IDG News Service - Microsoft Corp. this week defended its Windows Genuine Advantage (WGA) tool against charges that it acts like spyware because it constantly checks in with Microsoft when a user boots a PC with the tool installed.
When first introduced last year, the WGA, which checks a user's copy of Windows XP to ensure that it is not counterfeit or pirated, ran only on Windows PCs when a user would install automatic updates. Microsoft updated the tool, which is still in pilots, in April with a WGA Notifications feature that checks the legitimacy of Windows on a machine regardless of whether update services are being used.
In a statement through its public relations firm, Waggener Edstrom Inc., Microsoft said that when the WGA Notifications checks with Microsoft when a PC is booted, it is not providing any information to the vendor if a PC's copy of Windows has already been validated. Instead, it is checking with a "server-side configuration setting to determine if WGA should run or not." The check-in also gives Microsoft the ability to disable the WGA program if necessary.
Microsoft's defense of WGA came after Lauren Weinstein, co-founder of People for Internet Responsibility, the International Open Internet Coalition and the Electronic Entertainment Policy Initiative, noticed that even on Windows XP systems that WGA already had verified as legitimate, the tool will repeatedly attempt to contact Microsoft every time the PC is booted.
He wrote a posting on his blog about the behavior of the tool and suggested it may be acting like spyware, which is software that gathers user information through his or her Internet connection without the user's knowledge.
"I fail to see where Microsoft has a 'need to know' for this data after a system's validity has already been established, and there may clearly be organizations with security concerns regarding the communication of boot-time information," he wrote on his blog.
Weinstein posted another blog entry after he spoke with Microsoft to get the company's side of the story and said he is still not convinced the behavior of WGA Notifications is above-board.
More importantly, he said, the issue raises privacy concerns about how companies will control software that is increasingly being delivered over the Internet as a rented service, as well as how they control and disseminate information by communicating with the renters of those services.
Today, most users purchase software and maintain control over it themselves because they own it outright, and their communication with vendors is limited, Weinstein wrote. But that will change when more software is delivered as services, and companies may exploit both the relationship they have with customers as well as their ability to make users authenticate themselves to use services, he said.
"The old models are dying, and if we don't get ahead of the curve by understanding and properly framing the new models, we are likely to be very sorry after the fact," Weinstein wrote.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
