Slashdot Mirror
A Different Kind of WGA 'Problem'
Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. From the article: "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right."
I know for a fact that all the windows machines at my job are installed with the same keys for its software (due to laziness from our IT dept, all the licenses are there --locked in a closet somewhere).
All our computers are patched regularly and automatically, without a problem.
No sig for the moment.
Yeah, it doesn't take long searching any torrent site, "keygen" site or such to find compromised VLKs, and it takes Microsoft equally little time to find same keys and blacklist them. I'm guessing many of the WGA updates are to do with blacklist updates, as well as ways of preventing DLL subversion and such.
Try using the infamous pre-SP1 vlk that starts with FCKGW http://en.wikipedia.org/wiki/FCKGW
I have 2 OEM copies of windows that I bought from Fry's years ago.
Unfortunately -and predictably, in the course of 2 moves I have lost my activation key #s -I didn't glue them to my machines as recommended because I planned on moving the license to another, newer machine eventually.
Now I can't even finish the install without having to find some cracked key from some warez site. Then it won't let me install any security patches or Service Packs.
After the 30 days or whatever is up and I have to activate I then try the warezed key and am told that this key has been used too many times -Duh! a
and then I have to call MS support and get a new activation key from them. Fortunately they haven't given me too much grif, but its still a hassle.
Thanks to old flakey hard drives I have had to do this twice and now it has died a third time.
This time I said screw it and went to fry's and bought a new HP dual core media center PC for $750. so I guess MS won this round.....
But I will be trying this again since I have several more machines sitting around -I guess I'd better write down the key# the next time they give me one over the phone again. Does anyone know if the activation #s they give over the phone are 1-time codes or if they will work multiple times?
Has anyone had any luck just asking them for new activation codes?
-What's the speed of Dark?
I work for a university, and I have a Windows XP laptop (university property) installed using our school of engineering key (we have a site-wide license). Is that a "corporate" version? Anyway, I had not booted that laptop in Windows in a LONG while, since I had been mostly using it with another hard drive with SuSE linux installed.
Recently, I booted it, and gave my ok to its doing 18 Windows Updates (techstaff won't support my laptop unless I do the updates). After doing the updates (from my home, I am not sure if this is relevant), Windows now claims that the copy is pirated.
Since it is certainly not pirated, I decided to simply not bother with it. The fun part is that in some couple of weeks, I am going to give a talk at Microsoft with that laptop... and no, I don't plan to fix it before then!
I thought false positives were bad, but holy crap, letting a few pirates go with false negatives is so much worse! They may never get to experience the pleasures of those prompts or being prevented from downloading updates and utilities.
Why is this a problem for anyone but Microsoft (or those who have a perverse desire to be labeled as a pirate and then blog about it)? Do you suppose maybe he got a false negative because Microsoft is less willing to pull the trigger when in doubt?
Do those guys go after GPL violators as well? I'm pretty sure I know of a case where a company's not following the GPL, and would love to get these guys involved. Or are they hypocrites who don't go after their members when they break copyright laws themselves?
I can't speak for "most legitimate users," but I can describe my own brief run-in with a WGA malfunction.
A few weeks ago, when the updated version of WGA was pushed out, my Dell-with-the-original-OS booted with a notice claiming that Windows was not genuine (despite the previous version of WGA reporting no problems). I grumbled about Microsoft's lying sack of *ahem* I mean, POS anti-piracy crap that couldn't tell a real copy of Windows from a fake one, then logged in, fired up a web browser, went to the Knowledge base, mucked around until I found a link that said something like, "Validate here"... and it said, "Oh, yeah, you're genuine. No problem, pal." (Actually, it's a Dell, so that would be "No problem, Dude.")
I spouted some variation of "WTF?" Then I rebooted the machine, just to check, and sure enough it said absolutely nothing about being a pirated copy of Windows.
I eventually concluded that Norton In(ternet)Security had probably blocked the initial validation attempt. With no desktop shell, I didn't have the chance to say "yes, let the damn packet through."
The whole process took maybe 10 minutes, but it was an annoying 10 minutes. I've had my share of frustrations with Linux,* but it's never told me I was ripping off RedSuMandrivuntu.
*My main PC is a Fedora Core box. My wife's main PC is a Mac. We share this Windows box, mainly for gaming.
Using OEM licenses on computers other than the one they came with is illegal.
Bullshit. You can get OEM Windows licenses with a mouse or keyboard (in fact it's the cheapest way to get them, short of buying in bulk from fire damaged stock (one company I worked with licensed all their machines that way - far cheaper than a volume license deal)).
If you're running an illegal version of windows, but happen to actually have a license for a legit copy, how can you go about getting legit?
My friend has a pirated keygen'd version of xp pro, and also has a hologramed cd of xp pro complete with serial number and all... Is there an easy upgrade path available to him to go legit, without having to reinstall (too many games/apps/whatever he says.)
Corporate Volume License Keys always pass the WGA test.
e.g. HP has all the computers in the Sydney office running with one Volume License Key, now if someone were to leave HP's employ and continue to use the key MS would have no way of knowing so has to let it pass the WGA.
It has to just shrug and go well thats HP let it pass or risk annoying the hell out of a lot of HP people if they refuse it.
The bigger licensing issue is of course ACADEMIC
Mrs Smith trots off to the high street computer co and wants Windows XP, now does she buy the full version for $300 or the academic version for $98?
Come on M$ $300 for XP but only $98 if you put a red sticker on the outside of the box with Academic Version written on it?!
I would be interested to know how many of the boxes are sold at $300 in high st stores!
Well that would violate the contract so no, probably not. It actually turns out that MS doesn't like to piss off their customers in general. It's the people that aren't paying they are mad at. It's not even really the inidivduals as much as the resellers that claim to be selling legit Windows, and charge for it, but don't.
This isn't quite a response to your question, but the responses made me think about it. I run a shop that specializes in creating signs, doing engraving, and other graphically artistic tasks. Before I started this place I used to boggle at how people could pay 3 or 400 dollars for Windows, or 600 dollars for a copy of Photoshop, or (perish the thought!) $1000 for Final Cut Pro. But, That Was Before (TM).
Some of the software I now use to run equipment in the shop costs over four thousand dollars, and, while it's useful and allows me to run my business (which is why I pay for it), it's not as "worth it" as I'd like it to be. Now I come to my point. None of this software uses serial-based authentication. It's all done via USB or (with older software) LPT dongles. It goes back to the two schools of authentication: something you know versus something you have/are.
There are HASP dongle crackers out there, but they're not very common, and I have no clue how well they work. I honestly haven't tried. Installing a pirated copy of Windows on grandma's computer so the poor old dear can check her email and play solitaire doesn't bug me, but my morals get rubbed the wrong way by "stealing" something that I plan on using to make a lot of money.
So, how long is it before we start seeing hardware-based registration schemes? It might be expensive for a company like Adobe to have the keys made, but volume pricing and the amount of money they'd save versus privacy might be worth it. Microsoft certainly has the weight (and the volume) to get them made cheaply enough for it to benefit. The increased usage of dongles would certainly make them a bigger target for cracking (vide: Windows viruses versus Mac viruses), so it might be a wash in the long run. Companies certainly gain mindshare by having their products be ubiquitous, even if it's at the cost of a few pirate copies, but it seems like every z0mg l33t p1r4t3 kiddie out there (at least the ones I know) have a copy of Photoshop even if they don't use it.
--Obyron
Maybe IBM can push some dollars their way for them to go after GPL violators.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I'm quite cynical on this topic because of my experiences with MSDN. Even though I've been an MSDN subscriber for a LONG time (a lot longer than I want to admit), I was treated very poorly when I received MSDN activation codes that were supposedly pirated. I had to (literally) threaten to sue (yes, Microsoft) before someone got a fire lit under their chair (to my surprise), and took care of my situation, eight weeks after my purchase, and after several people had essentially accused me of infringement even as I had sales receipts and original media in my hand.
-fb Everything not expressly forbidden is now mandatory.
The best thing to do is to copy down the key written on the authenticity sticker on corperate machines.
Those machines are likely set up with a corperate VLK, so the key on the sticker is not in use (and the company has arguably paid twice for their software, so those licences are "spare" too...).
So how long until we see, in the wild, a virus/worm/whatever with a birthday payload that makes WGA think the compromised machine is pirate.
Or one that makes WGA think it's legit.
Either could cause all sorts of havoc.
I wonder if it's already happened?
(Wouldn't it be interesting if it had happened to the author of TFA? B-) )
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Here you can find the real guide to fixing the genuine advantage (without hassles). This will allow you to access windows update and download files from m$ unencumbered.
...
Included in this release is a file which is actually the first cracked release of the genuine advantage dll ever put out. It has been modified to allow me (and now you) to download stuff from microsoft as of 07/26/06. How does this work?
A few things you should know - when microsoft wants to be they're exceedingly lazy. Very, very, very lazy. Why do I say this? Well lets look at how this system works.
This dll is loaded into internet explorer as an add-on. When you access the site, the site checks the file is the right version, asks it "is this computer genuine", and trusts the dll to find out. The dll send the yes or no to them without some sort of thing attached to say "and this is why I think so". All it sends is a yes, or a no. That means the dll just needs to always send a yes. Well what about that first part, the whole "checks the version". Microsoft must have some crc checking or something right? Wrong! It does not check the crc (or any info) on the exe aside from the version string. That's it.
What does this mean? It means we can have a surefire way of getting around this with only 1 cracked dll.
Step 1: go to the microsoft site and when it tells you it needs to put genuine advantage ocx on to work, go ok. It'll tell you your copy is bad (or else why are you reading this?)
Step 2: get an old cracked 'LegitCheckControl.dll' file from anywhere. Keep this file safe.
step 3: take your trusty copy of resource hacker, resource workshop, whatever (resource hacker available free from http://www.angusj.com/resourcehacker/), and open the old file. Run another instance and open the other.
step 4: so now you have both files open. Expand "version info", then 1, on both. In 1033 you'll see
1 VERSIONINFO
FILEVERSION 1,5,530,0
step 5: look at the newer, noncracked file. See how the version is a larger number? Either change the numbers on the older file to look like the newer one, or just copy paste the script exactly from the old file into the new.
Step 6: hit compile script, save the old dll, and copy it into your system directory, overwriting the non-cracked one (make sure internet explorer is closed or this won't work).
You're done. That's it. You can do this every time it stops working. That wasn't so bad now was it?
Here is my WGA story.
A client's laptop started complaining. I checked its key, and it did not match the key on the sticker. So I attempted to change the key. No go with MS's vba script. No go with the activation wizard (which is another suggested way to change it) - it stated that the key was invalid. Further 'hacking' with the activation wizard (No, I don't know what I did, but there was a maximum of three buttons I could have clicked, and one of them was 'cancel!') got me a key I could use on the phone, and, after telling a bored Indian the story ("Have you installed this software on any other machine?" - I swear that quoting a snatch of Alice in Wonderland would have succeded!) he coughed up the activation code. WGA no more, but my it's a drag!
If I charged them full price, It may well have been more than a new licence. Even so, it probably would have taken just as long to get it to accept the freshly bought key.
Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
'cept that the dll subversion trick works miracles. Almost always 0-day fix, and can be implemented without a working windows system using a small, automated Linux LiveCD (the same one I use to ghost my system once in a while).
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
I service computers for a living. I've done so for more than 10 years. Over the past few years, I've observed a vast increase in unrecoverable hard drive failure rates, and an even larger increase of malware which negatively affects the system beyond reasonable repair. In these situations it is often much faster (and cheaper for the client) for me to re-install the customer's Windows. I'd guess that more than 80% of these re-installs involve an OEM release of Windows, where the product license key is on a sticker physically and permanently attached to the computer's case. One which is quite obviously either a legitimate license or an extremely well made (and unlikely) counterfit. Now, about half of all re-installs (which require product re-activation) fail the product activaiton (even before I can install the WGA spyware). This requires a phone call to Microsoft's product activation line. Here, if someone asks me a question or the other phone line rings or I hickup, Microsoft's non-human system will often make me start all over again repeating a boring string of numbers. After this, I get informed that the product key can not be validated (Which is the reason I called in the first place) and put on hold again until I finally get a human (if not English) voice. Then I'm asked to repeat the first part of the boring string of numbers before I'm questioned like a murder suspect about why I want to activate Windows. After all this, I am usually provided the clearance code to activate Windows. Total time for this process per client computer is approximately 20 minutes. Repeat 4 or 5 times each day, 5 days a week and Microsoft has managed to waste a very large quantity of my billable time. However, after jumping through these hoops, WGA did not bother these clients (yet).
- James
What seems to be more common in expensive software is that the key is used in some kind of math within the program, so if you strip the key check, you will eventually get corrupted data in your files, things won't render properly, or whatever. This is much harder to just strip out; you end up needing to reverse engineer a significan portion of the program.
Hi all
Had a problem last week that I'd never seen before...
I had to reinstall XP Pro at home, so duly provided my license key during installation. Much to my displeasure, I was then required to go through the whole WGA problem to get some critical security updates.
It flagged my license as a dud, and put my code on screen for me to see and sort out.
Except that it didn't put in my code - the one I'd set when I installed Windows - but a completely different code...
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
BSA are con artists: they con the software companies to pay them to protect their rights (and they don't do it). I received letters from BSA for about 6 months in 2003: one letter every two weeks, asking me to buy legal copies of the pirated software they supposed I used and they were supposed to "protect", threatening with "2 to 5 years in jail" and warning me they might come any time to inspect my software setup.
Fortunately for me:
* I did not use at that time and I do not use now unlicenced software, nor did the company I worked for at that time use unlicenced software.
* The law in my country would not put me in jail for using unlicenced software (only a fine).
* BSA do not have the right to make inspections in my country. They can log a complaint and have the police come to me.
Still, I was responsible for IT, and had to receive the letters, read them and explain to my betters what were those letters about every two weeks. I did not enjoy being threatened to be put in jail, being acused of stealing, and being taken for a full. The letters stopped arriving when I answered one of them, asked BSA to explain me why they think they have the right to do what they threatened to do, and had the word "lawyers" in that reply.
Why are they con artists ? I was in their database because my company already bought the software they claimed to "protect". BSA are lazy, at least around here: they don't look for infringers, they just pound honest people with threats in order to have something to report to their sponsors. BSA does not look for the interests of their sponsors, only for the money they pour into BSA for those "awareness campaings" etc.
Unfortunately for their sponsors,
after my experience with BSA:
* I don't buy or recomend to the people in charge to buy software from the companies members of BSA. There is always a good enough alternative, and running the risk of getting in the spotlight of BSA is not worth the trouble.
* I still think it's lame to use "pirated" software, but I am kinda glad so many people do it, as far as the sponsors of BSA are concerned.
* I run a clean shop, free as in free speech.