WGA — Too Many False Positives 268
An anonymous reader writes, "Microsoft insists that its Windows Genuine Advantage anti-piracy program is nearly flawless. But that's not the impression you get when you visit the company's WGA Validation Problems forum. Ed Bott at ZDNet went through 137 problem reports submitted there during a two-week period, each one accompanied by the output from the official Microsoft diagnostic utility, and found that 42% of the people reporting problems were actually running Genuine software. From the article: 'One large group consists of people who, for some unexplained reason, were displaying cryptographic errors related to digital signatures. The problem is so common, in fact, that Microsoft representatives have a canned response they paste into replies to forum visitors who appear to be showing false positives caused by these errors.' In a related story, the first WGA errors from Windows Vista and Office 2007 have appeared in the wild."
42% (Score:5, Funny)
RTFS (Score:4, Informative)
Hey, look, a bad statistical argument! (Score:3, Insightful)
42% is surprising - but it's not surprising because it's high, it's surprising because it's low. Wouldn't you expect that 100% of the people complaining about problem with WGA would have genuine software?
Re: (Score:2)
Re: (Score:2, Funny)
The Spin of the Dot (Score:4, Insightful)
It's more than likely that one of the very few problems you could experience with this software is that it gives you a false positive--therefore a high percentage of forum posts are based on this problem.
Honestly, do you think that every person who used this with success went straight to the forum boards and posted "Success! Thanks Microsoft!"?
Wait, you're trying to tell me that a software program run on thousands of machines has failed in some cases!? No fscking way. That never happens--WGA should be error free--this is unacceptable.
In the software world, 137 problems on say 5,000 cases of average people using your brand new product is "nearly flawless." I would guess 50% are user error, 42% false positives and 8% other.
How is this news? Come on guys, I hate Microsoft as much as the next Linux user but I'm not blindly stupid about it
Re:The Spin of the Dot (Score:5, Insightful)
Re:No point whining (Score:5, Insightful)
I am sick of Windows, but I'm even sicker of the geek who assumes that just because he switched his home computer—or even his office server—over to Linux that anybody should be able to ditch Windows whenever they feel like it.
There is a real world out here, and in it there are thousands of small companies that have to use computers to communicate with their customers and suppliers and to keep up with their competitors but that are too small to afford even a part-time IT guru. Companies like that have to buy their accounting software, their production software, their shop management software, their design software—and what's for sale out here in the real world only runs on Windows.
It's not, "can't be bothered to jump to a competitor". There is no competitor, not realistically.
Re: (Score:3, Insightful)
Re: (Score:2)
Re:No point whining (Score:5, Insightful)
Wine isn't perfect. Some Windows applications do not work well under Wine.
Re:No point whining (Score:5, Insightful)
Your joking right.. In my humble opinion, wine is a piece of shit.
Computers aren't many thousands of dollars anymore, buy a $300 emachine, and run windows on your office computer if you need to. Come on, get real.. who can't afford to buy windows that needs to be running it?
I can go down to Walmart and BUY a computer with windows and be just fine. If I need to run Peachtree. I have a small business myself (Am a partner), we have about 6 Linux servers.. 1 is running PGSQL, one is running Resin/Java... the rest are running Asterisk. We put them into a 1/2 rack that we pay $400 a month for. We have a office full of windows workstations for our Customer Service, though all of them are using Windows & Xten phones for SIP taking incoming calls on Asterisk from a phone provider who has a sip gateway. Yes , we are windows friendly... but shit.. come on!
We have an accountant that keeps our books in order, taxes in line.. she uses Peach-tree. if someone thinks a -real- business is going to have a hard time paying $375 for a low end dell, with windows.. to do NOTHING but run Peach-tree... they have their head on backwards. You will spend more than that in man hours trying to get some linux goon trying to get whatever wacky-ass hack-accounting package to work.
Windows is a commodity, cost of doing business. Running Linux or Mac is nothing more than a luxury, being a linux/java programmer myself.. I don't see any savings at all, I find nothing more than comfort in working in my own familiar environment (My Mac doing Java programming and voiceapp work on Asterisk for Linux servers).. but that's just as expensive as a MSDN membership and paying for windows licenses on servers...
Running Linux or Mac is nothing more than a luxury (Score:3, Insightful)
I disagree that running Linux is a luxury unless you add that running any computer is a luxury. Last week I bought a new pc with linux preinstalled. The lowest priced Windows PC was twice what I paid for mine. And they all had XP installed, because of Activation and WGA I had decided years ago I wouldn't buy another Windows OS unless I absolutely had to or until MS got rid of Activation and WGA. Now I did have to get a card of ram because the pc didn't come with enough and a second harddisk, again for t
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
So these hypothetical companies can afford to
Re: (Score:2)
But you make a few points I'd like to answer:
All of the IT consultants we've found are: 1) Windows specialists; 2) incompetent; or 3) both. These are probably the same choices facing many other small companies in many other small cities like ours.
Re: (Score:3, Interesting)
Not my topic, but what the heck...
You know, OSS does not need to mean free. Why not donate part of what you save on lincensing to those OSS developers? Or fly them out on a junket? Or give them a leftover PDP POS in your storage that you've not fired up in years?
You are not a fool, so what guarantee can you expect from the developers that give their work to you open and free, at their loss, wi
Re: (Score:2)
If you actually wanted a linux based solution you would've taken the five seconds necessary to do that, but you'd rather just tout the MS line "There's no software for it, and if there is it might not be supported tomorrow, and if it is you can't trust those dirty hippies." Which is basically what they said about Apple for the last 20 years as well.
Re: (Score:2)
Re:No point whining (Score:4, Insightful)
Re: (Score:2)
If your requirement for switching your OS is that everything else on your computer has to be exactly the same, your requirement is that your OS stays the same. Have you actually called any of your 3rd party software venders and asked if they provide a Linux client? Have you asked them what it would take to provide a Linux version? Have you looked to see what other software options are available, open source
Re: (Score:3, Insightful)
Great, you gave a valid reason for 10% of the office to run a paticular vendor's OS. How about the rest of the office? It's time to get something that is reliable.
Re:The Spin of the Dot (Score:5, Informative)
If you RTFA, you'd see that they limited their survey to people on the WGA forum who were having problems and upon request ran MS's "WGA Diagnostic" utility and posted the results. That utility throws back one of 4 results: Genuine, Blocked VLK, Invalid Product Key, and Not Activated. So as far as MS is concerned, they are legit, and not copies, but the WGA program still flagged them as not legit because of things other software (like a McAffe "quick clean" product) did to their system.
Re: (Score:3, Insightful)
If they have functionality to work out whether it's a false positive, why isn't that functionality in WGA in the first place?
Re: (Score:2)
Shouldn't even exist (Score:5, Insightful)
Explanations (Score:3, Interesting)
And no im not kidding, im heading out to 'repair' the very user that called microsoft crying for help. Its far to easy to just change your # then reformat..
Screw them and WGA.
Re: (Score:3, Insightful)
MS was built on piracy. Their 90% install base was derived from people passing copies of windows around back in the DOS and 3.1 days. Having achieved that it's now time to start charging, because the company is not making enough money (from the Wall Street standpoint, which requires logarithmic sales projections to achieve linear stock price changes). WGA was implemented because MS has no need to increase the install base % further, and they figure WGA can at
Re:The Spin of the Dot (Score:5, Insightful)
Wait, you're trying to tell me that a software program run on thousands of machines has failed in some cases!? No fscking way. That never happens--WGA should be error free--this is unacceptable.
I think the point is that there are a significant number of apparently legitimate Windows users who are having problems with their computers because of WGA. Since WGA offers no benefit to users, this is an instance of Microsoft taking actions which harm their own legitimate customers because of a policy which doesn't help any customers.
What I'm saying is, we accept software to malfunction now and then, so when the whole complicated piece of software has a couple bugs, that's expected. When a developer tries to integrate a new feature that benefits large numbers of customers but harms a small number due to a bug, that's forgivable. However, when a developer takes action to punish illegitimate users, developers should tread very lightly. It almost feels like vigilante justice, and you should make sure that it's not an issue for legitimate customers. They might have every legal right to do it, but as a customer, I do find it unacceptable. Microsoft purposefully shutting down an otherwise working system, causing a loss of man-hours, because they've falsely identified it as "suspect"-- I find that to be sufficient reason to complain.
As if we needed another reason.
Re: (Score:2)
I agree with you that it sucks, though...but not that we shouldn't attack the implementation of it. 1) It shouldn't exist 2) It doesn't work right. 1 + 2 = We should bitch.
Re: (Score:3, Interesting)
Re:The Spin of the Dot (Score:4, Insightful)
Every test will ultimately have faults. They will always produce some amount false negatives and false positives, and to that extent you're right in saying that they're unavoidable.
But! That doesn't mean they are equally unavoidable. Depending on the consequences of false negatives and positives, you can and should design your test to avoid one, possibly at the cost of another.
For instance, when testing for a disease, the consequence of a false positive indicates a healthy person is sick. A false negative indicates a sick person is healthy. Obviously the former scenario is a lot more preferable. Proper disease tests are designed in exactly that way, so that the probability of the former is usually several orders of magnitude larger than the latter. (This is also why they almost always do further tests on a positive result.)
Okay. So in the WGA scenario, a false positive means an honest customer is getting screwed out of support they paid for. (I'd actually call it a false negative though, since they're not running 'genuine' software.) A false negative means someone running pirated software gets support they weren't entitled to.
At least from the consumer perspective, the latter scenario is definitely better. In an ideal market, that would be what would be best for MS too. However, it's not an ideal market situation, because they're a monopoly. That makes it possible for them to push their own interest at the expense of the customer to a lot larger extent.
So I think there's every reason to criticise MS here. If they didn't intend for this, it's badly designed software. Given their massive install-base, they should be expected to be careful in designing this stuff. Given their equally massive profit, they certainly have the resources to do so. If they did intend this, then they're screwing their own customers just to save a buck on support.
Incompetence or malice: Take your pick. But in neither case would I hold MS blameless.
Re: (Score:2)
If anything, based on my personal experience, the problem is probably significantly larger than has been reported. This is NOT a non-issue.
In addition, it seems like I can't even unplug my Wacom tablet an
Re: (Score:3, Funny)
actually, I've heard that M$ is encouraging this kind of behavior as they believe it will put less load on their servers if people just post when something they make actually works and they can just assume the rest is total dogshit.
Not as many as it seems. (Score:2, Interesting)
Re:Not as many as it seems. (Score:4, Insightful)
I can't say, but I'm imagining it's a very small fraction of total users.
The point though is to make sure you're comparing like to like. Problem Reports is not the same as Total Problems, just as Potential Problem Reports is not the same as Total Windows Users.
Re:Not as many as it seems. (Score:5, Insightful)
Unlike Slashdotters, not everyone has a spare computer or six kicking around, to deal with just such an occasion. Of course since I switched to Macs, I'm not quite sure what failing the WGA does at this point, but since I've seen the term 'locked out' more than once in this topic, I'll assume it's a bit more hostile than it used to be.
Re: (Score:2)
But they do have a telephone.
Re: (Score:2)
That said, how many user would raise a problem on the WGA Problem Forum if they are not dead certain their Windows is genuine. I know that WGA should also warn users when he purchased unknowingly a pirated version, but I guess that the kind of people unknowingly purchasing pirated software falls into the category that would not think of going to the forum anyway.
I'm surprise the number of false positive on the forum is not even higher.
Re: (Score:2)
137 posts to the MS forum in two weeks.
How many MS-bashing Slashdot posts will this thread generate in two hours?
My Experience with a WGA False Positive (Score:5, Interesting)
Back in July(?) when Microsoft issued an update to the WGA tool, I figured I may as well install it (I'd be forced to eventually) on my one Windows box. So I installed it, and rebooted, and the login screen proclaimed loudly that Windows was not genuine. (Well, not literally loudly, it didn't shout over the speakers or anything -- which would be an interesting deterrent, now that I think about it.)
This came as something of a surprise, given that:
I logged in, did some searching on Microsoft's knowledge base, and found a link that said something like "Validate here." I clicked on it.
To my surprise, it told me my copy was perfectly valid.
I eventually concluded that Norton Internet Security had blocked the initial validation attempt. Because there was no desktop shell, there was no opportunity for it to pop up a notice and ask me if I wanted it to let the data through.
After that experience, I can't say I'm surprised that Microsoft found many of their false positives to be the result of security software. Admittedly, they were looking at registry changes, crypto problems and McAfee, rather than a transient error with Norton.
What about false Positives? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
boot safemode open cmd window and type regedit
and delete every occurance of wga. change wgatray to read only if you cant delete it and reboot.
then generate a new corperate key and install service packs.
download firefox install download ubuntu and install.
seriously its all it takes to get round wga the only people suffering with wga are the people who paid for xp
Re: (Score:2)
There are 10 kinds of people (Score:3, Insightful)
those who can read statistics and those who can't.
There is no way you can derive a headline like "WGA giving 42% false positives" from a statement like "42% of the users that reported problems with WGA ran genuine software". 42% of the problems sampled should not have triggered problems, but that's all, there's no insight how many attempts of validating your Windows license there are.
There are at least 10 people who don't understand this: One slashdot poster and one slashdot editor.
Re: (Score:3)
Re: (Score:3, Informative)
Re: (Score:2)
The headline was "WGA Giving 42% false positives". I'm a subscriber, so I read the article based on the not yet published version from the news feed (I still see the old headline in NetNewsWire). Obviously I have to correct myself, we can no longer assume that the slashdot editor can not read statistics, otherwise he would not have changed the headline before publishing the story. And I should check whether the story/headline has already been changed before I c
Re: (Score:2)
That should have read: "there's no insight how many failed attempts of validating your Windows license there are"
If there were 574,000 validations out of which 137 (the number they examined) failed, and of these 137 failed validations 42% were with valid licenses and activated product keys, these 42% ( = 57,54 attemps, very unlikely) would represent a 0,01% failure rate.
Made Up Statistics (Score:3, Funny)
Inaccurate? (Score:2)
Re: (Score:2, Funny)
Re: (Score:2)
No copy protection. (Score:2)
yeah Galactic Civ (Score:2)
Re: (Score:2)
Re: (Score:2)
http://www.opensource.org/licenses/ [opensource.org]
All computers MUST be Internet connected? (Score:2, Interesting)
Really, 90% of them are currently connected, but sometimes...for safety's sake, I like to keep one completely disconnected from the Internet and feed it updates manually via CD-media.
Re: (Score:2)
For your habit, by the way, I'd suggest you look at Autopatcher. www.autopatcher.com Nice monthly torrent download contains all the latest patches, plus updates of other useful Windows gems. Java, Flash, Shockwave, TweakUI, Cleartype Tuner. That sort of thing.
Umm, selection bias....? (Score:5, Insightful)
Wild guess here -- people with legitimate software are a lot more likely to submit problem reports than people with bad copies are to post "My 1337 w4r3z w0n7 w0rk! G00d j0b!"
Re: (Score:2)
Just the other day.... (Score:4, Insightful)
One facet of this comparison is that Linux (generally) does not claim to be perfect, or the best operating system to have. This, to me, looks like the playground bully trying to recover from having his pants fall down around his ankles.
While WGA is a plausibly good idea for someone that sells their software, the implementation of it has left a lot to be desired.
The Question Is... (Score:5, Interesting)
Re: (Score:2)
Those in the warez scene won't have any problems with WGA.
The only illegitimate copies this will really catch are those where some kid upgrades his parents computer and uses the same copy he had, or a warez copy, or whatever. Which is also the same group that will fall for the false-positives and shell out for another copy of windows because they don't know any better.
Why I'm running Linux on this PC (Score:5, Interesting)
The reason the other two are running pirated XP was an experiment after the legit pirated fiasco on this PC.
I decided I had had enough, booted into FC5, repartioned the drive to all Linux and haven't looked back.
Don't care what Vista is like, as I will not even reinstall XP anymore. This weekend, both of the other PC's will get their XP partitions deleted and go back to dual boot Win98se and Ubuntu only. The XP partitions are too small to be more than barely functional, so no sense in trying to leave them running.
So here is 3 sales/upgrades that MS won't get.
Re: (Score:3, Insightful)
It doesn't look like they were getting them anyway.
Re: (Score:3, Interesting)
Until last month's fiasco, they both just used this one- I was usually gone at work anyhow. So, I have spent a bit of time and effort to get most of the stuff working for them in Linux. It has not been easy, as
Re: (Score:2)
My guess is that those people are far less likely to complain and therefore would not easily be counted using the same method.
Vista WGA (Score:2, Informative)
I just booted it up one day, and it said "Your copy of windows is not activated". The best part is that it refused to accept the unlock key generated by the automated phone system!
Good thing I didn't have any important information locked up on it!
-Tom
Re: (Score:2, Interesting)
In my work, I don't use Windows to store any critical data and part of the reason is bullshit like this. The only thing I use Windows for is creating software that has to run on Windows.
What's counted as false positive (Score:5, Interesting)
What I don't get is why they don't just take the flawless detection code from the diagnostics tool and put it into WGA.
Re: (Score:2)
The problem seem to come from the execution mode. Executing WGA in the interactive context or having WGA running in the background somewhere,sometimes is different and can lead to various problem to access the data it needs to do its job.
Also, Windows machine typically have load of various applications that interfer badly with Windows. Sounds silly but Wireless Network Card driver, Firewall, Antivirus or
That's 42% of a small selection (Score:2)
Apple (Score:3, Interesting)
In my neck of the woods two people in my family are thinking of a full out change and so are a few of my friends. It's obviously not just because of WGA. It's a lot about a growing feeling of insecurity and anger at a company that just doesn't seem to care a damn.
Re: (Score:3, Insightful)
The day Apple ever does this kind of shit is the day i skulk over to Linux and figure out how i'm going to do my video work.
Re:Apple (Score:5, Insightful)
Now, with WGA (and my valid key invalidated for whatever reason), I'm now using my Mac and my Linux machines only. I have absolutely no desire to deal w/verifying with MSFT that my install is a valid one. I shouldn't have to as it's THEIR problem.
While I never trusted MSFT, there was a 3.5 year stretch there where I didn't much care either way. This one incident has turned me around right quick.
And now, for the machine that I need to have XP on for my wife to do her job, we have used several hacks to get around the WGA and get it what it needs to run. I don't feel the slightest bit guilty about it either. I paid for it and now I'm going to run it.
Re: (Score:2)
Why exactly would you install the WGA update? (Score:4, Insightful)
1. System works fine, and your copy of windows keeps working just as before. No added benefits.
2. System stops working due to problem with WGA.
Given that there is no benefit and the possibility of a downside, I fail to see why you would choose to install or use such a technology if you know about it. It is a move with only a negative expected value.
I just don't understand (Score:5, Insightful)
Conspiracy theory (Score:2, Interesting)
Could it be that MS is hoping that some of users that aquired MS Windows legaly (as MS likes to speak - genuine) will see this warning and go buy MS Windows *again*. This could boost like 1% of sales - but it is still something in their scale.
On the other hand I administer few dozens of Windows boxes, they get all the patches (including WGA "patch") and none of these reported as non-genuine. And these are not all the same - s
hey (Score:2, Insightful)
WGA locking legitimate users out (Score:5, Informative)
Some customer would bring in a computer that wouldn't start. We determined that the motherboard was faulty, and replaced it with a similar one.
Windows starts up, everything works, except it wants to be re-activated again. Online activation fails, so I phone Microsoft, enter the forty-something digit number, reads the product key to someone, who then tells me that they are very sorry, but no, for some reason they cannot give me a re-activation code, so I will have to reinstall Windows in order to get it working with that product key. However, changing the product key works fine.
So I call the customer and explain the situation to them, and let them choose between:
1) me taking their harddisk out, attaching it to our backup machine, backing up all their stuff, reinstalling Windows, and all their programs, and all updates, then restoring the backups, and
2) buying a new xp home license,
they both chose option 2. That way they would get their machine back with their entire configuration intact, and if they chose option 1, all that work I would have to do would take so long time that they wouldn't be saving much anyway, compared to buying a new license.
This only happened these two times; most times when we replaced a motherboard, either the reactivation over the internet would work, or the phone representative would give a working reactivation code.
But these two customers payed for a new XP Home license even though they owned a fully legal one already.
Re: (Score:2)
Re: (Score:3, Insightful)
My mothers computer had issues booting a week ago, trying to use the disc that came with the machine to resolve the problem resulted in the harddrive being formatted (no questions asked, nice, eh?), and then failed to actually install the OS as there seem to be disc errors.
Solution? Purchase a copy of XP Home (Upgrade). I wasn't happy about it, and I probably would have started yelling at the clerk in the store, but in the end they now have a copy of XP Home which can be used to install, or fix/repair an in
nothing is as aggravating as... EXACTLY! (Score:5, Insightful)
Re: (Score:2)
You also didn't contact the OEM for a replacement restore CD.
But no, almost yell at the clerk in the store because you were "forced" to buy a copy of Windows again.
Tell me how any of the above is Microsoft's fault or issue, again?
Re: (Score:2)
As for blaming Microsoft, yes actually I do.
I don't believe any of the OEMs should do, or be ALLOWED to do what they do. Many companies, Dell for instance, do exactly the same thing. Microsoft sets the policies which the OEM companies are allowed to image the disc.
Sad, but biased (Score:3, Insightful)
My question would then be: if it's working, how many of you even bother to visit Microsoft's forum to post "Thanks, it worked"?
Usually, when a fix works, people move on, and don't go back to forums to confirm things are working.
My experience (Score:3, Informative)
I've used one of the many hacks (Removing execute permission for the Local System account to the WGA files and then deleting them) to remove WGA from my machine and now I only use MBSA [microsoft.com] for my patching. It's a little long winded, but it's infinitely better than the hassle of being repeatedly told that my copy of windows is illegal when it clearly isn't.
screw wga because... (Score:3, Insightful)
If MS sold their software at a lower price they would generate more sales that would compensate for the low price.
I know so many people that say "I would buy windows, if it didn't cost hundreds!" If they sold the pro edition for a cheaper price then they would sell so many more that it would compensate for the few that did pay the higher price. I'm not in marketing, I'm in accountancy, so I know about economic curves and I think MS is just milking the corporate market for as much as they can. If they opened up their 'pro' systems for lower prices I am sure their sales would increase as well as their revenue.
MS alienate potential buyers with their WGA and high prices. Set your prices low, and sell a bundle. Look at your profits, M$, you're not "hard done by".
incentive? (Score:2, Interesting)
Office? (Score:2)
The ultimate test (Score:2)
Instead, you read about it here on the Slash-haha-Microsoft-sucks-dot blog. Therefore, nothing major to worry about as of yet.
Now of course WGA is a major annoyance. It can also be argued that Microsoft inflicted this on themselves by allowing piracy flourish under the table while whining about piracy in their official channels. Now
Not a long term problem (Score:2)
42%? It is 100% at my company (Score:3, Insightful)
So, we wasted two days reloading a bunch of PC's that most definitley had legal software, in two of our divisions.
The result? Windows Update service is DISABLED on our domains, and I am looking into some sort of update deployment program that will allow me to choose which updates go out to PCs.
Microsoft, I guess thinks it can operate like the RIAA, assume that their customers are thieves and treat them like criminals.
I can tell you this much, I don't see myself deploying Vista anywhere until it's absolutely unavoidable.
Re: (Score:2)
You would have to accomodate the base system(s)
as installed from DVD/CD, all the services packs,
all the hot fixes, and all permutations thereof.
Re: (Score:3, Funny)
So how well do you like Ubuntu? I have had no problems with it myself.