Microsoft Sued Over WGA

Hope Thelps writes "The Seattle PI is reporting on a lawsuit being brought against Microsoft in response to their WGA spyware. Groklaw is also covering the story. Although there are a lot of similarities to Sony's rootkit, the actual harm done is less concrete. It'll be interesting to see how this turns out."

Interesting...

[Utopia]

Sued by the same moneymonger who sued Sony.

Re:Interesting...

[CastrTroy]

Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.

Re:Interesting...

[Atraxen]

Personally, I'm more interested in seeing justice served than a particular outcome (i.e., Microsoft getting slapped). That's how the game is supposed to work. If we don't like the outcome, we need to examine the rules. Calling for particular outcomes against someone because you don't like them/their approach to X/their politics is the root of partisan politics/hackery, and so (while you may agree with what I'm saying broadly, but were speaking from frustration with MS), I'm calling you on it.

Re:Interesting...

[tomstdenis]

The problem is all these measures MSFT takes hurt legitimate users.

For instance, I recently acquired a work laptop that had to be re-imaged. The laptop came with a WinXp Pro license but it was from an OEM [Fujitsu]. Now I don't have the Fujitsu CD anymore so I used my own XP Pro cd. Guess what happens? It won't let me activate it. I had to call MSFT and explain to them [after doing the 10 6-digit number thing TWICE] that I was a legitimate user who had to use generic install media.

I bet you there are scores of similar people who fight against the anti-piracy stuff to use software that they did indeed pay for.

Besides, if MSFT is dropping this that and the other thing from Vista, maybe they don't have time to be messing with DAILY WGA updates? How about they use my hard earned money to improve the damn OS and not try to lock paying customers out of it.

Tom

Re:Interesting...

Thing is - why is this so bad? You don't think a company has a RIGHT to defend their product and protect their interests?

The problem is, it doesn't help prevent piracy much really. It stops a few of the people who just don't really know what they are doing (say someone who had their PC upgraded by the kid next door or something) but that's about it. The real pirates have a myriad of ways of going around such a thing, not the least of which being to simply not ever use it or to use a hacked version of it. In the grand scheme of things, the only thing WGA has really achieved is to cost MS a bit more to deploy it than they've gained on those few people who actually bought legitimate copies because of it and annoy everyone (not just pirates, but, legitimate users as well.)

Ya know, if no one out there in the world pirated software, I betcha this stuff wouldn't be in...
Yeah, and if everyone drove slowly those speed limit signs wouldn't be up. We're humans, not robots.

But hey, guess the obvious is too easy for retards like you to see...bet you run illegal copies of software too.
Obvious? Yeah, uhm, I looked at the timestamps, and this post came before yours:
Amen to that! Maybe someday Microsoft will realize that WGA doesn't prevent piracy; it's just another thing to annoy legitimate users.
What's obvious to most of us "nerds" is that it has caused a lot of problems for a lot of people, violated privacy, and just in general been an annoyance whether you have a legal copy or not. If you had read any of the previous articles on the subject of the WGA, you would see quite a number of stories where someone has had to deal with the WGA determining that their 100% legitimate copy was illegitimate and they had to go through a long hassle with microsoft to get a new key and everything to get it to work. But, I guess that's only obvious to us nerds.

Re:Interesting...

[killjoe]

When you are trying to get money from a large corporation you are a moneymonger. When you are trying to get money from consumers you are a capitalist.

Waste of time

[p!ssa]

whoopie, M$ loses and donates another $1,000,000.00 worth of software to some high school system or third world country as retribution (at a cost of about 35 cents to the evil empire).

Hopefully....

[meh13579]

win or lose this will deter Microsoft from using wga to shut down any unlicensed (or otherwise) computers...for a while at least.

Re:Hopefully....

[bcat24]

You don't. You do need a license to run Windows on that computer, though. (Yeah, it sucks, but it's true.)

Turn & drop trowsers please

[HotBlackDessiato]

How can an official component of Windows be spyware? It's their operating system, they allready own you if you use it. Pull down your pants and get it over with allready.

Microsoft's Response

A Microsoft spokesman, Jim Desler, agreed with the allegations. "Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said.

Well, actually he claims to have disputed the allegations, but then he said what's quoted above, and finally (to the press corp's horror and astonishment), proceeded to shove his entire foot, ankle, and leg (up to his knee), firmly down his own throat.

Let's break this down:

[x] Deceptive software...check!

[x] Installed without user's consent...check! (Well, basically with as much consent as any other spyware package, so I think there's a good case to be made for this point.)

[x] Malicious purpose...check! It beams data back to the mothership every day and can be used to remotely break the computer. I think that qualifies as "malicious."

So apparently by Microsoft's own admission, WGA is spyware.

I'd personally argue for a more expansive definition of spyware (or malware, or scumware, etc...), but even given the relatively constrained definition proposed by Microsoft itself, WGA seems to qualify.

jokes? I love jokes

[MrSquirrel]

Hey, at least the Sony rootkit comes with music!... this thing comes with worse: Windows!

WGA unable to detect bad keys with legit COAs

[steve426f]

I'm sure that I'm not the only one who hates all of the BS you get when you buy a new laptop/desktop. First thing I've always done with my Dell laptops/desktops is format, reinstall xp + linux. However, I got frustrated with the activation when I didn't always internet or the activation insisted i make a 30 minute call to MSFT to get a rediculously long key. Long story short, I used the ever-so-famous corporate copy + key (generated with keygen) even though I have XP Pro COAs on the systems. Now, a few years down the road WGA is going to force me to reinstall--now that I have many important business apps installed. How many others are in the situation of "invalid keys" with legit COA licenses?

Remove WGA

[cciRRus]

Just thought that you guys might wanna know that Microsoft has came up with an article on removing WGA.

Re:Remove WGA

[Critical_]

Just thought that you guys might wanna know that Microsoft has came up with an article on removing WGA.

As covered in a blog posting by Ed Bott, the KB article Microsoft gave is a rush job and will confuse non-techies that may attempt it. He provides corrections but Microsoft is (at best) silly to have not had a third party verify the instructions.

Also realize that contrary to the warning in the Microsoft KB article, if you choose not to install the WGA notifications "update" or remove it, Microsoft Update will force you to run another WGA test before granting you access to their Windows Update website. They won't even allow access to critical updates through the web interface in my testing with the web-based (ActiveX?) test. From what I understand, the access to the promised critical updates are only provided with their built-in update provider which has been responsible for all the WGA notification auto-installs. In other words, you can't win either way.

As it stands, I've disable auto updates from System Properties->Updates and disabled the "security center" service from Control Panel->Admin Tasks->Services so it doesn't bother me about disabled auto-updates anymore. I have multiple Dell machines with OEM installations of Windows XP so I'm not concerned about failing WGA but I am concerned about all the reported crashes involving WGA across forums and blog around the internet and the private information sent to Microsoft.

Playing support-geek for family and friends only gets tougher with this stupid anti-piracy program. I'm disabling auto-updates and security center on every system while deleting WGA. Instead, once a month I ask my friends and family to run AutoPatcher on their systems for all critical and optional updates. I've told them that they may not be able to use WGA protected software such as Windows Defender, IE7 Beta, or WMP11 and any other Microsoft download. All of them don't care for that stuff as they have better freeware or open-source alternatives. So far so good.

Before anyone chimes in and says that people should switch to Linux, I'd say I agree in theory but not in reality. Educational software, scanner and digital camera software utilities, unique features presented in official IM clients such as VoIP and picture sharing, many Photoshop features, easy movie editors a la Roxio and Premiere, and desktop publishing software (i.e. Pagemaker) are not available for Linux nor do these people care to learn anything new after years of experience in many cases. For now there are workarounds and people will use them. If Microsoft implements a kill switch and starts nuking WGA-less but legal installations then many of these people will probably trash their computers and buy Apple before going to Linux.

Lastly, this doesn't hurt pirates one bit. Within hours the latest WGA crack is available and it works or people just disable auto-updates and go towards AutoPatcher. For protected apps, cracked copies are available. So who loses? The general public who follows all the rules. I'm glad someone filed the lawsuit and I hope people will sign up as parties when the chance is given.

Major Spware Argument

What peeves people so much about WGA is that MS pushed it out as a Critical Update, meaning that all machines with Auto Update install it without prompting. It is undeniably not a critical security update and to make matters worse it phones home. After taking some heat, MS then conceded that the installation of WGA will be optional (if by optional you mean selectively blocking some non-critical updates). It's still being pushed, but you don't have to install it. For those of you with your less than legit copies worried about not receiving updates, you can always download third-party update packs if you don't mind a bit of a delay. Not necessarily a bad thing considering that MS has been known for having to patch their patches. I'm not an MS fan, but not a huge hater. Just a strategically stupid time to ramp up WGA after the whole rootkit fiasco. I'm not an MS fan, but not a huge hater. Just a strategicly stupid time to ramp up WGA after the whole rootkit fiasco.

NOT SPYWARE

Look everybody wga is NOT SPYWARE. I ran Microsoft Windows AntiSpyware Beta on WGA and it came up CLEAN. So drop it okay?

In other news Jack Kevorkian sues dev of "killall"

[Netw0rkAssh0liates]

Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.

In other news, Jack Kevorkian sued the developers of the POSIX-compliant 'NUX commandline program "killall", citing that the application didn't really kill "all" the programs on the computer but instead should be renamed to "killnothingbut". This intellectual Advantage(TM) of Kevorkian stemmed from his introduction of the oft'quoted uber-leet commandline tool "kevork" which injects null pointers into the code and data segments of all programs that are non-responsive to the "TERM" and "KILL" flags. Kevorkian was unable for comment on whether this is a closed or open-source application, though it was rumoured by his assistant that it is a simple library replacement with a namely-fassioned symlink to killall that the library determines based at runtime with argv.

Sincerily,
John "kill'em'all" Dahmer

Re:How is this evil at all?

[Zarel]

By your typo, you just answered your own question:

Scenario: Copy is licensed
Microsoft Server: Let's see... nope, this one's pirated.
Computer with WGA: Well then.
Computer with WGA: Hey $username, you don't have a legitimate license. Please go buy one.

In other words, false positives. Also, doesn't it phone home every day or something? You'd think you'd only need to check once.

Re:I recall a full disclosure and ...

[ipfwadm]

Clear notice that this was an optional install. I could have elected not to install it and had my machine function as before.

Let's see... I just ran Microsoft Update, then I clicked "Custom". It tells me:

To use Microsoft Update, you must first install the latest version of some Windows components. This will allow your computer to work with these new features on the site:

• More updates: Get updates for Windows and for popular Microsoft programs such as Microsoft Office in one place.
• Faster updates: The latest Windows Installer (MSI) improves the way updates are installed, delivering updates in the smallest possible packages in the shortest amount of time.
• Easier navigation: Now you can find updates by priority or by product while helpful links and important messages help ensure you are installing all high-priority updates for your computer.

No mention of WGA. So I click "Details" and lo and behold, it's the WGA Validation Tool that I must install. My only option is "Download and Install Now". There is no skip, ignore, anything. So as far as I can tell, in order to continue receiving updates, I must install this spyware. I don't feel that that qualifies as an "optional" install.

Re:Wait... why does this make them evil?

[Hope+Thelps]

Good end evil don't come into it.

Unacceptable behaviour isn't justified by saying that the perpetrator was acting in his own best interests rather than out of a desire to hurt people.

If the electricity company thinks I'm fiddling the meter to get out of paying them what I should then there are some acts that are acceptable for them to resolve that and some that aren't. I'd say that entering my premises on the pretext of fixing a dangerous defect in the system and while they're here hiding a camera that relays images to them would be unacceptable.

You may well not like the analogy or you may draw the line of acceptable versus unacceptable at a different point to me, but either way the issue isn't resolved by saying that they're not evil and they're just out to protect their own interests. We have to make judgments on what is and isn't acceptable in pursuit of those interests.

To me, Microsoft have gone way over the line. You may disagree. But don't try to reduce it to a comic book battle of good versus evil and then accuse me of calling them evil.

WGA eats resources

[file+terminator]

True story:

I sometimes use my university's wireless network (whenever I bring my laptop). Since the university's IT lab has no way of knowing who is using what laptop[1], they redirect all initial traffic to a portal where you must log in (using the username + password you use on all other university computer systems). Point being, you get a network connection, but must log in to actually get where you want.

Since I installed WGA[2] (at the point I was rather indifferent to it), every time I use the university's network I get 50 entries in the Application Log (error source: crypt32; description: "Failed auto update retrieval of third-party root list sequence number from: with error: [timeout/server cannot perform operation/error code]"). This happens before I have a chance to log in on the university network, which of course means that my laptop can't yet access said site. More annoying, though, is that svchost -k netsvcs starts eating memory like crazy; peaking at over 90 MBs and then falling down to 70-80 (used to stay at 20-30). This only happens when I use the laptop at the university; at home (where obviously no login is required) the process stays at 20-30 MB.

I personally think that some "advantage" component that, when unable to access some site, causes a process to eat up 3-4 times the memory it usually does, taking up an extra 10% of the computer's physical memory in the process, is rather a DISADVANTAGE. I don't know how much memory spyware typically consumes, so I can't reflect on the comparison between WGA and spyware. 50 MB seems a rather hefty price for failing to communicate with some server, though.

Maybe they should rename it WGD?

[1] I guess a) setting up individual users' connections, including keys, is too much work, b1) collecting MAC addresses is too much work, b2) Joe Average won't be able to figure out his computer's wireless' MAC anyway, and c) there are potential security leaks if wireless cards, or laptops, are stolen/sold to non-university users (both a and b1).

[2] Troubles started at that point. Could be something else, I SUPPOSE, but I think it is unlikely.