Slashdot Mirror
Windows Genuine Advantage Gets More Lenient
Troglodyte writes in with word that Microsoft is revamping its Windows Genuine Advantage program so that it labels fewer users pirates. WGA now has a third category besides "genuine and "not genuine," called "not sure." Quoting: "[I]t's quite obvious what is going on here: Microsoft has added 'not sure' as a way of cutting down on the number of false positives associated with WGA. As many as one in five PCs were failing WGA checks, but this new setting should both reduce this and give Microsoft the chance to investigate further the kinds of things that are landing folks in the 'not sure' category."
Or...
#4 - A windows Volume license install that then had the WGA patched plus the install key changed to a regular Pro key that was keygened and thus passes the WGA test perfectly. Even Windows Media player 11 is happy with it.
WGA is so incredibly easy to get past it's not funny. set the patched WGA dll to read only and updates cant overwrite it.
Hackers will always find a way around whatever scheme MS or any other company devises.
Very true, but in the 90s, companies pirating mass quanities of MS software was a major concern. Not only did it kill MS revenue, but it screwed consumers as they thought the copies they were buying were legitimate.
From working in the OEM world at that time, even our trusted vendors would often have workers that would offer 'discounted' OEM copies of MS software from another company all the time. It was so bad that our company had to put in place buying policies to ensure only geniune copies were ever purchased. And even with that policy in place, we had several hundred fake copies of MS software slip through OEM distributors that themselves didn't realize the copies were fake.
This is where all this crap started, but in the process MS lost sight of the goal of ensuring consumers didn't get screwed.
People in MS honestly think the Activation and Keys and WGA were good things to help the consumers to ensure they didn't get worthless copies.
MS just needs a real wakeup call that there are alternatives to dealing with mass production piracy that DO NOT harm or even bother the consumers.
Digital distribution could actually be a real solution as the control of licensing and purchasing could potentially be more easily controlled than relying on Keys and WGA to ensure copies weren't obtained from shady companies.
I don't agree with MS on this, although I do have understanding of where and why all this protection crap started.
http://slashdot.org/comments.pl?sid=218426&cid=17
I hate to say it but "I told you so!"
Ok, I enjoy saying it
Have YOU ever had to argue with Microsoft to get another activation code? Has anyone you know (in real life, not on the net) had to argue with Microsoft to get a code? Every single time I have needed a new code I've called up the number that appears on the screen, told them that the motherboard failed and I replaced it, and then they gave me a new code.
Having to "argue" with Microsoft (if you are a legit owner of a non-OEM copy of Windows) is nothing but pure FUD. Now trying to get another activation code out of an OEM... I'd be willing to believe that is a headache.
It doesn't work that way. VLKs are basically on the honor system.
The problem is not that there are fake keys lying around, it's that there are real keys lying around.
For quite some time, the key algorithm for the Volume License copies of XP has been cracked. They're perfectly valid keys, they simply haven't actually been sold to anyone. That's why they can't use the same algorithm, and why they have to keep this magic database of "actually sold" keys to compare against. I have no idea how this database was generated, but I'm willing to bet it was cobbled together, and that Microsoft had no real easy way of knowing which keys were sold and which were not, which resulted in a highly error prone database.
No, actually, in my experience it's not a problem. I work on systems for folks on the side, and it's fairly often that I have to replace an OEM mainboard with a retail one. Every time I've done so (I can remember at least 5 times), I've called Microsoft and after answering yes to "Is this the only computer this key is used on?", received an activation code.
The two options are Continue and Cancel
Change is certain; progress is not obligatory.
Actually, the algorithm for XP VLKs was only "sorta" cracked; they're not "perfectly" valid, but only somewhat valid. The crack algorithm(s) generate keys in the recognizably valid keyspace, but only in parts of that (enormous) keyspace that Microsoft knows it hasn't ever used. So, a publicly generated key will (presently maybe?) install fine, but Microsoft knows it's outside the range of legitimate keys. All they should have to do is actually revoke keys outside this range (via update or service pack), effectively shrinking the size of the keyspace by disallowing a portion of it.
Therefore, it's not actually a database of keys "actually sold", which is the more robust thing to do although it is logistically difficult even for Microsoft. Creating a secret keyspace, with a secret mapping, and a secret key to that mapping, is one way to do it and it's the way they used for XP. Keeping an actual database only raises the difficulty of attack a somewhat, but it vastly increases the record-keeping requirement on their part from "a vanishingly small percent of keys to blacklist plus the decompiled and reconstructed crack algorithms' analysis" to "ever valid key we sell and obviously a list of those we've not yet sold" in a symmetric relationship with every copy of Windows (or Word or Office or Excel or anything else) that they sell, ever.