Slashdot Mirror
A Different Kind of WGA 'Problem'
Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. From the article: "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right."
I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try.
Here you go!
No, I just want to confirm the article. Really.
Its simple. Hes using the corporate VLK. Microsoft would _never_ damage its corporate customers by subjecting them to WGA. I thought it was well known that corporate versions of things (windows, symantec) are vastly superior and thusly are the most heavily pirated. Always go for a pirated corp copy over a real one. Those leet software pirates know how to do the job right, the first time.
I'll just use my special getting high powers one more time...
When things like this come out; things like key checking for a game install and everything else that is designed to stop piracy I often wonder who wrote it?
Are the best and brightest out there the ones that get stuck with this task? I would think it'd be the interns and that developers everyone hates that get the fun task.
I've used products that had good licensing tools. Keys that you enabled online, and enabled a number of users etc. Everytime it seems like it comes out of some smaller software company with small bright teams. I'm guessing in these cases the senior level codes and maybe even the whole team got involved.
Anyone out there have expierence writing key checkers and other piracy related pieces of functionality?
because none of Microsoft's software products have any flaws...
Haiku for you!
It seems I can't get Canonical's apt program to recognize I'm running a pirated version of ubuntu. It should be obvious, since I even got it as an iso file on the internet for free...
DYWYPI?
I know a number of people who 'borrowed' a Windows Support Key from their employeers, and applied the key to their pirated version of Windows. None of them have had a problem with the Windows Validator tool.
How do ypu prove that you're not a pirate if MS says you are?
It's far more of a problem for casual, non-technical pirates than the handful of legitimate customers who have been misidentified.
I personally know of at least half a dozen people who have subsequently either a) purchased a legitimate copy of Windows, b) downgraded back to their older, legitimate version or c) bought a Mac, because they lack the technical knowledge to keep up with the WGA arms race.
WGA is certainly going to reduce the level of Windows piracy. Unfortunately for Microsoft, it's going to do so because some people will move away from Windows altogether.
Simple fact is that WGA is utterly transparent and utterly irrelevant to most legitimate users, and even those it isn't, it isn't an issue for very long.
Join Tor today!
...except I am running Linux. No matter how hard I try, I can't get those dweebs at Linux Corp. to understand that I never paid for this copy. I keep calling them and asking for a invoice or bill or something. But I guess they don't have a record of my purchase. Go figure. Just lucky I suppose.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
The logic would follow that for every pirated copy marked as legal, someone with the legal copy is being marked as a pirate. That supposed "fraction" starts to look something like 1/2 or 3/5 or worse.
That logic doesn't really follow at all. Anyhow, in tests like these, if you want to diminish false positives, then false negatives usually increase. We should be applauding Microsoft for not being overzealous.
But then again, this is slashdot. MS never gets applause here. At most a murmur of reluctant approval.
Just because I doubt myself does not mean I find your position compelling.
I have 2 OEM copies of windows that I bought from Fry's years ago.
Unfortunately -and predictably, in the course of 2 moves I have lost my activation key #s -I didn't glue them to my machines as recommended because I planned on moving the license to another, newer machine eventually.
Now I can't even finish the install without having to find some cracked key from some warez site. Then it won't let me install any security patches or Service Packs.
After the 30 days or whatever is up and I have to activate I then try the warezed key and am told that this key has been used too many times -Duh! a
and then I have to call MS support and get a new activation key from them. Fortunately they haven't given me too much grif, but its still a hassle.
Thanks to old flakey hard drives I have had to do this twice and now it has died a third time.
This time I said screw it and went to fry's and bought a new HP dual core media center PC for $750. so I guess MS won this round.....
But I will be trying this again since I have several more machines sitting around -I guess I'd better write down the key# the next time they give me one over the phone again. Does anyone know if the activation #s they give over the phone are 1-time codes or if they will work multiple times?
Has anyone had any luck just asking them for new activation codes?
-What's the speed of Dark?
Microsoft.Windows.XP.Professional.Corporate.SP2.In tegrated.July.2006.MULTI.IMAGE.REPACK-ETH0
That has all the latest updates... and has a WGA crack in it... no wonder he can't get it to recognize it's pirated.
In Soviet Russia, Linux compiles you!
Please, for the good of Humanity, vote Obama.
Obviously the P2P Pirate edition of XP uses the VLK and has modified the legitcontrol.dll, wgatray.exe, and wga*.dll files to not report a WGA violation.
Want to really test the WGA? Use your original copy of Windows XP and search the Internet for a known CD-Key and install with that key that millions of other people have used. Then watch as the retail or OEM version of Windows with unpatched WGA files reports you as a pirate.
Ninja Pirate Hackers and Crackers have modified the WGA files with something called MSIL that is like assembly language. For example if a valid key is found, you might have a comparision done and a JNE to 2000:1345 which calls the part of the code that turns on the "Your copy of Windows is not legit" function. Turn that JNE 2000:1345 into a NOP and the comparison does not match and the program does not jump into the Anti-Pirate code. Or change it to a JE 2000:1345 and if a valid key is found it jumps to the Anti-Pirate code and if an invalid key it does not. Or just take the code at 2000:1345 that turns on the Pirated bit and fill it with NOPs. I am just guessing here, I could be wrong, but I think the pirated version of Windows and those WGA-Fix patches do those sort of things.
Meanwhile my legit copy of Windows XP has to have the WGA spyware on it to get updates from Microsoft. Yeah Windows Update and Microsoft Update require that I install WGA in order to use them. If not, no updates from the web. WGA trashed my fast user switching after it got installed. I can see the WGA files eating my system memory, CPU cycles, and using up bandwidth to report back to Microsoft, yes folks it is spyware. I would guess the pirate version of the WGA Fixed files remove the spyware as well.
Not only that I heard that the pirate version of XP has special tweaks and bug fixes that the retail and OEM versions do not have. Yet your chances of malware infections are greater with the pirate version, because you never know who last modified it before you got a copy. So beware.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
can I get a link to that Google page with the 5 valid keys, please?
there are 3 kinds of people:
* those who can count
* those who can't
Is he might be using a legit corperate key. We have a VLK here (university) and you can just install XP on any system no problem, and it'll report as legit. They don't check vs number of license to make sure it's an exact count. So you could install it unlicensed on a personal laptop, and it'd report as legit no problems. Now however if they found tons of systems outside of the university cropping up, and saw the key on a serials board, they might invalidate it and issue us a new one.
However just installing a copy of corperate unlicensed won't do anything. It doesn't activate and there's not a hard limit check.
To really test WGA you need to do something like get a known pirate key or take a non-volume copy of XP and install it on more systems than you are allowed to.
I thought false positives were bad, but holy crap, letting a few pirates go with false negatives is so much worse! They may never get to experience the pleasures of those prompts or being prevented from downloading updates and utilities.
Why is this a problem for anyone but Microsoft (or those who have a perverse desire to be labeled as a pirate and then blog about it)? Do you suppose maybe he got a false negative because Microsoft is less willing to pull the trigger when in doubt?
Corporate Volume License Keys always pass the WGA test.
e.g. HP has all the computers in the Sydney office running with one Volume License Key, now if someone were to leave HP's employ and continue to use the key MS would have no way of knowing so has to let it pass the WGA.
It has to just shrug and go well thats HP let it pass or risk annoying the hell out of a lot of HP people if they refuse it.
It's probably been suggested before, but what MS should do is what games used to do back in the '80s. When you turn on your computer, it asks you "on page 10 of the manual, what is the 7th word in line 13?"
Espeically since windows has become too complex for a purely software based solution to ever work reliably.
*My main PC is a Fedora Core box. My wife's main PC is a Mac. We share this Windows box, mainly for gaming.
:-D
It's okay, man. You don't have to prove yourself to us.
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
Why is this flamebait? The license terms and conditions for an MS OEM license specifically states you cannot transfer the license!
When the grandparent violated the terms of his license and installed Windows on a machine that is not covered by his license agreement with Microsoft, that installation of Windows became effectively "pirated".
I'm not saying that Microsofts OEM licensing scheme is a legitimate or morally correct form of business, but from a (IANAL) legal perspective, the guy violated his license agreement and then was completely astounded when WGA told him that he had violated his license agreement... (jokes about Microsoft software actually working well enough to do what it should aside...)
I am government man, come from the government. The government has sent me. -- G.I.R.
I still have an unpatched Windows 2k SP3 box which has been running behind a firewall for the last 2 1/2 years. Still relatively fast and shows no evidence of malware infestation.
I can see updates being necessary on Server 2003, which is often quite buggy and needs patches for stuff to work, but an XP or 2k box doesn't desperately need the updates if it's used in a reasonably sane manner.
-b.
Once you have a working machine - activated and all - go to C:\windows\system32 and copy the files wpa.dbl and wpa.bak to secure off-computer location(s) like a USB key or even a floppy. When you need to reinstall XP due to HDD death or whatever, reinstall as normal with the key you used on the previous install (if you don't know the key, download Magical Jelly Bean Keyfinder, run it, and write down the key). After you install, boot into Safe Mode (hold down F8 at boot and select from the menu). Copy the old wpa... files back into your C:\windows\system32 directory.
-b.
This is false. Machines that fail WGA cannot download OPTIONAL/NON-SECURITY RELATED updates. Security updates have been, and always will be, available for download by ANY machine regardless of its legal state.
Despite the fact that your claim has been echoed by many, many others, it remains false.
They just forgot a "!" in the checking code!
A 10MB mandatory patch should clear that one right up.
I service computers for a living. I've done so for more than 10 years. Over the past few years, I've observed a vast increase in unrecoverable hard drive failure rates, and an even larger increase of malware which negatively affects the system beyond reasonable repair. In these situations it is often much faster (and cheaper for the client) for me to re-install the customer's Windows. I'd guess that more than 80% of these re-installs involve an OEM release of Windows, where the product license key is on a sticker physically and permanently attached to the computer's case. One which is quite obviously either a legitimate license or an extremely well made (and unlikely) counterfit. Now, about half of all re-installs (which require product re-activation) fail the product activaiton (even before I can install the WGA spyware). This requires a phone call to Microsoft's product activation line. Here, if someone asks me a question or the other phone line rings or I hickup, Microsoft's non-human system will often make me start all over again repeating a boring string of numbers. After this, I get informed that the product key can not be validated (Which is the reason I called in the first place) and put on hold again until I finally get a human (if not English) voice. Then I'm asked to repeat the first part of the boring string of numbers before I'm questioned like a murder suspect about why I want to activate Windows. After all this, I am usually provided the clearance code to activate Windows. Total time for this process per client computer is approximately 20 minutes. Repeat 4 or 5 times each day, 5 days a week and Microsoft has managed to waste a very large quantity of my billable time. However, after jumping through these hoops, WGA did not bother these clients (yet).
- James
Hi all
Had a problem last week that I'd never seen before...
I had to reinstall XP Pro at home, so duly provided my license key during installation. Much to my displeasure, I was then required to go through the whole WGA problem to get some critical security updates.
It flagged my license as a dud, and put my code on screen for me to see and sort out.
Except that it didn't put in my code - the one I'd set when I installed Windows - but a completely different code...
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!