Truth and Distortion About Microsoft's WGA

More than five years ago Microsoft debuted its first anti-piracy measures, Windows Product Activation (WPA) and Office Product Activation (OPA). Now the company is rolling out Windows Genuine Advantage (WGA) and Office Genuine Advantage (OGA). No matter how many acronyms ending in A Microsoft delivers, they still come down to one thing: Finding new ways to increase revenues for Microsoft's quarterly reports.

Far be it from me to look askance at any company trying to increase revenues. I do my level best to help my company increase revenues every day. But the attempt to market WGA and OGA as any sort of advantage to Windows buyers is repugnant. Microsoft claims that WGA is an "opt-in" program are absurd. Its willful disregard for even small percentages of end users who are wrongly tried and convicted -- by a judge and jury consisting of a small piece of fallible software -- as being guilty of possessing a counterfeit copy of Windows XP or Office is greedy and mean spirited. Windows Genuine Advantage is an incredibly short-sighted program.

According to Microsoft's Alex Kochis, blogging on the MSDN site, "about 1 in 5 of the 300 million PCs that have run [the] WGA validation fail." Kochis's blog post is worth reading just for its explanation of common WGA validation scenarios. But there's one thing very wrong with the data he's pushing. Microsoft is making assumptions about the success of its WGA software because people who are affected by it may frequently not be fighting back. It can be much easier to go buy a new copy of Windows than to deal with communicating with Microsoft, never mind trying to defend yourself against a counterfeit claim.

The little guy has also become the bad guy in Microsoft's effort to root out the true culprits -- software pirates who forge Windows copies to dupe people at retail or who steal volume-license product IDs and resell them. Instead, Microsoft is further victimizing the victims of this crime -- honest people who may in most cases have no idea that the computer they bought didn't have a valid copy of Windows. Is Microsoft a victim too? Yes. But the software giant appears to have no compunction about applying pressure to end-users in its zeal to get at the big players. In my book, that's wrong. It's not just ethically wrong. It's bad business. Microsoft has lost touch with its consumer customer base. It's biggest concern isn't the people using its products, but arguing about its WGA software's false positive rate. The fact that there are any false positives at all -- and of course there are -- is unacceptable when the result is that customers will be told they must pay additional money for software they've already paid for. That's just plain arrogance.

Download Disrespect

If you have any doubts about Microsoft's true intentions and sincerity, get a load of this. Microsoft has repeatedly claimed that WGA is an "opt-in" program, that Windows users don't have to participate in. What's more, Microsoft doesn't provide an automatic or easy way to uninstall it. The company has also been quoted as saying that it reserves the right to require Windows users to run the WGA software. But this opt-in program in nearly impossible to opt out of. Even advanced users may have difficulty preventing WGA from being installed on their Windows XP computers.

Don't believe it? Run a search on your computer's boot drive for "wga". Unless you've manually deleted WGA, have not been connected to the Internet for months, or have prevented Automatic Updates from installing any updates at all, I submit to you that you'll find WgaTray.exe and other support files on your system. I spent part of last weekend checking 10 or so computers in my test labs and home for the presence of WGA. All but one of them had it; and that was a computer I hadn't turned on in weeks.

So, if that's the case, how is anything about WGA "opt-in"? Because on no account have I or any of the rest of the people using these PCs knowingly said "yes, please install WGA." Instead, Microsoft is preying upon people's ignorance -- and their strong desire to install security updates. It's clearly wrong for Microsoft to use its security updating channel to install software that has no security benefit, and no benefit at all to its customers. There is no advantage to end users in WGA.

The only place, in fact, that it's easy to make Microsoft's updating system actually reveal to you what patches it's installing is with Automatic Updates. You can review installed history on Windows Update, and get deep details. But even the Custom mode of selecting patches on Windows Update doesn't always show you the patches you're installing. And among those patches whose name is concealed from there is Windows Genuine Advantage. Sure, that's opt in.

There's only one sure way I've found to opt out of WGA. And in fact, that's what you have to do. It can take a day or two for you to actively find a way to opt out of Microsoft's new anti-piracy program. What you have to do is change the Automatic Updates Control Panel setting to "Notify me but don't automatically download or install them." Then you wait for the yellow icon to appear in your system tray that signifies that updates are available. When you open the notifier, you can access the option to "Choose updates to download." Remove the check beside Windows Genuine Advantage and click Cancel. Then you must add a check in the box beside "Don't notify me about these updates again" on the Hide Updates pop-up that will appear. This is the only way I'm aware of "not to opt in."

It's not an opt-in program. It's barely even an opt-out program. If WGA were an e-mail newsletter, we'd call it spam.

The current of effect of WGA on most businesses and enterprises who partake in the Software Assurance program is, so far, minor. But what about businesses who don't have volume licenses? Could business users be faced with the same problem? I went through a WGA validation process when I changed the date of my system clock one month ahead. I was forced to use Internet Explorer, to install an Active X file, and go through the process during my busy work day. How acceptable is that kind of experience to businesses whose employees might be wrestling with this problem?

Another big question remains. How might Microsoft enforce the usage of WGA if it decides to do that? What if people remove WGA from their systems -- as I managed to do on many of my computers? What if it forces people to turn to alternative sources for security patches (not a sound plan)? What happens when they fail to validate? Two class-action lawsuits have already been filed. Could other legal action be far behind?

In the end, carrying its fight against software piracy appears to be more important to Microsoft than security or customer relations with individual end users.

Whose bright idea at Microsoft was this? Let's hope some smart people at the top of the Redmond, WA-based company regain their senses and deep-six WGA. Some ways of raising revenue just don't pay.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon