Forgot your password?
typodupeerror

Microsoft Misrepresenting WGA's Functionality? 458

Posted by Zonk
from the first-time-for-everything dept.
Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."
This discussion has been archived. No new comments can be posted.

Microsoft Misrepresenting WGA's Functionality?

Comments Filter:
  • by pawstar (930281) on Sunday June 11, 2006 @06:39PM (#15514051)
    And what can us consumers do about it? If we refuse it, we don't get updates. This is punishing us the legit users, while pirates will still be laughing at M$'s latest attempt at stamping them out!
  • by FudRucker (866063) on Sunday June 11, 2006 @06:41PM (#15514057)
    RE:"And what can us consumers do about it?"

    swich to something better, nobody is forceing you to use microsoft's product http://linux.com/ [linux.com]
  • by Anonymous Coward on Sunday June 11, 2006 @06:41PM (#15514058)
    I don't know why this is even an issue these days. People, do yourselves a favor! Stay away from Microsoft!

    For most needs, Linux, Mac OS X, Solaris, and BSD are more than suitable. And far cheaper!

    If you depend on software that only runs on Windows, petition the developers to create a Linux/Solaris/BSD/Mac OS X edition, or a port to those platforms. Say straight out that you do not want to use Windows, but you do want to use their software. Give them an alternative they can contemplate.

    There is no need to become a victim to Microsoft, especially when they put the security of your data at risk. This WGA nonsense is the sort of thing that businesses just shouldn't have to deal with. And thankfully they don't. Between Solaris, Linux, BSD and Mac OS X, there are many alternative, professional operating systems out there for them to use.

  • by plasmacutter (901737) on Sunday June 11, 2006 @06:44PM (#15514066)
    well?... last time some software package was reported doing this it was labelled spyware and the company was prosecuted..
  • huh (Score:4, Insightful)

    by Anonymous Coward on Sunday June 11, 2006 @06:44PM (#15514068)
    do we really need a play-by-play commentary of some jackass installing an update? 17 pages of ads and shit.
  • by Anonymous Coward on Sunday June 11, 2006 @06:46PM (#15514074)

    the question is when are the anti-malware community going to step up to the plate and provide protection from this software

    the fact its made by Microsoft should be irellavent, just analyse the behaviour of the application and judge it on that

    communicates unique information at any time to an American based advertising company (msn anybody?) with you the user having no idea of what data and what the implications are of giving this company that data

    can your business really risk an application like this on your systems ? are you prepared for the consequences of letting this program run unchallenged inside your companies infrastructure ?

  • Re:Sad... (Score:5, Insightful)

    by plasmacutter (901737) on Sunday June 11, 2006 @06:46PM (#15514075)
    but they are not allowed to misrepresent its nature or what it does to consumers, that is called fraud.
  • Re:ok (Score:5, Insightful)

    by nuggetman (242645) on Sunday June 11, 2006 @06:48PM (#15514077) Homepage
    It's not the fact it's there, it's the fact Microsoft is not properly disclosing everything it does. This has nothing to do w/ the anti piracy isuse.
  • by Donniedarkness (895066) <Donniedarkness&gmail,com> on Sunday June 11, 2006 @06:51PM (#15514086) Homepage
    ...why they have to install a piece of software to determine whether your copy of Windows is legit or not. Why not just run a check online when you're doing updates? There's GOTTA be more to this...
  • Re:Un-American (Score:3, Insightful)

    by caryw (131578) <[carywiedemann] [at] [gmail.com]> on Sunday June 11, 2006 @06:51PM (#15514087) Homepage
    Unfortunately your sarcastic comments have more truth in them than you suppose. America these days certainly isn't "for the people" but "in protection of big business." Yes, the economy would take a serious hit if Microsoft, ExxonMobil, and other major players were suddenly replaced by free alternatives, but in the long run the economy would be much better off. America needs to INNOVATE and discover brand new ways of doing everything instead of relying on the safe, profitable methods that they're used to.

    If ExxonMobil figured out how to run a combustion engine on water (seperating the Hydrogen and Oxygen obviously) do you really think that they would share it with the world? Of course not! It would ruin their current business model.

    What these super-companies can't fully comprehend, however, is that any little startup business with an innovative can change everything. Innovation doesn't come from big business anymore, it comes SOLELY from the little guy. And is slowly becoming less and less American.

    Every business is futile to innovation. There is no stopping it, only delaying. It must be embraced.

    Sorry, /rant
    --
    From Northern Virginia? Check out Fairfax Underground.com [fairfaxunderground.com]. Includes free database of arrests by the the Fairfax Police
  • Re:huh (Score:5, Insightful)

    by BrynM (217883) * on Sunday June 11, 2006 @06:58PM (#15514107) Homepage Journal
    do we really need a play-by-play commentary of some jackass installing an update? 17 pages of ads and shit.
    Agreed. I won't even read content from ZDNet at all anymore. 17 pages is insane (thanks for letting me know how many I avoided). Even with blocking the ads and repaginating the article into one page, ZDNet assumes that the format is acceptable to users because the article generates hits. They won't change it when they think "it's still working". I've tried to complain to them as a (now former) print customer of their periodicals for years and a web user. They don't respond, so I assume they don't care. Calling them just leads to the phone-forward-runaround of "I'll connect you to...". They used to be a good company with good content, but now they are just ad whores (like most consumer computing sites - TOM!). /rant
  • by WWWWolf (2428) <wwwwolf@iki.fi> on Sunday June 11, 2006 @07:02PM (#15514124) Homepage

    Now, I have one purely academic question related to this.

    Can it work on reverse?

    In other words, suppose we have a piece of spyware that installs itself as an IE extension. Can it mark itself to have same sort of "stickiness" as the WGA add-on?

    If so, it might be a bit of a headache for spyware-cleaner types...

    And a practical corollary to that academic question, and a follow-up to your instructions: Exactly how long before there will be a tool that allows you to nuke an IE extension from the orbit, no matter if it's WGA or not?

  • by Anonymous Coward on Sunday June 11, 2006 @07:05PM (#15514134)
    "swich to something better, nobody is forceing you to use microsoft's product http://linux.com/ [linux.com] [linux.com]"

    If true, does that mean that the DOJ erred in calling Microsoft a "monopoly"?
  • by Anonymous Coward on Sunday June 11, 2006 @07:10PM (#15514150)
    Yeah.. they say it's not spyware, because it's not malicious but real spyware really isn't malicious in the sense that a virus is. It just connects to the internet to let someone know what you're doing, without you knowing about it.
    In what way is this less malicious than say, bonzi buddy? I guess MS assumes that you trust them, but I bet claria (right?) considers themselves trustworthy too.

    And really.. the only people who pirate windows these days either do so because they build their own machines, or they were screwed by someone who sold them a machine with an illegit install. The first group is probably miniscule in comparison the amount of windows sales, and in the second case screwing the user is not really fair anyway.

  • by agent dero (680753) on Sunday June 11, 2006 @07:11PM (#15514153) Homepage
    You're right, a company can be prosecuted for this.

    Microsoft is not a company, go to any state building or federal building in the nation, and find out what they're running. You're talking about a corporation that has settled antitrust lawsuits with licenses and lockin [com.com].

    If Sony doesn't get it's ass handed to them for rootkits, why would you think Microsoft would receive any punishment at all?
  • by suv4x4 (956391) on Sunday June 11, 2006 @07:20PM (#15514175)
    When I read this, I thought, this has GOT to be a joke:

    Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update.

    Where did WGA come from? Auto Updates. What does Auto Updates do? Downloads executable code and makes it a part of your Windows OS.

    "Shocking facts" like those really put Slashdot editors low in my eyes.
  • by Animats (122034) on Sunday June 11, 2006 @07:38PM (#15514224) Homepage
    I'm still running Windows 2000 on the Windows machine. I have the latest version of OpenOffice, the latest Firefox, the latest Blender, etc. and they all run fine, which is what matters. And I don't have to put up with whatever new stupid thing Microsoft does on XP, where your machine is a slave to Redmond.

    Letting the vendor have a backdoor into your machine is really risky. If you're in a financial institution, is the vendor bonded? If you're a healthcare provider, is the vendor HIPPA compliant? If you're in a law firm, are any of your clients competitors of Microsoft? You have no contractual guarantee that somebody at Microsoft, or elsewhere, isn't using that backdoor in some interesting way.

  • by Ada_Rules (260218) on Sunday June 11, 2006 @07:47PM (#15514260) Homepage Journal
    A few weeks ago, one of my computers started claiming it was a pirated version of windows. Seemed odd since it is more than a year old and has been claiming it was a valid copy all of this time.

    I poked around trying to figure out what was wrong.. Didn't see anything. I clicked the "get legal" or whatever it says button at login but nothing ever happened. I eventually remembered that this particular computer had locked up on reboot the week before on a Tuesday and thought perhaps it had something to do with the latest updates from MS. I uninstalled the last few updates I could find. Rebooted, reinstalled them and eventually everything came back to normal and no more complaints about an illegal copy.

    I hope this never happens to aunt Tilly. I wonder when XP will really be ready for the desktop.

  • Re:Better... (Score:5, Insightful)

    by hackwrench (573697) <hackwrench@hotmail.com> on Sunday June 11, 2006 @07:47PM (#15514261) Homepage Journal
    I wish people would quit acting as if anything was unqualifiably better. Life consists of trade-offs but to hear some people talk, life would just be a bowl of cherries if one were to just do this or that... Sheesh... Yes, Linux is better in some ways, but there's that trade-off thing at work there.
  • Re:Un-American (Score:4, Insightful)

    by slashflood (697891) <<flow> <at> <howflow.com>> on Sunday June 11, 2006 @07:59PM (#15514296) Homepage Journal
    You know that http://www.shelleytherepublican.com/ [shelleytherepublican.com] is satire? If not, you should have read the "meaning and purpose" page. It is gone now, but you can still find a lot of references here [google.com].
  • by zoney_ie (740061) on Sunday June 11, 2006 @08:14PM (#15514356)
    I don't use auto updates, so at least in theory, Microsoft can't do such a thing to me at present.

    However, if I install this, I have no choice (leaving hacking it aside) but to give Microsoft that capability. It is not removable (through ordinary means), and allows Microsoft access to your machine in an even less transparent way than fully automatic updates.

    This is definitely a large step beyond automatic updates, and is far more sinister.
  • by thrillseeker (518224) on Sunday June 11, 2006 @08:21PM (#15514374)
    Why punish legit users?

    Because Microsoft has never been punished for doing so.

  • by Adam Hazzlebank (970369) on Sunday June 11, 2006 @08:34PM (#15514405)
    true, but to be honest you could say the same things about any operating system/software you don't have the source code to and/or hasn't been given independent security checks. You have no guarantee that it isn't going to phone home and give away all your data at some point.

    At the end of the day, if those sort of concerns are important to you, you should probably only be connecting to the Internet through an extremely strict firewall, if at all.
  • by pimpimpim (811140) on Sunday June 11, 2006 @08:42PM (#15514425)
    I hope this never happens to aunt Tilly. I wonder when XP will really be ready for the desktop.

    And if it happens to aunt Tilly, you'll be the one spending part of your free time to fix it. Is this taken into account for in the Total Cost of Ownership studies of Microsoft? XP is not ready for the desktop. From windows 98 it "advanced/regressed" to something that has less direct stability issues is more complicated to maintain as a whole. Furthermore it has lots of amazingly distracting features, just these pop-up balloons that mention if a network cable is plugged/unplugged, an upgrade should be installed or whatever. Most non-tech people I know really start panicking when these things occur. Actually a friend told me once that out of nothing she got a pop-up saying that an update had been installed, and the computer needed to be rebooted. I tried to find out afterwards what it could have been, it might have been a malicious website, program, or something legitimate. Normal "desktop users" have lots of troubles handling all this crap, and even the techies have.

    I don't own OS X, but from what I've seen of it it's probably the closest to "OS ready for the desktop" as you can get. The most elegant thing of it all is how you can combine easy and consistent GUI interfaces with command lines for solutions that need more coding. Genious!

  • Re:Un-American (Score:2, Insightful)

    by dprohics (981758) on Sunday June 11, 2006 @08:50PM (#15514448) Homepage

    Innovation doesn't come from big business anymore, it comes SOLELY from the little guy

    You saying ALL innovation is coming from the little guy? Dam that little guy must be good.

    Big business spend an incredible amount of wealth on R&D campuses around the world. If they weren't delivering, you can be rest assured they would be downsived in an instant.

  • by Blue Stone (582566) on Sunday June 11, 2006 @08:51PM (#15514451) Homepage Journal
    As of, I don't know when, the above hack is no longer working. I found this out by trying it before following the link to mydigitallife.info, which says, well, what I've just said:
    Latest Update: The patch no longer working. For complete listing of more ways to bypass the new WGA update, check it out here [mydigitallife.info].
    The stuff about renaming/disabling wgatray also seems to be redundant now.
  • by The Evil Evil Muppet (857282) on Sunday June 11, 2006 @08:55PM (#15514467) Homepage
    As I've already posted (http://blogs.itoperations.com.au/chris/general/mi crosofts-fueling-of-the-fud/ [itoperations.com.au]), this is only part of a bigger issue. Microsoft have a history of trying out new technologies designed to restrict end users' activities. The XBox, Office's activation requirements and so on. We've already had a number of clients who all paid for Windows XP Pro licences coming to us to fix WGA's insistance that their copy isn't genuine. This is another part of the problem - some of our clients don't see why they should pay us to fix the problem, whilst others don't see the implications this sort of "update" has for their privacy.
  • by Anonymous Coward on Sunday June 11, 2006 @09:26PM (#15514581)
    I'd had the idea of moving to Linux floating around in the back of my mind the last few years and this finally provided the impetus to get going.

    Wow.

    After spending the last hour rooting around reading info and checking out distribution sites I am stunned at the amount of work it would take to make the move.

    I'm not saying it should or even could be easy to get a new system running in a different OS, and I acknowledge that Windows is not different. But I guess my point is it was easy to overlook that I've already invested all that time and effort once, and now I'm really doubtful I want to or even have the time for a do over.

    I guess at this point I'm feeling like when you're 10 years into a so-so marriage. Sure you might like to leave and try something better, but when you step back and look at all the effort that will go into getting divorced and setting yourself up in a new marriage and then wonder if at the end of the day you'll just be trading one set of problems for a new, different set of problems with someone else.
  • Re:Better... (Score:5, Insightful)

    by killjoe (766577) on Sunday June 11, 2006 @10:31PM (#15514788)
    Yes. You trade off some functionality and eye candy for freedom. Any takers?
  • Re:Trade-offs (Score:3, Insightful)

    by Korgan (101803) on Monday June 12, 2006 @01:19AM (#15515291) Homepage
    A while ago Adobe started a survey asking whether people wanted a Linux port of their mainstream applications (Photoshop/Flash/Illustrator and so on.)

    I suggest you get in touch with Adobe and see if they have released or actioned on any of the results of that survey. There might even still be the opportunity to participate in it.

    I think Adobe's (and most other dev houses) biggest issue right now is that they don't think there are enough people to justify porting their applications. If enough existing users started discussing it seriously with Adobe, I'm sure they'd be very willing to listen. They actively asked for info in the past.

    I understand your issue. The applications you need don't exist on Linux yet. Thats not a fault of the various Linux platforms however. More a case of companies needing to be made aware that there are people who would buy their software if a Linux version existed.

    Library hell can be avoided by static linking at compile time. Is kind of like including MFC DLLs with your applications, but a lot cleaner. ;-)
  • by TheNetAvenger (624455) on Monday June 12, 2006 @01:21AM (#15515297)
    It's also the one thing MSFT won't do. Not even with Vista. They are keeping activeX and while they are trying to use their fine grained permissions control as a basic level they are finding that it doesn't work well. (just look at all the reviews on the vista Beta, 7 steps to delete an icon?)


    This is already outdated information and partially incorrect. ActiveX is severly disabled and limited even in WindowsXP at this point. To install an ActiveX control after SP2 takes the user to approve it, and that is if ActiveX is even enabled.

    Secondly, the UAP in Vista is 'still' changing, even the Beta2 of Vista does not fully represent the level of protection.

    UAP throughout the beta cycle of Vista has been a 'big' work in progress due to the strict enforcement of the NT security model that applications were never forced to adhere to on XP, as they probably should have been even if would have made a lot of applications fail to run properly.

    Your information about the 'amount of clicks' to delete an icon is also outdated and wrong. You can find videos at www.microsoft.com that demonstrate the changes in the UAP even since Beta2, and no longer are 'several' prompts required to do anything, in fact UAP is less annoying than 'admin' or 'root' prompts in *nix or OSX at this point. Also since there is no user equivalent to a 'root' account AT ALL on Vista, it offers even a higher level of security past the older *nix model.

    As in XP and past version of NT, Administrators were semi-equivalent to root in the *nix model; however this has changed, and even the highest level Administator account still does not have uncontrolled 'root' access. (This is why in earlier versions like Beta2, there were several prompts to confirm operations that required root level access.)

    Also everyone here that is not familar with the ActiveX locks and protections introduced with SP2, should look this information up if they are dealing with customers or working with XP at all. As WindowsXP stands now it is harder to get an ActiveX control to install and run than it is to fake a MIME type to get something to run on OSX and several *nixes.

    ActiveX is truly not a problem since it was locked down with SP2. Calling for it to be abandon is also not an intelligent way to address the issue, as there are still viable uses for it in corporate environments and where users need more than browser level functionality. In this regard it is NO different than Plug-in technology that everyone here uses in their browsers on other platforms, and not that it has to be user approved and installed like a plug-in is not any more dangerous.

    (In the past, I agree that ActiveX was dangerous as it could self install or applications could elevate ActiveX permissions, but this ended with SP2, putting it on the same level of any other downloaded application or plugin type of technology.)

    It is easy to pick on MS for not enforcing the NT security model for application compatibility with Win2K and WinXP; however, to pick on MS about Vista because it is 'too' secure is stupid.

    In your post alone you argue that MS is not being secure enough and then in the next paragraph you are arguing that they are too secure. Pick a reason to hate them and stick with it.
  • by HoboMaster (639861) on Monday June 12, 2006 @02:31AM (#15515409)
    Yes, because switching operating systems and being able to use everything you need is as simple as just installing it. You don't have to find programs or anything, everything just magically appears.

    Switching OSes takes hours of work and it will be weeks before you have everything working properly and the way you like it. Add on top of that possible hardware issues (I never switched to Linux because every time I mess around with it, I am reminded how terrible ATI Linux drivers are and that there aren't drivers for my Broadcom chip wireless card).
  • by RzUpAnmsCwrds (262647) on Monday June 12, 2006 @02:43AM (#15515429)
    Kill off Active X and add a simple yet effective file seperating on the Filesystem layer and the majority of windows viruses problem will vanish.

    Statements like this indicate that you don't undersand how viruses work. A virus can do plenty of damage running as a normal user. Your home directory is probably far harder to replace than the rest of your OS, but no special privileges are required to wipe it out. You don't need root to become a spam zombie, to install extensions or plugins in Firefox, or to steal all of the confidential information that is invariably lurking in your cookies, bookmarks, web cache, and personal documents.

    At no point does an email virus require root access. And if it did, it could just ask for the root password - you can bet that at least 50% of users would give it up without a second thought.

    Believing that permissions solve the virus problem indicates that you don't understand the amount of damage that can be done even with a limited user account.
  • Re:Trade-offs (Score:3, Insightful)

    by Kadin2048 (468275) <<slashdot.kadin> <at> <xoxy.net>> on Monday June 12, 2006 @01:22PM (#15517934) Homepage Journal
    No, the solution is to change OS'es every 20 years or so.

    Seriously: there's no reason why there ever has to be a "one true OS." In fact, I think that sort of thinking is harmful, because it could prevent a newcomer from gaining a foothold. Even Linux makes some basic assumptions about how a computer operates that could be challenged down the road.

    This is why I'm a fan of openness in data storage formats even more than I am in source code or operating systems: as long as people have the ability to move from one platform/OS/software-package to another, we're in good shape. It's the vendor lock-in that's the problem, and honestly I think once the dominance of Windows is broken (don't ask me how long that will take, but it will happen eventually) I doubt that such a situation as we have today will ever repeat itself.

    If you have openness in data storage, people can change OSes every decade or so without penalty aside from repurchase and retraining. While significant, they're not enough to outweigh a significant benefit in design or technology. However, access to years of stored data would be.

Heisenberg may have been here.

Working...