Microsoft Sued Over WGA 460
Hope Thelps writes "The Seattle PI is reporting on a lawsuit being brought against Microsoft in response to their WGA spyware. Groklaw is also covering the story. Although there are a lot of similarities to Sony's rootkit, the actual harm done is less concrete. It'll be interesting to see how this turns out."
The Issue Of Money (Score:2, Interesting)
Microsoft's Response (Score:5, Interesting)
Well, actually he claims to have disputed the allegations, but then he said what's quoted above, and finally (to the press corp's horror and astonishment), proceeded to shove his entire foot, ankle, and leg (up to his knee), firmly down his own throat.
Let's break this down:
[x] Deceptive software...check!
[x] Installed without user's consent...check! (Well, basically with as much consent as any other spyware package, so I think there's a good case to be made for this point.)
[x] Malicious purpose...check! It beams data back to the mothership every day and can be used to remotely break the computer. I think that qualifies as "malicious."
So apparently by Microsoft's own admission, WGA is spyware.
I'd personally argue for a more expansive definition of spyware (or malware, or scumware, etc...), but even given the relatively constrained definition proposed by Microsoft itself, WGA seems to qualify.
Re:Hopefully.... (Score:3, Interesting)
WGA unable to detect bad keys with legit COAs (Score:5, Interesting)
How is this evil at all? (Score:2, Interesting)
Re:Turn & drop trowsers please (Score:1, Interesting)
You Bet, I'd try like hell to keep my interests involved anyway I can to keep my trade secret within my organization, and therefore I can't blame M$ for turning off people that do not legally register.
Now for the other 27% that are not registered with their product, and you get turned off - get mad, have fun, goto MAC or LINUX, or buy a copy of windoze. If I were in M$ shoes, if I'm not keeping up with the changes, sure as hell I'd try to retain my business, learn from my mistakes and move on. Sure it'll cost me now, but perhaps next time I'll be proactive and this mistake won't happen again.
Everytime one is trying to please too many people, one ends up SOL. Hey Mr. Balmer its okay not to please everyone.......really.
Re:Not hidden, not spyware (Score:3, Interesting)
Re:Interesting... (Score:3, Interesting)
That's my take on it anyway. I've heard several places that they make way more money on OEM sales than they do on in-store sales to individuals, so it seems to make sense.
Re:Remove WGA (Score:5, Interesting)
As covered in a blog posting [zdnet.com] by Ed Bott, the KB article Microsoft gave is a rush job and will confuse non-techies that may attempt it. He provides corrections but Microsoft is (at best) silly to have not had a third party verify the instructions.
Also realize that contrary to the warning in the Microsoft KB article, if you choose not to install the WGA notifications "update" or remove it, Microsoft Update will force you to run another WGA test before granting you access to their Windows Update website. They won't even allow access to critical updates through the web interface in my testing with the web-based (ActiveX?) test. From what I understand, the access to the promised critical updates are only provided with their built-in update provider which has been responsible for all the WGA notification auto-installs. In other words, you can't win either way.
As it stands, I've disable auto updates from System Properties->Updates and disabled the "security center" service from Control Panel->Admin Tasks->Services so it doesn't bother me about disabled auto-updates anymore. I have multiple Dell machines with OEM installations of Windows XP so I'm not concerned about failing WGA but I am concerned about all the reported crashes [edbott.com] involving WGA across forums and blog around the internet and the private information [groklaw.net] sent to Microsoft.
Playing support-geek for family and friends only gets tougher with this stupid anti-piracy program. I'm disabling auto-updates and security center on every system while deleting WGA. Instead, once a month I ask my friends and family to run AutoPatcher [autopatcher.com] on their systems for all critical and optional updates. I've told them that they may not be able to use WGA protected software such as Windows Defender, IE7 Beta, or WMP11 and any other Microsoft download. All of them don't care for that stuff as they have better freeware or open-source alternatives. So far so good.
Before anyone chimes in and says that people should switch to Linux, I'd say I agree in theory but not in reality. Educational software, scanner and digital camera software utilities, unique features presented in official IM clients such as VoIP and picture sharing, many Photoshop features, easy movie editors a la Roxio and Premiere, and desktop publishing software (i.e. Pagemaker) are not available for Linux nor do these people care to learn anything new after years of experience in many cases. For now there are workarounds and people will use them. If Microsoft implements a kill switch [zdnet.com] and starts nuking WGA-less but legal installations then many of these people will probably trash their computers and buy Apple before going to Linux.
Lastly, this doesn't hurt pirates one bit. Within hours the latest WGA crack [demonoid.com] is available and it works or people just disable auto-updates and go towards AutoPatcher. For protected apps, cracked [demonoid.com] copies [demonoid.com] are available [demonoid.com]. So who loses? The general public who follows all the rules. I'm glad someone filed the lawsuit and I hope people will sign up as parties when the chance is given.
Please explain (Score:2, Interesting)
PC came w/OEM XP, but corporate re-install (Score:3, Interesting)
While the Lawyers Fight it Out (Score:4, Interesting)
I would be curious to know how many Windows XP users are no longer able to validate their OS. I bought Windows XP Pro OEM when it first came out. 3 motherboards, 3 video cards, 4 harddrives, I forget how many CD/DVD-RW's, and 3 slipstreams, my Windows has been apparently installed on too many computers(?). I am told that this cannot happen, but oh well. I now use Mac and Slackware Linux.
Re:Microsoft's Response (Score:3, Interesting)
If WGA really is a hook by which a computer can be disabled, then it is only a matter of time, before some nasty hacker or terrorist figures out how to use this hook and turns millions of Windows systems into doorstops.
A good reason to buy a Mac and perhaps use Windows only in a virtual window when a Windows only program MUST be run. The virtual PC can be permanently barred from using any routable network address and thus not need all those updates at all. In my case, the PC software needs no network access of any sort at all and the slowness of emulation is no problem either. Since Apple makes their money on hardware, they don't worry too much about "piracy" and don't have to resort to all the nasty shenanigans MS does. Linux is also a good option of a
Re:Interesting... (Score:4, Interesting)
That's a commendable sentiment, but I can find no fault in calmly asserting one's vision of a just outcome prior to a court's finding. The "game" in this case is fundamentally adversarial, with various parties pushing for particular outcomes. Members of the public can and often should be party to cases in that sense, so long as they don't tamper with the court to achieve a particular outcome via unethical means. Threatening a judge or a witness would be unethical; voting for a judge who you think would do a good job would be ethical.
Re:Interesting... (Score:5, Interesting)
Microsoft feels that there is a significant problem with OEM licenses being stolen, via methods such as copying down a code at a store, library, school, or other public location. Since most OEM Windows XP licenses are pre-activated by the system builder, they see that there is rarely a need for the key to be activated with non-manufacturer specific install media. (Generic OEM licenses, that is, OEM licenses not custom made for a specific manufacturer are activatable at least once, as some of these are sold in retail channels.) Furthermore, they probably figure that in the event of a crash, most users opt to use recovery CDs instead of reinstalling the operating system directly.
The only reason Microsoft made you call them is because you did not use the Fujitsu CD. From MS's point of view, there are very few cases where a typical user would need to use a generic OEM media to install Windows (because of the recovery disks and/or partitions that come with most systems).
They probably would not be doing this if they did not view it as successful in deterring piracy. If the number of precieved foiled piracy attempts exceeds the number of calls for OEM serials that they allow to activate, then the program to them will be successful and will continue.
After all, if people weren't actually copying down CD keys from the sides of computers, this wouldn't have happened.
Re:WGA unable to detect bad keys with legit COAs (Score:1, Interesting)
Maybe the reason for this is that I got a memory upgrade at the ACER store. But I dont want my notebook remote disabled because I need more RAM.
Re:Wait... why does this make them evil? (Score:2, Interesting)
How are you protecting your "investment (Time, effort, energy, money, employees)"?
If for whatever reason the person who would use a pirate copy of you product was not willing to pay for it.
I don't like the idea of potential profit.
And yet everyone uses that to justify copy protection that gets in a way, even for paying customers.
Face it. There is a percentage of legal copies and illegal copies. However, that doesn't mean that the you are missing out on profit.
Lets have a look at scenario:
Version 1 of a products is little or even not protected against copying
Version 2 comes out with serious copy protection. What do you do?
As i see it, only very few people will buy a legal copy(if any). So what happens?
Small group successfully hacks it and before you know it there's still people using it "for free".
People move to other things that they can get for a more attractive price (or free).
This won't change anything, the people who for whatever reason were not willing to pay for a legal copy are still unlikely to pay.
I still fail to see how this benefits "your" company...
There is a benefit to having people use your software for free. These people help you expend your market. They may not pay for the OS, but they may pay for a game. Indirect, but you still get paid some ammount. In many cases they still report errors, so they help you improve your product.
Having some ammount not pay for the product may still be beneficial to the company. Especially if they were not intending on paying for the product in the first place. It's better they are on your side then using someone elses products.
In this case they are causing more harm to themselves.
Evil? Maybe...Maybe not... I don't know how to answer that
But i do think it's stupid!
M$ is having problems, that why they are looking for some of that "potential income". But, that will cause them to loose in other areas. As people turn away from M$. M$ will sell less of their developement software because more will consider other platforms.
My 2 cents...
Re:About time (Score:2, Interesting)
WGA eats resources (Score:5, Interesting)
I sometimes use my university's wireless network (whenever I bring my laptop). Since the university's IT lab has no way of knowing who is using what laptop[1], they redirect all initial traffic to a portal where you must log in (using the username + password you use on all other university computer systems). Point being, you get a network connection, but must log in to actually get where you want.
Since I installed WGA[2] (at the point I was rather indifferent to it), every time I use the university's network I get 50 entries in the Application Log (error source: crypt32; description: "Failed auto update retrieval of third-party root list sequence number from: with error: [timeout/server cannot perform operation/error code]"). This happens before I have a chance to log in on the university network, which of course means that my laptop can't yet access said site. More annoying, though, is that svchost -k netsvcs starts eating memory like crazy; peaking at over 90 MBs and then falling down to 70-80 (used to stay at 20-30). This only happens when I use the laptop at the university; at home (where obviously no login is required) the process stays at 20-30 MB.
I personally think that some "advantage" component that, when unable to access some site, causes a process to eat up 3-4 times the memory it usually does, taking up an extra 10% of the computer's physical memory in the process, is rather a DISADVANTAGE. I don't know how much memory spyware typically consumes, so I can't reflect on the comparison between WGA and spyware. 50 MB seems a rather hefty price for failing to communicate with some server, though.
Maybe they should rename it WGD?
[1] I guess a) setting up individual users' connections, including keys, is too much work, b1) collecting MAC addresses is too much work, b2) Joe Average won't be able to figure out his computer's wireless' MAC anyway, and c) there are potential security leaks if wireless cards, or laptops, are stolen/sold to non-university users (both a and b1).
[2] Troubles started at that point. Could be something else, I SUPPOSE, but I think it is unlikely.
Re:Wait... why does this make them evil? (Score:2, Interesting)
But daily dumps of unknown data (look through
Why daily, can you magically turn your (legal at install) software into priate software?
Why user names? What good is that?
Why process lists?
Re:WGA's ok by me (Score:1, Interesting)
"Nobody would mind if Ford introduced some tracking gadget to help stop car theft..."
If they installed it without telling you the next time you brought the car back for some other warranty repair at the dealer? And, on a daily basis, it sent your GPS location back to Ford? And the next time you brought your car in for warranty work, the dealer refused because your car had been incorrectly flagged as "stolen"?
Once installed, what if it was also possible for the add-in to remotely install a "kill switch", if Ford decided to do that?
It wouldn't be much of a consolation that all of this was in the original purchase agreement (they can subsequently change the deal however they like), you are a legitimate owner, and you're sitting in the middle of the desert somewhere with a non-functional car the system things is "stolen".
You're fooling yourself. People would either tear that "feature" out of there or sell that POS and buy a different car from a different vendor, because the vendor has devalued their product by making it untrustworthy by design -- *after* the sale!
Re:Interesting... (Score:3, Interesting)
Where "you" is an expert user, who is in the minority. The majority of actual users, when they "reset" their system, want it back the way it came, and that's what this gives you.
I realise that a lot of these things bug the hell out of those of us that don't use these inane "tools" that come with OEM systems (and really, how hard could it be to just make them optional?), but we need to realise that we are not the majority, and our desires are not an exact match with those which work best for the majority. Unfortunately.
I always wondered about that personally. I guess it stops you losing it? It certainly makes tying it to the proprietary install media make sense. What would be nice would be if it was possible to get the vendor's specific install media from them (even has an ISO download) if you prove that you're an owner of one of their systems.
Re:Wait... why does this make them evil? (Score:2, Interesting)
The problem ensues because the validation is based of off keys. If you have a legit key installed and someone else steals the key, your legit copy of the software can be marked as illegit.
So, the problem isn't with the concept, but with the process of execution. This would be the case with any software that relied on a key/phone home method of authentication.
Maybe Microsoft should provide a number to call in the case that your copy of Windows is legit and has been labelled as illegit.
Re:Interesting... (Score:1, Interesting)
This PC is in a childs room, it's not online and is basically for homework and games. The family have a perfectly valid WinXP home license that came with the emachines, yet MS think they should buy another copy? Wrong, consumers must be permitted to resell software as per the EU's 1991 directive and you can't resell that XP disc because the software will not activate. I have several unused OEM licenses lying around, but it was easier just to install a "pirated" XP corporate on that machine.
There's a terrible arrogance in what Microsoft are attempting with WPA, especially when their paying customers already have to resort to "piracy" to get an install.
Re:Interesting... (Score:4, Interesting)
I could be wrong, and highly so, but I think a lot of people view giving out vouchers for software isn't the same as paying cold hard cash. While I see your point about the cost of development one has to remember a few things that can offset and subsidize the actual penalty:
1) The software might very easily be accounted for at full retail price with no breaks. No crime in and of itself, not implying that doing so is. Point is that on any other volume transaction, most vendors will allow for a price break as an example. For all I know, Microsoft does this even under penalty conditions but factualy I do not know.
2) Consider the fact that some software may not be redeemed by the people receiving the penalty award. Not Microsofts fault by any means, again not implying that Microsoft has to ensure "people harmed" stand up and be counted for their compensation; ineptitude falls on the shoulder of ther responsible afterall. I am asking you to consider how much penalty does Microsoft actually pay with this method. Keep in mind that even in a cash settlement this can still go on, however when it comes to cash you'll find most people don't let that slide by without paying closer attention to getting their piece of the pie.
3) The biggest reason why giving away software under these conditions is that, ultimately, Microsoft is allowed to legally propogate software which in the long run has a high probability of actually generating more customers to purchase newer versions of software down the road - thus subsidizing the original penalty. You can't do this with a cash settlement to my knowledge.
All the arguing, debating and nit-picking aside, there is a reason that they say, "If you have a problem teaching someone math, put $(CURRENCY_SIGN) in front of the numbers. People always understand money."
Re:Interesting... (Score:3, Interesting)
Well, you are wrong. The millions is the amount they could have made if MS had the chance to sell the schools the software, instead of being forced to give it away free. This is different than Verizon being forced to give away free phones, because you end up signing a contract and paying Verizon money. The school never has to upgrade if it doesn't want to.
1) The software might very easily be accounted for at full retail price with no breaks. No crime in and of itself, not implying that doing so is. Point is that on any other volume transaction, most vendors will allow for a price break as an example. For all I know, Microsoft does this even under penalty conditions but factualy I do not know.
What difference does it make they claim full retail price or discounted price? How would MS even know which licensing path the school would have chosen? Finally, you admit you don't even know if this is the case. Lets assume its not and that the people deciding the punishment know about volume discounts (since pretty much EVERY product can be bought at a volume discount).
2) Consider the fact that some software may not be redeemed by the people receiving the penalty award. Not Microsofts fault by any means, again not implying that Microsoft has to ensure "people harmed" stand up and be counted for their compensation; ineptitude falls on the shoulder of ther responsible afterall. I am asking you to consider how much penalty does Microsoft actually pay with this method. Keep in mind that even in a cash settlement this can still go on, however when it comes to cash you'll find most people don't let that slide by without paying closer attention to getting their piece of the pie.
You claim its not MS's fault, yet claim they aren't being punished enough. Its not different than other suits being settled which people have to make a claim in. What if some people who bought overpriced CDs didn't sign up for their $5? Well, maybe they didn't care about it.
3) The biggest reason why giving away software under these conditions is that, ultimately, Microsoft is allowed to legally propogate software which in the long run has a high probability of actually generating more customers to purchase newer versions of software down the road - thus subsidizing the original penalty. You can't do this with a cash settlement to my knowledge.
But that's the schools choice. They aren't being forced to buy upgrades, they are CHOOSING to do so. And it doesn't erase the amount of software which had to be given away. Put it this way; if the school had to buy it instead of getting it free, MS would have made $5. The school chooses to buy the upgrade, another $5, for a total of $10. Since the school got it for free, MS didn't get the first $5, so if they didn't get fined, they would have had $10 today instead of just $5.
All the arguing, debating and nit-picking aside, there is a reason that they say, "If you have a problem teaching someone math, put $(CURRENCY_SIGN) in front of the numbers. People always understand money."
Well, I just did that, didn't I?
Re:About time (Score:3, Interesting)
A. The have it as a critical update, and not only that they have released it as such twice off the standard patch days. I deactivated my critical updates alert because of this cause I got tired of it going "You have critical updates not installed, bla bla bla, your computer is at risk" just for the WGA.
B. You have to restart to apply it.
Common! you already make people with servers restart enough with required patches because your OS is a POS that cant just restart that specific module, but now your making people do restarts just for your WGA, something which in itself is questionable?