Linux Passes the Microsoft WGA Test

Wil writes "Here's a good one for the Linux fans -- running Wine on Linux and attempting to download a Windows Genuine Advantage protected file from the Microsoft website works just fine. It seems that Bill Gates has a soft spot for Tux after all, or at least isn't bothered about him downloading updates."

Unnecessary

[phpm0nkey]

"Here's a good one for the Linux fans"

Does that prepositional phrase really narrow it down on Slashdot?

Re:Unnecessary

[Eightyford]

I know that was a joke, but I bet many slashdot users (like me) are still more than likely just fans of the idea of linux, than the actually software.

Re:Unnecessary

[clem]

Insert floppy 16 of 27. Press any key to continue your lesson, slave.

Yes, my dread distribution.

Re:Unnecessary

[DrHanser]

This is quite true. Most slashdotters don't actually use Linux. Read the "Operating Systems" portion.

Re:Unnecessary

I wonder if the numbers are skewed by the sheer amount of people who get bored at work and check slashdot from their company mandated windows PC

Re:Unnecessary

[syousef]

I don't know where to begin on this one. I'm not advocating Piracy here.

I just had to get hold of the latest windows installer for a bank I'm working at. Windows Genuine Advantage doesn't work through their firewall. The copy is absolutely genuine.

Now that stupid part is running windows update automatically gets you the installer without WGA kicking in. BUT I need the installer redistributable not a single installer. So I had to go to a third party site, and virus check etc. instead of going to the Microsoft web site.

This like every other piece of anti-piracy technology I've seen tends to inconvenience legitimate users, while pirates etc. find a way around it.

Absolute bulk stupidity.

Got to suck to be Microsoft sometimes.

[Ph33r+th3+g(O)at]

If the WGA check works under WINE on Linux, then Microsoft gets made fun of. If it doesn't, they're accused of anti-trust violations, malfeasance, and generally being bad.

Re:Got to suck to be Microsoft sometimes.

[Doc+Ruby]

Because WGA is stupid. Succeeding at doing something stupid to people is bad. Failing to do something stupid to people is silly. It must be nice to be Microsoft sometime, when some people want to sympathize with even their stupid moves that do nothing to help anyone but Microsoft.

Re:Got to suck to be Microsoft sometimes.

[FLAGGR]

Alright, I can see your new here. Judging by your comment history, you need some help. When your going to post a troll, check the "Post Annonymously" button before you hit Submit. Slashdot has a Karma system in place, and the more of an idiot you are, the less good karma, and more bad karma your going to get. Posting anonymously makes it so you don't have to suffer the loss, and people who ignore anonymous coward posts won't have to see your shit.

Of course, you could just not troll, but we all know it's impossible for some assholes. It's a reflex.

So stay in school, don't do drugs etc etc.

Re:Got to suck to be Microsoft sometimes.

[donscarletti]

The reason Ms is being teased is not because WINE is allowed to download a file. It is because, by accident, a non-authorised method of downloading managed to circumvent a mechanism to stopping un-authorised downloads. In WINE's case this is not a bad thing and it isn't really a loss for Microsoft since Wine clearly is not a pirate version of Windows. What's wrong is that a program that wasn't approved by Microsoft was able to download a file it wasn't theoretically supposed to. Thus it is a proof that many other programs can circumvent this same mechanism.

Re:Got to suck to be Microsoft sometimes.

[EndlessNameless]

OK, I'm calling bullshit here.

First, the list prices are not in the $200-$300 range. Maybe the first Windows license would be in that price range, but after that you would be looking at upgrades rather than full licenses. The upgrade version of Windows XP Home is $99 MSRP, and can be found cheaper online. The OEM full version of XP Pro can be bought at newegg.com for less than $150.

Second, half of those are not paid upgrades. For instance, you could download an update bundle or request a CD from Microsoft (at no charge aside from shipping) to update your Win98 install to 98SE. That takes $200-$300 off your inflated pricing.

And who in their right mind would upgrade to both Win ME and Win 2000? Why are these both on the list... it should be one or the other, not both.

A more realistic representation would be:

• Win 95
• Win 98/Win 98 SE
• Win ME/2000 or Win XP

I see three realistic purchases in that time frame. Now for a real comparison, how many of those OS X point releases would be realistic purchases? Was 10.0.1 good enough to merit $129 over the initial release? What about the upgrade from 10.0.1 to 10.0.2? I'm not saying that Microsoft would come out ahead in a comparison with Apple, and the purpose of this is to point that you're not representing the situation in a reasonable way. I'm not sure what would be a reasonable upgrade path for Mac users because I've never been one aside from a few stints in school where the lab machines I needed to use were all Macs. Being more accurate in portraying the situation will lead to more acceptance of your views. Anyone serious about computers would notice how obviously you misrepresent the upgrade paths on the Windows side of the comparison, and that makes your argument look bad even if you happen to be on the mark when everything is laid out and tallied up.

Wine shows up as Win98

[FlameboyC11]

Wine (as mentioned in one of the links) shows up as Windows 98 to microsoft, which, as far as I know, isn't even supported anymore. So, I guess since it isn't supported, it won't be validated or not validated and just lets the user pass through as if it was.

WINE Piracy

[chucks86]

I wonder if a pirated copy of Windows could use Cygwin running WINE to bypass the WGA...

Re:WINE Piracy

[sweetooth]

Why would anyone do that, they still haven't bothered to fix this work around.


        Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

        javascript:void(window.g_sDisableWGACheck='all')

        It turns off the trigger for the key check.

Re:WINE Piracy

[paranoidgeek]

Just enter this into your broswer URL bar ( one line ) :

javascript:document.cookie='WinGenCookie=validatio n=0; expires=01 Jan 2999 00:00:00 GMT';

This has worked for ages.

Re:Why should we care?

[FlameboyC11]

Wine doesn't even use MS code, so that's why it's kinda interesting.

Still works in warez windows xp too

[StonedRat]

If you go to tools->manage addons and disable "windows genuine advantage" then you'll have no problems downloading any updates. They only fixed the javascript exploit.

From a FAQ on WGA

Will systems running WINE pass WGA validation?

WINE is a Win32 emulator which allows Windows applications, such as Office, to run on top of X and UNIX. When WGA validation detects WINE running on the system, it will notify users that they are running non-genuine Windows, and will not allow genuine Windows downloads for that system. Users of WINE should consult the WINE community for WINE updates. It is important to note that WINE users, and other users of non-genuine Windows, can continue to download updates for most Microsoft applications from Microsoft application-specific sites, such as Office Updates.

http://www.microsoft.com/genuine/downloads/faq.asp x

Don't Get Too Excited

[vinn]

The only reason it still works is because Wine just went through some massive changes with regard to configuration. The WGA check works by checking for specific registry keys that Wine uses. The new configuration moved those keys from HKLM to HKCU. It's just a matter of time before they change the check they use. The position of Alexandre is that we're not going to play the insane game of working around their workarounds.

The good news is, there's not much reason any more to need the WGA. We've got a new DCOM and MSI framework that makes those two downloads largely irrelevant. Jacek Caban is hard at work integrating a Gecko engine into Wine as part the MSHTML.DLL (usually referred to as "Internet Explorer" on Windows.) So native Windows DLL's are falling by the wayside.

Of course, Microsoft got so much bad press over the WGA check that I wonder if they'd tempt it all again. Last time it raised the ire of eWeek and PC Magazine, so I imagine the next round will just be more bad press. Headline: "Giant software company continues to squash open source software"

obPlug: Wine is slated for a beta release in a little over a month.

Doesn't anybody here read WINE's site?

[rincebrain]

This was noted on there awhile ago. WGA checks for Wine's registry key, and initially, demonstrated the behavior initially noted; that is, claiming non-valid Windows.

A bit after WGA was initially released, however, the WGA authentication dialog started accepting WINE-generated WGA codes with no explanation.

I don't know if WGA still checks for WINE, but if it does, it's something Microsoft can disable on their end quickly and easily, any time they want.

This isn't newsworthy, and it's not even news. The above comments about how WINE is being checked for were noted in the first March issue of WINE's newsletter, and the fact that Microsoft began accepting WINE-generated WGA validations was noted a few issues thereafter, though Google can't seem to find it.

Re:Why should we care?

[Mad+Merlin]

There was no copy of Windows acquired, period. Wine is a reimplementation of the Windows API for Linux and family. It doesn't run Windows it runs Windows programs.

Nothing to see here...

[glowworm]

This isn't new, it's a known exploit. WGA only cares about XP and 2K3. If GenuineCheck.exe is run on a 2000, ME, 98 and 95 system it will generate an authorization code and allow you to pass onto the download.

When I spoke to MS about it last week they said it was "By Design".

Using the same technique if you download GenuineCheck.exe with a pirate copy of XP and set it's compatibility to Windows 2000 or Windows 98 you will also get a valid code and can then use it to proceed to download.

I think that, more important than ways to defeat WGA, is that the user experience for Firefox people is harder and more dangerous than those using IE. For example if you use IE and elect to use the ActiveX control you just have to press one button. If you use Firefox you are forced to use GenuineCheck.exe every time you want a download. This requires a download, a run of the program, a copy paste a button click and then you are free to download. Firefox people should bombard MS to write an XPI or better yet scrap this stupid scheme.

Almost as funny as Punkbuster

[defile]

I would play Half-life + Counterstrike under WINE on Linux, and eventually it got to the point where you needed to run Punkbuster to be able to play it online. Basically, the servers look for Punkbuster to scan your system for cheat tools and make sure that everything looks kosher before they let you play.

I downloaded Punkbuster and was sure that it wouldn't like the looks of WINE's environment. I connected to the server, waited for it to verify and... it worked! I was feeling two types of way when that happened.

1. WINE is god damn amazing.

2. Punkbuster is stupid. I could have any number of hacks running under Linux, I could have been running WINE under ptrace() the entire time, injecting evil as needed into the Counterstrike game world, and Punkbuster would have been completely oblivious to it. No matter how hard it tried it would never be able to inspect the host Linux system for evil. Client side anti-cheat systems are doomed.