Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Sued Over WGA

Posted by ryuzaki0 on from the phoning-home dept.

Hope Thelps writes "The Seattle PI is reporting on a lawsuit being brought against Microsoft in response to their WGA spyware. Groklaw is also covering the story. Although there are a lot of similarities to Sony's rootkit, the actual harm done is less concrete. It'll be interesting to see how this turns out."

37 of 460 comments (clear)

  1. Interesting... by Utopia · · Score: 5, Insightful

    Sued by the same moneymonger who sued Sony.

    1. Re:Interesting... by CastrTroy · · Score: 5, Insightful

      Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Interesting... by Atraxen · · Score: 5, Insightful

      Personally, I'm more interested in seeing justice served than a particular outcome (i.e., Microsoft getting slapped). That's how the game is supposed to work. If we don't like the outcome, we need to examine the rules. Calling for particular outcomes against someone because you don't like them/their approach to X/their politics is the root of partisan politics/hackery, and so (while you may agree with what I'm saying broadly, but were speaking from frustration with MS), I'm calling you on it.

      --
      Be careful of your thoughts; they could become words at any minute...
    3. Re:Interesting... by tomstdenis · · Score: 5, Insightful

      The problem is all these measures MSFT takes hurt legitimate users.

      For instance, I recently acquired a work laptop that had to be re-imaged. The laptop came with a WinXp Pro license but it was from an OEM [Fujitsu]. Now I don't have the Fujitsu CD anymore so I used my own XP Pro cd. Guess what happens? It won't let me activate it. I had to call MSFT and explain to them [after doing the 10 6-digit number thing TWICE] that I was a legitimate user who had to use generic install media.

      I bet you there are scores of similar people who fight against the anti-piracy stuff to use software that they did indeed pay for.

      Besides, if MSFT is dropping this that and the other thing from Vista, maybe they don't have time to be messing with DAILY WGA updates? How about they use my hard earned money to improve the damn OS and not try to lock paying customers out of it.

      Tom

      --
      Someday, I'll have a real sig.
    4. Re:Interesting... by Anonymous Coward · · Score: 5, Insightful

      Thing is - why is this so bad? You don't think a company has a RIGHT to defend their product and protect their interests?

      The problem is, it doesn't help prevent piracy much really. It stops a few of the people who just don't really know what they are doing (say someone who had their PC upgraded by the kid next door or something) but that's about it. The real pirates have a myriad of ways of going around such a thing, not the least of which being to simply not ever use it or to use a hacked version of it. In the grand scheme of things, the only thing WGA has really achieved is to cost MS a bit more to deploy it than they've gained on those few people who actually bought legitimate copies because of it and annoy everyone (not just pirates, but, legitimate users as well.)

      Ya know, if no one out there in the world pirated software, I betcha this stuff wouldn't be in...
      Yeah, and if everyone drove slowly those speed limit signs wouldn't be up. We're humans, not robots.

      But hey, guess the obvious is too easy for retards like you to see...bet you run illegal copies of software too.
      Obvious? Yeah, uhm, I looked at the timestamps, and this post came before yours:
      Amen to that! Maybe someday Microsoft will realize that WGA doesn't prevent piracy; it's just another thing to annoy legitimate users.
      What's obvious to most of us "nerds" is that it has caused a lot of problems for a lot of people, violated privacy, and just in general been an annoyance whether you have a legal copy or not. If you had read any of the previous articles on the subject of the WGA, you would see quite a number of stories where someone has had to deal with the WGA determining that their 100% legitimate copy was illegitimate and they had to go through a long hassle with microsoft to get a new key and everything to get it to work. But, I guess that's only obvious to us nerds.

    5. Re:Interesting... by Zemran · · Score: 4, Insightful

      Would you care if it was someone paid to put a bad case forward knowing that when it fails they can say 'look how good we are' and anyone else will think twice before taking similar action?

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    6. Re:Interesting... by thePowerOfGrayskull · · Score: 4, Funny

      Me too. I love when lawyers teach people a lesson by getting rich.

    7. Re:Interesting... by killjoe · · Score: 5, Insightful

      When you are trying to get money from a large corporation you are a moneymonger. When you are trying to get money from consumers you are a capitalist.

      --
      evil is as evil does
    8. Re:Interesting... by VertigoAce · · Score: 4, Informative

      You might find this press release from a couple days ago kind of interesting.

      http://www.microsoft.com/presspass/features/2006/j un06/06-27WGA.mspx

      It discusses the history of WGA, the licensing, the server-side communication, etc, as well as what they changed in the update that was released on the 27th.

    9. Re:Interesting... by nxtw · · Score: 4, Interesting

      This is typical. They implemented this a year and a half ago.

      Microsoft feels that there is a significant problem with OEM licenses being stolen, via methods such as copying down a code at a store, library, school, or other public location. Since most OEM Windows XP licenses are pre-activated by the system builder, they see that there is rarely a need for the key to be activated with non-manufacturer specific install media. (Generic OEM licenses, that is, OEM licenses not custom made for a specific manufacturer are activatable at least once, as some of these are sold in retail channels.) Furthermore, they probably figure that in the event of a crash, most users opt to use recovery CDs instead of reinstalling the operating system directly.

      The only reason Microsoft made you call them is because you did not use the Fujitsu CD. From MS's point of view, there are very few cases where a typical user would need to use a generic OEM media to install Windows (because of the recovery disks and/or partitions that come with most systems).

      They probably would not be doing this if they did not view it as successful in deterring piracy. If the number of precieved foiled piracy attempts exceeds the number of calls for OEM serials that they allow to activate, then the program to them will be successful and will continue.

      After all, if people weren't actually copying down CD keys from the sides of computers, this wouldn't have happened.

    10. Re:Interesting... by Chosen+Reject · · Score: 4, Insightful

      What a crock. So they didn't tell anyone originally that it daily phoned home. Now they think they can say it won't and that people will believe them even when it says
      It is important to note that WGA Validation still periodically checks to determine whether the version of Windows is genuine.

      And why in the world would it have to do so. You check once, it's either valid or it's not. Since at the time of my writing this, we don't have to relicense Windows XP every so often, so if it is legitimate now, it will be legitimate later.

      I used to do all the updates that they sent out. Now, I don't trust MS even on their updates and since Tuesday have been setting it to ignore. If they go ahead and shut me down later this year because of it, fine. They've lost one more paying customer. Yes, I paid. I legally purchased a copy of Windows XP. Now they stand to lose a customer because of their own silliness. The same is true of the RIAA/MPAA. The more you treat your customers poorly, the less customers you have. This isn't even Business 101 stuff. This is 1st-grade-lemonade-stand type stuff.

      --
      Stop Global Warming!
      Just say no to irreversible processes!
  2. Waste of time by p!ssa · · Score: 5, Insightful

    whoopie, M$ loses and donates another $1,000,000.00 worth of software to some high school system or third world country as retribution (at a cost of about 35 cents to the evil empire).

  3. Hopefully.... by meh13579 · · Score: 5, Insightful

    win or lose this will deter Microsoft from using wga to shut down any unlicensed (or otherwise) computers...for a while at least.

    1. Re:Hopefully.... by bcat24 · · Score: 5, Insightful

      You don't. You do need a license to run Windows on that computer, though. (Yeah, it sucks, but it's true.)

    2. Re:Hopefully.... by c_forq · · Score: 4, Informative

      You don't need a license to copy windows for archival purposes, but you do need a licence to run it, since you don't actually own the program (you own the licence to use the program, which almost always comes with a copy of the program).

      --
      Computers allow humans to make mistakes at the fastest speeds known, with the possible exception of tequila and handguns
    3. Re:Hopefully.... by Martin+Blank · · Score: 4, Informative

      You're granted the license to use the program. You don't own the license. The license may be removed by the copyright owner if you violate the EULA, which is akin to land in a fiefdom that can be removed if you cross the rules of the owning lord.

      --
      You can never go home again... but I guess you can shop there.
  4. Hmm... by Cytlid · · Score: 4, Funny

    "I just only wish there was an alternative..." typed the man in his slashdot repsonse on his Linux workstation.

    --
    FLR
  5. Turn & drop trowsers please by HotBlackDessiato · · Score: 5, Funny

    How can an official component of Windows be spyware? It's their operating system, they allready own you if you use it. Pull down your pants and get it over with allready.

    --
    "If you don't have eyes you shouldn't have wings" -- Carl Pilkington
  6. Microsoft's Response by Anonymous Coward · · Score: 5, Interesting

    A Microsoft spokesman, Jim Desler, agreed with the allegations. "Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said.

    Well, actually he claims to have disputed the allegations, but then he said what's quoted above, and finally (to the press corp's horror and astonishment), proceeded to shove his entire foot, ankle, and leg (up to his knee), firmly down his own throat.

    Let's break this down:

    [x] Deceptive software...check!

    [x] Installed without user's consent...check! (Well, basically with as much consent as any other spyware package, so I think there's a good case to be made for this point.)

    [x] Malicious purpose...check! It beams data back to the mothership every day and can be used to remotely break the computer. I think that qualifies as "malicious."

    So apparently by Microsoft's own admission, WGA is spyware.

    I'd personally argue for a more expansive definition of spyware (or malware, or scumware, etc...), but even given the relatively constrained definition proposed by Microsoft itself, WGA seems to qualify.

  7. How do Microsoft Programmers sleep at night? by jonr · · Score: 4, Funny

    A: On a pile of money.

  8. Re:Not hidden, not spyware by kebes · · Score: 4, Insightful
    It came as a Windows Update, if you wanted to protect yourself you should have turned automatic updates off...
    I'm not sure that arguments works. After all, for spyware one could argue "You installed the application (or clicked yes or whatever), if you wanted to protect yourself you should have not installed it." For some spyware/adware/malware, the EULA even indicates that "additional software" will be installed. It is buried in documentation, but the information is there. This doesn't prevent it from being spyware/malware or whatever. The fact is that when something is installed in a circuitous or obfuscated way, it is not really what the user agreed to.

    In the case of Windows Updates, I would argue that it is even more out of the user's control. For alot of malware, you have to click "yes install" at some point. For Windows Updates, the recommended state is to "automatically download and install in the background." In theory a user could examine each and every update to figure out what they all do, but in practise the actual purpose of each update is heavily obfuscated. Worse yet, in the case of WGA, once you allow it to install (it seems innocent enough at first), it is used against you to force further installations.

    Frankly the tactic Microsoft is using in their updates is not ethical. Everyone is told to do their Windows Updates (for security reasons), and Microsoft is exploiting this to slip in some other software that the user does not necessarily need. Worse yet, this software sends back information to Microsoft HQ without user permission. If this does not count as spyware, I don't know what does.

    I hope this lawsuit makes Microsoft wake up to the illegitimacy of their tactics.
  9. jokes? I love jokes by MrSquirrel · · Score: 5, Funny

    Hey, at least the Sony rootkit comes with music!... this thing comes with worse: Windows!

    --
    A computer once beat me at chess, but it was no match for me at kick boxing.
  10. Re:Not hidden, not spyware by malakai · · Score: 4, Informative

    Call BS on this one.

    I would have seen that behavior on one of hundreds of PCs. I have not.

    You're either posting for FUD, or your machine isnt' configured how you think it is.

    Or the problem is between the keyboard and the chair.

    --
    -Malakai
    A Dragon Lives in my Garage
  11. I see considerable harm... by kebes · · Score: 4, Insightful

    1. WGA communicates with Microsoft HQ. The information transferred may or may not be 'sensitive' but this could be considered an invasion of privacy.

    2. Any program that uses up system ressources without performing a task explicitly requested by the user is harmful in the sense that it slows down the computer. This is one of the main complaints with spyware/adware: they slow down your computer for no purpose (or at least no purpose that you, the user, are interested in).

    3. WGA appears to effectively give someone else (specifically Microsoft) control over your machine (for instance the recently announced "remote shutoff" function). To the user, a program that limits their control of the computer (and gives someone else more control) is harmful. Note that the argument "but Microsoft would only shut off illegitimate versions of Windows" doesn't make any difference. Even if that's true, there is still a loss of control for the user. This is harmful to the user.

    To the same extent that any other piece of so-called "spyware" is harmful (installed in a tricky way; sends info back to some company; wastes CPU cycles and disk space; etc.), WGA should also be considered "harmful."

    The problem with WGA is that is not an update, security-patch, or feature upgrade. It does *nothing* for the user, and only installs in order to give Microsoft more control/leverage over your machine. From the user perspective, it is a net negative, hence harmful.

  12. WGA unable to detect bad keys with legit COAs by steve426f · · Score: 5, Interesting

    I'm sure that I'm not the only one who hates all of the BS you get when you buy a new laptop/desktop. First thing I've always done with my Dell laptops/desktops is format, reinstall xp + linux. However, I got frustrated with the activation when I didn't always internet or the activation insisted i make a 30 minute call to MSFT to get a rediculously long key. Long story short, I used the ever-so-famous corporate copy + key (generated with keygen) even though I have XP Pro COAs on the systems. Now, a few years down the road WGA is going to force me to reinstall--now that I have many important business apps installed. How many others are in the situation of "invalid keys" with legit COA licenses?

  13. Remove WGA by cciRRus · · Score: 5, Informative

    Just thought that you guys might wanna know that Microsoft has came up with an article on removing WGA.

    --
    w00t
    1. Re:Remove WGA by Critical_ · · Score: 5, Interesting
      Just thought that you guys might wanna know that Microsoft has came up with an article on removing WGA.


      As covered in a blog posting by Ed Bott, the KB article Microsoft gave is a rush job and will confuse non-techies that may attempt it. He provides corrections but Microsoft is (at best) silly to have not had a third party verify the instructions.

      Also realize that contrary to the warning in the Microsoft KB article, if you choose not to install the WGA notifications "update" or remove it, Microsoft Update will force you to run another WGA test before granting you access to their Windows Update website. They won't even allow access to critical updates through the web interface in my testing with the web-based (ActiveX?) test. From what I understand, the access to the promised critical updates are only provided with their built-in update provider which has been responsible for all the WGA notification auto-installs. In other words, you can't win either way.

      As it stands, I've disable auto updates from System Properties->Updates and disabled the "security center" service from Control Panel->Admin Tasks->Services so it doesn't bother me about disabled auto-updates anymore. I have multiple Dell machines with OEM installations of Windows XP so I'm not concerned about failing WGA but I am concerned about all the reported crashes involving WGA across forums and blog around the internet and the private information sent to Microsoft.

      Playing support-geek for family and friends only gets tougher with this stupid anti-piracy program. I'm disabling auto-updates and security center on every system while deleting WGA. Instead, once a month I ask my friends and family to run AutoPatcher on their systems for all critical and optional updates. I've told them that they may not be able to use WGA protected software such as Windows Defender, IE7 Beta, or WMP11 and any other Microsoft download. All of them don't care for that stuff as they have better freeware or open-source alternatives. So far so good.

      Before anyone chimes in and says that people should switch to Linux, I'd say I agree in theory but not in reality. Educational software, scanner and digital camera software utilities, unique features presented in official IM clients such as VoIP and picture sharing, many Photoshop features, easy movie editors a la Roxio and Premiere, and desktop publishing software (i.e. Pagemaker) are not available for Linux nor do these people care to learn anything new after years of experience in many cases. For now there are workarounds and people will use them. If Microsoft implements a kill switch and starts nuking WGA-less but legal installations then many of these people will probably trash their computers and buy Apple before going to Linux.

      Lastly, this doesn't hurt pirates one bit. Within hours the latest WGA crack is available and it works or people just disable auto-updates and go towards AutoPatcher. For protected apps, cracked copies are available. So who loses? The general public who follows all the rules. I'm glad someone filed the lawsuit and I hope people will sign up as parties when the chance is given.
  14. Major Spware Argument by Anonymous Coward · · Score: 5, Insightful

    What peeves people so much about WGA is that MS pushed it out as a Critical Update, meaning that all machines with Auto Update install it without prompting. It is undeniably not a critical security update and to make matters worse it phones home. After taking some heat, MS then conceded that the installation of WGA will be optional (if by optional you mean selectively blocking some non-critical updates). It's still being pushed, but you don't have to install it. For those of you with your less than legit copies worried about not receiving updates, you can always download third-party update packs if you don't mind a bit of a delay. Not necessarily a bad thing considering that MS has been known for having to patch their patches. I'm not an MS fan, but not a huge hater. Just a strategically stupid time to ramp up WGA after the whole rootkit fiasco. I'm not an MS fan, but not a huge hater. Just a strategicly stupid time to ramp up WGA after the whole rootkit fiasco.

  15. NOT SPYWARE by Anonymous Coward · · Score: 5, Funny

    Look everybody wga is NOT SPYWARE. I ran Microsoft Windows AntiSpyware Beta on WGA and it came up CLEAN. So drop it okay?

  16. WGA removal utility? by kimvette · · Score: 4, Informative

    http://www.firewallleaktester.com/removewga.htm

    I CANNOT vouch for the legitimacy of that utility (so scan it first, try it on a staging machine, etc., YMMV, Batteries not included, and all that jazz). I just did a quick search for utilities for removing WGA, but being a Linux user I don't have much use for it myself. There are reviews of it on legitimate sites (for example, PC World) but then they've also unknowingly recommended scumware in the past as well.

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    1. Re:WGA removal utility? by MeNeXT · · Score: 4, Informative

      You need no utility;

      1) Kill wgatray.exe in process in Task Manger
      2) Restart in safe mode
      3) Delete WgaTray.exe from Windows\System32 and Windows\System32\dllcache
      4) Lauch RegEdit and Delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
      5) Reboot

      --
      DRM? No thanks, I'll just get it somewhere else...
  17. In other news Jack Kevorkian sues dev of "killall" by Netw0rkAssh0liates · · Score: 5, Funny
    Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.


    In other news, Jack Kevorkian sued the developers of the POSIX-compliant 'NUX commandline program "killall", citing that the application didn't really kill "all" the programs on the computer but instead should be renamed to "killnothingbut". This intellectual Advantage(TM) of Kevorkian stemmed from his introduction of the oft'quoted uber-leet commandline tool "kevork" which injects null pointers into the code and data segments of all programs that are non-responsive to the "TERM" and "KILL" flags. Kevorkian was unable for comment on whether this is a closed or open-source application, though it was rumoured by his assistant that it is a simple library replacement with a namely-fassioned symlink to killall that the library determines based at runtime with argv.

    Sincerily,
    John "kill'em'all" Dahmer
  18. Re:How is this evil at all? by Zarel · · Score: 5, Insightful
    By your typo, you just answered your own question:
    Scenario: Copy is licensed
    Microsoft Server: Let's see... nope, this one's pirated.
    Computer with WGA: Well then.
    Computer with WGA: Hey $username, you don't have a legitimate license. Please go buy one.

    In other words, false positives. Also, doesn't it phone home every day or something? You'd think you'd only need to check once.
    --
    Want a high quality FOSS RTS game? Try Warzone 2100!
  19. Won't work! by one_red_eye · · Score: 4, Funny

    The thing is my hijacked copy of Windows XP won't even download updates because it has an 'invalid key', so how are they going to deliver the WGA?

  20. Re:I recall a full disclosure and ... by ipfwadm · · Score: 5, Informative
    Clear notice that this was an optional install. I could have elected not to install it and had my machine function as before.

    Let's see... I just ran Microsoft Update, then I clicked "Custom". It tells me:

    To use Microsoft Update, you must first install the latest version of some Windows components. This will allow your computer to work with these new features on the site:
    • More updates: Get updates for Windows and for popular Microsoft programs such as Microsoft Office in one place.
    • Faster updates: The latest Windows Installer (MSI) improves the way updates are installed, delivering updates in the smallest possible packages in the shortest amount of time.
    • Easier navigation: Now you can find updates by priority or by product while helpful links and important messages help ensure you are installing all high-priority updates for your computer.
    No mention of WGA. So I click "Details" and lo and behold, it's the WGA Validation Tool that I must install. My only option is "Download and Install Now". There is no skip, ignore, anything. So as far as I can tell, in order to continue receiving updates, I must install this spyware. I don't feel that that qualifies as an "optional" install.
  21. Re:Wait... why does this make them evil? by Hope+Thelps · · Score: 5, Insightful

    Good end evil don't come into it.

    Unacceptable behaviour isn't justified by saying that the perpetrator was acting in his own best interests rather than out of a desire to hurt people.

    If the electricity company thinks I'm fiddling the meter to get out of paying them what I should then there are some acts that are acceptable for them to resolve that and some that aren't. I'd say that entering my premises on the pretext of fixing a dangerous defect in the system and while they're here hiding a camera that relays images to them would be unacceptable.

    You may well not like the analogy or you may draw the line of acceptable versus unacceptable at a different point to me, but either way the issue isn't resolved by saying that they're not evil and they're just out to protect their own interests. We have to make judgments on what is and isn't acceptable in pursuit of those interests.

    To me, Microsoft have gone way over the line. You may disagree. But don't try to reduce it to a comic book battle of good versus evil and then accuse me of calling them evil.

    --
    To summarise the summary of the summary: people are a problem. ~ h2g2
  22. WGA eats resources by file+terminator · · Score: 5, Interesting

    True story:

    I sometimes use my university's wireless network (whenever I bring my laptop). Since the university's IT lab has no way of knowing who is using what laptop[1], they redirect all initial traffic to a portal where you must log in (using the username + password you use on all other university computer systems). Point being, you get a network connection, but must log in to actually get where you want.

    Since I installed WGA[2] (at the point I was rather indifferent to it), every time I use the university's network I get 50 entries in the Application Log (error source: crypt32; description: "Failed auto update retrieval of third-party root list sequence number from: with error: [timeout/server cannot perform operation/error code]"). This happens before I have a chance to log in on the university network, which of course means that my laptop can't yet access said site. More annoying, though, is that svchost -k netsvcs starts eating memory like crazy; peaking at over 90 MBs and then falling down to 70-80 (used to stay at 20-30). This only happens when I use the laptop at the university; at home (where obviously no login is required) the process stays at 20-30 MB.

    I personally think that some "advantage" component that, when unable to access some site, causes a process to eat up 3-4 times the memory it usually does, taking up an extra 10% of the computer's physical memory in the process, is rather a DISADVANTAGE. I don't know how much memory spyware typically consumes, so I can't reflect on the comparison between WGA and spyware. 50 MB seems a rather hefty price for failing to communicate with some server, though.

    Maybe they should rename it WGD?

    [1] I guess a) setting up individual users' connections, including keys, is too much work, b1) collecting MAC addresses is too much work, b2) Joe Average won't be able to figure out his computer's wireless' MAC anyway, and c) there are potential security leaks if wireless cards, or laptops, are stolen/sold to non-university users (both a and b1).

    [2] Troubles started at that point. Could be something else, I SUPPOSE, but I think it is unlikely.