Beware Windows Users!

[elviejo]

"TOP STORY

 

Genuine Advantage is Microsoft spyware

 

By Brian Livingston

 

Windows Genuine Advantage — the controversial program Microsoft auto-installed as a "critical security update" on many PCs starting on Apr. 25 — not only causes problems for many users but has now been proven to send personally identifiable information back to Redmond every 24 hours.

 

This behavior clearly fits any plausible definition of "spyware." Some tech writers have said categorizing WGA as spyware is arguable. But I have no hesitation in calling the program a security nightmare that Microsoft should never have distributed in its present form.

 

In my May 25 newsletter, I called Microsoft's WGA download a "severe blunder." It causes serious problems for some legitimate Windows users and was sprung on customers with no notice other than a press release the day before.

 

No PC-using company that values security and reliability can allow a program like WGA to send data to a distant server, download additional software, morph its behavior, or remotely change the functionality of Windows (as I describe below). I don't believe individuals should put up with this, either.

 

Today, I'll explain the problems and let you know what you can do to fix them.

 

If the spyware label fits, wear it

 

In a statement released on June 8, Microsoft officially denies that WGA is spyware. Let's settle this question right off the bat so we can quickly move on to more important things.

 

Microsoft's denial is based on its own definition of spyware:

 

* "Broadly speaking, spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose. WGA is installed with the consent of the user and seeks only to notify the user if a proper license is not in place. WGA is not spyware."

 

This is patently absurd. Many spyware programs, such as peer-to-peer file sharing applications, are knowingly installed with the user's consent. The user downloads the software to get music, a screen saver, or whatever other benefit is promised.

 

What makes a program spyware, among other things, is that it operates in ways that aren't clearly disclosed before installation and it reports data back to a central server. Furthermore, this activity needn't be malicious. Many spyware programs do nothing more than serving up targeted advertising or tracking anonymous marketing behavior. If a user wants such tracking functions, they might be fine. But if the user wasn't clearly made aware of this, whether or not such software has a malicious purpose, it's still spyware.

 

The majority of published definitions of spyware focus the fact on that a program quietly gathers and transmits data. For example, here's an excerpt from the first definition returned by Google when define spyware is entered:

 

* "Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes."

 

To help you understand the latest revelations about Windows Genuine Advantage's behaviors, let's walk through the latest facts that have been discovered about WGA.

 

What Genuine Advantage actually does

 

What we've found about WGA fits neatly into four behaviors that are typical of all spyware:

 

1. Lack of disclosure before installation. Windows users in the affected countries (U.S., U.K., Australia, etc.) who had Automatic Updates set to "auto-install" received WGA without user action, as though it was a critical security update — which it clearly was not. Even those users who ran Windows Update or Microsoft Update manually, however, were misinformed about what WGA would do. In 17 pages of screen shots, ZDNet blogger David Berlind demonstrates this, concluding:

 

* "I was not asked for consent when the WGA Validation Tool — the one that, like spyware, phones home — installed itself. In fact, as can be seen from this screenshot which immediately preceded the automatic download and installation of the WGA Validation Tool, I could easily argue that I was misled into thinking I was going to download and install something else when in fact, I was downloading and installing, without my consent, software that apparently phones home."

 

A separate WGA Notification Tool is also downloaded. This program does not contact Microsoft's server, but merely displays warnings on a user's PC if a Genuine Advantage test is failed for whatever reason. After clicking several links in the manual download process, Berlind found only a vague explanation of WGA through what he calls a "circuitous route."

 

2. Transmits data to a central computer. The WGA Validation Tool contacts a Microsoft server every time a PC is booted up and every 24 hours after that. (Some of the earliest alarms about this were sounded by Lauren Weinstein, a co-founder of People for Internet Responsibility, in postings June 5 through 13.) WGA's "phone home" events, like all Internet packets, contain the IP address of the affected PC and the date and time, indicating when it booted up or had run for 24 hours. In addition, Microsoft's WGA director, David Lazar, told the Associated Press in a June 7 interview that the program also:

 

* "...gathers information such as the computer's manufacturer and the language and locale it is set for."

 

This is enough data to easily identify individual PCs. And, of course, WGA can be modified remotely to collect additional information (as explained in point 3).

 

3. Downloads other software and morphs itself. WGA's daily contact with Microsoft's servers is specifically designed to allow the company to download new instructions. According to Microsoft's June 8 statement and Lazar's interview, this includes:

 

• Changing how often WGA contacts Microsoft's servers;

• Disabling features of WGA or disabling the WGA software entirely;

• Adding to the license keys that WGA treats as invalid; etc.

 

4. Cannot easily be uninstalled. No entry appears in the Add/Remove Software control panel for patches 892130 or 905474 — the Validation Tool and the Notification Tool. If you manually delete WGA's executable file, Windows regenerates it. (I'll discuss remedies for this below.)

 

Perhaps most shocking is a trait of WGA that most other spyware doesn't suffer from. WGA is beta software that even Microsoft doesn't consider ready for release.

 

Section 4 of the WGA Validation Tool EULA (End User License Agreement) states:

 

* "4. PRE-RELEASE SOFTWARE. This software is a pre-release version. It may not work the way a final version of the software will. We may change it for the final, commercial version. We also may not release a commercial version."

 

Microsoft's June 8 statement confirms this by repeatedly calling the WGA rollout a "pilot program" or a "pilot version." Of course, "pre-release software" and "pilot version" mean exactly the same thing — beta.

 

At least that explains some of the many problems that Windows users are having with WGA.

 

Problems with WGA — and some solutions

 

It's important to remember that Windows Genuine Advantage is not an omnipotent, do-everything program. Its stated goals are simple. If an instance of Windows doesn't seem to have a valid license, (1) display notices to the user and (2) prevent any updates being downloaded from Microsoft.com except security upgrades that are rated "Critical."

 

Despite these limited tasks, WGA seems to cause a wide variety of headaches. Since my May 25 article appeared, I've collected reports from the field and from readers describing the following categories of issues:

 

1. False positives of legitimate copies of Windows. Numerous users report that WGA refuses to validate licensed copies of Windows that are unquestionably genuine. At Microsoft's official online forum called WGA Validation Problems, many people report problems even with packaged copies of Windows that were purchased directly from Microsoft.

 

2. No updates at all unless WGA is accepted. Although a WGA failure is supposed to only prevent affected users from downloading nonsecurity updates, many Windows Secrets readers report that legitimate copies of Windows refuse to display any updates except the WGA download — until the Validation and Notification Tools are installed. Phillip "Skip" Lehrfeld writes:

 

* "I chose to download the Windows Genuine Advantage Validation Tool (KB 892130) on March 6, 2006. I followed this with Windows Genuine Advantage Notification (KB 905474) on May 4, 2006.

 

"On June 2, 2006, I was checking the Update site as I was informed that there was a new Critical update to be downloaded. I checked the site and it told me I could not get my update as I was missing a critical tool. I checked it out and it told me I was missing the Windows Genuine Advantage Validation Tool. I checked my history and sure enough I had installed it on March 6.

 

"OK, I will bite, and I downloaded it again. Yes, the number was KB 892130, the same as before. Then it wanted me to install the second one again. I installed Windows Genuine Advantage Notification, KB 905474, for the second time. Having installed the two for the second time, there were no new updates to install. Those were the updates to be installed. ...

 

"After the reinstallation, I checked the history section of the site and now I have the two updates installed twice successfully.

 

"I have an authorized copy of Windows XP and had no problems with the above events; but it leaves me to wonder what is going on and are they now doing something else to my system without revealing what is going on."

 

The redundant WGA install messages are probably caused by changed code that Microsoft wished to download to defeat some workarounds that disabled WGA.

 

Numerous other readers say that Microsoft's update site also reported to them that there were no patches except WGA, although important updates were, in fact, available.

 

3. "Notify only" options disabled. We have some reports that the "notify only" options in Automatic Updates are greyed out and can't be selected. G. Allen Taylor, M.D., writes:

 

* "With regard to the OS updates, which I have so faithfully and obediently installed, I now suspect that one of them has 'grayed out' the Options menu in Windows Update on both my computers. "While formerly I could choose to automatically or manually download and/or install the periodic updates, I now have no choice on either of my computers. Whether I want them or not, all updates are downloaded when I'm online and installed then or the next time I reboot."

 

Dr. Taylor offers a fix, which involves the fact that a Group Policy was somehow enabled that prevents any option other than auto-updates.

 

The solution requires a change to Group Policy or the Registry. The procedures are described at the Windows XP MVPs site.

 

4. Reinstalls from valid CDs fail the Genuine Advantage test. By far the most serious side-effect of WGA is that it doesn't validate instances of Windows that are reinstalled, even when a genuine CD-ROM from a major computer maker is used. Lauren Weinstein writes:

 

* "It appears that it is exceedingly common for repair operations to reinstall based on "cloned" or otherwise duplicated copies of the Microsoft OS, rather than try to restore or reauthenticate based on the original users' OS serial numbers or authentication codes. Original restore disks and key information cards/labels are frequently missing, making it difficult to duplicate the original authentication environment."

 

I've seen reports of this on Microsoft's own forum involving such cases as Best Buy's Geek Squad reinstalling Windows with the user's original, licensed Dell CD-ROM.

 

Despite all of the reported problems, Microsoft officials aren't very forthcoming on the subject of WGA. On June 9, I asked to interview David Lazar in Redmond and submitted a few questions in writing. Five days later, a spokesman replied, "Unfortunately, we will not be able to participate in this opportunity."

 

Many Windows users seem to be in denial that WGA could be spyware, because Microsoft is such a big, well-known company. Unfortunately, that was what people thought of the Sony BMG recording label before it started distributing music CDs last year with rootkit software that infected PCs.

 

I don't feel that Microsoft or Sony BMG are evil incarnate. But we must recognize that Microsoft is now just one more spyware distributor among the many we have to watch out for.

 

How to make sure WGA doesn't bite you

 

It's important not to panic about Windows Genuine Advantage. At this point, its worst side-effect is interfering with the normal patch process — but far more common is that it merely displays annoying warning messages for no apparent reason.

 

If you've already allowed WGA to install, I can't recommend that you try to uninstall it. That's because Microsoft has made a passing grade on Genuine Advantage a requirement for almost every kind of download you might want from Redmond. Without passing a Genuine Advantage checkup, most Windows users now can't get Internet Explorer beta 7, for example, although you might not care. But you just might have a good reason to install a newer, more secure version of Windows Media Player or any of dozens of other official updates.

 

If you insist on trying to uninstall WGA, the My Digital Life site has posted no fewer than 15 proposed hacks that attempt to circumvent Microsoft's anti-uninstall measures. Most of these methods no longer work, due to recent Microsoft code changes. Even if you did disable the app, it's pointless to have done so if you ever need to download any Microsoft widget some day that requires WGA. Again, I don't recommend that you bother trying to remove WGA if it's installed.

 

Instead, I strongly advise that you simply suppress WGA's negative side-effects:

 

Step 1. Stop the misleading installation of possibly unwanted programs. If you really don't need to download anything from Microsoft for a while, set the Automatic Updates control panel to Notify but don't download or install. When you're notified of new security updates, first read the free and paid versions of the Windows Secrets Newsletter for our reviews. Then manually run Microsoft Update and select only the patches that have no reported conflicts.

 

If Microsoft Update subsequently refuses to download patches you need, go ahead and accept the WGA installs, then take steps 2 and 3. Be aware that some programs, such as Microsoft's Windows Defender (formerly MS Antispyware Beta), won't update themselves unless Windows' auto-update is on. (Thanks to reader Raymond Combs for his research into this.)

 

Step 2. Disable WGA's incessant notifications. If WGA guesses, correctly or incorrectly, that your copy of Windows is unlicensed, it displays a warning at least once a day for 14 days, then once an hour after that. Fortunately, Microsoft has made it easy to disable all such warnings. Right-click the WGA logo in the system tray, then select Change notification settings. Turn off the display of notifications, click Save Settings, select I understand, and finally click Yes I'm Sure. Reboot the PC. The WGA logo will remain in the tray but notifications will no longer appear. The notices will come back, however, if you happen to install a future version of WGA from Microsoft.

 

Step 3. Prevent WGA from phoning home to Microsoft servers. The WGA process that calls out to its remote masters can be blocked by 2-way software firewalls such as ZoneAlarm and McAfee. To do so, simply deny the connection when your firewall pops up an alert about Windows Genuine Advantage trying to use the Internet. Alternately, hard-code a denial via the firewall's user interface. No ill effects of preventing WGA from establishing a connection have been reported.

 

This story has legs

 

I'm afraid I'll have more tales to tell in future weeks as the fallout expands. Microsoft executives seem totally oblivious to how much public trust they've squandered by installing WGA in a sneaky way. Microsoft has repeatedly assured users that Automatic Updates would only be used to download critical security fixes. "Delivering security updates right to your computer automatically," they said.

 

Abusing PC users' need for security patches is a betrayal that Microsoft can ill afford. Whoever the marketing geniuses are who've seized Microsoft's security infrastructure to push out spyware, they need to be fired.

 

I'm not holding my breath waiting for that. Instead, I'm researching a totally independent way for Windows users to keep their PCs tuned without depending on Microsoft Update at all. Stay tuned.

 

To send us more information about WGA, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.

 

Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.

 

Contents Index

 

 

FORWARDING INSTRUCTIONS

 

Please share this information with your friends

You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/comp/060615."

 

 

You can read the article on:http://www.windowssecrets.com/comp/060615/#

[cringemaster]

hmmmm...

[hecker]

hmmmm...

I agree.

[Forceman]

Where is Robotskip and his book of wikis.

[Superhai]

* "Broadly speaking, spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose. WGA is installed with the consent of the user and seeks only to notify the user if a proper license is not in place. WGA is not spyware."

 

Why does it have to check that every 24 hours? If MS argument was valid, the check would be required only once. The software is either properly licensed or not. Unless microsoft has some deceptive or malicious plans for the windows future, the check is only required to do once.

[Vertigo50]

Yeah, this was big news a year ago. Everyone has moved on.

 

I don't like the way Microsoft did this, but you can't blame them for finally putting copy protection in their OS. The only reason people are mad is that they've been pirating Windows for so long, they assumed the party would last forever, so now they're shocked that MS has done something they have always had the right to do.

 

Personally, I haven't turned on automatic updates in years. In fact, I rarely ever download a Windows update.

[lord_muad_dib]

old news, just don't install that update and you're ok

[Danyel]

I'm running Windows XP. On Automatic Updates, I have selected the option "Notify Me but don't automatically download or install them". When I saw this Windows Genuine Advantage (WGA) patch, I unselected this patch and told them not to remind me.

 

--danyel

[SWN_Hellzone]

I used Windows Genuine Advantage (WGA) patch and it worked no problem, stupid {censored}

[elviejo]

old news, just don't install that update and you're ok

 

 

I'm running Windows XP. On Automatic Updates, I have selected the option "Notify Me but don't automatically download or install them". When I saw this Windows Genuine Advantage (WGA) patch, I unselected this patch and told them not to remind me.

 

--danyel

 

 

I used Windows Genuine Advantage (WGA) patch and it worked no problem, stupid {censored}

 

 

People, you are missing the point, is not if you install WGA or not, is the deception.

[borisbadenov]

Superhai, you ask why would it report back every 24 hours, why not just once? Well, what if some unscrupulous person had a legit copy of Windows but then decided to install pirated (gasp!!) copies of Microsoft software; ie: Office 2007, etc? If the WGA patch was applied before the "inappropriately" acquired software was installed, it would tell Redmond that this person is running a legal copy of the software. By checking back all the time, they can scan (yes, spyware is the correct term here) your system for illegitimate programs.

 

That being said, I am sure none of us here are guilty of such crimes. I know we all here are legitimate members of the ADC and have licensed copies of OSX

[hecker]

People, you are missing the point, is not if you install WGA or not, is the deception.

You're right.

Most users simply do not know what a good OS should be like (for obvious monopolitical reasons). Most windows users are convinced that the MS excrement is delicious because 1E1000000000 flies "just can't be wrong". I accept that it's a matter of taste, though. Bad taste, that is.

 

 

hecker

[me@home]

...that the MS excrement is delicious...

 

u r funny !

 

Well I still use Win for several reasons but I do like OSX that's why I bought my 3rd Mac now a MBp.

Linux was always fascinating but without all the root consele stuff too "difficult" to use as every day OS

(well at least for me).

 

WGA is {censored} for XP (good corporate key is all u need! :pirate2: ) but it's getting "better" in Vista

However I hope Leo will be the über OS for the next years.

[Metrogirl]

It might be old news, but it's certainly as relevant today as it was when WGA was introduced. MS have just rolled out a new version of WGA, as they do periodically. They even have different versions in different parts of the world, presumably to keep the crackers busy. The thing that annoys me is that it is always listed as a critical update, which it most certainly is not, and you get the 'your computer may be at risk' message if you select 'do not show me this update again'. That is a lie, plain and simple, and I am amazed that they can get away with it. No system is made more secure as a result of installing this 'tool' - or can someone explain to me how it is? For what it's worth, my copy of XP is genuine, but I still won't install the WGA Notification tool.

[A Nonny Moose]

That being said, I am sure none of us here are guilty of such crimes. I know we all here are legitimate members of the ADC and have licensed copies of OSX

 

I am a legit member of ADC (the free account) and my OS X is fully legal.

[solaar]

I don't like the way Microsoft did this, but you can't blame them for finally putting copy protection in their OS. The only reason people are mad is that they've been pirating Windows for so long, they assumed the party would last forever, so now they're shocked that MS has done something they have always had the right to do.

Well, this has nothing to do with 'copy protection' and if MS have the 'right' to give its customers this kind of 'genuine advantage' apparently depends on the laws of the country you're living in. Most of the democratic and free systems I've been living in grant the rights for 'verification' if someone is doing something unlawful or not, exclusively to public authorities, ie. police, prosecutors etc but NOT (thank goodness) to private entities.

[Forceman]

Just shows how ignorant Windows users are, they deny MS is spying on them or having the key to their house. Time to wake up people generally Windows users are so detached from their OS they dont know WTF is going on.

[track09]

I like this fact, since I'm legit, I don't care, it keeps me benefiting from purchasing, while hurting those who pirate. I paid, I don't want pirates to get the same quality as me.

[solaar]

I like this fact, since I'm legit, I don't care, it keeps me benefiting from purchasing, while hurting those who pirate. I paid, I don't want pirates to get the same quality as me.

Well yes, you may also choose to leave all your doors and windows (pun?) open to have everybody participate in how much of a honest citizen you are. However you can believe that there are countless other honest citizens who would not hesitate a second to choose the opposite. This 'open doors' policy can only be tolerated if EVERYBODY agrees. Imposing anything else is like flirting with totalitarian ideals.

[Forceman]

I like this fact, since I'm legit, I don't care, it keeps me benefiting from purchasing, while hurting those who pirate. I paid, I don't want pirates to get the same quality as me.

 

Even Legal users have been on the bad end of WGA and not forgetting the activation so saying you dont care is silly. Your car is safe but only when you drive carelessly do care if it's really safe?

[elviejo]

I like this fact, since I'm legit, I don't care, it keeps me benefiting from purchasing, while hurting those who pirate. I paid, I don't want pirates to get the same quality as me.

 

 

I hope you don't wake up one day with your legit telling you that it is a pirated version, because that is what is happening to a lot of people and, before you ask for proof, you can search the Microsoft forums and take a hard look on what's happening, I know also it's true because I have two cases last week at my work, oh, I forgot to tell you that I work in a company who make computers, a small one sure, but no less than the big ones, so, again don't rest so sure.

[robotskip]

People don't complain if there is nothing wrong, so you have a few vocal people making it sound like it's a huge problem, it happens with everything on the internet from X360 hardware problems (Which were lower than the industry average), to DS hinges, etc.

[Zulu.Walker]

I dunno if you oldtime windows users know about this, but I've never updated through Windows Autoupdate and use another autoupdate that works off the bat with Windows' update ever since this WGA {censored} appeared:

 

http://www.windizupdate.62nds.com

 

Updates your WinXP SP2 system using firefox only with his updates coming from the official Windows Update. Head over and be amazed.

[track09]

I dunno if you oldtime windows users know about this, but I've never updated through Windows Autoupdate and use another autoupdate that works off the bat with Windows' update ever since this WGA {censored} appeared:

 

http://www.windizupdate.62nds.com

 

Updates your WinXP SP2 system using firefox only with his updates coming from the official Windows Update. Head over and be amazed.

 

 

The monarchy of Firefox only is enough to {censored} me off, like Profit42' site, which, when I disabled javascript, you know what, I got right in, and IE rendered it perfectly.

 

Plus, I prefer to get them directly from Microsoft.

 

Sure, Windows update requires IE7 and ActiveX, but it's in a situation where it has a legitimate reason to do so...

[Zulu.Walker]

...if you have a legitimate copy I didn't think anyone hated Firefox, you really seem to have something against it. I've never had any good experiences with any version of IE, so you'd understand why I don't use it. Even profit42's site won't load with Javascript On in Firefox, and as you said, it loads perfectly with JS off but not in IE, firefox in my case

 

I never preferred anything from Microsoft. Not their OS, not their apps, nor their monopoly. What I do like about them is that their OS is the only one with great games, not all of them good, but some of the best not found anywhere else.

 

I consider WGA and Microsoft spyware. So just beware! We pirates do our own thing, so 'cha...