Forgot your password?
typodupeerror

Microsoft Sued Over WGA 460

Posted by CowboyNeal
from the phoning-home dept.
Hope Thelps writes "The Seattle PI is reporting on a lawsuit being brought against Microsoft in response to their WGA spyware. Groklaw is also covering the story. Although there are a lot of similarities to Sony's rootkit, the actual harm done is less concrete. It'll be interesting to see how this turns out."
This discussion has been archived. No new comments can be posted.

Microsoft Sued Over WGA

Comments Filter:
  • Interesting... (Score:5, Insightful)

    by Utopia (149375) on Thursday June 29, 2006 @09:50PM (#15633409)
    Sued by the same moneymonger who sued Sony.

    • Re:Interesting... (Score:5, Insightful)

      by CastrTroy (595695) on Thursday June 29, 2006 @09:57PM (#15633438) Homepage
      Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.
      • Re:Interesting... (Score:5, Insightful)

        by Atraxen (790188) on Thursday June 29, 2006 @10:10PM (#15633512)
        Personally, I'm more interested in seeing justice served than a particular outcome (i.e., Microsoft getting slapped). That's how the game is supposed to work. If we don't like the outcome, we need to examine the rules. Calling for particular outcomes against someone because you don't like them/their approach to X/their politics is the root of partisan politics/hackery, and so (while you may agree with what I'm saying broadly, but were speaking from frustration with MS), I'm calling you on it.
        • Re:Interesting... (Score:4, Interesting)

          by TheViewFromTheGround (607422) on Friday June 30, 2006 @12:52AM (#15634188) Homepage
          Personally, I'm more interested in seeing justice served than a particular outcome (i.e., Microsoft getting slapped). That's how the game is supposed to work. If we don't like the outcome, we need to examine the rules.

          That's a commendable sentiment, but I can find no fault in calmly asserting one's vision of a just outcome prior to a court's finding. The "game" in this case is fundamentally adversarial, with various parties pushing for particular outcomes. Members of the public can and often should be party to cases in that sense, so long as they don't tamper with the court to achieve a particular outcome via unethical means. Threatening a judge or a witness would be unethical; voting for a judge who you think would do a good job would be ethical.

        • Re:Interesting... (Score:4, Informative)

          by Red Flayer (890720) on Friday June 30, 2006 @08:30AM (#15635395) Journal
          Hey you know what? His opinion is valid. If he feels personally wronged by Microsoft, he is perfectly justified in wanting Microsoft to get slapped. If he feels there is overwhelming evidence that Microsoft has wronged others, he is perfectly justified in wanting Microsoft to get slapped.

          His stated opinion was not about frustration with MS -- it was about frustration with this particular action by MS.
      • Re:Interesting... (Score:5, Insightful)

        by Zemran (3101) on Thursday June 29, 2006 @10:42PM (#15633657) Homepage Journal
        Would you care if it was someone paid to put a bad case forward knowing that when it fails they can say 'look how good we are' and anyone else will think twice before taking similar action?
      • Me too. I love when lawyers teach people a lesson by getting rich.
      • Frankly I don't care who's suing them. I hope that many people jump on the bandwagon to sue them. I would like to see them fight it out to the end, instead of taking a settlement. I want a verdict against Microsoft. Something that stops them or other companies from doing things like this in the future. However, most people are only after the money, and hence will just take a settlement. Nobody is in it because they think MS is a bunch of assholes and should pay.


        In other news, Jack Kevorkian sued the developers of the POSIX-compliant 'NUX commandline program "killall", citing that the application didn't really kill "all" the programs on the computer but instead should be renamed to "killnothingbut". This intellectual Advantage(TM) of Kevorkian stemmed from his introduction of the oft'quoted uber-leet commandline tool "kevork" which injects null pointers into the code and data segments of all programs that are non-responsive to the "TERM" and "KILL" flags. Kevorkian was unable for comment on whether this is a closed or open-source application, though it was rumoured by his assistant that it is a simple library replacement with a namely-fassioned symlink to killall that the library determines based at runtime with argv.

        Sincerily,
        John "kill'em'all" Dahmer
      • by WindBourne (631190) on Thursday June 29, 2006 @11:23PM (#15633828) Journal
        It has been eons since I read the EULA, but it basically says that MS owns the systems. That means that they can do whatever they want. OTH, sony or any 3rd party who does not have explicit permission from MS can then be sued. Oddly enough, if MS and Sony had not been fighting over playstation/xbox, MS probably would have given permission.
    • Re:Interesting... (Score:3, Informative)

      by wbren (682133)
      Wait... so he's selling [reference.com] money?
    • Re:Interesting... (Score:5, Insightful)

      by killjoe (766577) on Thursday June 29, 2006 @10:51PM (#15633692)
      When you are trying to get money from a large corporation you are a moneymonger. When you are trying to get money from consumers you are a capitalist.
  • Waste of time (Score:5, Insightful)

    by p!ssa (660270) * on Thursday June 29, 2006 @09:55PM (#15633430)
    whoopie, M$ loses and donates another $1,000,000.00 worth of software to some high school system or third world country as retribution (at a cost of about 35 cents to the evil empire).
  • by od05 (915556)
    It came as a Windows Update, if you wanted to protect yourself you should have turned automatic updates off...
    • I told Windows to download and not install updates, this one installed itself. On another machine I had notify only, and it downloaded and installed this one as well, even rebooted without my approval. It was not a typical update.
      • by edwdig (47888) on Thursday June 29, 2006 @10:15PM (#15633539)
        I've got my machine set to notify only, and it never installed it. I told it not to install it, and it asked if it wanted me to not be shown the update again. I said yes, and it stopped showing it. It only comes back in the update list if there's a new version of WGA - or at least every time it's reappeared, it happened to coincide with a Slashdot story saying MS changed something about WGA.
      • by malakai (136531) on Thursday June 29, 2006 @10:16PM (#15633544) Journal
        Call BS on this one.

        I would have seen that behavior on one of hundreds of PCs. I have not.

        You're either posting for FUD, or your machine isnt' configured how you think it is.

        Or the problem is between the keyboard and the chair.
        • I double checked the configuration when I saw the "shutdown to install upgrades" option... and the machine that rebooted itself claimed to be configured to notify only. Could be user error, no way to really prove it now.
      • Ummm... What? I've got the little automatic update notifier in my tray and guess what the only update is? WGA. It has yet to make my machine reboot. Perhaps your machine rebooted after the download was finished for some other reason and the update was applied then.
      • I have Windows update set to download and then prompt before installing. WGA did not auto-install itself. However, the KB900485 [microsoft.com] update [microsoft.com] did install itself without prompting. I just found out about it from the shutdown message. One friend said that it also installed without prompting on his computer. I did a search and found that it installed for some other people too.
      • To prevent this in the future, you can run the following command:

        sc config wuauserv start= disabled


        Follow this with either net stop wuauserv or a reboot. (Yes, there was a space after the equal sign, and it needs to be there.)

        For businesses where disabling automated updating is not feasible, deploy SUS throughout the domain. Note that the client's update settings are irrelevant if SUS is properly deployed. This may be one of the causes of some of these otherwise inexplicable updates.

        Disclaimer: IANA
    • by kebes (861706) on Thursday June 29, 2006 @10:05PM (#15633476) Journal
      It came as a Windows Update, if you wanted to protect yourself you should have turned automatic updates off...
      I'm not sure that arguments works. After all, for spyware one could argue "You installed the application (or clicked yes or whatever), if you wanted to protect yourself you should have not installed it." For some spyware/adware/malware, the EULA even indicates that "additional software" will be installed. It is buried in documentation, but the information is there. This doesn't prevent it from being spyware/malware or whatever. The fact is that when something is installed in a circuitous or obfuscated way, it is not really what the user agreed to.

      In the case of Windows Updates, I would argue that it is even more out of the user's control. For alot of malware, you have to click "yes install" at some point. For Windows Updates, the recommended state is to "automatically download and install in the background." In theory a user could examine each and every update to figure out what they all do, but in practise the actual purpose of each update is heavily obfuscated. Worse yet, in the case of WGA, once you allow it to install (it seems innocent enough at first), it is used against you to force further installations.

      Frankly the tactic Microsoft is using in their updates is not ethical. Everyone is told to do their Windows Updates (for security reasons), and Microsoft is exploiting this to slip in some other software that the user does not necessarily need. Worse yet, this software sends back information to Microsoft HQ without user permission. If this does not count as spyware, I don't know what does.

      I hope this lawsuit makes Microsoft wake up to the illegitimacy of their tactics.
      • I wouldn't have a problem with WGA if it were flagged as anything other than "critical". This update is not critical in any respect other than Microsoft's bottom line, and this is where Microsoft pisses me off.

        If MS wants to make WGA validation required for any updates that add features (WMP 11, DirectX 10, etc), then I'm all for it. They add something to the product, they get to pick the terms under which they make it available to existing users. It's not in line with the free software philosophy, but
    • How is this different from how people normally get spyware? With the default configuration of your browser you go to some website that you (probably wrongly) trust, and something is installed on your computer without your knowledge. In this case, it's the default configuration of windows, and the "website" is Microsoft. You could argue all you want that you should have turned of ActiveX/not installed flash/used firefox instead of IE, but that doesn't prevent it from being spyware, so how does the fact that
  • Hopefully.... (Score:5, Insightful)

    by meh13579 (975202) on Thursday June 29, 2006 @09:57PM (#15633437)
    win or lose this will deter Microsoft from using wga to shut down any unlicensed (or otherwise) computers...for a while at least.
    • What would be the problem with shutting down unlicensed computers?
      • Re:Hopefully.... (Score:3, Interesting)

        by RedACE7500 (904963)
        Since when do we need a licence to use a computer?
        • Re:Hopefully.... (Score:5, Insightful)

          by bcat24 (914105) on Thursday June 29, 2006 @10:04PM (#15633472) Homepage Journal
          You don't. You do need a license to run Windows on that computer, though. (Yeah, it sucks, but it's true.)
          • actually, no.

            17 usc 117 provides you with all the legal right you need to make all copies needed to actually *use* the application...you don't need a license from microsoft to "copy" windows to run it.

            i'm not a lawyer, but i can read.

            (a) Making of Additional Copy or Adaptation by Owner of Copy.-- Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program pr

            • It does say owner which generally means you have to be licensed (you don't own the actual program really). If you have a licensed copy, you can make all the copies you want of the disc as long as you don't make unauthorized use of it. Nobody's had the balls to go up against MS over their EULA or licensing so that means whatever is in the EULA or license for now.
  • Hmm... (Score:5, Funny)

    by Cytlid (95255) on Thursday June 29, 2006 @10:00PM (#15633454)
    "I just only wish there was an alternative..." typed the man in his slashdot repsonse on his Linux workstation.
    • Yeah, really. Something like Ubuntu is good enough for most users with broadband (I don't know about Linux dial-up internet providers....) and so is OpenOffice for a lot of things.

      I understand if you absolutely have to use Windows for work, but even at home you can dual-boot. Before people trot out the games argument - yes, I know, but it really depends where your priorities are at. Games aren't my prioritiy, I might buy a Wii for that.

      But instead, people will bitch and complain endlessly and keep using
      • Something like Ubuntu is good enough for most users with broadband (I don't know about Linux dial-up internet providers....)

        (-1, Moron): How can you find slashdot and complete miss that dialup ISPs use PPP, and Linux distros almost always come with pppd?

  • The Issue Of Money (Score:2, Interesting)

    by thecommenter (985914)
    So what exactly are they going to sue for, like 1/30000th of Microsoft's money? This is why no one can ever successfully sue Microsoft.
  • by HotBlackDessiato (842220) on Thursday June 29, 2006 @10:02PM (#15633467)
    How can an official component of Windows be spyware? It's their operating system, they allready own you if you use it. Pull down your pants and get it over with allready.
  • Microsoft's Response (Score:5, Interesting)

    by Anonymous Coward on Thursday June 29, 2006 @10:02PM (#15633468)
    A Microsoft spokesman, Jim Desler, agreed with the allegations. "Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said.

    Well, actually he claims to have disputed the allegations, but then he said what's quoted above, and finally (to the press corp's horror and astonishment), proceeded to shove his entire foot, ankle, and leg (up to his knee), firmly down his own throat.

    Let's break this down:

    [x] Deceptive software...check!

    [x] Installed without user's consent...check! (Well, basically with as much consent as any other spyware package, so I think there's a good case to be made for this point.)

    [x] Malicious purpose...check! It beams data back to the mothership every day and can be used to remotely break the computer. I think that qualifies as "malicious."

    So apparently by Microsoft's own admission, WGA is spyware.

    I'd personally argue for a more expansive definition of spyware (or malware, or scumware, etc...), but even given the relatively constrained definition proposed by Microsoft itself, WGA seems to qualify.
    • Clear notice that this was an optional install. I could have elected not to install it and had my machine function as before. I had to read a statement and check a box saying I understood and agreed.

      We can argue the merits of the actual software that is installed.
      • I could have elected not to install it and had my machine function as before.

        It misrepresented itself as a critical security update, according to reports, so what do you think the average user would do? (assuming that they run updates at all).

      • by ipfwadm (12995) on Friday June 30, 2006 @12:09AM (#15634022) Homepage
        Clear notice that this was an optional install. I could have elected not to install it and had my machine function as before.

        Let's see... I just ran Microsoft Update, then I clicked "Custom". It tells me:

        To use Microsoft Update, you must first install the latest version of some Windows components. This will allow your computer to work with these new features on the site:
        • More updates: Get updates for Windows and for popular Microsoft programs such as Microsoft Office in one place.
        • Faster updates: The latest Windows Installer (MSI) improves the way updates are installed, delivering updates in the smallest possible packages in the shortest amount of time.
        • Easier navigation: Now you can find updates by priority or by product while helpful links and important messages help ensure you are installing all high-priority updates for your computer.
        No mention of WGA. So I click "Details" and lo and behold, it's the WGA Validation Tool that I must install. My only option is "Download and Install Now". There is no skip, ignore, anything. So as far as I can tell, in order to continue receiving updates, I must install this spyware. I don't feel that that qualifies as an "optional" install.
    • by arminw (717974)
      ....can be used to remotely break the computer.......

      If WGA really is a hook by which a computer can be disabled, then it is only a matter of time, before some nasty hacker or terrorist figures out how to use this hook and turns millions of Windows systems into doorstops.

      A good reason to buy a Mac and perhaps use Windows only in a virtual window when a Windows only program MUST be run. The virtual PC can be permanently barred from using any routable network address and thus not need all those updates at all
  • by jonr (1130) on Thursday June 29, 2006 @10:05PM (#15633475) Homepage Journal
    A: On a pile of money.
  • by Jackmn (895532)
    Is '... in response to their WGA spyware' really necessary? Provide the information and let the readers make up their minds.
  • >> the actual harm done is less concrete...

    No shit, there's no harm done at all.
    • by kebes (861706) on Thursday June 29, 2006 @10:26PM (#15633580) Journal
      1. WGA communicates with Microsoft HQ. The information transferred may or may not be 'sensitive' but this could be considered an invasion of privacy.

      2. Any program that uses up system ressources without performing a task explicitly requested by the user is harmful in the sense that it slows down the computer. This is one of the main complaints with spyware/adware: they slow down your computer for no purpose (or at least no purpose that you, the user, are interested in).

      3. WGA appears to effectively give someone else (specifically Microsoft) control over your machine (for instance the recently announced "remote shutoff" function). To the user, a program that limits their control of the computer (and gives someone else more control) is harmful. Note that the argument "but Microsoft would only shut off illegitimate versions of Windows" doesn't make any difference. Even if that's true, there is still a loss of control for the user. This is harmful to the user.

      To the same extent that any other piece of so-called "spyware" is harmful (installed in a tricky way; sends info back to some company; wastes CPU cycles and disk space; etc.), WGA should also be considered "harmful."

      The problem with WGA is that is not an update, security-patch, or feature upgrade. It does *nothing* for the user, and only installs in order to give Microsoft more control/leverage over your machine. From the user perspective, it is a net negative, hence harmful.
      • WGA communicates with Microsoft HQ. The information transferred may or may not be 'sensitive' but this could be considered an invasion of privacy.

        Hang about - presumably this is going on all over the world, right?

        How does it stand in those parts of the world with Data Protection laws?

        For instance, in the UK, the Data Protection Act is supposed to ensure that data is:

        * fairly and lawfully processed;
        * processed for limited purposes;
  • by MrSquirrel (976630) on Thursday June 29, 2006 @10:10PM (#15633510)
    Hey, at least the Sony rootkit comes with music!... this thing comes with worse: Windows!
  • by mark-t (151149) <markt@nOSPam.lynx.bc.ca> on Thursday June 29, 2006 @10:18PM (#15633549) Journal
    Since when does Microsoft have spies in the World Golf Association?

    DOH!

    Oh... was I supposed RTFA? But wait... this is slashdot.

  • by steve426f (746013) on Thursday June 29, 2006 @10:30PM (#15633603)
    I'm sure that I'm not the only one who hates all of the BS you get when you buy a new laptop/desktop. First thing I've always done with my Dell laptops/desktops is format, reinstall xp + linux. However, I got frustrated with the activation when I didn't always internet or the activation insisted i make a 30 minute call to MSFT to get a rediculously long key. Long story short, I used the ever-so-famous corporate copy + key (generated with keygen) even though I have XP Pro COAs on the systems. Now, a few years down the road WGA is going to force me to reinstall--now that I have many important business apps installed. How many others are in the situation of "invalid keys" with legit COA licenses?
    • by Zemran (3101) on Thursday June 29, 2006 @11:22PM (#15633825) Homepage Journal
      I use the same proceedure to install but I have a corporate copy that does not even ask for a key. I also have the file that disables WGA, you should be able to get it over the internet so do not change your policy just because the bully boy says so. The file is called twk-winupdatepatch.exe.
    • Now, a few years down the road WGA is going to force me to reinstall--now that I have many important business apps installed.


      You don't have to if you have a legal copy. You can always change the product key of an installed instance of XP using the registry and msoobe.exe. More info here: http://techrepublic.com.com/5100-1035_11-5034890.h tml [com.com]

    • If you buy a machine with an OEM copy of XP Pro on it, and then re-install with a corporate XP Pro cdrom, you've technically committed a software license violation unless you also bought a corporate "volume license" to cover it (yep, you actually have to pay for XP Pro twice in this scenario to stay legal) plus used your specific corporate installation key code that was assigned to your company when you bought the volume license. Otherwise you must use your original OEM licensed copy of XP install (or recov
    • Now, a few years down the road WGA is going to force me to reinstall--now that I have many important business apps installed.
      calum@womble ~ $ uname ; echo Ha Ha\!
      Linux
      Ha Ha!
      calum@womble ~ $
  • Remove WGA (Score:5, Informative)

    by cciRRus (889392) on Thursday June 29, 2006 @10:31PM (#15633608)
    Just thought that you guys might wanna know that Microsoft has came up with an article on removing WGA [microsoft.com].
    • Re:Remove WGA (Score:5, Interesting)

      by Critical_ (25211) on Thursday June 29, 2006 @11:19PM (#15633805) Homepage
      Just thought that you guys might wanna know that Microsoft has came up with an article on removing WGA.


      As covered in a blog posting [zdnet.com] by Ed Bott, the KB article Microsoft gave is a rush job and will confuse non-techies that may attempt it. He provides corrections but Microsoft is (at best) silly to have not had a third party verify the instructions.

      Also realize that contrary to the warning in the Microsoft KB article, if you choose not to install the WGA notifications "update" or remove it, Microsoft Update will force you to run another WGA test before granting you access to their Windows Update website. They won't even allow access to critical updates through the web interface in my testing with the web-based (ActiveX?) test. From what I understand, the access to the promised critical updates are only provided with their built-in update provider which has been responsible for all the WGA notification auto-installs. In other words, you can't win either way.

      As it stands, I've disable auto updates from System Properties->Updates and disabled the "security center" service from Control Panel->Admin Tasks->Services so it doesn't bother me about disabled auto-updates anymore. I have multiple Dell machines with OEM installations of Windows XP so I'm not concerned about failing WGA but I am concerned about all the reported crashes [edbott.com] involving WGA across forums and blog around the internet and the private information [groklaw.net] sent to Microsoft.

      Playing support-geek for family and friends only gets tougher with this stupid anti-piracy program. I'm disabling auto-updates and security center on every system while deleting WGA. Instead, once a month I ask my friends and family to run AutoPatcher [autopatcher.com] on their systems for all critical and optional updates. I've told them that they may not be able to use WGA protected software such as Windows Defender, IE7 Beta, or WMP11 and any other Microsoft download. All of them don't care for that stuff as they have better freeware or open-source alternatives. So far so good.

      Before anyone chimes in and says that people should switch to Linux, I'd say I agree in theory but not in reality. Educational software, scanner and digital camera software utilities, unique features presented in official IM clients such as VoIP and picture sharing, many Photoshop features, easy movie editors a la Roxio and Premiere, and desktop publishing software (i.e. Pagemaker) are not available for Linux nor do these people care to learn anything new after years of experience in many cases. For now there are workarounds and people will use them. If Microsoft implements a kill switch [zdnet.com] and starts nuking WGA-less but legal installations then many of these people will probably trash their computers and buy Apple before going to Linux.

      Lastly, this doesn't hurt pirates one bit. Within hours the latest WGA crack [demonoid.com] is available and it works or people just disable auto-updates and go towards AutoPatcher. For protected apps, cracked [demonoid.com] copies [demonoid.com] are available [demonoid.com]. So who loses? The general public who follows all the rules. I'm glad someone filed the lawsuit and I hope people will sign up as parties when the chance is given.
    • by Xtifr (1323)
      Here's a better article on removing WGA [ubuntu.com]. :)

      (I actually prefer this article on removing WGA [debian.org], or this one [freebsd.org], but I freely admit that they're not for newbies.) ;)
  • Good... (Score:3, Informative)

    by HTL2001 (836298) on Thursday June 29, 2006 @10:32PM (#15633609)
    I mean, I'd be just a little less bad (WGA) if it worked properly. I've seen most of my old HS's comps get the "not genuine" notice, and it takes a while to fix.
  • Here's a description of what the tool does.

    Computer with WGA: Hi, Mr. Remote Database!
    Microsoft Server: What can I do for you?
    Computer with WGA: Is this computer running a legitimate copy of Windows? The license# is ABCDE-12345-FGHIJ-67890-KLMNO.
    Scenario: Copy is licensed
    Microsoft Server: Let's see... yep, it's licensed!
    Computer with WGA: Alright then!
    Microsoft Server: Bye!
    Scenario: Copy is licensed
    Microsoft Server: Let's see... nope, this one's pirated.
    Computer with WGA: Well then.
    Com

    • by Anonymous Coward
      You forgot the part right after where it sends the key number where it sends a list of applications loaded on your system and your hardware configuration.
    • by Zarel (900479) on Thursday June 29, 2006 @11:13PM (#15633780)
      By your typo, you just answered your own question:
      Scenario: Copy is licensed
      Microsoft Server: Let's see... nope, this one's pirated.
      Computer with WGA: Well then.
      Computer with WGA: Hey $username, you don't have a legitimate license. Please go buy one.

      In other words, false positives. Also, doesn't it phone home every day or something? You'd think you'd only need to check once.
  • by Anonymous Coward on Thursday June 29, 2006 @10:49PM (#15633682)
    What peeves people so much about WGA is that MS pushed it out as a Critical Update, meaning that all machines with Auto Update install it without prompting. It is undeniably not a critical security update and to make matters worse it phones home. After taking some heat, MS then conceded that the installation of WGA will be optional (if by optional you mean selectively blocking some non-critical updates). It's still being pushed, but you don't have to install it. For those of you with your less than legit copies worried about not receiving updates, you can always download third-party update packs if you don't mind a bit of a delay. Not necessarily a bad thing considering that MS has been known for having to patch their patches. I'm not an MS fan, but not a huge hater. Just a strategically stupid time to ramp up WGA after the whole rootkit fiasco. I'm not an MS fan, but not a huge hater. Just a strategicly stupid time to ramp up WGA after the whole rootkit fiasco.
  • NOT SPYWARE (Score:5, Funny)

    by Anonymous Coward on Thursday June 29, 2006 @10:53PM (#15633703)
    Look everybody wga is NOT SPYWARE. I ran Microsoft Windows AntiSpyware Beta on WGA and it came up CLEAN. So drop it okay?
  • WGA removal utility? (Score:5, Informative)

    by kimvette (919543) on Thursday June 29, 2006 @10:54PM (#15633708) Homepage Journal
    http://www.firewallleaktester.com/removewga.htm [firewallleaktester.com]

    I CANNOT vouch for the legitimacy of that utility (so scan it first, try it on a staging machine, etc., YMMV, Batteries not included, and all that jazz). I just did a quick search for utilities for removing WGA, but being a Linux user I don't have much use for it myself. There are reviews of it on legitimate sites (for example, PC World) but then they've also unknowingly recommended scumware in the past as well.
    • by MeNeXT (200840) on Thursday June 29, 2006 @11:56PM (#15633965)
      You need no utility;

      1) Kill wgatray.exe in process in Task Manger
      2) Restart in safe mode
      3) Delete WgaTray.exe from Windows\System32 and Windows\System32\dllcache
      4) Lauch RegEdit and Delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
      5) Reboot
  • Won't work! (Score:4, Funny)

    by one_red_eye (962010) on Thursday June 29, 2006 @11:18PM (#15633804) Homepage
    The thing is my hijacked copy of Windows XP won't even download updates because it has an 'invalid key', so how are they going to deliver the WGA?
  • by thunderpaws (199100) on Friday June 30, 2006 @12:02AM (#15633993)
    There will be many arguments presented in court to validate both sides to this, but there is an aspect of this that the Microsoft loving trolls here will never admit. This WGA is doing just what a ton of malware/spyware/crapware is doing, which is exactly why Windows can never be secure.

    I would be curious to know how many Windows XP users are no longer able to validate their OS. I bought Windows XP Pro OEM when it first came out. 3 motherboards, 3 video cards, 4 harddrives, I forget how many CD/DVD-RW's, and 3 slipstreams, my Windows has been apparently installed on too many computers(?). I am told that this cannot happen, but oh well. I now use Mac and Slackware Linux.
  • by kicks-ass (977232) on Friday June 30, 2006 @12:10AM (#15634030)
    ............You own Windows
  • by SmackTheIgnorant (985978) on Friday June 30, 2006 @01:09AM (#15634251)
    Not flamebait. Please don't kill me.


    BUT... step back for a second. Forget the fact that they're a mega-conglomerate. Forget the fact that it's some giant company who you think might be out for world domination, one PC at a time.

    Instead, I think of it like this:
    You create a piece of software (Those of you who say what about "Sourceforge" or "freshmeat", back off for a few minutes... we're not talking OSS right now, we're talking commercial). You want some level of appreciation. You want to make sure that when people pay the $XXX for the software you made (And let's face it, we're talking a BUSINESS here, not a charity - you'll charge however much is possible, to keep it selling and get as much profit as possible).

    You also are not a bumbling idiot, you've used emule, bittorrent, google, and astalavista. You are, or know, that "Guy who has everything" for software. You've needed some minor piece of software, and could find / engineer a crack / keygen for it. You get it for free. If you DO have scruples, you know too many who don't.

    So you want to protect your software from the evils of "Oh, I can get it for free". Without protection, a couple days and it's spread around the net. You protect it, congratulations, you've bought yourself a week before a serial / crack is released. SO you lock it down good and tight. And hey, if there's something people without scruples love, it's the idea that "They say we can't, so we'll prove them wrong!". Besides, according to crackers / OSS fanatics / the immoral, ALL software should be free, you should be doing this in your spare time, and hoping that you'll get enough donations to live off of if we don't pay for it! (Wait.... they stole the software, but expect the owner to live off of donations, while they're not paying for it anyways?!).

    Solution: You use pre-packaged solutions to lock down your software, good and tight. It runs various checks against files for alteration. It might even dial home when run to make sure it's legit, disabling if not. Hell, I'd do it if I wrote still. Does that make you evil? NO! It means you want to protect your investment (Time, effort, energy, money, employees). But somewhere, somebody out there will find a way to defeat it. You've not bought "infinite protection", instead you've bought another month to come up with a better way of protecting your money (Goal here is to delay it as long as possible. Outright prevention is impossible, but delaying is entirely doable).

    So you use software to dial home and verify authenticity, check itself and other files to make sure that they're running and not tampered with, restore each other if necessary, and quite possibly re-confirm that they're authentic from the dial home. Does that make you an evil beast who deserves to die? Hell no.

    But wait, it's Microsoft. Oh, SCREW THIS! They're too big, make too much money, they're evil! Need to die. Who the hell do they think they are, trying to protect their stuff? They don't need the extra money, I feel good sticking it to them! Imagine, trying to make people pay for their stuff or make people feel bad for having stolen it.

    THE NERVE.

    • by Hope Thelps (322083) on Friday June 30, 2006 @03:40AM (#15634656)
      Good end evil don't come into it.

      Unacceptable behaviour isn't justified by saying that the perpetrator was acting in his own best interests rather than out of a desire to hurt people.

      If the electricity company thinks I'm fiddling the meter to get out of paying them what I should then there are some acts that are acceptable for them to resolve that and some that aren't. I'd say that entering my premises on the pretext of fixing a dangerous defect in the system and while they're here hiding a camera that relays images to them would be unacceptable.

      You may well not like the analogy or you may draw the line of acceptable versus unacceptable at a different point to me, but either way the issue isn't resolved by saying that they're not evil and they're just out to protect their own interests. We have to make judgments on what is and isn't acceptable in pursuit of those interests.

      To me, Microsoft have gone way over the line. You may disagree. But don't try to reduce it to a comic book battle of good versus evil and then accuse me of calling them evil.
    • So you're saying that it's appropriate for software companies to introduce methods which inconvenience legitimate users (WGA's false positives, CD checks...) for the sake of briefly slowing down the ability of pirates to copy and use it? That forever inconveniencing people who purchase your product is an acceptable price to pay to slow down pirates for a month? Sorry, but I disagree.

      When I buy a piece of software, I want to be able to use it without being hassled to repeatedly prove that I'm not a crimina
  • by l3v1 (787564) on Friday June 30, 2006 @03:04AM (#15634583)
    the actual harm done is less concrete

    Oh yes it is. I don't understand this thinking. Why, "harm" has to mean something really tangible, like breaking a leg or something ? I think not. The harm here does not cause some physically concievable defect - yet. But thing is, they did not tell the people what this WGA does (i.e. calling home every so often), they just told it when some people have found it out. Ok, I know how EULAs work, and how they probably could prove in court that they have every right to change their software as they see fit, still, when it is about using our computers to send _any_ information to _anyplace_ without asking us first, or if not asking then at least telling us about it, is just outrageous. I don't care what they send, I don't care how much or how small amount of information is in it, I don't care who they send it to, it just should not happen without asking us and letting us approve of disapprove the action.

  • WGA eats resources (Score:5, Interesting)

    by file terminator (985503) on Friday June 30, 2006 @05:46AM (#15634991)
    True story:

    I sometimes use my university's wireless network (whenever I bring my laptop). Since the university's IT lab has no way of knowing who is using what laptop[1], they redirect all initial traffic to a portal where you must log in (using the username + password you use on all other university computer systems). Point being, you get a network connection, but must log in to actually get where you want.

    Since I installed WGA[2] (at the point I was rather indifferent to it), every time I use the university's network I get 50 entries in the Application Log (error source: crypt32; description: "Failed auto update retrieval of third-party root list sequence number from: with error: [timeout/server cannot perform operation/error code]"). This happens before I have a chance to log in on the university network, which of course means that my laptop can't yet access said site. More annoying, though, is that svchost -k netsvcs starts eating memory like crazy; peaking at over 90 MBs and then falling down to 70-80 (used to stay at 20-30). This only happens when I use the laptop at the university; at home (where obviously no login is required) the process stays at 20-30 MB.

    I personally think that some "advantage" component that, when unable to access some site, causes a process to eat up 3-4 times the memory it usually does, taking up an extra 10% of the computer's physical memory in the process, is rather a DISADVANTAGE. I don't know how much memory spyware typically consumes, so I can't reflect on the comparison between WGA and spyware. 50 MB seems a rather hefty price for failing to communicate with some server, though.

    Maybe they should rename it WGD?

    [1] I guess a) setting up individual users' connections, including keys, is too much work, b1) collecting MAC addresses is too much work, b2) Joe Average won't be able to figure out his computer's wireless' MAC anyway, and c) there are potential security leaks if wireless cards, or laptops, are stolen/sold to non-university users (both a and b1).

    [2] Troubles started at that point. Could be something else, I SUPPOSE, but I think it is unlikely.

"It ain't so much the things we don't know that get us in trouble. It's the things we know that ain't so." -- Artemus Ward aka Charles Farrar Brown

Working...