Slashdot Mirror
A Different Kind of WGA 'Problem'
Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. From the article: "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right."
I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try.
Here you go!
No, I just want to confirm the article. Really.
apt-get install WGA
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
I work for a university, and I have a Windows XP laptop (university property) installed using our school of engineering key (we have a site-wide license). Is that a "corporate" version? Anyway, I had not booted that laptop in Windows in a LONG while, since I had been mostly using it with another hard drive with SuSE linux installed.
Recently, I booted it, and gave my ok to its doing 18 Windows Updates (techstaff won't support my laptop unless I do the updates). After doing the updates (from my home, I am not sure if this is relevant), Windows now claims that the copy is pirated.
Since it is certainly not pirated, I decided to simply not bother with it. The fun part is that in some couple of weeks, I am going to give a talk at Microsoft with that laptop... and no, I don't plan to fix it before then!
You're just calling the wrong people: http://www.sco.com/
Give a man fire, and you warm him for the night. Set a man on fire, and you warm him for the rest of his life.
Microsoft.Windows.XP.Professional.Corporate.SP2.In tegrated.July.2006.MULTI.IMAGE.REPACK-ETH0
That has all the latest updates... and has a WGA crack in it... no wonder he can't get it to recognize it's pirated.
In Soviet Russia, Linux compiles you!
Obviously the P2P Pirate edition of XP uses the VLK and has modified the legitcontrol.dll, wgatray.exe, and wga*.dll files to not report a WGA violation.
Want to really test the WGA? Use your original copy of Windows XP and search the Internet for a known CD-Key and install with that key that millions of other people have used. Then watch as the retail or OEM version of Windows with unpatched WGA files reports you as a pirate.
Ninja Pirate Hackers and Crackers have modified the WGA files with something called MSIL that is like assembly language. For example if a valid key is found, you might have a comparision done and a JNE to 2000:1345 which calls the part of the code that turns on the "Your copy of Windows is not legit" function. Turn that JNE 2000:1345 into a NOP and the comparison does not match and the program does not jump into the Anti-Pirate code. Or change it to a JE 2000:1345 and if a valid key is found it jumps to the Anti-Pirate code and if an invalid key it does not. Or just take the code at 2000:1345 that turns on the Pirated bit and fill it with NOPs. I am just guessing here, I could be wrong, but I think the pirated version of Windows and those WGA-Fix patches do those sort of things.
Meanwhile my legit copy of Windows XP has to have the WGA spyware on it to get updates from Microsoft. Yeah Windows Update and Microsoft Update require that I install WGA in order to use them. If not, no updates from the web. WGA trashed my fast user switching after it got installed. I can see the WGA files eating my system memory, CPU cycles, and using up bandwidth to report back to Microsoft, yes folks it is spyware. I would guess the pirate version of the WGA Fixed files remove the spyware as well.
Not only that I heard that the pirate version of XP has special tweaks and bug fixes that the retail and OEM versions do not have. Yet your chances of malware infections are greater with the pirate version, because you never know who last modified it before you got a copy. So beware.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I can't speak for "most legitimate users," but I can describe my own brief run-in with a WGA malfunction.
A few weeks ago, when the updated version of WGA was pushed out, my Dell-with-the-original-OS booted with a notice claiming that Windows was not genuine (despite the previous version of WGA reporting no problems). I grumbled about Microsoft's lying sack of *ahem* I mean, POS anti-piracy crap that couldn't tell a real copy of Windows from a fake one, then logged in, fired up a web browser, went to the Knowledge base, mucked around until I found a link that said something like, "Validate here"... and it said, "Oh, yeah, you're genuine. No problem, pal." (Actually, it's a Dell, so that would be "No problem, Dude.")
I spouted some variation of "WTF?" Then I rebooted the machine, just to check, and sure enough it said absolutely nothing about being a pirated copy of Windows.
I eventually concluded that Norton In(ternet)Security had probably blocked the initial validation attempt. With no desktop shell, I didn't have the chance to say "yes, let the damn packet through."
The whole process took maybe 10 minutes, but it was an annoying 10 minutes. I've had my share of frustrations with Linux,* but it's never told me I was ripping off RedSuMandrivuntu.
*My main PC is a Fedora Core box. My wife's main PC is a Mac. We share this Windows box, mainly for gaming.
"I've used products that had good licensing tools. Keys that you enabled online, and enabled a number of users etc."
I _hate_ crap like that. I use DriveCrypt for encryption (from securstar.de), and it has the most horrific license system I've ever had the displeasure to use. You have to activate your software and lock it to a computer, then if you want to use it on an alternative computer you have to uninstall it on the first, then enter a "deactivation" code on the website, then finally you can reactivate on the new PC. God forbid you should format one of your computers forgetting to deactive your license first. I even had a problem where a new version of the software wouldn't accept the current activation on the system. I had to uninstall the newer version, re-install the older version, uninstall it and de-activate, then install the new one again and activate it. At that point I was like "JFK!", and no, that's not a reference to Kennedy.
Lets face it: People hate activation, and for a good reason. It doesn't stop piracy. It doesn't really reduce piracy either. All it does it cause perpetual headaches to your legally licensed customers. I work on software products and was partly responsible for redesigning our software registration system, which used to also use online activation. We stripped out the 'activation' element and sales didn't drop at all, however the volume of support traffic that we had to handle due to activation issues (the largest type of support incident by far) dropped to almost nothing. Our customers were much happier people.
Secrets to succesful system: 1) Make a good product, 2) Don't extort your customers, 3) Make the registration process simple.
An example of a good registration system: I recently bought Sonar 5 from Cakewalk. It came with a serial code in the DVD sleave, which you punch into Cakewalks' website in exchange for a registration code that can be used perpetually. That's it. Simple. Cakewalk get their registration info, you get to use the software you just paid hundreds of dollars for as you want. Sure, there is an element of trust involved in that, but hey, you just paid a few hundred bucks. Maybe they ought to trust you after that. By comaprison, other similar software I have licenses for is heinous. Cakewalk earned a lot of respect from me because of this.
Pirates will pirate. People with morals who wish to support your work will pay where they can. Respect your customers.
Corporate Volume License Keys always pass the WGA test.
e.g. HP has all the computers in the Sydney office running with one Volume License Key, now if someone were to leave HP's employ and continue to use the key MS would have no way of knowing so has to let it pass the WGA.
It has to just shrug and go well thats HP let it pass or risk annoying the hell out of a lot of HP people if they refuse it.
I'm quite cynical on this topic because of my experiences with MSDN. Even though I've been an MSDN subscriber for a LONG time (a lot longer than I want to admit), I was treated very poorly when I received MSDN activation codes that were supposedly pirated. I had to (literally) threaten to sue (yes, Microsoft) before someone got a fire lit under their chair (to my surprise), and took care of my situation, eight weeks after my purchase, and after several people had essentially accused me of infringement even as I had sales receipts and original media in my hand.
-fb Everything not expressly forbidden is now mandatory.
Once you have a working machine - activated and all - go to C:\windows\system32 and copy the files wpa.dbl and wpa.bak to secure off-computer location(s) like a USB key or even a floppy. When you need to reinstall XP due to HDD death or whatever, reinstall as normal with the key you used on the previous install (if you don't know the key, download Magical Jelly Bean Keyfinder, run it, and write down the key). After you install, boot into Safe Mode (hold down F8 at boot and select from the menu). Copy the old wpa... files back into your C:\windows\system32 directory.
-b.
This is false. Machines that fail WGA cannot download OPTIONAL/NON-SECURITY RELATED updates. Security updates have been, and always will be, available for download by ANY machine regardless of its legal state.
Despite the fact that your claim has been echoed by many, many others, it remains false.
>To really test WGA you need to do something like get a known
>pirate key or take a non-volume copy of XP and install it on more
>systems than you are allowed to.
Nope. That's what you need to trigger it.
To test it, you take most obscure cases of license violation plus most convoluted cases of legal use.
And then as result the test shows WGA is hopelessly broken.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2