Microsoft Misrepresenting WGA's Functionality?

Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."

Somewhat obvious.

[Transcendent]

I gave it some thought before I installed it earlier. I knew all it did was report to MS that I had a legal copy of Windows, but the bad part about it was that it seemed I had to install it before I could download any other critical updates.

It's a damned-if-you-do and damned-if-you-don't situation...

Re:Somewhat obvious.

[Kasis]

Although I do own various versions of XP it's simply more convenient for me to use pirate copies.

I had no problem with Windows Update, just used a well-publicised trick to gain entry and then told it not to install WGA and not to mention it to me again (there's a check-box for that purpose).

Re:Somewhat obvious.

After the 10th reinstall, its a pain in the ass to type in the license key, redo activation ("Hello, microsoft, i had to reinstall, please reactivate me") and so on.

Or you could pop in a burnt cd with all the activation crap disabled. Added bonus, it's probably already got the service packs on it.

How to Disable the WGA Add-on

[Digital+Vomit]

If you want to be able to disable the Genuine Windows Advantage Add-on for IE (accessible via Tools|Manage Add-ons... in IE), you might be surprised (or not) to see that Microsoft will not let you do so. It gives you some sort of stupid "disabled by Administrator" message, even when you're logged on as Administrator (I guess MS thinks it's the administrator for your computer).

To enable the radio button that allows you to disable this worthless add-on, follow these instructions I found:

1. Open Group Policy Editor (gpedit.msc) go to User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management.
2. Double click Add-on List and select enabled.
3. Click on Show then on Add.
4. In enter name put {17492023-C23A-453E-A040-C7C580BBF700} .
5. In enter value put 2.
6. OK, Apply, OK.
7. Now you can disable/enable the add-on.

Re:Why punish legit users?

[mattyrobinson69]

install it
disconnect from the internet
open task manager
kill the process 'wgatray'
rename the file c:\windows\system32\wgatray.exe to something else (wgatray.exe.bastard, for example)

There is also a file called wga.dll, or similar, but i didn't do anything with that, if anybody could shed some light on that, it'd be nice. I did the above on a machine that was wrongly reporting as 'pirated', and it worked fine.

Bypass & Disable Genuine Windows Validation Ch

[Digital+Vomit]

How to bypass and disable the Genuine Windows Validation Check (from http://www.mydigitallife.info/2006/03/07/bypass-an d-disable-genuine-windows-validation-check/):

1. Open Windows Explorer by clicking Start -> All Programs -> Accessories -> Windows Explorer.
2. Browse to C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data folder.
3. Delete (or backup or move to another folder, if you want) data.dat file.
4. Create a new empty data.dat: You can create a new text file by (make sure you are at the right folder at above) clicking File -> New -> Text Document or right clicking on Windows Explorer window then click New -> Text Document. Then, either rename the file to data.dat. The original .txt extention of the text file need to be changed too. You can disable the hiding of extension of known file types, or follow the following steps to create a new file out of the text file:
   • Open the text document you just created.
   • Click on File -> Save As.
   • Change the Save as type to "All Files".
   • In the File name, type data.dat
   • Click Save.
   • Go back to the Windows Explorer, at folder C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data, check that data.dat exists.
   • Delete the text file you created previously.
5. Set the attributes of data.dat to Hidden and Read-Only. Attributes can be set by right click on the data.dat file, and then click on Properties.
6. Windows Genuine Advantage (WGA) validation check has been disabled.

Note: The data.dat that are replacing the original data.dat can be blank text file or empty, or you may type whatever you want there.

With this hack (or crack if you want), Windows WGA piracy check will be bypassed and you can now download software from Download Center or apply updates from Microsoft/Windows Updates.

That, OR

[mobby_6kl]

That method sounds good for widescale, corporate deployment, but here's a simpler method:

• Use Autoruns (everybody should have it already) to disable wgalogon.exe on the winlogon page.
  

Get updates without going to Microsoft

It's simple. Just use Autopatcher. They make compilations every month with all of the updates and other tools and tweaks, without having to deal with Microsoft's FUD-ridden update process.

http://www.autopatcher.com/

By the way, Autopatcher will update pirated copies, for better or for worse...

A link for the rest of us.

[Frenchman113]

This "genuine advantage" notifier is remarkably easy to disable. Here's a link that documents numerous ways to defeat it. http://labnol.blogspot.com/2006/04/workarounds-to- disable-non-genuine.html

Re:Why punish legit users?

[zcat_NZ]

There's many ways to get rid of WGA. Here are the two easiest;

Option one:
Start in safe mode and find the file /WINDOWS/System32/WgaLogon.dll. Edit the
file properties and remove the execute and write permissions for all users
including System. The daily checkin and the WGA System Tray tool are both
started from this DLL so making it non-executable kills the whole WGA
Notification system. Making it read-only stops windows update from 'repairing
it' and installing future versions.

Option two:
Download and burn Ubuntu Dapper Drake or order a FREE CD from
shipit.ubuntu.com (downloading is quicker). Back up your important documents and
completely replace Windows.

Personally I chose option two many years ago, but I continue to watch Microsoft's antics with a degree of detatched amusement.

Re:Why punish legit users?

[peragrin]

no MSFT bypasses windows hosts file when calling home. This is known. On one side it's a good thing, as windows update will always point to a MSFT based server allowing for clean updates. (can you imagine the problems if every infected windows machine couldn't get a patch)

On the other side is that MSFT could solve a lot of their problems just be creating an easy, basic way to enforce security. Unix did that years ago on Unix you have basic file system level defaults seperating users. Then you can use other programs to create an ultra fine grained control.

Under Windows all you have is a very complicated fine grain control system that a massive percentage of the apps break if you use it.

Kill off Active X and add a simple yet effective file seperating on the Filesystem layer and the majority of windows viruses problem will vanish. It won't solve all things. it won't solve stupid users installing things they shouldn't, but It would stop most of those problems instantly.

It's also the one thing MSFT won't do. Not even with Vista. They are keeping activeX and while they are trying to use their fine grained permissions control as a basic level they are finding that it doesn't work well. (just look at all the reviews on the vista Beta, 7 steps to delete an icon?)

Bypass WGA

[DrIdiot]

I just bypass it. How to bypass WGA

some of the data reported

clientTime, cookie, Ping, PingResult, pingLevel, Cookie, EncryptedData, Expiration, MonitoredServicesResponse, agI0, CustomInfo, DatabaseInfo, ConfigFileExpirationModuloInMinutes, ConfigFileNextExpirationTime, ConfigFileVersion, ConfigFileLastModifiedTime, ConfigFileEnvironmentName, ConfigFileProjectName, ConfigFilePath, RequestContentType, IsHttps, ServicesMachine, ServicesName, ServicesTime, SuccessFlag, ReportingEvent, PrivateData, UserAccountName, ComputerDnsName, ExtendedData, DeviceID, OSLocaleID, OSVersion, BiosRevision, ComputerModel, ComputerBrand, MiscData, ReplacementStrings, DetailedVersion, ServicePackMinor, ServicePackMajor, Revision, Build, Minor, Major, BasicData, AppName, Win32HResult, SourceID, EventID, NamespaceID, EventInstanceID, TimeAtTarget, SequenceNumber, TargetID, ComputerTargetIdentifier, Sid, UpdateRevisionIdentifier, RevisionNumber, UpdateID, ProcessorArchitecture

they say no "personal data" is sent but your logon name and Machine name would probably count as personal as it gets, note it also looks at your cookies status

List of OEM's checked for

"buympc", "SUNGIL", "Tatung Co.", "TDItaliaSpa", "VOYETTSPACESEVEN", $MOTO$, $SAMSUNGPC, 051004-BOPTERON, 051004-opteron, 051404-BOPTERON, 051404-OPTERON, 4S4EB2X0, Acer.APSLE, Acer.BAPSLE, AcmeComputers GX500, Amitech_PC, Amitech_XOEMX, AQUARIUS, BCompaq Workstation, BDell System, Brite Computers, BriteComputers, buympc, Compaq Workstation, DELL BOpti GX260, DELL BOpti GX270, DELL Opti GX260, DELL Opti GX270, DELL Opti GX270, Diginote, FabrikamComputers, FabrikamOnNowPC, FabrikamToasterPC, frerspm, Grupo@Sitre, Inter-Data_A/S_OEM_PC, MELCO_Product, MICRO-STAR INTERNATIONAL CO., LTD, MicroLink, micron, Microtech Computers, Inc, microtechcomputersinc, Midern, Midern Computer, Inc, MIKROLOG, Mikrolog Ltd, Miltope, Miltope Corporation, Milwaukee PC, Mind Computer, MindComputer, MITAC GETAC, MITAC MTC, MITAC TECHNOLOGY CORP, MITAC7068, MITAC7170, MITAC7521P, MITAC7521T, MITAC8170, MITACM722, Mitsubishi, Mitsubishi Electric Information Technology Corporation, ML Arvutid AS, MLARVUTID, Motorola, Motorola Inc, MPC Computers, MSI-2831-MS, MSI-6282, MSI-Desktop, MSI-MEGAPC, MSI-Notebook, MSI-PC, MSI-PenNote, Multivision Computers, MultivisionComputers, Mustek Electronics (Pty) Ltd, Mustek6376, Myriad Innovative Designs Inc, NARAY, Naray & Company Inc, National Instruments Corporation, NATIONALINSTRUMENTS8171P3, NATIONALINSTRUMENTS8180CELRON, NATIONALINSTRUMENTSNI8350, NATIONALINSTRUMENTSNI8351, NATIONALINSTRUMENTSPXI8103PM, NATIONALINSTRUMENTSPXI8105PM, NATIONALINSTRUMENTSPXI8171P3, NATIONALINSTRUMENTSPXI8180CELRON, NATIONALINSTRUMENTSPXI8180P4, NATIONALINSTRUMENTSPXI8190P4, NATIONALINSTRUMENTSVXI770-870BP3, NATIONALINSTRUMENTSVXIPC880PM, Navigator, NCA Group Ltd, NCA_GROUP_LTD, NCR BIOS, NCR Corporation, NCR Financial Solutions Group Ltd, NCR PELE, NCR PELE II, NCR PHANTOM, NCR Plato, NEC Computers, NEC Computers International, NEC Corporation, NEC Versa, NEC-PC, NEC_PC98, NEC_Product, NECC1, NECc_, NECC_000, NETA, NETAXP, Network Engines, Network General Corporation, NETWORK TECHNICAL, Network Technical i Kungsbacka AB, NetworkEngines, NexPress, NexPress Solutions, Inc, NexPress. A Kodak Company, NICE Systems Ltd, NICE_SYS, NORTEL, Nortel Networks, NORTELNETWORKSCALLPILOT, Northern Micro, northernmicro02, northernmicro2002, Novatech Direct Limited, NovatechDirectLtd, NS Optimum Ltd, NSOptimumLtd, NT Computer, NTT System, NTT System Ltd, OIMERP, Oki Electric, Oki Electric Industry Co.,Ltd, OKI ifNote, OKI ifStation, OKICONT, OKITOPRE, OKIV01, Okuma Corporation, OKUMA-OSP, Olidata Chile S.A, OLIDATA CHILE S.A., Olidata S.p.A, Olidata S.p.A., Omni Tech Corp, Omni Tech Corporation, Omnicell, ON Trading AG, ontrading, optima, Optima Technology Solutions, optimapc, optimaxp, OPTIMUS, OPTIMUS S. A, OQO Inc/Zepto/(jja), OQO, Inc, P A R S Technology Ltd, PACCO GROUP, paccoix, Packard Bell B.V, Paradigit, Paradigit Computers B.V, parstechnology, PC ARTS ARGENTINA S.A, PC DIRECT.INC, PC-FACTORY, PC-Factory Sp. z o.o, PCARTS2005, PCDIRECT, PCI2000PC, PCI2004PC, PCIcompany, PCIcompc, PCIcomputers, PCInewpc, PCIsl, PCS Industries Ltd., PCS Technology Limited, PCS1996, PERI STYLE, PERISTYLE, Personal Computer Systems Inc, Personal Computer Systems Inc., Perto S.A. Perifericos para Automacao, PERTOSA, PFU Limited, Philips Medical, Philips Medical Systems, POSIFLEX, Posiflex Inc, POSITIVO, Positivo Informatica Ltda, Powell Computer Manufacturing Co.,Ltd, PowellComputer, PowellComputerMfg, Premio Computer, Inc, PRIMINFO, ProCA, ProCA spol. s r.o, PROCOMP Ind. Eletronica Ltda, Procomp Industria Eletronica Ltda, Production Company Aquarius LLC, Productos y Componentes Informaticos S. L, Prosys, Prosys-Tec, PYRAM, Pyramid, Pyramid Computer, PYRAMID COMPUTER SYSTEME GMBH, Pyramidcomputer, QingDao Haier Computer Co. Ltd, Quantum, Quantum Designs (HK) Ltd, Quantum Designs (HONG KONG) Limited, Quantum Microponents Ltd, R. & K. Systems, R.&K., RADIANT, Radiant Systems, Rectron (PTY) Ltd, Rectron1552, Research Machines, Research Machines plc, RICAVISION International Inc, RICAVISION7800, RICAVISIONPLIX, Richfield, Richfield Innova

Re:Windows 2000 looks better all the time

I'm still running Windows 2000 on the Windows machine. I have the latest version of OpenOffice, the latest Firefox, the latest Blender, etc.

Sounds like you could be running Linux considering all three of those apps have Linux versions. Just sayin'...

Re:Why punish monopolies?

[Xabraxas]

you will not find Quake 4 or World of Warcraft on Linux. Gimp is no paintshop killer, and WINE is nowhere near as robust as a real Windows system

I find your remarks a little odd considering:

1. As a previous poster mentioned, Quake 4 runs on Linux natively.
2. World of Warcraft runs on Cedega.
3. Photoshop not only runs on Wine but is actually used with Wine by none other than Disney, who actually contributed to Wine to get that to happen.

If those are actually representative of your needs as a Windows user than you wouldn't have a problem moving over to Linux. If they aren't representative of your needs then get better examples and ask yourself why you chose those examples in the first place.

Re:Why punish legit users?

[amavida]

" RE:"And what can us consumers do about it?

swich to something better, nobody is forceing you to use microsoft's product "

Well actually we _are_ being forced to use M$ pretty much.

The M$ company has acheived an almost 100% monopoly through glossy marketing and predatory business practices.
Hardware manufacturers are coerced into preinstalling nothing but M$.
M$'s monopoly business software is deliberately engineered to have undocumented file formats to frutrate attempts to work with them on anything _but_ M$ software.
The peripherals manufacturers now almost invariably provide nothing but M$ compatible device drivers & refuse to provide documentation to enable porting of their drivers to any other architecture.

I run a small international company.
I am foraed to use M$'s OS & ome of it's apps because we have so little _real_ choice.

*Take note, I am talking about choice in the business sense, not as in the sitting in my mothers back bedroom pontificating type choice, ok?

Take responsibility for your own machine

[chicago_scott]

Just because some piece of software wants to do something doesn't mean you have let it.

Why not just block it with a firewall? According ZonaAlarm the IP that WGA connects to is (or maybe *was*) 64.4.52.189

From WikiPedia:

Windows Genuine Advantage Notifications and Firewalls

Some personal firewalls, though not the basic one in Windows, may alert on the method by which wgatray.exe is started, in the case of Outpost firewall, it is identified as a "hidden process". The wgatray.exe process itself can be firewall blocked, without apparent problems. Removing the reference to WGALOGON.DLL using HijackThis appears to effectively de-install this update, to the point where it will be offered again if it has not been marked "do not show".

And I'm sure there are a dozen other ways to avoid the WGA.

Re:Trade-offs

[iamdrscience]

It's not just games, I don't play any games and I find Linux totally unsuitable for use on my desktop (unfortunately). Many of the programs I use do not have linux versions nor comparable open source programs.

• Adobe Photoshop - There are people running this with Wine, but I'd have to spend the time configuring it. If this were the only program I needed, I would consider switching. Gimp doesn't cut it BTW.
• Adobe Illustrator - I've heard of people running this with Wine with not particularly great results. Might be worth a try. There are a couple of free vector drawing programs that don't completely suck, but still none that quite compare.
• Adobe/Macromedia Flex 2.0 Beta 3 - This isn't even available for Macs yet (it will be though).
• Toon Boom Studio - No clue if this could be run with Wine, but very few people use it so I'd be totally on my own, unlike with Photoshop and Illustrator where there are a few people who have tried it.
• Ableton Live - ditto

That's not a complete list either, there are a lot of other less essential, but very useful programs I use that aren't available.

Don't get me wrong, I love linux and I try to convince people to check it out if I think it suits their needs (often), but it's just not a viable option for me.

Re:Let's not forget to bash the other bad guys too

[celest]

There was a bug with Steam near its beginning where a bunch of CD keys got double printed, and hence many legitimite users were unable to validate their keys for a few weeks.

I was one such user, and encountered the same response from their support innitially. I finally got transfered up the chain, and was able to send them a fax of the original CD's and my purchase receipt from Best Buy as proof of purchase. They sent me a new, working key the next day.

I was very very angry also. To be fair to them, they apologised profusely and changed their phone support protocols to account for the error for future people. Obviously this should NOT be happening to legitimite customers.

Since them, I've purchased several other Steam based products and have never had an issue. The content delivery system itself is an excellent means of deployment. Don't give up on them because of one fuckup, big as it was.

Re:Baby steps -- not cold turkey

[blackest_k]

i think a cool way to go is ubuntu and vmware. Ghost your existing windows setup unpack in a virtual disk in VMWare run windows when you have too (in a window or full screen ctrl alt to switch) Dual boot could still be useful if you really need windows for gaming. Personally I don't find I need windows very much on a day to day basis.

It DID happen in the past!

[Newer+Guy]

M$ actually modified Windows 3.1 (as an update) so suddenly it would not run with DR-DOS. They got sued and (eventually) lost (read: a minor slap on the wrist for them). BUT the damage had been done.

Re:I had to call MS because of WGA on a legal XP

[Nate237]

I ran into this same thing, and like you, pulled my hair out.

I think it has to do with SP 2 not being installed. Most OEM copies that come with machines now have SP2. The Windows Update stuff installs just fine. My legitimate copy of XP is older and is not SP2. I get the error until I either install SP2 or do the security settings workaround like you did. What really stinks is that I don't think you can just download SP2 anymore. You get redirected to Windows/Microsoft Update.

You'd think that this stuff would be QA'd for non-patched systems since that's the point of it all..

Re:Why punish legit users?

actually there are broadcom drivers for your wifi card, bcm43xx and ieeeSoftMac kernel modules, both of which are included in the knoppix 5 release. Yes, you WILL have to do a little bit of work, like apt-get bcm43xx-fwcutter, which downloads and installs the broadcom firmware modules. then get wlassistant and run that. it will walk you thru connecting to your WAP just like windows WZC service does(you know, that little tray notification that says "There are one or more wireless networks present. Click here to see what is available".

i'm using said kernel drivers on the laptop i'm using right now(just installed knoppix 5 to hard drive on friday after imaging my windows install in case things didn't go well. looks like i'll be keeping knoppix and deleting the windows image to recover badly needed drive space on the server at work). and the best part of all, the bcm43xx driver supports monitor mode, the mode broadcom would not release drivers for in their windows versions. there's also support for WPA and WEP. you have no more complaints about lack of broadcom drivers.

Oh, and a special bonus, the intel i810 based graphics, sound AND analog modem work as well.

no drivers for broadcom wifi? bullshit.

Re:wgatray.exe can be used to annoy microsoft

[alexhs]

AFAIK "while" structures are not available with MS batch files. You don't need a conditional anyway. Just use "goto" :
label: wgatray.exe
goto label

Re:It's Spyware by any definition

[ClamIAm]

the question is when are the anti-malware community going to step up to the plate and provide protection from this software

Or you could just use Zonealarm, or some other third party firewall. I just hit 'decline' when wgatray tried to access the network, and that was that. I haven't had any problems with Windows Update, either.

Re:New Desktop: Suse 10.1 or Ubuntu 6.06?

Nero is actually available for Linux. (replace "deu" in the link for "en" for the english page that doesn't display at all for me.