Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Sued Over WGA

Posted by ryuzaki0 on from the phoning-home dept.

Hope Thelps writes "The Seattle PI is reporting on a lawsuit being brought against Microsoft in response to their WGA spyware. Groklaw is also covering the story. Although there are a lot of similarities to Sony's rootkit, the actual harm done is less concrete. It'll be interesting to see how this turns out."

20 of 460 comments (clear)

  1. Interesting... by Utopia · · Score: 5, Insightful

    Sued by the same moneymonger who sued Sony.

    1. Re:Interesting... by CastrTroy · · Score: 5, Insightful

      Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Interesting... by Atraxen · · Score: 5, Insightful

      Personally, I'm more interested in seeing justice served than a particular outcome (i.e., Microsoft getting slapped). That's how the game is supposed to work. If we don't like the outcome, we need to examine the rules. Calling for particular outcomes against someone because you don't like them/their approach to X/their politics is the root of partisan politics/hackery, and so (while you may agree with what I'm saying broadly, but were speaking from frustration with MS), I'm calling you on it.

      --
      Be careful of your thoughts; they could become words at any minute...
    3. Re:Interesting... by tomstdenis · · Score: 5, Insightful

      The problem is all these measures MSFT takes hurt legitimate users.

      For instance, I recently acquired a work laptop that had to be re-imaged. The laptop came with a WinXp Pro license but it was from an OEM [Fujitsu]. Now I don't have the Fujitsu CD anymore so I used my own XP Pro cd. Guess what happens? It won't let me activate it. I had to call MSFT and explain to them [after doing the 10 6-digit number thing TWICE] that I was a legitimate user who had to use generic install media.

      I bet you there are scores of similar people who fight against the anti-piracy stuff to use software that they did indeed pay for.

      Besides, if MSFT is dropping this that and the other thing from Vista, maybe they don't have time to be messing with DAILY WGA updates? How about they use my hard earned money to improve the damn OS and not try to lock paying customers out of it.

      Tom

      --
      Someday, I'll have a real sig.
    4. Re:Interesting... by Anonymous Coward · · Score: 5, Insightful

      Thing is - why is this so bad? You don't think a company has a RIGHT to defend their product and protect their interests?

      The problem is, it doesn't help prevent piracy much really. It stops a few of the people who just don't really know what they are doing (say someone who had their PC upgraded by the kid next door or something) but that's about it. The real pirates have a myriad of ways of going around such a thing, not the least of which being to simply not ever use it or to use a hacked version of it. In the grand scheme of things, the only thing WGA has really achieved is to cost MS a bit more to deploy it than they've gained on those few people who actually bought legitimate copies because of it and annoy everyone (not just pirates, but, legitimate users as well.)

      Ya know, if no one out there in the world pirated software, I betcha this stuff wouldn't be in...
      Yeah, and if everyone drove slowly those speed limit signs wouldn't be up. We're humans, not robots.

      But hey, guess the obvious is too easy for retards like you to see...bet you run illegal copies of software too.
      Obvious? Yeah, uhm, I looked at the timestamps, and this post came before yours:
      Amen to that! Maybe someday Microsoft will realize that WGA doesn't prevent piracy; it's just another thing to annoy legitimate users.
      What's obvious to most of us "nerds" is that it has caused a lot of problems for a lot of people, violated privacy, and just in general been an annoyance whether you have a legal copy or not. If you had read any of the previous articles on the subject of the WGA, you would see quite a number of stories where someone has had to deal with the WGA determining that their 100% legitimate copy was illegitimate and they had to go through a long hassle with microsoft to get a new key and everything to get it to work. But, I guess that's only obvious to us nerds.

    5. Re:Interesting... by Zemran · · Score: 4, Insightful

      Would you care if it was someone paid to put a bad case forward knowing that when it fails they can say 'look how good we are' and anyone else will think twice before taking similar action?

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    6. Re:Interesting... by killjoe · · Score: 5, Insightful

      When you are trying to get money from a large corporation you are a moneymonger. When you are trying to get money from consumers you are a capitalist.

      --
      evil is as evil does
    7. Re:Interesting... by plague3106 · · Score: 3, Insightful

      As other people have pointed out, giving away "millions" of dollars in software to schools that only sets them back the cost of the media.

      So Windows and Office take zero effort to develop? They don't have to pay their developers, testings, artists and managers?

    8. Re:Interesting... by Chosen+Reject · · Score: 4, Insightful

      What a crock. So they didn't tell anyone originally that it daily phoned home. Now they think they can say it won't and that people will believe them even when it says
      It is important to note that WGA Validation still periodically checks to determine whether the version of Windows is genuine.

      And why in the world would it have to do so. You check once, it's either valid or it's not. Since at the time of my writing this, we don't have to relicense Windows XP every so often, so if it is legitimate now, it will be legitimate later.

      I used to do all the updates that they sent out. Now, I don't trust MS even on their updates and since Tuesday have been setting it to ignore. If they go ahead and shut me down later this year because of it, fine. They've lost one more paying customer. Yes, I paid. I legally purchased a copy of Windows XP. Now they stand to lose a customer because of their own silliness. The same is true of the RIAA/MPAA. The more you treat your customers poorly, the less customers you have. This isn't even Business 101 stuff. This is 1st-grade-lemonade-stand type stuff.

      --
      Stop Global Warming!
      Just say no to irreversible processes!
  2. Waste of time by p!ssa · · Score: 5, Insightful

    whoopie, M$ loses and donates another $1,000,000.00 worth of software to some high school system or third world country as retribution (at a cost of about 35 cents to the evil empire).

  3. Hopefully.... by meh13579 · · Score: 5, Insightful

    win or lose this will deter Microsoft from using wga to shut down any unlicensed (or otherwise) computers...for a while at least.

    1. Re:Hopefully.... by bcat24 · · Score: 5, Insightful

      You don't. You do need a license to run Windows on that computer, though. (Yeah, it sucks, but it's true.)

  4. Re:Not hidden, not spyware by kebes · · Score: 4, Insightful
    It came as a Windows Update, if you wanted to protect yourself you should have turned automatic updates off...
    I'm not sure that arguments works. After all, for spyware one could argue "You installed the application (or clicked yes or whatever), if you wanted to protect yourself you should have not installed it." For some spyware/adware/malware, the EULA even indicates that "additional software" will be installed. It is buried in documentation, but the information is there. This doesn't prevent it from being spyware/malware or whatever. The fact is that when something is installed in a circuitous or obfuscated way, it is not really what the user agreed to.

    In the case of Windows Updates, I would argue that it is even more out of the user's control. For alot of malware, you have to click "yes install" at some point. For Windows Updates, the recommended state is to "automatically download and install in the background." In theory a user could examine each and every update to figure out what they all do, but in practise the actual purpose of each update is heavily obfuscated. Worse yet, in the case of WGA, once you allow it to install (it seems innocent enough at first), it is used against you to force further installations.

    Frankly the tactic Microsoft is using in their updates is not ethical. Everyone is told to do their Windows Updates (for security reasons), and Microsoft is exploiting this to slip in some other software that the user does not necessarily need. Worse yet, this software sends back information to Microsoft HQ without user permission. If this does not count as spyware, I don't know what does.

    I hope this lawsuit makes Microsoft wake up to the illegitimacy of their tactics.
  5. I see considerable harm... by kebes · · Score: 4, Insightful

    1. WGA communicates with Microsoft HQ. The information transferred may or may not be 'sensitive' but this could be considered an invasion of privacy.

    2. Any program that uses up system ressources without performing a task explicitly requested by the user is harmful in the sense that it slows down the computer. This is one of the main complaints with spyware/adware: they slow down your computer for no purpose (or at least no purpose that you, the user, are interested in).

    3. WGA appears to effectively give someone else (specifically Microsoft) control over your machine (for instance the recently announced "remote shutoff" function). To the user, a program that limits their control of the computer (and gives someone else more control) is harmful. Note that the argument "but Microsoft would only shut off illegitimate versions of Windows" doesn't make any difference. Even if that's true, there is still a loss of control for the user. This is harmful to the user.

    To the same extent that any other piece of so-called "spyware" is harmful (installed in a tricky way; sends info back to some company; wastes CPU cycles and disk space; etc.), WGA should also be considered "harmful."

    The problem with WGA is that is not an update, security-patch, or feature upgrade. It does *nothing* for the user, and only installs in order to give Microsoft more control/leverage over your machine. From the user perspective, it is a net negative, hence harmful.

  6. Major Spware Argument by Anonymous Coward · · Score: 5, Insightful

    What peeves people so much about WGA is that MS pushed it out as a Critical Update, meaning that all machines with Auto Update install it without prompting. It is undeniably not a critical security update and to make matters worse it phones home. After taking some heat, MS then conceded that the installation of WGA will be optional (if by optional you mean selectively blocking some non-critical updates). It's still being pushed, but you don't have to install it. For those of you with your less than legit copies worried about not receiving updates, you can always download third-party update packs if you don't mind a bit of a delay. Not necessarily a bad thing considering that MS has been known for having to patch their patches. I'm not an MS fan, but not a huge hater. Just a strategically stupid time to ramp up WGA after the whole rootkit fiasco. I'm not an MS fan, but not a huge hater. Just a strategicly stupid time to ramp up WGA after the whole rootkit fiasco.

  7. Re:How is this evil at all? by Zarel · · Score: 5, Insightful
    By your typo, you just answered your own question:
    Scenario: Copy is licensed
    Microsoft Server: Let's see... nope, this one's pirated.
    Computer with WGA: Well then.
    Computer with WGA: Hey $username, you don't have a legitimate license. Please go buy one.

    In other words, false positives. Also, doesn't it phone home every day or something? You'd think you'd only need to check once.
    --
    Want a high quality FOSS RTS game? Try Warzone 2100!
  8. Re:WGA unable to detect bad keys with legit COAs by Anonymous Coward · · Score: 3, Insightful

    No... you can not change from a Corporate key to a consumer XP key without reinstalling the OS. We installed XP Professional (Corporate version) whenever we had a hard drive crash or virus infection on our office PCs, and frankly (and quite stupidly), did not even hold onto our original installation media or CD Keys for XP Professional ("consumer"). Now, Microsoft is forcing us to purchase Windows XP a second time for all of these workstations through WGA, which *does* make Windows take longer every day to log on, while it displays nagware. Frankly, I am in 100% agreement with the lawsuit. Microsoft didn't disclose squat, and left everyone to believe that this was a "critical update". If downloading a patch from MS website, they did post a link to some "independent" german company certifying that WGA doesn't disclose personally identifying information. It is not too difficult task to identify workstations from their IP address, especially when static. Microsoft must not have heard of Traceroute. So, this is just another crock. Anyhow, we are now just paying Microsoft twice for about 18 of our XP installations. We just can't have our stations slowing down, and telling our users they are running pirated software. Without the original CDs and Keys, we can't prove that we purchased the software already. And unremovable software that takes over your computer places the onus directly on the consumer. It was a remarkably clever way to double-charge us.

  9. Wait... why does this make them evil? by SmackTheIgnorant · · Score: 3, Insightful
    Not flamebait. Please don't kill me.


    BUT... step back for a second. Forget the fact that they're a mega-conglomerate. Forget the fact that it's some giant company who you think might be out for world domination, one PC at a time.

    Instead, I think of it like this:
    You create a piece of software (Those of you who say what about "Sourceforge" or "freshmeat", back off for a few minutes... we're not talking OSS right now, we're talking commercial). You want some level of appreciation. You want to make sure that when people pay the $XXX for the software you made (And let's face it, we're talking a BUSINESS here, not a charity - you'll charge however much is possible, to keep it selling and get as much profit as possible).

    You also are not a bumbling idiot, you've used emule, bittorrent, google, and astalavista. You are, or know, that "Guy who has everything" for software. You've needed some minor piece of software, and could find / engineer a crack / keygen for it. You get it for free. If you DO have scruples, you know too many who don't.

    So you want to protect your software from the evils of "Oh, I can get it for free". Without protection, a couple days and it's spread around the net. You protect it, congratulations, you've bought yourself a week before a serial / crack is released. SO you lock it down good and tight. And hey, if there's something people without scruples love, it's the idea that "They say we can't, so we'll prove them wrong!". Besides, according to crackers / OSS fanatics / the immoral, ALL software should be free, you should be doing this in your spare time, and hoping that you'll get enough donations to live off of if we don't pay for it! (Wait.... they stole the software, but expect the owner to live off of donations, while they're not paying for it anyways?!).

    Solution: You use pre-packaged solutions to lock down your software, good and tight. It runs various checks against files for alteration. It might even dial home when run to make sure it's legit, disabling if not. Hell, I'd do it if I wrote still. Does that make you evil? NO! It means you want to protect your investment (Time, effort, energy, money, employees). But somewhere, somebody out there will find a way to defeat it. You've not bought "infinite protection", instead you've bought another month to come up with a better way of protecting your money (Goal here is to delay it as long as possible. Outright prevention is impossible, but delaying is entirely doable).

    So you use software to dial home and verify authenticity, check itself and other files to make sure that they're running and not tampered with, restore each other if necessary, and quite possibly re-confirm that they're authentic from the dial home. Does that make you an evil beast who deserves to die? Hell no.

    But wait, it's Microsoft. Oh, SCREW THIS! They're too big, make too much money, they're evil! Need to die. Who the hell do they think they are, trying to protect their stuff? They don't need the extra money, I feel good sticking it to them! Imagine, trying to make people pay for their stuff or make people feel bad for having stolen it.

    THE NERVE.

    1. Re:Wait... why does this make them evil? by Hope+Thelps · · Score: 5, Insightful

      Good end evil don't come into it.

      Unacceptable behaviour isn't justified by saying that the perpetrator was acting in his own best interests rather than out of a desire to hurt people.

      If the electricity company thinks I'm fiddling the meter to get out of paying them what I should then there are some acts that are acceptable for them to resolve that and some that aren't. I'd say that entering my premises on the pretext of fixing a dangerous defect in the system and while they're here hiding a camera that relays images to them would be unacceptable.

      You may well not like the analogy or you may draw the line of acceptable versus unacceptable at a different point to me, but either way the issue isn't resolved by saying that they're not evil and they're just out to protect their own interests. We have to make judgments on what is and isn't acceptable in pursuit of those interests.

      To me, Microsoft have gone way over the line. You may disagree. But don't try to reduce it to a comic book battle of good versus evil and then accuse me of calling them evil.

      --
      To summarise the summary of the summary: people are a problem. ~ h2g2
  10. "the actual harm done is less concrete" by l3v1 · · Score: 3, Insightful

    the actual harm done is less concrete

    Oh yes it is. I don't understand this thinking. Why, "harm" has to mean something really tangible, like breaking a leg or something ? I think not. The harm here does not cause some physically concievable defect - yet. But thing is, they did not tell the people what this WGA does (i.e. calling home every so often), they just told it when some people have found it out. Ok, I know how EULAs work, and how they probably could prove in court that they have every right to change their software as they see fit, still, when it is about using our computers to send _any_ information to _anyplace_ without asking us first, or if not asking then at least telling us about it, is just outrageous. I don't care what they send, I don't care how much or how small amount of information is in it, I don't care who they send it to, it just should not happen without asking us and letting us approve of disapprove the action.

    --
    I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.