Download From Microsoft Without a WGA Check

Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."

Correct me if I'm wrong...

[Ninwa]

But I just tryed this with an invalid version of Windows, and no dice. I think the article is misleading, and this isn't even newsworthy. I don't believe this is a way to "skip" authentication, but simply a way of manually entering your key into the URL, essentially what you would've done anyway, except in a form text area. No?

Re:Correct me if I'm wrong...

[jpardey]

Well, at least you don't need to have the WGA program installed, which phones home every so often, if I recall the previous stream of slashdot posts rightly.

Re:Correct me if I'm wrong...

[Jade+E.+2]

Don't get me wrong, I'm not worried about that wgacheck thing phoning home, I'm worried about the off chance that it fubars the box. The windows servers aren't my domain, and I don't really feel like explaining to their admin that I was running some supposed "internal microsoft tool" on one of his fragile boxes when it crashed. Besides, I'm not supposed to know the admin password he hasn't changed in 3 years.

Re:Correct me if I'm wrong...

[DaFrog]

This is sad.... Is Slashdot now the safe harbor for wannabe script kiddies who hate M$? Come on, how much you hate M$, they are in for the cash, so respect the fact that they want to check that you paid for what you got - Let me ask you a question; are you the same folks you believe that open source means free (as in beer) software? Going back to play a fully licensed game on a very horrid OS

Re:Correct me if I'm wrong...

[Achromatic1978]

I love it. Slashdot's editorial ethics prevent it from linking to ways of getting around Apple DRM, but happily offer up links to getting around Microsoft DRM??

Re:Correct me if I'm wrong...

[Shaper_pmp]

Sorry, but betas are buggy pre-releases that users use specifically on a voluntary basis.

If a company pro-actively pushes code to my machine and effectively forces me to run it, that's releasing a "final version", by any sensible definition of the term.

Now, after the furore when people discovered the dialling-home behaviour MS might have disabled that "feature" in a later version, but that doesn't make the preceeding one a "beta", except in very bad efforts at spin-control or post-facto apologetics.

And I think the point is that with MS pulling shit like this every other month, people are getting increasingly itchy about running any MS apps or utils they don't absolutely have to.

Re:Correct me if I'm wrong...

[toleraen]

That's funny, Microsoft hasn't pushed anything I didn't want to my machine. Then again, I've got auto update disabled. I take it you clicked the "Yes I accept any software you want to send me" button? While MS probably shouldn't have added this "feature" to their code in the first place, you told MS that it was ok to install on your machine. They didn't force you into anything, you gave them the key to your house and said "make yourself at home".

Re:Correct me if I'm wrong...

[Shaper_pmp]

Actually, I clicked the "Download all updates but wait for my OK before installing them" button.

I think it's pretty much taken as read that "updates" should have been tested and approved before release. Either that, or the button should have said "Download all updates and any other shoddy half-finished beta-release crap Microsoft would like to risk fucking up your machine with and wait for my OK before installing them".

The thing is, unless you want to waste hours pissing about trying to get around it you need to have WGA installed to get Windows Updates (well, until this story was posted, anyway).

So, I gave my consent to allowing MS to install "essential updates" to my machine which, given Windows' execrable security record, is pretty much a no-brainer. I have a genuine copy of Windows XP, so although I don't like being treated like a pirate without reason, I also didn't mind running WGA too much.

YMMV, but again my time is valuable - you might have time to investigate every single Windows patch available before oking it, but frankly with the amount of crap wrong with Windows you'd have to be at it nearly full-time to keep up.

MS then used this (perfectly-reasonable) permission to turn WGA into spyware, and somehow it's my fault?

Remember: they didn't exactly shout from the rooftops before slipping this nasty little dialling-home functionality in, did they?

I mean, sure, you've got a point - I was clearly stupid not to decompile every single Windows Update patch and inspect it by hand before installing each and every one one-at-a-time, rebooting and monitoring my outbound network traffic in-between just in case I'd missed any little surprises.

Oh, what a fool I've been.

The point is, either MS were deliberately spying on me (in which case they deserve punishment) or they stupidly pushed non-production-ready software into my machine in the guise of production-ready software, and didn't own up to it until someone else very publically called them on it... in which case they should be punished. What was your point again?

Re:Why the fuck..

[topham]

As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.

The short description, XP decided it needed to Activate (could NOT log in without activating it), but I hadn't finished installing drivers; forcing me to phone up their support instead of doing it online.

Then, because I had not yet installed the rest of the hardware (which; without the drivers installed were causing the machine to reboot, or bluescreen before windows even started). the Windows Activation bitched at me again when I was done. At least this time it gave me a 3 day window before it would deactivate; this gave me an opportunity to install the rest of the drivers, etc.

This second time it forced me to call Microsoft again, even though the network connection was now working fine, because the machine had changed too much, and been activated too many times.

Then it lead me to believe I could just use the automated method (the voice recognition is actually pretty good), but after reading a billion digits to the computer it decided I wasn't allowed to do it that way and passed me off to an operator.

And you think I want to trust WGA if I need a hot-fix to add security patches, etc?

The only people not having problems with Windows XP Activation and WGA are the damn pirates.

Re:You Could Be Watched Though

[Jade+E.+2]

That building's connection is provided by a company on the top floor that NATs everything but the server rooms. There are something like 1500 users on that outgoing IP, including the open wireless network in the coffee shop on the first floor (and boy does it cause some interesting problems sometimes.) And a 7 digit alphanumeric hash of a 25 digit alphanumeric product key means there are roughly 8x10^19 collisions for each hash. (Less that that because not all the keys are valid, of course, but still.)

Not worried.

Basically for patching a pirated copy of Windows?

[BeeBeard]

Many of us know firsthand that activating a Microsoft product can often be an onerous task, but this seems a little suspicious. Assuming that:

1. someone owns a valid Windows license and
2. they're pretty organized and didn't misplace their key and
3. they believe that Microsoft does not collect private information using WGA

then why would circumventing WGA be of use to them? In that situation, is patching a pirated copy of Windows the only realistic use for this trick? Could somebody chime in and suggest *another* use for it?

Re:Why the fuck..

[Bing+Tsher+E]

The only real reason to go around WGA is if you're using a pirated copy of Windows.

Incorrect. I, personally, have Windows machines, but I'm not foolish enough to let machines running Windows to have close connection to the Internet. So if I wanted to download updates I would want to do it from this NetBSD machine, which is what I customarily use for online things (and which is routed to the Internet).

My Windows machines are authentic, and I have all the 'paperwork' and media to prove it. I'm just not gonna hang them out on the net.

And it makes perfect sense that people who want to apply all the patches to secure a Windows system are going to want to get those updates first on an already secured system. Am I supposed to connect my machine with a freshly installed Day Zero copy of Windows 2000 (I pre-registered to pre-order Windows 2000 before it came out, so I have first release media with all the exploits, etc.) online to download security patches? Do I seem like I'm nuts?

Re:Why the fuck..

[anothy]

in addition to the other (entirely valid) reasons noted by folks for wanting to get around the horridly flawed idea of WGA authentication: i run windows inside emulation, generally without a direct real-world network connection. it's much nicer to be able to download bits in my native environment and move them over at my leisure.

Re:que?

[SaDan]

Why not charge more? The more legit users they can get to pirate software, the more reason they have to implement DRM and other wasteful technologies to combat piracy, etc.

They're making work for themselves, basically, and charging honest people a hell of a lot of money to stay honest.

Good luck to them. I've finally collected the last pieces of the puzzle for Linux at home, and will be removing the last Windows machine (wife's PC) off of my network in a matter of weeks.

No more fucking MS bullshit. Adios.

That's right!

Making light of national security is serious. This is the USA, you have no right to criticize the government!

WGA even for "security" updates?

[Killer+Eye]

Is WGA applied universally to downloads, even ones meant to fix serious problems? Or, for instance, can you always download security patches without the rubber gloves?

Probably not. I can imagine hundreds of illegal copies of Windows already taken over and turned into spam bots, etc. and thanks to WGA, there is no way to fix them. Can WGA keep these machines off the Internet, keep them from harming others? No.

In time, networking protocols evolve, systems change, etc. so these wide-open networked machines will eventually lose some of their teeth. But not before another decade or so of anguish, thanks to Microsoft's unbelievable failure to accept responsibility.

Re:An Alternative to Windows Update

[rob1980]

That's interesting, but I'd sooner be caught naked in the streets than getting my OS updates off of some random site on the internet I know nothing about.

Re:An Alternative to Windows Update

[BeeBeard]

I'm in the same boat. Their patch site is reaallllyyy fishy. Usually I would see links to it in random forums along with comments from one-time posters like "I assure you it's 100% safe!" even before somebody raised the issue of security. Plus, a substantial number of virus checkers routinely flag their plugin and even their website as containing viruses. I was quickly scared away.

How responsible

[curtisk]

"Today on Slashdot: How to bypass a companies attempt to disrupt piracy of their product"

I'm waiting for "How to download from (pay)iTunes without paying for it" and "Circumvent Payment in Valve's Steam"