Microsoft softens WGA (and Dubya *is* Bono)

I am a pirate! (A pirate? Horror!) Welcome to IT Blogwatch, in which Microsoft promises to be nicer about Windows Genuine Advantage. Not to mention George W. Bush singing Sunday Bloody Sunday...

Bizarre G&S references aside, Eric Lai reports that Microsoft isn't going to kill pirated installs:

Microsoft Corp. today denied speculation that it plans to cripple copies of Windows XP for users who refuse to install its controversial antipiracy tool, Windows Genuine Advantage (WGA). But the software company confirmed that for its upcoming Windows Vista operating system, companies will be required to activate their software differently than they do today in order to prevent the leakage of volume licenses that are the source of most Windows piracy ... Microsoft has taken considerable heat from consumers and the media, who have likened WGA to spyware that has sometimes inaccurately labeled legal copies of Windows as pirated ... Microsoft said that “80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys.” [So 20% are mistakes?] Microsoft has tried to appease customers by releasing a new version of WGA that checks users’ computers only once a month, rather than every day ... [A] lawsuit, filed this week in U.S. District Court in Seattle, alleges that WGA violates antispyware laws by not fully disclosing itself when it was delivered to Windows users through Auto-Update.

Tim asks, "How did we get here?":

What events led us inexorably to the point at which we simply cannot cut [MS] any slack on the issue? ... Microsoft's battle against piracy has evolved slowly, over time ... It's immediately clear that while Genuine Advantage is being spun by Microsoft as "for our benefit to ensure that we can be sure we are legal", it is in fact for Microsoft's benefit, and their benefit alone. They snuck part of it in as a "critical update", when arguably it addressed absolutely no critical issue save for Microsoft's anti-piracy agenda ... a series of missteps going back to the launch of Windows XP has led us here, to the point where we have no faith that Microsoft "would never do this to us".

Our own C.J. Kelly writes:

What Microsoft did was wrong.  You can't trick your customers into downloading software they didn't ask for and don't want.  You can't make your customers allow you to control what happens on their networks. I ran through all the details in my head again regarding what it would take to switch to a linux desktop in the enterprise.  I conducted a six month test to see if it was feasible.  I decided that while we could solve the technical difficulties, our users would not be able to adjust, at least not now.  But, this whole WGA spyware thing got me going in that direction again.

WGA product manager Alex Kochis:

A daily configuration check, or “phone home” feature as it was reported in some places, existed in the pilot phase in order to determine if the notifications should run or not and how often. This configuration check was removed. We also replaced the End User License Agreement (EULA) with a standard General Availability EULA that more clearly explains the purpose of the software and provides details about WGA Notifications ... there is a rumor floating around that Microsoft is planning to use WGA to implement a “kill switch” for PCs that fail validation. Microsoft anti-piracy technologies cannot and will not turn off your computer ... In Windows Vista we are making it notably harder and less appealing to use counterfeit software, and we will work to make that a consistent experience with older versions of Windows as well ... Our genuine customers deserve the best experience, and so over time we have made the following services and benefits available only to them: Windows Update service, Download Center, Internet Explorer 7, Windows Defender, and Windows Media Player 11, as well as access to a full range of updates ... Microsoft is fully committed to helping any genuine customers who have been victims of counterfeit software, and offer free replacement copies of Windows to those who’ve been duped by high quality counterfeiters.

Tim Anderson thinks WGA is,

...a disgrace. Anti-piracy measures (which are for the benefit of the vendor) shouldn't be auto-installed because the users has enabled auto-update for security reasons ... How fail-safe if WGA? The people who are most upset, understandably, are those who have paid full whack for their Windows installations but are still getting bugged by WGA as pirates ... As far as I can tell, Microsoft is doing a wretched job of handling these situations. Being hostile towards your best customers is not a great way to run a business. If these measures really are troubling the pirates, there may be some benefit for Microsoft. But that's an open question too.

Robert Moir:

Well it seems people won't stop complaining about WGA no matter what ... The trouble with this software is that it increases the attack surface of Windows. You never improve security and reliability on a system by giving it yet more critical and delicate code to run. Server Admins - what are you going to do when Microsoft want you to install WGA on your critical server infrastucture? CTOs - what are you going to do when your CEO calls you and asks why her laptop accuses her of being a thief halfway through a demo to some important clients? A virus writer who wants to really hang a black-eye on Microsoft can go after the WGA subsystem and get double-bubble value for their attack... not only the machines they infect but also the consternation of all other Microsoft customers worried their computer will be taken out by the anti-piracy code being fooled with.

jmichaelg:

No, Microsoft doesn't disable your computer - it just disables your ability to install patches which, given the frequency of OS exploits, is tantamount to the same thing as disabling your computer ... WGA thinks I pirated my copy of XP even though I bought it at Costco. When I disabled the "you have an illegal copy of Windows" balloon via the security panel, another little message popped up saying that I would no longer be able to download patches. I suspect WGA was unhappy because I had disabled several services such as remote registry and alerter. I can understand Microsoft's desire not to get ripped off but at the same time, I'm not sympathetic if their software falsely accuses me of being a thief and I end up losing a couple of hours figuring out what their problem is.

This Anonymous Coward's experience differs:

I had two valid licenses, but they were installed on the wrong systems. I called microsoft's 800 number (from the activation screen) and explained the situation. I wanted to switch my license keys. I did not want to reinstall since I had already loaded many applications and did not want to go through that process again. The microsoft rep said they could not switch the keys, but they would just give me another key for my desktop that would work. I was shocked! I said, "that means I will have 3 valid xp licenses." I said I could wipe my systems clean and install them the right way and then I'd have a valid key leftover that I could give away. The support rep said they hoped I would not do that, but it was possible ... this is a case where they went out of their way to help me. I called them for help and 10 minutes later I had my situation fixed.

Michael Gracie:

The company is destroying friendships (something you don't want to do in the tech sector if you are already known for weak products and big delays on new ones). There was a day when there was no competitor to Windows, but times have changed. Not only is there competition, but folks are finding that competition either vastly superior or vastly free, characteristics that can seriously damage the entrenched.

Buffer overflow:

    Around the Net

    Around Computerworld

And finally... This song is not a rebel song

Your humble blogwatcher is taking a break Tuesday. See you on the 5th.

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.

Copyright © 2006 IDG Communications, Inc.

  
Shop Tech Products at Amazon