Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Microsoft Misrepresenting WGA's Functionality?

Posted by Zonk on Sun Jun 11, 2006 06:33 PM
from the first-time-for-everything dept.
Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."
+ -
story

Related Stories

[+] IT: WGA Turning Off PCs in the Fall? 857 comments
thesaint05 writes "We all know about Microsoft's WGA initiative that started last July. Most of us were troubled to learn that the WGA has been 'phoning home' to Microsoft at every boot. Well, get ready, because eventually Microsoft may be turning off copies of Windows without WGA installed. According to a Microsoft technician, 'in the fall, having the latest WGA will become mandatory and if its not installed, Windows will give a 30 day warning and when the 30 days is up and WGA isn't installed, Windows will stop working, so you might as well install WGA now.'" A new version of WGA was released on Tuesday and, at least for the time being, Windows users have the option of removing WGA from their systems.
[+] Technology: Download From Microsoft Without a WGA Check 195 comments
Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • by pawstar (930281) on Sunday June 11 2006, @06:39PM (#15514051)
    And what can us consumers do about it? If we refuse it, we don't get updates. This is punishing us the legit users, while pirates will still be laughing at M$'s latest attempt at stamping them out!
    • by FudRucker (866063) on Sunday June 11 2006, @06:41PM (#15514057)
      RE:"And what can us consumers do about it?"

      swich to something better, nobody is forceing you to use microsoft's product http://linux.com/ [linux.com]
      • Re:Better... (Score:5, Insightful)

        by hackwrench (573697) <hackwrench@hotmail.com> on Sunday June 11 2006, @07:47PM (#15514261) Homepage Journal
        I wish people would quit acting as if anything was unqualifiably better. Life consists of trade-offs but to hear some people talk, life would just be a bowl of cherries if one were to just do this or that... Sheesh... Yes, Linux is better in some ways, but there's that trade-off thing at work there.
    • install it
      disconnect from the internet
      open task manager
      kill the process 'wgatray'
      rename the file c:\windows\system32\wgatray.exe to something else (wgatray.exe.bastard, for example)

      There is also a file called wga.dll, or similar, but i didn't do anything with that, if anybody could shed some light on that, it'd be nice. I did the above on a machine that was wrongly reporting as 'pirated', and it worked fine.
      • by Frenchman113 (893369) on Sunday June 11 2006, @07:35PM (#15514220) Homepage
        This "genuine advantage" notifier is remarkably easy to disable. Here's a link that documents numerous ways to defeat it. http://labnol.blogspot.com/2006/04/workarounds-to- disable-non-genuine.html [blogspot.com]
      • by zcat_NZ (267672) <zcat@wired.net.nz> on Sunday June 11 2006, @07:52PM (#15514274) Homepage
        There's many ways to get rid of WGA. Here are the two easiest;

        Option one:
        Start in safe mode and find the file /WINDOWS/System32/WgaLogon.dll. Edit the
        file properties and remove the execute and write permissions for all users
        including System. The daily checkin and the WGA System Tray tool are both
        started from this DLL so making it non-executable kills the whole WGA
        Notification system. Making it read-only stops windows update from 'repairing
        it' and installing future versions.

        Option two:
        Download and burn Ubuntu Dapper Drake or order a FREE CD from
        shipit.ubuntu.com (downloading is quicker). Back up your important documents and
        completely replace Windows.

        Personally I chose option two many years ago, but I continue to watch Microsoft's antics with a degree of detatched amusement.

        • by peragrin (659227) on Sunday June 11 2006, @08:14PM (#15514354)
          no MSFT bypasses windows hosts file when calling home. This is known. On one side it's a good thing, as windows update will always point to a MSFT based server allowing for clean updates. (can you imagine the problems if every infected windows machine couldn't get a patch)

          On the other side is that MSFT could solve a lot of their problems just be creating an easy, basic way to enforce security. Unix did that years ago on Unix you have basic file system level defaults seperating users. Then you can use other programs to create an ultra fine grained control.

          Under Windows all you have is a very complicated fine grain control system that a massive percentage of the apps break if you use it.

          Kill off Active X and add a simple yet effective file seperating on the Filesystem layer and the majority of windows viruses problem will vanish. It won't solve all things. it won't solve stupid users installing things they shouldn't, but It would stop most of those problems instantly.

          It's also the one thing MSFT won't do. Not even with Vista. They are keeping activeX and while they are trying to use their fine grained permissions control as a basic level they are finding that it doesn't work well. (just look at all the reviews on the vista Beta, 7 steps to delete an icon?)
  • Somewhat obvious. (Score:5, Informative)

    by Transcendent (204992) on Sunday June 11 2006, @06:40PM (#15514054)
    I gave it some thought before I installed it earlier. I knew all it did was report to MS that I had a legal copy of Windows, but the bad part about it was that it seemed I had to install it before I could download any other critical updates.

    It's a damned-if-you-do and damned-if-you-don't situation...
  • by plasmacutter (901737) on Sunday June 11 2006, @06:44PM (#15514066) Journal
    well?... last time some software package was reported doing this it was labelled spyware and the company was prosecuted..
  • by Anonymous Coward on Sunday June 11 2006, @06:46PM (#15514074)

    the question is when are the anti-malware community going to step up to the plate and provide protection from this software

    the fact its made by Microsoft should be irellavent, just analyse the behaviour of the application and judge it on that

    communicates unique information at any time to an American based advertising company (msn anybody?) with you the user having no idea of what data and what the implications are of giving this company that data

    can your business really risk an application like this on your systems ? are you prepared for the consequences of letting this program run unchallenged inside your companies infrastructure ?

  • by Digital Vomit (891734) on Sunday June 11 2006, @06:49PM (#15514080) Homepage Journal

    If you want to be able to disable the Genuine Windows Advantage Add-on for IE (accessible via Tools|Manage Add-ons... in IE), you might be surprised (or not) to see that Microsoft will not let you do so. It gives you some sort of stupid "disabled by Administrator" message, even when you're logged on as Administrator (I guess MS thinks it's the administrator for your computer).

    To enable the radio button that allows you to disable this worthless add-on, follow these instructions I found:

    1. Open Group Policy Editor (gpedit.msc) go to User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management.
    2. Double click Add-on List and select enabled.
    3. Click on Show then on Add.
    4. In enter name put {17492023-C23A-453E-A040-C7C580BBF700} .
    5. In enter value put 2.
    6. OK, Apply, OK.
    7. Now you can disable/enable the add-on.
    • How to bypass and disable the Genuine Windows Validation Check (from http://www.mydigitallife.info/2006/03/07/bypass-an d-disable-genuine-windows-validation-check/ [mydigitallife.info]):

      1. Open Windows Explorer by clicking Start -> All Programs -> Accessories -> Windows Explorer.
      2. Browse to C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data folder.
      3. Delete (or backup or move to another folder, if you want) data.dat file.
      4. Create a new empty data.dat: You can create a new text file by (make sure you are at the right folder at above) clicking File -> New -> Text Document or right clicking on Windows Explorer window then click New -> Text Document. Then, either rename the file to data.dat. The original .txt extention of the text file need to be changed too. You can disable the hiding of extension of known file types, or follow the following steps to create a new file out of the text file:
        • Open the text document you just created.
        • Click on File -> Save As.
        • Change the Save as type to "All Files".
        • In the File name, type data.dat
        • Click Save.
        • Go back to the Windows Explorer, at folder C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data, check that data.dat exists.
        • Delete the text file you created previously.
      5. Set the attributes of data.dat to Hidden and Read-Only. Attributes can be set by right click on the data.dat file, and then click on Properties.
      6. Windows Genuine Advantage (WGA) validation check has been disabled.

      Note: The data.dat that are replacing the original data.dat can be blank text file or empty, or you may type whatever you want there.

      With this hack (or crack if you want), Windows WGA piracy check will be bypassed and you can now download software from Download Center or apply updates from Microsoft/Windows Updates.

    • That, OR (Score:5, Informative)

      by mobby_6kl (668092) on Sunday June 11 2006, @07:11PM (#15514155)
      That method sounds good for widescale, corporate deployment, but here's a simpler method:
      • Use Autoruns [sysinternals.com] (everybody should have it already) to disable wgalogon.exe on the winlogon page.
  • by Anonymous Coward on Sunday June 11 2006, @06:52PM (#15514089)

    Since Windows is sending information home, and the user has no control over that messaging with regard to timing or content, it seems to me HIPAA-compliant systems (and other systems requiring security) cannot be built on Windows.

    What an opportunity for the open source world!

  • by ehaggis (879721) on Sunday June 11 2006, @07:01PM (#15514119) Homepage Journal
    Non-admins may get the euphemistic warning of possessing pilferred software,
    http://forums.microsoft.com/Genuine/ShowPost.aspx? PostID=370244&SiteID=25/ [microsoft.com]
    Notice the MS solution, delete this, open up all permissions on that (good idea?), read, write, execute, delete for everyone! Or pay-up to get your copy of MS Winders to shut up.

    Nothing like family (non-admins) and employees (non-admins) thinking they have purloined software. Isn't an unfounded accusation called, "Libel" http://dictionary.reference.com/search?q=Libel/ [reference.com]?

    (My SuSE never accuses me with false accusations.)

  • by suv4x4 (956391) on Sunday June 11 2006, @07:20PM (#15514175)
    When I read this, I thought, this has GOT to be a joke:

    Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update.

    Where did WGA come from? Auto Updates. What does Auto Updates do? Downloads executable code and makes it a part of your Windows OS.

    "Shocking facts" like those really put Slashdot editors low in my eyes.
    • by zoney_ie (740061) on Sunday June 11 2006, @08:14PM (#15514356)
      I don't use auto updates, so at least in theory, Microsoft can't do such a thing to me at present.

      However, if I install this, I have no choice (leaving hacking it aside) but to give Microsoft that capability. It is not removable (through ordinary means), and allows Microsoft access to your machine in an even less transparent way than fully automatic updates.

      This is definitely a large step beyond automatic updates, and is far more sinister.
  • by Ada_Rules (260218) on Sunday June 11 2006, @07:47PM (#15514260) Journal
    A few weeks ago, one of my computers started claiming it was a pirated version of windows. Seemed odd since it is more than a year old and has been claiming it was a valid copy all of this time.

    I poked around trying to figure out what was wrong.. Didn't see anything. I clicked the "get legal" or whatever it says button at login but nothing ever happened. I eventually remembered that this particular computer had locked up on reboot the week before on a Tuesday and thought perhaps it had something to do with the latest updates from MS. I uninstalled the last few updates I could find. Rebooted, reinstalled them and eventually everything came back to normal and no more complaints about an illegal copy.

    I hope this never happens to aunt Tilly. I wonder when XP will really be ready for the desktop.

  • by Spiked_Three (626260) on Sunday June 11 2006, @08:11PM (#15514340)
    One thing I will credit Microsoft for, is I do not know ANYONE legitimate or not, where windows stopped running because of verification failure.

    In 2 personal cases, other products I paid a lot of good money for stopped. First Norton anti virus, after a hard drive failure would not validate and refused to run on the new hard drive.

    And second the most evil spy ware in the universe - steam - tells me I have a banned CD key - I'm sitting here looking at a CD, a box, a manual, and a receipt for $50 and I have never given a copy of anything to anybody - and they call me a crook and ban me - I swear if I ever get the opportunity I will do physical harm to someone who is responsible for steam. Then their joke of tech support says they cant offer any help since i have a banned key. Don't cross my path in a dark alley, i'll ban your head from your shoulders, thiefs.
    • Re:huh (Score:5, Insightful)

      by BrynM (217883) * on Sunday June 11 2006, @06:58PM (#15514107) Homepage Journal
      do we really need a play-by-play commentary of some jackass installing an update? 17 pages of ads and shit.
      Agreed. I won't even read content from ZDNet at all anymore. 17 pages is insane (thanks for letting me know how many I avoided). Even with blocking the ads and repaginating the article into one page, ZDNet assumes that the format is acceptable to users because the article generates hits. They won't change it when they think "it's still working". I've tried to complain to them as a (now former) print customer of their periodicals for years and a web user. They don't respond, so I assume they don't care. Calling them just leads to the phone-forward-runaround of "I'll connect you to...". They used to be a good company with good content, but now they are just ad whores (like most consumer computing sites - TOM!). /rant
    • A Critical Security Vulnerability has been reported for all x86-platform PCs.

      Short description: By retailing a piece of software called an "Operating System" to a computer user, and then using social engineering to promote the installation of this software, a so-called "Operating System Vendor" may be able to execute ARBITRARY CODE on a user's computer.

      Severity:
      Severe. The exploit allows an entity to execute arbitrary code on a machine so compromised.
      Challenge Vector:
      Remote or local installation of components, either onto a pre-existing Operating System or onto an otherwise bare x86 PC.
      Mechanism:
      A package of executable software, called an "Operating System" is distributed by "Operating System Vendors." These Operating Systems have declared purposes which they fufill with wildly-varied results. These operating systems posess code which may not be fully understood by the user, often these Operating Systems enforce systems of privilege and resource maganement which place the Operating System in a position of "arbitrating" between the PC hardware platform and the user. When the Operating System has been so installed, it is capable of executing arbitrary code on the host system.