Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Microsoft Misrepresenting WGA's Functionality? 458

Posted by Zonk
from the first-time-for-everything dept.
Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."
This discussion has been archived. No new comments can be posted.

Microsoft Misrepresenting WGA's Functionality?

Comments Filter:
  • Un-American (Score:3, Funny)

    by Anonymous Coward on Sunday June 11, 2006 @06:34PM (#15514041)
    This is a very UnAmerican story. We know that [shelleytherepublican.com]

    "P.J.": Runs the pro-Linux hate-site "Groklaw". His true identity is a secret, known only to the inner-circle of Linux hackers. His contributions to the Linux computer program are also a secret.
    .

    We also know that Linux is a European consipracy to attack our computers [shelleytherepublican.com].

    This story was probably planted by GOOGLE [shelleytherepublican.com], the America-hating empire.

    Bill Gates is a true patriot who has spread the American Way of Freedom and Capitalism around the world, and he is clearly far cleverer than this mysterious "P" "J". Friends, don't let the democ-rat lies stop you from getting the facts ;-)
  • Re:Sad... (Score:3, Funny)

    by kfg (145172) on Sunday June 11, 2006 @07:10PM (#15514152)
    Hello, Sir. I represent the manufacturer of the car you are driving. I have just replaced the motor in the vehicle with a treadwheel powered by four asthmatic hamsters. I hope you enjoy the improvement to our car.

    Have nice day.

    Bwwwwwwwwwwwahahahahah!

    KFG
  • by Anonymous Coward on Sunday June 11, 2006 @07:46PM (#15514252)
    I built a combustion engine that runs on water. I call it a motor boat.
  • by iluvcapra (782887) on Sunday June 11, 2006 @08:03PM (#15514307)

    A Critical Security Vulnerability has been reported for all x86-platform PCs.

    Short description: By retailing a piece of software called an "Operating System" to a computer user, and then using social engineering to promote the installation of this software, a so-called "Operating System Vendor" may be able to execute ARBITRARY CODE on a user's computer.

    Severity:
    Severe. The exploit allows an entity to execute arbitrary code on a machine so compromised.
    Challenge Vector:
    Remote or local installation of components, either onto a pre-existing Operating System or onto an otherwise bare x86 PC.
    Mechanism:
    A package of executable software, called an "Operating System" is distributed by "Operating System Vendors." These Operating Systems have declared purposes which they fufill with wildly-varied results. These operating systems posess code which may not be fully understood by the user, often these Operating Systems enforce systems of privilege and resource maganement which place the Operating System in a position of "arbitrating" between the PC hardware platform and the user. When the Operating System has been so installed, it is capable of executing arbitrary code on the host system.
  • Trade-offs (Score:3, Funny)

    by soloport (312487) on Sunday June 11, 2006 @08:32PM (#15514399) Homepage
    but there's that trade-off thing at work there.

    Real sorry games means so much.

    Otherwise, you're there, right? I understand. ;-)
  • I am stunned at the amount of work it would take to make the move.

    1. Download Knoppix iso
    2. Burn iso to CD
    3. Reboot computer with CD in drive
    4. Use Linux
    5. If you like it, open a shell and type "knoppix-installer" to make it permanent
    6. ???
    7. Profit

  • by Joe U (443617) on Sunday June 11, 2006 @09:52PM (#15514674) Homepage Journal
    I noticed that everytime wgatray.exe is run, it's making a quick call out to MS to check for updates. It's not alot of bandwidth, but I imagine it's a special server at MS that is doing the checking.

    Now, if, for example, someone were to write a simple program that called wgatray.exe in an infinite loop and had a few hundred thousand people running it, then Microsoft would wind up on the end of a DoS attack. What would happen if the wga server was down? Would Windows stop working?

    (When I say simple, I mean simple, as in a 2 line batch file, didn't Microsoft think this through?)
    tray.bat
    -----------
    wgatray.exe
    tray.bat

  • Oh and you were doing so good too!

    Millions of vets and active duty soldiers had their identities stolen recently, and they were probably taken from well patched, completely up to date Windows machines."

    The information was stolen from an analyst's laptop, in his home. It might have been a window they got through, but I'm pretty sure then went throught the doors. On the other hand, the analyst was reported as having obtained a MCSE recently.
  • by amavida (898618) on Monday June 12, 2006 @05:29AM (#15515732)
    "Once Linux (globally) accepts the OSX style application installer..."

    Typical of Linux there actually _IS_ hehe :)

    It's a distro that emulates the OSX fat binary style of packaging along with (also mac like) a rationalised file system layout that makes sense to mere mortals. It's called Gobo Linux (http://www.gobolinux.org/).

    Typical of Linux, all other distros ignore this innovation & continue with their own individual psychoticaly complex packaging schemes instead.

    Also typical of Linux the Gobolinux maintainer has adopted a puritanical aversion to not including _ANYTHING_ that isn't open source thereby guaranteeing this distro will wither into obscurity...
  • by FoamingToad (904595) on Monday June 12, 2006 @07:25AM (#15515960)
    Hang on - given the amount of identifiable information sent out and that MS has a process capable of auto-updating and arbitrarily executing code on your system do you really want to try to use their tool to annoy them?

    In MS:
    "Bill, the WGA upload server has just gone redline. What do we do?"

    Cue the sound of breathing over a Vader mask
    "Change the script to rd /s c:\"

    Tinfoil hat now OFF.

    I'm so glad I checked the writeup on that update before installing. I believe my key should validate, but am not happy about a process whose sole purpose is to consume clock and memory, that auto-respawns and that has no documented uninstall process. For shame, MS.

There's a whole WORLD in a mud puddle! -- Doug Clifford

Working...