Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Microsoft Operating Systems Windows Your Rights Online

Lawsuit Claims WGA Is Spyware 360

twitter writes "Windows Genuine Advantage (WGA), Microsoft's euphemistically named digital restrictions scheme, is the target of another spyware and false advertising lawsuit. 'Microsoft this week was sued in a Washington district court for allegedly violating privacy laws through Windows XP's Windows Genuine Advantage (WGA) copy protection scheme. Similar to cases filed in 2006, the new class action case accuses Microsoft of falsely representing what information WGA would send to verify the authenticity of Windows and that it would send back information [daily IP address and other details that could be used to trace information back to a home or user]. The complaint further argued that Microsoft portrayed WGA as a necessary security update rather than acknowledge its copy protection nature in the update. WGA's implementation also prevented users from purging the protection from their PCs without completely reformatting a computer's system drive.' There were at least two other lawsuits launched in 2006 over WGA. According to the Wikipedia article, none of them have been resolved. The system is built into Vista and Windows 7."
This discussion has been archived. No new comments can be posted.

Lawsuit Claims WGA is Spyware

Comments Filter:
  • I'll admit that I don't use Windows anymore. These days I use an iMac and a MacBook Pro for most of my desktop computing, and I almost exclusively deploy Debian on servers. That said, I've been along for the ride with respect to Microsoft products for a very long time, both as a user and an I.T. professional deploying systems on customer networks and writing I.T. policies.

    Honestly, most consumers get that "deer in the headlights" look when you try to explain what WGA and similar systems actually do. In many cases, people simply don't care what's being sent to Microsoft, as there's a sense of implicit trust in large corporations. I have no idea where this trust comes from, but it's definitely real. I assume it's largely because the majority of users are largely ignorant of how their systems function, choosing to focus only on what's immediately presented by the OS (applications). There's no psychology degree on my wall, so I'm not qualified to guess further on the topic.

    This continuous erosion of privacy gets noticed in the I.T. world, but the general public remains almost completely in the dark. Major media outlets don't carry headline stories about these issues, possibly because their "tech journalists" are barely more educated than their readership on these topics. I have no idea how this can be fixed, but I'd love to hear some suggestions.
  • by causality ( 777677 ) on Monday September 07, 2009 @07:05PM (#29344845)

    Except that MS has to hand out vouchers for more MS products, giving them an even bigger market share.

    [see Sony Rootkit settlement for details]

    Yeah, and that's what's broken about the way the law handles corporations.

    Corporations should face jailtime for any crime or activity that would result in a person being incarcerated. Jail for a person means the loss of most freedoms and it also means they are separated from the rest of society. "Jail" for a corporation should mean that all assets are frozen and all business activities are forced to halt for the same number of days that a real person would have been incarcerated. If the lost sales result in bankruptcy, that's too bad, just like if a person with a few years to live commits a violent crime and gets locked up for a long time and dies in prison, that's also too bad.

    This to me would be the proper treatment of "corporations have the same rights as real individuals." A good alternative might be to keep the limited liability nature of a corporation for any failures or accidents, but to remove it and allow for personally prosecuting and imprisoning any and all members of upper management who knowingly support an illegal action wherever intent can be proven.

  • Go free market! (Score:3, Interesting)

    by RazorSharp ( 1418697 ) on Monday September 07, 2009 @07:15PM (#29344909)

    Unfortunately Microsoft will probably win this because there's a difference between spyware and an abusive contract. To the best of my knowledge, abusive contracts are perfectly legal, which is why MS got over on IBM so bad. These license agreements which you click before using software have been legally upheld in court, so Microsoft may be doing something immoral, but it's still legal. The only thing that makes spyware illegal is that they bypass a contract and install without the user's permission.

    I love to blame Microsoft as much as anyone here but I think this is a case where the lack of legislation is, in a legal sense, to blame. Companies have no legal obligation to behave ethically. I would love to see a law which prohibits these ridiculous lawyer-speak click-contracts. There has to be a better way to protect both the company and consumer.

    It does sound as if their main case is that the WGA contract is misleading and dishonest, and if that's true, they may have a case. I wouldn't know because I've never read it and don't intend to. I don't use Windows.

  • by mysidia ( 191772 ) on Monday September 07, 2009 @07:18PM (#29344937)

    You can pass WGA validation without installing the WGA notification service update.

    You can also avoid installing or validating using WGA ever, as long as you only use automatic updates to pull critical updates.

    You won't be able to go to the windowsupdate site manually, or download WGA-protected downloads without doing a WGA validation, however

  • by BitterOak ( 537666 ) on Monday September 07, 2009 @07:24PM (#29344981)

    "Jail" for a corporation should mean that all assets are frozen and all business activities are forced to halt for the same number of days that a real person would have been incarcerated.

    The problem is that you'd be punishing a lot more people than those at Microsoft. Microsoft doesn't just sell operating systems for home computers; they sell and support a large number of business applications to a HUGE number of businesses. If Microsoft "went offline" for even just a few months, there'd be huge ripples throughout all sectors of the economy. Imagine if a critical security flaw were found in Windows, or IIS, or SQL Server and Microsoft couldn't patch it because they were "in jail". Just because you might not use MS products doesn't mean you don't do business with someone who does. It would be a disaster.

  • by nurb432 ( 527695 ) on Monday September 07, 2009 @07:46PM (#29345113) Homepage Journal

    Just because you agreed doesn't negate it being spyware.

    And from what i gather the issue is that its doing things that are NOT in the eula.

  • by commodore64_love ( 1445365 ) on Monday September 07, 2009 @07:47PM (#29345121) Journal

    That's what happens when you rely upon a monopoly.

    But in other cases like say, exploding Ford Pintos, it wouldn't matter if Ford was "put in jail" for a few months due to the deaths it caused. Other companies could pick-up the slack of providing cars or parts to customers.

  • Representation (Score:3, Interesting)

    by no-body ( 127863 ) on Monday September 07, 2009 @08:05PM (#29345233)

    of the purpose of WGA is fraudulent - not doubt; German XP versions, not sure if all (?) are forced to install WGA or no further system patches can be installed: Coercion: install WGA or run the risk of a compromised system.

    But - let's be clear: There are plenty of other installed programs calling home and why is the Windows firewall so lousy to fail identifying, showing and logging any program trying to get out from the machine? Self-protection, Corporate cover up or plain stupidity of developers?

    On other ends: Patents should only be valid as long as the original inventor (no corp legal entities!) is alive and then become public property.

  • by Anonymous Coward on Monday September 07, 2009 @08:33PM (#29345421)

    I hate to tell you this, but there are many more things other than corporations and natural persons that are considered persons under the law. In addition, there are many different types of corporations and they are not all giant multinational mega-conglomerates like IBM or Microsoft. Finally, there are responsibilities and liabilities that corporations have that people do not have and that most common penalty for corporations is the "death penalty" or disillusion and revoking of their articles of incorporation.

  • by Targon ( 17348 ) on Monday September 07, 2009 @08:41PM (#29345495)

    Everyone should know by now that the WGA really was always about Microsoft cracking down on pirated versions of their products. Now, with that in mind, if the WGA does some checking and phones home, but does not send up anything that would identify the owner of the computer, what is the big deal? An IP address might get logged by Microsoft and attached to your registration key?

    What is new at this point? If your version of Windows has been cut off due to being pirated(or being flagged as a pirated version), that means it IS a security issue for people. Some may complain that Microsoft stopped service packs from being installed on pirated versions of Windows, but, if you pirate a product, you really have sacrificed any rights you have to complain about the behavior of said product. If your copy is flagged as pirated when it is not, then you have the right to contact Microsoft to address the issue. Again, if you fail to do this, then it is your own fault because it TELLS you it thinks it is a pirated copy, and even what to do about it.

    That final line about how MacOS doesn't have copy protection.....ummm, you can ONLY put it on an Apple branded computer, and there is a price premium built into Apple branded computers already, so the copy protection is there, just not in the normal form. If Apple were to open up MacOS to run on non-Apple computers, can you REALLY claim that copy protection of some sort would not be put in at that point?

    Apple had a fit when Palm made the Pre work with iTunes, so can you REALLY say that Apple is innocent or doesn't have a lock-down mindset?

  • by Anonymous Coward on Monday September 07, 2009 @08:49PM (#29345539)

    I can't stand WGA. I have a single WinXP system that I have set up for family to use when they come over because I use Linux and they aren't familiar with the OS. It seems like that every single time that I turn the system on WGA is downloading once again either on its own or with other Windows Updates. It is WGA because any time that I let it install it pops up with the window to let it install, and the rest of the updates won't continue until you hit that finish button.

    Can't tell you how many times I accidentally left the "Tell me how WGA enhances my system" button checked, and I love the answer. To paraphrase, "WGA reports back to MS to make sure that your copy isn't pirated." How many times does WGA need to report back, seriously? Like I said, it seriously runs about once a month on this system, not that it is run that often anyway. Shouldn't there be something resident that once WGA checks and confirms authenticity it will remember it.

    This is one of the main reasons that I switched to Linux, I haven't had to put of with this garbage in years. No viruses, no spyware, no WGA, no DRM, no hardware lock-in, none of that stuff that is a pain with Windows and Macs.

  • by RobertLTux ( 260313 ) <{gro.nitramecnerual} {ta} {trebor}> on Monday September 07, 2009 @09:10PM (#29345695)

    even if you have a legit copy of Vista then if the WGA auth server goes wheels up and it trys to check in (which it does i think weekly) then you will get flagged plus what happens if somebody decides to hack the auth server and invoke the kill switch??
    (or a virus trips the flag while its doing whatever it is doing)

  • by pwizard2 ( 920421 ) on Monday September 07, 2009 @09:20PM (#29345755)

    I see this as a necessary evil that Microsoft has to perform

    No evil is necessary if it affects me. I personally have no interest in helping Microsoft protect their profit margins, so why should I (or anyone else who doesn't work for them) care if they lose money through piracy? It really isn't my problem. If they want me to care, they have to offer me something in return. I'm all for charity for people who deserve it, but those feelings don't apply to corporations who exist solely to make a profit have used methods of questionable legality to get where they are today. I don't partake in piracy, (My versions of Windows are legit OEM copies even though I barely use them anymore) but it's not my responsibility or in my best interests to help Microsoft (or any other company) stop the people who do.

  • by Bent Mind ( 853241 ) on Monday September 07, 2009 @09:21PM (#29345767)

    According to the WGA FAQ []

    That was an interesting FAQ. I especially like this part:

    Q: What happens when WGA Notifications communicates with Microsoft when a PC is booted up? A: The pilot version of this software periodically contacts Microsoft after validation; however, this feature has been removed from the final version of WGA Notifications.

    That seems to contradict your statement:

    So why is "phoning home" okay? Why not do it once and be done with it? ... Either way, Microsoft has not kept this a secret, and even promised to reduce checking to once every two weeks []

    If WGA does send information to Microsoft, even if it is only every two weeks, and their FAQ specifically says they do not, I'd say that is the very definition of spyware.

    Of cource, Microsoft has their own definition of spyware:

    Q: Some people are saying that WGA is spyware. Is this true? A: Broadly speaking, spyware is deceptive software that is installed on a userâ(TM)s computer without the user&#39s consent and has some malicious purpose. WGA is installed with the consent of the user and seeks only to notify the user if a proper license is not in place. If the user declines the EULA, WGA Notifications will not be installed on userâ(TM)s machine. Once installed, WGA Notifications becomes a permanent part of Windows XP software, and therefore cannot be uninstalled.

    Let's see: spyware is deceptive software (check), installed on a userâ(TM)s computer without the userâ(TM)s consent (debatable, it is installed as a critical update via automatic updates. Microsoft strongly encourages the use of automatic updates to keep your system secure. If this were an optional update, I might buy that it is opt-in. Microsoft then tells you that the system will be crippled in small ways if you don't install it. There is no option to opt-out. Technically, it is opt-in, but only technically.) , and has some malicious purpose. (Depends on what you consider malicious. From Microsoft's point of view, it is not malicious. However, I'm sure that most spyware authors do not consider their software malicious.)

  • by PPCAvenger ( 651410 ) on Monday September 07, 2009 @09:49PM (#29345931)

    "Jail" for a corporation should mean that all assets are frozen and all business activities are forced to halt for the same number of days that a real person would have been incarcerated.

    The problem is that you'd be punishing a lot more people than those at Microsoft. Microsoft doesn't just sell operating systems for home computers; they sell and support a large number of business applications to a HUGE number of businesses. If Microsoft "went offline" for even just a few months, there'd be huge ripples throughout all sectors of the economy. Imagine if a critical security flaw were found in Windows, or IIS, or SQL Server and Microsoft couldn't patch it because they were "in jail". Just because you might not use MS products doesn't mean you don't do business with someone who does. It would be a disaster.

    This, to me, sounds like the system that brought us the notion of "too big to fail"


    Corporations should never have been able to get into to that position but it is possible to reel them in with enough political and populist will.

    That's neither here nor there. I would address the subject of "corporate prison" or "corporate execution" in the following way.

    A company sentenced to termination would have all assets liquidated and distributed. First priority is to pay off all obligations to the rank and file employees (pensions, benefits, remainder of the year's salary, things of that nature) and any outstanding debts. Anything left over would be distributed amongst the share holders since they're essentially just a bunch of rich gamblers playing an inherently risky game. It's not like this would happen overnight and they wouldn't have time to get out.

    None of the distribution would apply to any members of the executive team, their salaries, bonuses, golden parachutes, stocks or what have you are forfeit as they are, essentially, the criminal minds behind the operation. Ideally, I'd like to see their personal assets seized, liquidated and redistributed along with the corporate assets.


    In the case of technology companies who provide ongoing services to their customers, be it software patches or replacement parts; all source code, patents, design schematics, etc.. would be released into the public domain providing free market opportunities to service the markets that were left without support and/or provide competition to the remaining players in the market. This should result in plenty of players ready to service the departed corporation's customers rather rapidly.


    Clients may have had long term contracts or what have you and would be forced to incur additional expenses as a result but that could just as easily have happen if the company declared bankruptcy or a disaster happened. With all info on the products now public they would have the option of bringing service in-house if they so chose.


    Utility industries would be a bit more difficult to deal with but I'd prefer the state take them over with responsibility only to maintain the infrastructure while generating revenue by leasing access out to businesses who wish to compete for customers. Exceptions could be made to provide cheap or at cost service to other state entities (anything tax funded, basically).


    Much of the above is execution, the jailing could simply involve the public domaining of their existing IP. The corporation is still in business but is now subject to full out competition and any client who no longer wishes to do business with "a felon" can rapidly make that choice without concern about product transition periods or expenses.


    I'm (probably obviously) not an expert by any means or even an expert in training. I'm just another citizen with an opinion on how our society can be a better place.

  • by Nero Nimbus ( 1104415 ) on Monday September 07, 2009 @09:56PM (#29345969)
    From the summary: WGA's implementation also prevented users from purging the protection from their PCs without completely reformatting a computer's system drive.

    This line is so stupid that it hurts, because it makes the assumption that WGA is somehow going to vanish in a puff of smoke if you'll just nuke from orbit and start over. These people should just do the following, if WGA offends them so badly:

    1. Make a text file, but give it a .bat extension. Make it something like, oh, I don't know, "wganuke.bat."
    2. Paste the following into your new text file:

    echo Y > cacls wgatray.exe /d everyone
    echo Y > cacls wgalogon.dll /d everyone
    echo Y > cacls legitcheckcontrol.dll /d everyone

    3. Save.
    4. Double-click on the icon for your new text file.
    5. No more WGA (Sorry, no PROFIT! jokes here). Updating also works like a charm. The above was tested on XP SP3, but I have no reason to believe that it wouldn't work on Vista or Win7.
  • by atmtarzy ( 1267802 ) <ndnjones3@gm[ ].com ['ail' in gap]> on Monday September 07, 2009 @10:22PM (#29346147)

    Then maybe they shouldn't break the law.

    I think if the guys with the power to make decisions at MS could chose between making $100M and killing the global economy, or not, they'd take the $100M, quickly get it put into their Swiss bank account, and retire in Switzerland while the rest of the world goes to hell. Maybe I'm being cynical, but if MS (or any other overly-huge corporation, like say AIG pre-recession) were to just disappear from the global economy, it'd be like ripping a kidney out of your body. You just might survive, but it sure is not going to be pleasant. If we handle the situation differently, and slowly kill MS off (by essentially shutting down everything but say support and whatever people are necessary to keep the systems relatively secure), the rest of the world will be much more able to adequately adjust.

  • by Anonymous Coward on Monday September 07, 2009 @10:22PM (#29346151)

    screw the jail time.
    You want to get serious with a corporation, revoke their charter.

  • by Wolfier ( 94144 ) on Monday September 07, 2009 @10:22PM (#29346157)

    I completely agree with your point of view.

    Therefore, the solution should not be vengeful actions on persons until evidence is gathered on the questionable conducts.

    Instead, the only suitable course would be to put an end to the failed experiment called "corporate personhood". A corporation is by the laws of nature not the same as a person. Therefore what works on a human being (rights, responsibilities, awards, punishments) are totally meaningless to corporations, or at least have their very definitions entirely twisted.

    If corporations are to be granted human-like rights, there should be a separate constitution for them so that laws made to enforce responsibilities and rights of corporations would be well-defined.

    For example, currently corporations can donate to political courses just like individual persons can. This makes no sense because corporations' concern (mostly, profit maximization, either short term or long term) is entirely different - in fact a lot of the time are totally at odds with individual persons' concerns. Do corporations need to eat? No. Do they have a health that can deteriorate if they ingest something poisonous? No. Can they have children that they care a lot? No. Do they have concerns about privacy? Yes, but if you snoop on them like they do on you, it'll be labeled as industrial espionage.

    There are numerous examples to show that corporations will do whatever it can when they can get away with it. It's just "corporate nature". What a wonderful world it'd be if these desires weren't usually in conflict with desires of real persons.

  • by Anonymous Coward on Monday September 07, 2009 @10:24PM (#29346165)

    That is a deliberately misleading statement. Shame on you for using it.

    Thanks for the drama.

    The fact is, corporations get to have their cake and eat it too. They get rights as persons, but they don't have the responsibilities and liabilities of persons. The notion that people are "natural persons" and corporations are just "persons" is absurd.

    Agreed. It is an absurd distortion of the english language. Euphemism. The fact remains, however, that it is a legal term, with a legal distinction from "natural person". If you want it to be changed, then don't try to bully people for using the term, educate them and get them to change the wording of the law through petition or something.

  • by Anonymous Coward on Monday September 07, 2009 @11:04PM (#29346487)

    That is a very creative and bold idea. But it is perhaps too bold for our society to ever implement at present.

    The threat of punishment is suppose to deter criminal activity by motivating the potential wrongdoer to carefully consider the consequences of his actions. If corporations respond to monetary fines, which is the currently acceptable means of corporate punishment, as merely another cost of doing business, then the motivation is low. But if the punishment were an actual suspension of business activity then managers and stockholders would surely consider much more closely the behavior of their enterprise.

    Society needs these kinds of bold solutions.

  • by Techman83 ( 949264 ) on Monday September 07, 2009 @11:10PM (#29346541)
    Every time I've rebuilt someone's machine(usually a few upgrades as well), I read the S/N off the sticker on the side and plug it on in. Come time to finally log in, activate, fail, you have to call MS, read off some ridiculously long number, convince them that you are indeed installing it on the same computer you purchased it for, then input an even longer number (for the love of god, don't get one digit wrong..). I have wasted many hours of my life doing pointless activations, where as applying a WGA patch can be done in a minute.

    Path of least resistance will win time and time again, which for me is Ubuntu/Arch/Debian/Suse/CentOS etc.
  • by node 3 ( 115640 ) on Tuesday September 08, 2009 @12:42AM (#29347147)

    Actually, they can't eat cake, because they don't really exist. It's the same reason you can't really punish them.

    It's called a metaphor. Very seldom does it actually rain cats and dogs. Do you find you have trouble talking with people at times?

    So, can a corporation have free speech? No, because it doesn't have a mouth. Can a corporation carry a gun? No, because it doesn't have any hands to hold it with. Etc.

    Bull Shit. The reason we have lobbyists running so rampant in Washington is that the Supreme Court decided that corporations are people, and because people, not "natural persons", have the right to free speech, then so to do corporations.

    And back to your lack of English comprehension, free speech doesn't require a mouth. The newspapers have the right of free speech (and actually *are* mentioned by name in the Constitution, which would be unnecessary if the Constitution meant for corporations to be included as persons).

    Ah, now we get to it. You don't like executives and think they should go to jail when a large group of people all get together and make an agreement to undertake a risky venture and said venture goes south.

    I said no such thing. When a bunch of people take a risk and they fail and they suffer the consequences, I don't hate them. In fact, although they failed, I applaud them for trying (assuming their venture wasn't completely idiotic or deliberately detrimental to others).

    On the other hand, when executives make decisions which will knowingly and unnecessarily lead to significant bodily harm, and even death, like the Pinto. Then yes, fuck them hard. They belong in jail for the remainder of their lives.

    Stated again, with the Pinto example, the executives knew the car had a defect that would absolutely lead to the deaths and severe injury to their customers. They knew small children would burn to death, but they green lighted the project because those deaths were cheaper than either fixing the car or scrapping it altogether. Men who make such decisions do not deserve to interact with society unless they're wearing orange jump suits and cleaning the side of the highway.

    Yes, that's how it used to be before incorporation, and the trouble with that system is that no one will take charge of those risky ventures because they'd be afraid of going to jail.

    I'm not talking against incorporation. I'm talking against treating corporations as people and giving them rights which they were never meant to have. I made this very clear in my post. Your local community college will be glad to enroll you in remedial reading comprehension classes. It's rather inexpensive.

    You talk about class and rights, but really you're just feeling vengeful and envious of people you don't even know, and I think you're pretty hypocritical in feigning concern for the little guy when under your system he'd be mired in poverty right now.

    Are there unicorns in the world you live in?

  • by corsec67 ( 627446 ) on Tuesday September 08, 2009 @03:21AM (#29348029) Homepage Journal

    Better solution:
    Require the Lawyers to be paid in the EXACT same way as the class.

    So if the reward is coupons, then the lawyers get 30% of the coupons.

The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.