Slashdot Mirror
Linux Passes the Microsoft WGA Test
Wil writes "Here's a good one for the Linux fans -- running Wine on Linux and attempting to download a Windows Genuine Advantage protected file from the Microsoft website works just fine. It seems that Bill Gates has a soft spot for Tux after all, or at least isn't bothered about him downloading updates."
"Here's a good one for the Linux fans"
Does that prepositional phrase really narrow it down on Slashdot?
domain combinatorics
If the WGA check works under WINE on Linux, then Microsoft gets made fun of. If it doesn't, they're accused of anti-trust violations, malfeasance, and generally being bad.
I too have felt the cold finger of injustice.
Wine (as mentioned in one of the links) shows up as Windows 98 to microsoft, which, as far as I know, isn't even supported anymore. So, I guess since it isn't supported, it won't be validated or not validated and just lets the user pass through as if it was.
I wonder if a pirated copy of Windows could use Cygwin running WINE to bypass the WGA...
Help a poor college student. Send a couple cents via paypal to chucks86@gmail.com
Wine doesn't even use MS code, so that's why it's kinda interesting.
Pretty amazing considering I can't get a legit copy of XP to pass WGA.
Mike
Too bad it won't work on my XP Volume license anymore without a crack . . .
If you go to tools->manage addons and disable "windows genuine advantage" then you'll have no problems downloading any updates. They only fixed the javascript exploit.
"Religion is the most malevolent of all mind viruses." - Arthur C. Clarke.
But it turns out that it was destined to become the MS patch download wrapper of choice.
As reported in Microsoft Admits Targeting Wine Users.
This is clearly something that those out to criticise Microsoft's attempts at reducing software piracy will jump on and crow about. However, the fact that a windows application checking for the characteristics of a pirated copy of Windows cannot find them on WINE shouldn't be a surprise to anyone rational. At the end of the day, its important to remember that Microsoft are just trying to raise the bar. They aren't trying to stop Joe Cracker and his friends from reverse engineering the activation process and hex editing the checks out of the binaries (at least with this measure), they're trying to stop small computer shops loading systems with pirated 'free' copies of Windows by making the piracy visible and clear to the end user.
I don't agree with Microsoft's policy of restricting updates (such as the essential SP2) from unlicenced products, but cheap headlines like this help noone
Business Voyeur
Bill Gates (billg@microsoft.com):
* Fixed bug in verdetect.cpp that allowed WINE under GNU/Linux to pass the WGA test
* WGA 1.0.0.2944
My favorite WGA experience was recently trying to download some WMV codecs from microsoft.com . For the first time since I've been doing that for upgrades after installing Win2K, I got a "we suggest you verify your Windows installation with Windows Genuine Advantage" message. Though it was a "suggestion", I couldn't proceed to download until I let them install software that went through my computer's HD, siftin whatever data, with the "Microsoft assurance" that they weren't uploading any data to their server. After forcing me to let them frisk me, while presenting it as a mere "suggestion", their assurance of course had no credibility. But it was a tabula-rasa new install of a legit Windows OS on my machine, so it passed me without really bothering anything but my dignity.
:P.
Then I downloaded the codecs, and copied them to my Linux machine's ffmpeg folder
--
make install -not war
Will systems running WINE pass WGA validation?
p x
WINE is a Win32 emulator which allows Windows applications, such as Office, to run on top of X and UNIX. When WGA validation detects WINE running on the system, it will notify users that they are running non-genuine Windows, and will not allow genuine Windows downloads for that system. Users of WINE should consult the WINE community for WINE updates. It is important to note that WINE users, and other users of non-genuine Windows, can continue to download updates for most Microsoft applications from Microsoft application-specific sites, such as Office Updates.
http://www.microsoft.com/genuine/downloads/faq.as
afaict wine isn't really much of a sandbox.
sure windows apps may see what they think is windows but i don't think there is anything to stop them making linux syscalls directly once they realise they are in wine.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
All they did was paste a code in that they no dobt generated from a legit box. This is that 'crack' that came out way back when, where you generate the code on a genuine box, and then enter the code that comes back in the pop up box. I don't believe it checked what OS you were running, it just did a checksum against the code you entered. While certainly amusing and somewhat embarrasing on the surface for MS, it didn't really prove anything.
The only reason it still works is because Wine just went through some massive changes with regard to configuration. The WGA check works by checking for specific registry keys that Wine uses. The new configuration moved those keys from HKLM to HKCU. It's just a matter of time before they change the check they use. The position of Alexandre is that we're not going to play the insane game of working around their workarounds.
The good news is, there's not much reason any more to need the WGA. We've got a new DCOM and MSI framework that makes those two downloads largely irrelevant. Jacek Caban is hard at work integrating a Gecko engine into Wine as part the MSHTML.DLL (usually referred to as "Internet Explorer" on Windows.) So native Windows DLL's are falling by the wayside.
Of course, Microsoft got so much bad press over the WGA check that I wonder if they'd tempt it all again. Last time it raised the ire of eWeek and PC Magazine, so I imagine the next round will just be more bad press. Headline: "Giant software company continues to squash open source software"
obPlug: Wine is slated for a beta release in a little over a month.
----- obSig
This was noted on there awhile ago. WGA checks for Wine's registry key, and initially, demonstrated the behavior initially noted; that is, claiming non-valid Windows.
A bit after WGA was initially released, however, the WGA authentication dialog started accepting WINE-generated WGA codes with no explanation.
I don't know if WGA still checks for WINE, but if it does, it's something Microsoft can disable on their end quickly and easily, any time they want.
This isn't newsworthy, and it's not even news. The above comments about how WINE is being checked for were noted in the first March issue of WINE's newsletter, and the fact that Microsoft began accepting WINE-generated WGA validations was noted a few issues thereafter, though Google can't seem to find it.
It's only an insult if it's not true.
Bullshit. It's EMULATING a winapi interface on a Linux kernel and accompaning libraries accessable to X.
according to http://www.answers.com/emulate&r=67
Computer Science. To imitate the function of (another system), as by modifications to hardware or software that allow the imitating system to accept the same data, execute the same programs, and achieve the same results as the imitated system.
There's nothing about "doing binary machine language translation" or things like that.
There was no copy of Windows acquired, period. Wine is a reimplementation of the Windows API for Linux and family. It doesn't run Windows it runs Windows programs.
Game! - Where the stick is mightier than the sword!
This isn't new, it's a known exploit. WGA only cares about XP and 2K3. If GenuineCheck.exe is run on a 2000, ME, 98 and 95 system it will generate an authorization code and allow you to pass onto the download.
When I spoke to MS about it last week they said it was "By Design".
Using the same technique if you download GenuineCheck.exe with a pirate copy of XP and set it's compatibility to Windows 2000 or Windows 98 you will also get a valid code and can then use it to proceed to download.
I think that, more important than ways to defeat WGA, is that the user experience for Firefox people is harder and more dangerous than those using IE. For example if you use IE and elect to use the ActiveX control you just have to press one button. If you use Firefox you are forced to use GenuineCheck.exe every time you want a download. This requires a download, a run of the program, a copy paste a button click and then you are free to download. Firefox people should bombard MS to write an XPI or better yet scrap this stupid scheme.
Orationem pulchram non habens, scribo ista linea in lingua Latina
If I write my own JDBC driver, am I emulating a JDBC driver, or am I implementing the API?
Product activation exists to make Windows (slightly) more difficult to pirate. WGA exists to warn consumers if they have bought a computer packaged with an illegal copy of Windows from an unscrupulous salesperson.
That said, an unscrupulous salesperson could probably implement someway to bypass the WGA test easily as well.
I'd assume Microsoft doesn't care if Wine is considered genuine or not. It can certainly be annoying for legitimate Windows users, so I would assume the test errors on the side of not-hassling the user.
That said, I wish it would go away. It is annoying extra step on the rare occasions that I do have 2 deal with it.
http://brandonbloom.name
I would play Half-life + Counterstrike under WINE on Linux, and eventually it got to the point where you needed to run Punkbuster to be able to play it online. Basically, the servers look for Punkbuster to scan your system for cheat tools and make sure that everything looks kosher before they let you play.
I downloaded Punkbuster and was sure that it wouldn't like the looks of WINE's environment. I connected to the server, waited for it to verify and... it worked! I was feeling two types of way when that happened.
1. WINE is god damn amazing.
2. Punkbuster is stupid. I could have any number of hacks running under Linux, I could have been running WINE under ptrace() the entire time, injecting evil as needed into the Counterstrike game world, and Punkbuster would have been completely oblivious to it. No matter how hard it tried it would never be able to inspect the host Linux system for evil. Client side anti-cheat systems are doomed.
As said in grandparent it is not a sanbox.
:)
But if you run it under a non-privileged account under linux you will have it (sort of) in a sandbox enviroment.
Guess you could put it in user-mode linux too.. if you are really paranoid
"On that note, I really would like to see less of the retarded pro Linux, anti MS stories that have been popping up recently"... Next time try http://www.microsoft.com/ for news. They are MUCH less biased. YEAH RIGHT!
=-=-=-=-=-=-=-= - The Celtic - =-=-=-=-=-=-=-=
Most of us are logging on from work. And following links, whether we actually log in and post or not, that still counts as bieng a "windows user" as opposed to being at home and logging in from my *nix/*nux boxen. Big diff.
Most IT joints use windows because having "Microsoft Partner" on your shirt and car means you must know something about ripping others off of their hard earned money. It also means you are a FUD Spreading Professional. Linux has no claims against such marketing might. Linux can't even achieve such a small thing as "total virus compatibility" while Windows Vista has achieved "preemptive virus compatibility" with production ready viruses being released before its even out of beta.
" What luck for rulers that men do not think" - Adolf Hitler
Wine IS NOT an emulator in the traditional sense, it does not actually emulate anything. Wine (unlike VMWare, Virtual PC, or others) does not emulate the hardware of the PC. What the Wine project tries to do (mostly successfully) is to write an Open Source version of the Windows API. Again, Wine does not emulate anything. Windows' code runs natively on Linux, what Wine provides is the Open Source API for Windows' programs to access. One could theoretically copy Microsoft's APIs to Linux and accomplish the same thing that Wine is doing; but that would require buying a Windows license.
Calling Wine a Windows emulator is the same as calling Linux a glorified Unix emulator.
I think in rality you might want to take a big chnk out of Windows numbers.
Consider all the people that use Windows at work and something else at home. Really I am an OS X user but I am giving the Windows numbers a boost by reading far more often from work than at home. So the Windows number is not nearly as big as it would seem.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"Eat your vegetables now Bill or the big bad wolf will come to eat you!" :-)
On the other hand, if the solution was too strict it would only cause too much badwill for denying legitimate users from downloading software. It seems like it is scanning for known leaked corporate keywords and nothing else.
So maybe it is time for an update to the licensing model of Windows instead? The cost of maintaining a multitude of versions (XP Home, Media Center, Professional etc.) can actually be a problem too.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Well, Microsoft knows of WINE, their WGA FAQ specifically says WGA doesn't work - specifically isn't designed to work - in WINE. WINE folks don't care whether or not WGA works, they're just coding the program like before, minding their own business.
If Microsoft designed their check to not work in WINE, they should fix it to make it not work, then. Kind of like when Windows gets updated, and some app gets broken - generally speaking, it's app vendor's problem to make sure the software works in the new version.
im `Zidane from Bit-Tech, who posted this over there. in response to those people who think i "cheated" somehow, i didnt, and im sure just about anyone with wine can do the same thing. i just ran the checker exe in wine and copy-pasted the code into the site, and it worked. is it news? i'd have thought so, its checking if i have a valid copy of windows, and i dont, im completely linux based here. as for the windows updates, i dont think you could use this method because the windowsupdate site doesnt like firefox, it demands IE, although, you could probably forge IE's useragent to appear as IE, but iirc the windowsupdate site needs activex to run for the updater thingie. is it an uber-31337 haxx0rizing of microsoft? hell no, its just a funny thing i noticed whilst trying to get Black&White to run on my nix box.
FallenSword, a free MMO you can play at work!