it yet. Guess that was a good thing.

    Why would I need to re-verify my installation anyway?
  • "Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed"
    It's SkyNet!!! It must be destroyed! Death to Microsoft!
    • by iluvcapra (782887) on Sunday June 11, 2006 @08:03PM (#15514307)

      A Critical Security Vulnerability has been reported for all x86-platform PCs.

      Short description: By retailing a piece of software called an "Operating System" to a computer user, and then using social engineering to promote the installation of this software, a so-called "Operating System Vendor" may be able to execute ARBITRARY CODE on a user's computer.

      Severity:
      Severe. The exploit allows an entity to execute arbitrary code on a machine so compromised.
      Challenge Vector:
      Remote or local installation of components, either onto a pre-existing Operating System or onto an otherwise bare x86 PC.
      Mechanism:
      A package of executable software, called an "Operating System" is distributed by "Operating System Vendors." These Operating Systems have declared purposes which they fufill with wildly-varied results. These operating systems posess code which may not be fully understood by the user, often these Operating Systems enforce systems of privilege and resource maganement which place the Operating System in a position of "arbitrating" between the PC hardware platform and the user. When the Operating System has been so installed, it is capable of executing arbitrary code on the host system.
  • by Donniedarkness (895066) <Donniedarkness@NoSPaM.gmail.com> on Sunday June 11, 2006 @06:51PM (#15514086) Homepage
    ...why they have to install a piece of software to determine whether your copy of Windows is legit or not. Why not just run a check online when you're doing updates? There's GOTTA be more to this...
  • by Anonymous Coward on Sunday June 11, 2006 @06:52PM (#15514089)

    Since Windows is sending information home, and the user has no control over that messaging with regard to timing or content, it seems to me HIPAA-compliant systems (and other systems requiring security) cannot be built on Windows.

    What an opportunity for the open source world!

  • by ehaggis (879721) on Sunday June 11, 2006 @07:01PM (#15514119) Homepage Journal
    Non-admins may get the euphemistic warning of possessing pilferred software,
    http://forums.microsoft.com/Genuine/ShowPost.aspx? PostID=370244&SiteID=25/ [microsoft.com]
    Notice the MS solution, delete this, open up all permissions on that (good idea?), read, write, execute, delete for everyone! Or pay-up to get your copy of MS Winders to shut up.

    Nothing like family (non-admins) and employees (non-admins) thinking they have purloined software. Isn't an unfounded accusation called, "Libel" http://dictionary.reference.com/search?q=Libel/ [reference.com]?

    (My SuSE never accuses me with false accusations.)

  • WGA virus? (Score:2, Interesting)

    by Sathias (884801)
    Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update.

    If this is true then it is only a matter of time before someone hacks it and uses it to write some malware which only damages people who own a genuine copy of Windows. Surely Microsoft can't be *that* stupid?
  • index.dat, anyone? (Score:2, Interesting)

    by Crazyscottie (947072)
    Does anyone remember those annoying little "undeletable" index.dat files that Windows keeps for no apparent reason? Ya know, the ones that log each and every website you've ever visited [acesoft.net] ? Call me a conspiracy theorist, but with the NSA's recent actions, I think Microsoft would see this as the perfect opportunity to start sending those directly to Big Brother on a daily basis.
  • by suv4x4 (956391) on Sunday June 11, 2006 @07:20PM (#15514175)
    When I read this, I thought, this has GOT to be a joke:

    Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update.

    Where did WGA come from? Auto Updates. What does Auto Updates do? Downloads executable code and makes it a part of your Windows OS.

    "Shocking facts" like those really put Slashdot editors low in my eyes.
    • by zoney_ie (740061) on Sunday June 11, 2006 @08:14PM (#15514356)
      I don't use auto updates, so at least in theory, Microsoft can't do such a thing to me at present.

      However, if I install this, I have no choice (leaving hacking it aside) but to give Microsoft that capability. It is not removable (through ordinary means), and allows Microsoft access to your machine in an even less transparent way than fully automatic updates.

      This is definitely a large step beyond automatic updates, and is far more sinister.
  • by Anonymous Coward
    It's simple. Just use Autopatcher. They make compilations every month with all of the updates and other tools and tweaks, without having to deal with Microsoft's FUD-ridden update process.

    http://www.autopatcher.com/ [autopatcher.com]

    By the way, Autopatcher will update pirated copies, for better or for worse...
  • That the state of New York (and any other jusridiction with similar laws) slaps Microsoft with the same sort of anti-spyware case that they did to Sony.
  • by Ucklak (755284)
    Microsoft treat all it's customers like they're thieves.
    There are countless stories of medium businesses on some sort of SA plan or volume licensing where if the business doesn't pony up on whatever MS has to offer, the sales person gets irate and makes the business owner think they are out of compliance and need to have the BSA investigate how many licenses are in use.

    This is taking it to the home level where:
    A) People in the know will know how to bypass it
    B) Standard consumer doesn't need to worry about
  • ... we can't trust Microsoft for any reason for anything they do.

    So is there some freely available update system that does the same thing as Microsoft's Windows update? Preferably one that SysAdmins can distribute at time of login? No good sysadmin would trust Microsoft's updates on their business network anyway. All updates and patches and such need to be cleared before deployment to the masses just in case it breaks something critical to the business. (Imagine if by some human mistake, a Microsoft pat
  • by Animats (122034) on Sunday June 11, 2006 @07:38PM (#15514224) Homepage
    I'm still running Windows 2000 on the Windows machine. I have the latest version of OpenOffice, the latest Firefox, the latest Blender, etc. and they all run fine, which is what matters. And I don't have to put up with whatever new stupid thing Microsoft does on XP, where your machine is a slave to Redmond.

    Letting the vendor have a backdoor into your machine is really risky. If you're in a financial institution, is the vendor bonded? If you're a healthcare provider, is the vendor HIPPA compliant? If you're in a law firm, are any of your clients competitors of Microsoft? You have no contractual guarantee that somebody at Microsoft, or elsewhere, isn't using that backdoor in some interesting way.

  • users of pirated copies of windows cannot even upgrade to SP1 or SP2. So they won't get genuine advantage either.

    In other words:

    Pirated windows will remain pirated AND insecure.
    Legit windows will remain legit AND spied on.

    The lesson (for those who still have blind faith in Microsoft): Microsoft doesn't give a SH*T about security or the welfare of the internet. They're only greedy bastards.
    • Becase people pirating windows will not download an image with sp2 intergrated.

      And even if they stat out at XP SP0 which is unlikely, like SP1 and SP2 are not available to download anyway.

      Er, please try to make sense in future.

    • pirated copies can easily be upgraded to SP2, what rock have you been living under? Only copies using that one well known key cannot be upgraded to SP2, but install any other non-legit key on them and they can easily be upgraded to SP2. There are even great generators out there that will spend time generating keys and testing them to see if they'll pass to be used.
  • Imagine people finding their windows 'disabled' at start of the workday because their copy was misidentified as 'ingenuine'. Imagine this happening right prior to an important presentation. Imagine a few hundred thousand dollars in deals lost.

    Imagine people in suits. Imagine briefcases, papers, signatures. Imagine a new class action lawsuit ...
  • by Ada_Rules (260218) on Sunday June 11, 2006 @07:47PM (#15514260) Homepage Journal
    A few weeks ago, one of my computers started claiming it was a pirated version of windows. Seemed odd since it is more than a year old and has been claiming it was a valid copy all of this time.

    I poked around trying to figure out what was wrong.. Didn't see anything. I clicked the "get legal" or whatever it says button at login but nothing ever happened. I eventually remembered that this particular computer had locked up on reboot the week before on a Tuesday and thought perhaps it had something to do with the latest updates from MS. I uninstalled the last few updates I could find. Rebooted, reinstalled them and eventually everything came back to normal and no more complaints about an illegal copy.

    I hope this never happens to aunt Tilly. I wonder when XP will really be ready for the desktop.

    • by pimpimpim (811140) on Sunday June 11, 2006 @08:42PM (#15514425)
      I hope this never happens to aunt Tilly. I wonder when XP will really be ready for the desktop.

      And if it happens to aunt Tilly, you'll be the one spending part of your free time to fix it. Is this taken into account for in the Total Cost of Ownership studies of Microsoft? XP is not ready for the desktop. From windows 98 it "advanced/regressed" to something that has less direct stability issues is more complicated to maintain as a whole. Furthermore it has lots of amazingly distracting features, just these pop-up balloons that mention if a network cable is plugged/unplugged, an upgrade should be installed or whatever. Most non-tech people I know really start panicking when these things occur. Actually a friend told me once that out of nothing she got a pop-up saying that an update had been installed, and the computer needed to be rebooted. I tried to find out afterwards what it could have been, it might have been a malicious website, program, or something legitimate. Normal "desktop users" have lots of troubles handling all this crap, and even the techies have.

      I don't own OS X, but from what I've seen of it it's probably the closest to "OS ready for the desktop" as you can get. The most elegant thing of it all is how you can combine easy and consistent GUI interfaces with command lines for solutions that need more coding. Genious!

  • MS's defines spyware (Score:4, Interesting)

    by OmegaBlac (752432) on Sunday June 11, 2006 @08:09PM (#15514333)
    Seen in the groklaw comments thread: Microsoft's definition of spyware:
    spyware Software that can display advertisements (such as pop-up ads), collect information about you, or change settings on your computer, generally without appropriately obtaining your consent.
    Pop-ups ads? That pop-up bubble is annoying and is just as bad. Check.
    Collects info about user? Collecting info about my hardware and my installation without my consent is close enough. Check.
    Change settings on my computer? You cannot remove it without some hack. Check.
    Doing all this without "appropriately obtaining your consent"? Hell yes check.
    WGA is spyware by Microsoft's own definition.
  • by Spiked_Three (626260) on Sunday June 11, 2006 @08:11PM (#15514340)
    One thing I will credit Microsoft for, is I do not know ANYONE legitimate or not, where windows stopped running because of verification failure.

    In 2 personal cases, other products I paid a lot of good money for stopped. First Norton anti virus, after a hard drive failure would not validate and refused to run on the new hard drive.

    And second the most evil spy ware in the universe - steam - tells me I have a banned CD key - I'm sitting here looking at a CD, a box, a manual, and a receipt for $50 and I have never given a copy of anything to anybody - and they call me a crook and ban me - I swear if I ever get the opportunity I will do physical harm to someone who is responsible for steam. Then their joke of tech support says they cant offer any help since i have a banned key. Don't cross my path in a dark alley, i'll ban your head from your shoulders, thiefs.
  • Bypass WGA (Score:3, Informative)

    by DrIdiot (816113) on Sunday June 11, 2006 @08:20PM (#15514370)
    I just bypass it. How to bypass WGA [aviransplace.com]
  • by Jackie_Chan_Fan (730745) on Sunday June 11, 2006 @08:56PM (#15514471)
    I reinstalled XP recently and my Key decided to "run out of activations" so i had to call up MS. I was furious...

    I contemplated installing the various coporate versions and hacked Pro versions that i have on back up just out of spite.

    But instead i called up MS went through their automated crap which is a nightmare in stupidity. After it finished it told me "I can not activate my key and to hold on to for an operator"

    YAY.

    So i get to the operator... I give her the code, she gives me a new key... all is solved...

    Not so fast...

    I go to install updates... and WGA must be installed first...

    OK lets do it...

    ERROR.. UNKNOWN ERROR.

    What?! What the fuck?

    I call MS tech support...

    The guy is completely useless and puts me through to a smarter tech...

    As i'm waiting for brainiac to pick up, i discover that by default windows XP installs IE with "Custom" security settings which does not allow WGA to install.

    So lets recap. WGA wont install automatically on a default XP install because IE is set to custom security rather than "Medium"

    Oh the stupid headache...

    So i figure it out while waiting and then the guy picks up cause i'm a nice guy i waited to tell him what the problem was...

    I tell him and i hang up.

    WGA is not only a pain in the ass for legal users... the activation itself in windows is down right stupid. I have to call MS everytime i want to reinstall now.

    Which is what? every month?

    I made an image of the boot drive install instead. No thanks MS.

    Its just too much. I dont care about MS's bottom line, i care about the dollars i spent and its a headache. Too much is too much and that too much was WGA itself.

    I have the coporate and hacked WGA versions, I know how to reg hack the WGA dll out and kill access to it and bypass the windows update...

    BUT I also OWN my windows... I tried to do the right thing and in the end, yeah it works but it was a big fuckign headache that i'm not willing to deal with any more. Things are only going to get worse as DRM and every other attempt made at taking control of your computer is made by these companies.

    I like for it to be known that its just as easy to run the hacked versions with less of a headache... I was on the verge of doing it out of spite...

    I only wanted to know why my Key wasnt working and why WGA was not allowing me to update cause i was angry... Thats the only reason i am running my legit copy of XP now.

    I'd gladly explore other options next time if it means saving my time and my sanity.
  • by grotgrot (451123) on Sunday June 11, 2006 @08:59PM (#15514485)
    After installing Office 2007 beta, I couldn't get it to activate. I did some tracing with Ethereal and found that an https connection was made to Microsoft servers and a blob of data sent. Microsoft servers don't respond and 60 seconds later the connection is closed. After installing WGA, the Office 2007 activation worked fine.

    In case anyone is curious, these are the benefits Microsoft claims if you use WGA: http://go.microsoft.com/fwlink/?linkid=39157 [microsoft.com]

    What is really funny is that if you click Validate Now on that page and you are using Firefox, it wants to install a plugin for Firefox. Yes, Microsoft has written a plugin for Firefox!
  • WGA (Score:3, Interesting)

    by mikeboone (163222) on Sunday June 11, 2006 @09:00PM (#15514488) Homepage Journal
    Ed Foster blogged about the EULA [gripe2ed.com] a while back. Strange that the software needs a unique EULA at all.

    What I can't figure out is why MS needs to monitor the legitimacy of your copy of Windows XP in real time. Is a valid copy suddenly going to become illegitimate for some obscure reason?
    • Re:WGA (Score:3, Interesting)

      by karmatic (776420)
      Actually, yes.

      Got this little gem from my companie's Microsoft rep. There are a variety of "leasing" options available, where a) your volume license expires after so long, or b) you get MS product ala carte (i.e. SQL server for $X/mo, and can scale up as needed - targeted at hosting providers ).

      This will allow them to deactivate these machines remotely, even if the user plays games with the clock. The rep also made it sound like there were plans to eventually add support for other Microsoft apps (Office,
  • by Joe U (443617) on Sunday June 11, 2006 @09:52PM (#15514674) Homepage Journal
    I noticed that everytime wgatray.exe is run, it's making a quick call out to MS to check for updates. It's not alot of bandwidth, but I imagine it's a special server at MS that is doing the checking.

    Now, if, for example, someone were to write a simple program that called wgatray.exe in an infinite loop and had a few hundred thousand people running it, then Microsoft would wind up on the end of a DoS attack. What would happen if the wga server was down? Would Windows stop working?

    (When I say simple, I mean simple, as in a 2 line batch file, didn't Microsoft think this through?)
    tray.bat
    -----------
    wgatray.exe
    tray.bat

    • Now, if, for example, someone were to write a simple program that called wgatray.exe in an infinite loop and had a few hundred thousand people running it, then Microsoft would wind up on the end of a DoS attack.

      The particularly amusing part about this would be the following: as I understand things, Microsoft has failed to report to the end user that this piece of software phones home. This means that if a user ran the program a million times in a row, they could plausibly claim that they had no way of kno

  • by chicago_scott (458445) on Sunday June 11, 2006 @10:10PM (#15514737) Journal
    Just because some piece of software wants to do something doesn't mean you have let it.

    Why not just block it with a firewall? According ZonaAlarm the IP that WGA connects to is (or maybe *was*) 64.4.52.189

    From WikiPedia:

    Windows Genuine Advantage Notifications and Firewalls

    Some personal firewalls, though not the basic one in Windows, may alert on the method by which wgatray.exe is started, in the case of Outpost firewall, it is identified as a "hidden process". The wgatray.exe process itself can be firewall blocked, without apparent problems. Removing the reference to WGALOGON.DLL using HijackThis appears to effectively de-install this update, to the point where it will be offered again if it has not been marked "do not show".

    And I'm sure there are a dozen other ways to avoid the WGA.
  • windos like games (Score:3, Interesting)

    by Tom (822) on Monday June 12, 2006 @04:14AM (#15515582) Homepage Journal
    For many years now, it has been more convenient and hassle-free to run cracked versions of games, even if you did buy the original (I know I downloaded quite a few no-CD cracks for games I had bought in the store).

    Looks like windos will be next in line for that attitude.

    Oh yeah - last I checked, the whole multi-million dollar copyprotection software did exactly zilch for the level of illegal copying in the games world...
  • Virtualization? (Score:4, Interesting)

    by Balthisar (649688) on Monday June 12, 2006 @06:56AM (#15515885) Homepage
    I have several, legal licenses to XP. Yet, I *always* use a borrowed, corporate serial number. Why? No activation. Why do I care? Aside from the principals involved, my XPs always run in virtual environments -- VirtualPC, VMWare Workstation, and of late Parallels Workstation. I've not tried Bochs, etc.

    I'm not trying to debate the licensing (I know I'm supposed to use my own numbers; I don't care, though) or the multiple machine issues (I've got all the licenses I need legally; convenience is the issue). Instead I bring questions:

    How does activation work in a virtual environment on multiple, physical machines? Sure, the virtual machine "footprint" is going to change between using VMWare, VPC, and Parallels. But what bearing does the host machine have on it? If I take my legally activated product (the non-corporate version) disk image from physical machine to physical machine, is there a tie to the real, physiscal hardware? As far as I know, processor ID, MAC address, and so on are all virtualized, but is there something else in the activation checksum that these commercial VM solutions tie to the physical hardware?

    I don't know enough about the license (who really does?); to me the "machine" is the disk image, so I have no moral qualms about moving it from physical machine to physical machine as long as they're not used at the same time (etc. etc.).

    Oh, so why don't I try it? I just don't want to "burn up" any of my serial numbers. Meaning, invalidate them because now I look like I've pirated the number because I'm installing onto too many machine. VMWare for Windows and Linux, VPC for Mac and Windows, Parellels for Mac/Linux/Windows... I'm a big time pirate trying to install a single serial on *seven* computers, ya know?
  • by gelfling (6534) on Monday June 12, 2006 @07:40AM (#15515999) Homepage Journal
    Curiously this is not an unknown problem. MS is aware of it at any rate - machines that for whatever reason CANNOT successfully install WGA and therefore are screwed out of all subsequent updates. Did I mention these are fresh installs? These are machines that were scratch rebuilt mere weeks ago and are completely clean of spyware, virii and have relatively few applications installed? Did I mention that MS has ZERO response to this? No answer at all whatsoever. I have asked if there is a way to download and install WGA on its own.

    I suspect they are silent on that point because there's a flaw in WGA which would verfiy any machine you managed to intall it on.

You know that feeling when you're leaning back on a stool and it starts to tip over? Well, that's how I feel all the time. -- Steven Wright

Working...