Microsoft Talks Daily With Your Computer

An anonymous reader writes "Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction." The EULA is suppose to disclose this daily call-in feature. Lauren Weinstein, who is co-founder of People for Internet Responsibility, was one of the first people to notice the daily communications to Microsoft. Report from Yahoo.com"

What kind of bullshit excuse is this?

[ScrewMaster]

... quickly shut down in case of a malfunction.

So Genuine Advantage needs to contact the mothership in order to be told that it's broken and needs to terminate?

Please.

Re:What kind of bullshit excuse is this?

[caitsith01]

Whilst I generally agree that it is indeed bullshit, it is possible to imagine the scenario in which, for some reason, there is a bug in Genuine Advantage which leads to a denial of access to the Windows Update service for legitimately registered users.

I have often wondered whether Steam has a similar feature - if Valve goes bankrupt, for instance, does it release you from the (ridiculous) copy protection/licensing arrangements put in place when you install Half Life 2 and other products?

The best way to do any of this would be to simply check if the parent company's server is still there and able to provide authentication/updating. If it is unavailable for some reason the local software should function autonomously, as it always should, but without the need for approval from the parent.

Of course the *real* best solution is to stop trying to monitor usage on a micro-level and just make good products at a reasonable price. As has been demonstrated over and over again, this is the way to stop piracy.

Re:What kind of bullshit excuse is this?

[ottothecow]

I hate that tool...it seems like it is the only update that gets pulled down regularily. It pulls itself down and gets installed when I finally relent to it (since I am in no hurry to update it, even though updates come out all of the time) but then it wants me to restart. That's all fine and dandy, I'll let it do its business the next time I feel like restarting.

Oh, whats this? It pops up every 10 minutes asking me to reboot and gives me no option like "remind me tomorrow"

Come on microsoft...dont force me to sit through this shit on nonessential updates

Re:What kind of bullshit excuse is this?

[rodgster]

OK. I agree It's total BS. Anyone here remember win98 1st ed phone home info disclosure (on connect to windows update)? Oh and they forgot to disclose that in the EULA too.

Same tricks, different year.

However it's not like Redhat's Up2date doesn't phone home daily too. Oh and doesn't it NOT allow you to automagically install patches unless you have current support agreement (which you could rotate between servers if you had one).

I only happen to know because a certain software vendor likes to use RHEL (maybe they're just rolling back prices like walmart).

I guess that's within the rules (but they're still scumbags)?

I run Fedora.

Re:What kind of bullshit excuse is this?

[ScrewMaster]

I think all of this comes under the heading of "yes the technology permits it, but is it something we really should be doing?"

Re:What kind of bullshit excuse is this?

[JonahDark1]

I'm sorry, but you've completely missed the point. I don't want my computer talking to Microsoft daily. I don't believe Microsoft has any right to know what's going on with my computer. My software is a legal copy and if they want to check that when I download updates, I'll tolerate that, but it shouldn't be sliently calling home.

Re:What kind of bullshit excuse is this?

[oh_bugger]

According to some comments on a webpage posted earlier in the thread (hunt for it), people have been incorrectly accused of having non-genuine versions of Windows when they actually have completly paid for versions. If this is true then one day turning on their computer to find it's formated and not working will probably piss them off, even more if they realise it was Microsoft that did it. Also someone might deside to write some malware which fools the program into telling Microsoft that the copy of Windows is pirated, a while later Microsoft will go ahead and do the damage for them.

Whether or not Windows is or isn't the best OS to have, these people chose to pay their money to Microsoft and the excuse "It'll teach some pirates a lesson" is not enough to waste their time and money.

Re:What kind of bullshit excuse is this?

The number of people like you who attribute such unimaginable power to a text file on their screen is mind boggling. According to you, by clicking my mouse button, Microsoft really COULD take my first-born.

Signature? Nope. Pre-sales agreement? Nope. Teeth? HELL no.

Re:What kind of bullshit excuse is this?

[Archtech]

"If you disagree with Microsoft's actions, you are free to use another operating system or office suite or what have you".

And there you have it. As more and more users come to understand the legal facts of the matter, as expounded in this thread, they will have a strong incentive to adopt other operating systems that cost less and impose less unreasonable conditions.

In this context it is interesting to note that the difference between Windows and Linux is steadily being eroded. Indeed, in some ways Linux is distinctly superior; but the key point is that its weaknesses relative to Windows (read: buying objections) are rapidly disappearing. SuSE, to which I am in the process of migrating, is easier to install than Windows; just as efficient; more flexible; and, AFAICS, just as easy to use once you get used to it (which takes a few days). On the plus side, it's far less expensive, offers far better support, and is open and extensible.

Applications used to be a deal-breaker, but I have been using OpenOffice.org recently and it is, if anything, better than Office for my purposes. (Admittedly, I still have Office 97 which is arguably inferior to Office 2003, but why should I shell out big bucks every few years for what is essentially the same product?) Quicken used to be an issue, until Intuit suddenly withdrew from the UK market at the same time as my copy of Quicken mysteriously stopped working. So now there is really no reason why I would prefer Windows to Linux.

Re:What kind of bullshit excuse is this?

[Jafafa+Hots]

But until EULAs are upheld, AND the individual bullshit provisions of them are upheld, then they are still bullshit and I can consider them bullshit. Some lawyer correct me if I'm wrong, but if I buy a car from you and you make me sign a contract, and I hand you the money... and you refuse to give me the car, pointing out the fine print that I had apparently agreed to fellate you daily and kill your in-laws, and you argue that since I haven't done these things I'm in breech of contract and you don't have to deliver the car OR return my money, you would be wrong on both counts... you would not be able to enforce the egregious demands of the contract, PLUS you would still be liable to deliver the car.

Whoa!

[rahrens]

Just one more reason NOT to use Windows as my operating system!

Yawn

[RickPartin]

The article is a bunch of fluff. Here is the boiled down version.

1. The Microsoft Genuine Advantage tool is installed on many computers now and checks to see if your copy of Windows is legit.

2. Microsoft wants a safety switch in case this tool starts causing PCs around the world to explode. Thus the program checks with Microsoft once a day to see if it should shut itself off.

Microsoft is not spying on you. This is a safety feature that I'm glad is included. Did you know your computer also checks with them daily to update your time with the atomic clock? Where's the Slashdot story for that?

Re:Yawn

[sweetooth]

A safety feature that it doesn't need. Genuine Advantage only needs to be checked once. Upon verifying your Windows install it should never communicate with Microsoft unless specifically asked to do so. Doing anything else is highly suspicious and bad form. Failing to put this communication information in the EULA is also bad, but is likely an oversight on someones part so can probably be forgiven, we all make mistakes.

Re:Yawn

[collectivescott]

Regarding point 1: My copy of windows checks time.nist.gov, not microsoft. In addition, however, I was asked before this function was enabled, and I can disable it at will.

Regarding point 2: Where is the safety switch for internet explorer? I'm sure IE causes way more "computer explosions" than genuine advantage.

Let's be honest here. A phone-home capability in genuine advantage is suspicious, given the function of the genuine advantage program. It makes people running pirated versions of windows especially nervous. The bottom line is, if it isn't a spy tool, there ought to be an option to disable it. If it is a spy tool, get it the fuck off my computer. Period.

Re:Yawn

(Too lazy to log on)

OK, so we have a little script that checks license/machine info to make sure you aren't using a pirated Windows. A very very dangerous script that might cause your pc to explode. Better keep tabs on it every day, and make sure you can remotely kill it if you discover later it has a flaw...

Good thing Office, IE, WMP, the kernel, etc, are so safe and stable - otherwise we'd have to have those check in, too, in case we found something wrong. All that work, writing code to have it check in, making sure it can respond to our kill signal if anything happens, checking every single day for possible flaws - we'd go bankrupt trying to watch everything on the computer, but thankfully we only install one thing so dangerous and so vital.

Re:Yawn

[StikyPad]

It makes people running pirated versions of windows especially nervous.

Boo hoo.. poor people running pirated copies.

If they're too stupid/lazy/cocky to keep themselves isolated by a good firewall, then I have no sympathy.

There are plenty of valid reasons why this "feature," or at least the lack of disclosure, is immoral. Protecting piracy is not one of them.

Re:Yawn

[tacocat]

Well, for one. How does legal software become illegal? You only need to check once.

This is a simple enough program that there shouldn't ever be a need for a safety switch, and since it only runs the one time, there's no need for it.

And Microsoft has established a history of doing this kind of crap in the past. Is there any reason why anyone should expect them to behave differently today? Seriously. Is there anything which Microsoft has experienced which might give them pause to consider this behaviour as potentially improper?

Re:Yawn

[Agent+Green]

Microsoft doesn't really give a shit about the single-use, single-pc key so much. The whole crux of the Genuine Advantage thing is to keep an eye on the corporate volume licensing keys.

If a corp. license gets out into the wild, it's going to spread like mad (duh). With all those updated PCs phoning home on a daily basis, Microsoft should be quick to get wise to whose key just slipped out and put the kibosh on it.

How many people had the FCKGW key before that got pulled in SP1? :)

YOUR computer?

"MicroSoft Talks Daily With Your Computer"
This implies that we all have either pirate copies of Windows, or have Windows at all. And a 'net connection. ;-)

Re:YOUR computer?

[collectivescott]

Uh, if you're reading this, I'm willing to bet you have a 'net connection...

Re:WgaTray.exe

[ezratrumpet]

What frightens me more than Microsoft's program calling the mother ship is that so many people didn't have a firewall that notified them that a new program was sending out information.

I have a idea.

[Avillia]

Redirect 207.46.*.* to 255.255.255.255. Only stop doing this when you feel the need to update. Disable automatic updates and all other update services except when you want to update. Problem solved. Really, if people just took the stance of "Why does this thing need to communicate to another computer?" instead of "Why shouldn't I allow this thing to talk to another computer?", 99% of security issues would be complete bork. But, of course, that requires common sense.

Huh.

Lazar said that so far, about 60 percent of users who were offered the piracy check decided to install it.

Really? Decided seems to imply some sort of informed consent. From what I've read about this thing, there are a number of people who are surprised to have this on their system and have received it as part of their automatic updates without actually being aware of it. I certainly wouldn't opt to download something like this.

Re:Old News

WTF? This isn't old news. Every time I have downloaded this to do installations on the computers we setup at work it says very clearly it performs a "one time check". When did "one time check" become every day? Microsoft is fucking scum.

i ve never used this ...microsoft or apple s

[observer7]

i used uinux in the older days , switched to Linux 10 years ago and now use ubuntu . never had any problems with "are you legit ? or are you stealing from us ? i would never want a company to treat me like i was a illegal alien . one like that doesnt get my money

Re:This happened to my moms computer yesterday

Yes, Microsoft is using GA to call his mother nasty names. They decided it was worth the pain to innocent users.

Re:So what?

[BFaucet]

A) They didn't tell anyone the software would do this.

B) We are supposed to trust MS that this thing is only asking MS if it needs to be shut off? What the hell kind of reason is that to phone home?

C) Why the hell does this software need to be running all the time? It's taking resources doing nothing but asking MS if it should be shut off?! Why can't it be started up and shut off only when needed?

D) There have been false reports of pirated software. Will this software one day just decide you're using a pirated version and kill your machine? Some people depend on their computers to feed themselves. If this software screws up and kills a machine and the owner has several days of downtime who's going to compensate them?

E) If you really think MS (or any large corporation for that matter) is above abusing phone home programs you got blinders on. Why should we trust large companies with our private informaton while not trusting actual people with our social security number?

F) The reason megacorps and the people who run them are so successful is always a combination of luck, smarts, and ability to stab people in the back and laugh about it. I'm not saying large corporations should be ended, but they should be approached with caution. They will try to get away with whatever the hell they can. It's the consumer's job to keep them in check... Well it's the goverment's job too, but they seem to be doing a shit job to say the least.

Re:Surprise ???

[hahiss]

All ubuntu does is use the network time protocol to sync your system's clock so that it always reports the right time. There are many public ntp servers that you could configure your computer to use instead, or you could turn it off pretty simply.

In contrast, the ``phoning home" talked about in the article involved sending information TO Microsoft about your computer but for their purposes.

Re:at least they don't steal user files

[dtfinch]

And Google Toolbar with pagerank checking enabled tells Google every url you ever visit.

remote deauthorization

[johnrpenner]

if microsoft can remotely 'unlegitimize' a copy of windows,
couldn't a virus or worm massively remotely cripple loads of machines
by exploiting this...?

Re:remote deauthorization

[IchBinEinPenguin]

I didn't think they needed any help...

Re:remote deauthorization

[jellomizer]

It has been happening. And still it wont change anything. For a simple reason people will not get fired for choosing Microsoft.
You install Windows it gets hacked or a virus infects the network then that is considered a risk of using a computer. If they installed Linux or some lesser known OS. It gets hacked or a worm hits it or it crashes for some reason even it if it minor, I am sure you will have a serious talking to with your managers at best, and they may possibly fire you especially if you really fought hard to get this platform in.

Re:remote deauthorization

[bheer]

> The question is: if we all really are such anti-social techno creeps, why haven't we done that already?

Jail time?

Re:remote deauthorization

[lpq]

I think you miss the point (or not).

If you are saying that the WGA check is a virus and can behave like a virus in that it cause havoc, then yes, I agree.

If you are saying "nothing has changed", I'd disagree. Each time software goes out to some "destination", there is an increased chance that it opens the system up to attack.

If Microsoft's "viral WGA" check runs daily and both updates and downloads information, there is
a chance each day of it getting it wrong and screwing up the system.

It's another insecurity vector that is added to a system.

Virus's have to have a way in. If you don't run interactively on a machine (so no email, no loading unknown binaries), and if the machine presents no services to the outside world, how do viruses/worms get in?

The problem with Windows software is that most of it is untrustworthy -- it doesn't do what the manufacturers claim it will do, and often does things that are undocumented for (and unwanted by) customers.

You want to put a dent in Windows virus's, worms, etc. Start distributing source. Let people
build their own binary and be able to read the source to find out that the software performs as advertised.

-l

Microsoft needs to get its act together

[I'm+Don+Giovanni]

Microsoft seems too dense to realize that they've squandered trust, and need to be above reproach like Caesar's wife (see Shakespear's "Julius Caesar" ;-)). That means that they need to make sure to disclose these kinds of things; failure to do so (before a third party does it for them) just makes them all the less trustworthy. This episode demonstrates sheer idiocy on their part.

Re:Ethereal anyone?

[AtomicDog]

The DOS command route -p add 207.46.0.0 mask 255.255.0.0 [192.168.0.254] (replace the address in brackets with a random address on your current subnet) will permanently route all would-be "phone home" packets to the random address that you specified.

What makes you so sure this will work now and in the future when all MS has to do to make your solution useless is modify their networking code to ignore any custom routing rules to their class B? MS did something like this with the HOSTS file, so I wouldn't be taken completely by surprise if they did this.

Because of this, I'd rather trust a firewall that isn't running on a Windows box to get the job done.

No excuses

[Jeppe+Salvesen]

Yes. If you fail to read the contracts you agree to, you may very well have your first-born taken away from you.

By denying Microsoft the rights you agreed to granting them, you are indeed in breach of contract. You are not doing what you agreed to do, simply put.

If you have a problem with this stuff - buy a Mac (and read the contract/EULA before you start using it) or run Linux (the same applies here).

Re:Minor edit

[Politburo]

The "d" in "supposed" is increasingly seen as redundant

By who, exactly?

Should be illegal.

[arrgster]

If someone had a certain item stolen and then looked in your window and saw that similar item in your house, they do not have the right to break down your door and check the serial # to make sure it isn't theirs. Yet for some reason big software companies have to right to invade my personal property (my computer) to verify that I actually own the software. This totally bypasses our entire legal system and our constitution and I have no idea why they are getting away with it.