Microsoft Misrepresenting WGA's Functionality?

Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."

Why punish legit users?

[pawstar]

And what can us consumers do about it? If we refuse it, we don't get updates. This is punishing us the legit users, while pirates will still be laughing at M$'s latest attempt at stamping them out!

Re:Why punish legit users?

[FudRucker]

RE:"And what can us consumers do about it?"

swich to something better, nobody is forceing you to use microsoft's product http://linux.com/

Re:Why punish legit users?

[mattyrobinson69]

install it
disconnect from the internet
open task manager
kill the process 'wgatray'
rename the file c:\windows\system32\wgatray.exe to something else (wgatray.exe.bastard, for example)

There is also a file called wga.dll, or similar, but i didn't do anything with that, if anybody could shed some light on that, it'd be nice. I did the above on a machine that was wrongly reporting as 'pirated', and it worked fine.

Re:Why punish legit users?

[thrillseeker]

Why punish legit users?

Because Microsoft has never been punished for doing so.

Isn't this a violation of spyware laws?

[plasmacutter]

well?... last time some software package was reported doing this it was labelled spyware and the company was prosecuted..

Re:Isn't this a violation of spyware laws?

[agent+dero]

You're right, a company can be prosecuted for this.

Microsoft is not a company, go to any state building or federal building in the nation, and find out what they're running. You're talking about a corporation that has settled antitrust lawsuits with licenses and lockin.

If Sony doesn't get it's ass handed to them for rootkits, why would you think Microsoft would receive any punishment at all?

It's Spyware by any definition

the question is when are the anti-malware community going to step up to the plate and provide protection from this software

the fact its made by Microsoft should be irellavent, just analyse the behaviour of the application and judge it on that

communicates unique information at any time to an American based advertising company (msn anybody?) with you the user having no idea of what data and what the implications are of giving this company that data

can your business really risk an application like this on your systems ? are you prepared for the consequences of letting this program run unchallenged inside your companies infrastructure ?

Re:Sad...

[plasmacutter]

but they are not allowed to misrepresent its nature or what it does to consumers, that is called fraud.

How to Disable the WGA Add-on

[Digital+Vomit]

If you want to be able to disable the Genuine Windows Advantage Add-on for IE (accessible via Tools|Manage Add-ons... in IE), you might be surprised (or not) to see that Microsoft will not let you do so. It gives you some sort of stupid "disabled by Administrator" message, even when you're logged on as Administrator (I guess MS thinks it's the administrator for your computer).

To enable the radio button that allows you to disable this worthless add-on, follow these instructions I found:

1. Open Group Policy Editor (gpedit.msc) go to User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management.
2. Double click Add-on List and select enabled.
3. Click on Show then on Add.
4. In enter name put {17492023-C23A-453E-A040-C7C580BBF700} .
5. In enter value put 2.
6. OK, Apply, OK.
7. Now you can disable/enable the add-on.

Windows not HIPAA compliant? 1234567890

Since Windows is sending information home, and the user has no control over that messaging with regard to timing or content, it seems to me HIPAA-compliant systems (and other systems requiring security) cannot be built on Windows.

What an opportunity for the open source world!

Re:huh

[BrynM]

do we really need a play-by-play commentary of some jackass installing an update? 17 pages of ads and shit.

Agreed. I won't even read content from ZDNet at all anymore. 17 pages is insane (thanks for letting me know how many I avoided). Even with blocking the ads and repaginating the article into one page, ZDNet assumes that the format is acceptable to users because the article generates hits. They won't change it when they think "it's still working". I've tried to complain to them as a (now former) print customer of their periodicals for years and a web user. They don't respond, so I assume they don't care. Calling them just leads to the phone-forward-runaround of "I'll connect you to...". They used to be a good company with good content, but now they are just ad whores (like most consumer computing sites - TOM!). /rant

That, OR

[mobby_6kl]

That method sounds good for widescale, corporate deployment, but here's a simpler method:

• Use Autoruns (everybody should have it already) to disable wgalogon.exe on the winlogon page.
  

A link for the rest of us.

[Frenchman113]

This "genuine advantage" notifier is remarkably easy to disable. Here's a link that documents numerous ways to defeat it. http://labnol.blogspot.com/2006/04/workarounds-to- disable-non-genuine.html

Re:Un-American

I built a combustion engine that runs on water. I call it a motor boat.

Re:Better...

[hackwrench]

I wish people would quit acting as if anything was unqualifiably better. Life consists of trade-offs but to hear some people talk, life would just be a bowl of cherries if one were to just do this or that... Sheesh... Yes, Linux is better in some ways, but there's that trade-off thing at work there.

Let's not forget to bash the other bad guys too

[Spiked_Three]

One thing I will credit Microsoft for, is I do not know ANYONE legitimate or not, where windows stopped running because of verification failure.

In 2 personal cases, other products I paid a lot of good money for stopped. First Norton anti virus, after a hard drive failure would not validate and refused to run on the new hard drive.

And second the most evil spy ware in the universe - steam - tells me I have a banned CD key - I'm sitting here looking at a CD, a box, a manual, and a receipt for $50 and I have never given a copy of anything to anybody - and they call me a crook and ban me - I swear if I ever get the opportunity I will do physical harm to someone who is responsible for steam. Then their joke of tech support says they cant offer any help since i have a banned key. Don't cross my path in a dark alley, i'll ban your head from your shoulders, thiefs.

I had to call MS because of WGA on a legal XP

[Jackie_Chan_Fan]

I reinstalled XP recently and my Key decided to "run out of activations" so i had to call up MS. I was furious...

I contemplated installing the various coporate versions and hacked Pro versions that i have on back up just out of spite.

But instead i called up MS went through their automated crap which is a nightmare in stupidity. After it finished it told me "I can not activate my key and to hold on to for an operator"

YAY.

So i get to the operator... I give her the code, she gives me a new key... all is solved...

Not so fast...

I go to install updates... and WGA must be installed first...

OK lets do it...

ERROR.. UNKNOWN ERROR.

What?! What the fuck?

I call MS tech support...

The guy is completely useless and puts me through to a smarter tech...

As i'm waiting for brainiac to pick up, i discover that by default windows XP installs IE with "Custom" security settings which does not allow WGA to install.

So lets recap. WGA wont install automatically on a default XP install because IE is set to custom security rather than "Medium"

Oh the stupid headache...

So i figure it out while waiting and then the guy picks up cause i'm a nice guy i waited to tell him what the problem was...

I tell him and i hang up.

WGA is not only a pain in the ass for legal users... the activation itself in windows is down right stupid. I have to call MS everytime i want to reinstall now.

Which is what? every month?

I made an image of the boot drive install instead. No thanks MS.

Its just too much. I dont care about MS's bottom line, i care about the dollars i spent and its a headache. Too much is too much and that too much was WGA itself.

I have the coporate and hacked WGA versions, I know how to reg hack the WGA dll out and kill access to it and bypass the windows update...

BUT I also OWN my windows... I tried to do the right thing and in the end, yeah it works but it was a big fuckign headache that i'm not willing to deal with any more. Things are only going to get worse as DRM and every other attempt made at taking control of your computer is made by these companies.

I like for it to be known that its just as easy to run the hacked versions with less of a headache... I was on the verge of doing it out of spite...

I only wanted to know why my Key wasnt working and why WGA was not allowing me to update cause i was angry... Thats the only reason i am running my legit copy of XP now.

I'd gladly explore other options next time if it means saving my time and my sanity.

Baby steps -- not cold turkey

[Deagol]

First, try a live-CD distro (like Knoppix). Mess around with it a few times, just to see how it goes. See if your hardware is compatible. If you're missing a few linux-friendly things, treat yourself to an upgrade with linux in mind. :) Worst case, assuming you ditch the penguin forever, is you have a nicer rig to use.

Next, once you're comfortable with configuring a live-CD, back up your data and do a dual-boot install. Use linux as much as you can stand it, then switch back to Winderz for the few must-have apps. If you hate it, dump linux and you'll have a fresh Windows install that may run well for a few months. ;-)

Once you convert to OSS versions of most of your apps, and are comfortable with linux being your primary environment, back up your data then install a 100% linux install. Then, for those few clingy win32 apps, try using Wine (a mostly bitter pill, but it does some stuff well) to run the apps. Failing that, try Qemu. If *that* fails, try VMWare or Win4Lin.

Eventually, a few months down the road (or a couple of years, even), you may decide that the stability and reliability of Linux outweighs the win32 baggage and you either find linux equivalents you really like or you "settle" for something not 100% what you'd prefer.

I began the above transition about 7 years ago (except live-CDs weren't around). Took about 2 years. Games kept me dual-booting for about a year... until a wife and kids took more of my time and I decided that silly free games (nethack and xmame) were enough for the occasional video game fix. Then Quicken and Turbo Tax kept me using VMWare for about a year. I replaced Quicken with GnuCash for a year or so, then I ditched it for a simple spreadsheet checkbook balance sheet. By that time, I was beyond the simple tax returns, and I decided that $200 yearly H&R Block trip was less painfull than the $50 TurboTax and several hours of punching in stuff. (Also, the whole anti-piracy FUBAR for Turbo Tax in the late 90s turned me off Intuit.)

So I've been 100% Winderz free for 5 years, and I'll never go back. I don't put up with DRM or anti-piracy shit any more. If I doesn't run on Linux (now, FreeBSD/amd64), I find something else to use.

Freedom... indeed!