Download From Microsoft Without a WGA Check

Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."

Correct me if I'm wrong...

[Ninwa]

But I just tryed this with an invalid version of Windows, and no dice. I think the article is misleading, and this isn't even newsworthy. I don't believe this is a way to "skip" authentication, but simply a way of manually entering your key into the URL, essentially what you would've done anyway, except in a form text area. No?

Re:

[jpardey]

Well, at least you don't need to have the WGA program installed, which phones home every so often, if I recall the previous stream of slashdot posts rightly.

Re:Correct me if I'm wrong...

[Columcille]

Phone home was reported on beta versions of the software. Microsoft documented the phone home practice and removed it in the final version of the software. As far as I know, no complaints have been made about phone home practices since the final version was released.

Re:Correct me if I'm wrong...

[Shaper_pmp]

Sorry, but betas are buggy pre-releases that users use specifically on a voluntary basis.

If a company pro-actively pushes code to my machine and effectively forces me to run it, that's releasing a "final version", by any sensible definition of the term.

Now, after the furore when people discovered the dialling-home behaviour MS might have disabled that "feature" in a later version, but that doesn't make the preceeding one a "beta", except in very bad efforts at spin-control or post-facto apologetics.

And I think the point is that with MS pulling shit like this every other month, people are getting increasingly itchy about running any MS apps or utils they don't absolutely have to.

Re:

[toleraen]

That's funny, Microsoft hasn't pushed anything I didn't want to my machine. Then again, I've got auto update disabled. I take it you clicked the "Yes I accept any software you want to send me" button? While MS probably shouldn't have added this "feature" to their code in the first place, you told MS that it was ok to install on your machine. They didn't force you into anything, you gave them the key to your house and said "make yourself at home".

Re:Correct me if I'm wrong...

[Shaper_pmp]

Actually, I clicked the "Download all updates but wait for my OK before installing them" button.

I think it's pretty much taken as read that "updates" should have been tested and approved before release. Either that, or the button should have said "Download all updates and any other shoddy half-finished beta-release crap Microsoft would like to risk fucking up your machine with and wait for my OK before installing them".

The thing is, unless you want to waste hours pissing about trying to get around it you need to have WGA installed to get Windows Updates (well, until this story was posted, anyway).

So, I gave my consent to allowing MS to install "essential updates" to my machine which, given Windows' execrable security record, is pretty much a no-brainer. I have a genuine copy of Windows XP, so although I don't like being treated like a pirate without reason, I also didn't mind running WGA too much.

YMMV, but again my time is valuable - you might have time to investigate every single Windows patch available before oking it, but frankly with the amount of crap wrong with Windows you'd have to be at it nearly full-time to keep up.

MS then used this (perfectly-reasonable) permission to turn WGA into spyware, and somehow it's my fault?

Remember: they didn't exactly shout from the rooftops before slipping this nasty little dialling-home functionality in, did they?

I mean, sure, you've got a point - I was clearly stupid not to decompile every single Windows Update patch and inspect it by hand before installing each and every one one-at-a-time, rebooting and monitoring my outbound network traffic in-between just in case I'd missed any little surprises.

Oh, what a fool I've been.

The point is, either MS were deliberately spying on me (in which case they deserve punishment) or they stupidly pushed non-production-ready software into my machine in the guise of production-ready software, and didn't own up to it until someone else very publically called them on it... in which case they should be punished. What was your point again?

Re:

[toleraen]

My point? That you shouldn't blindly accept everything that's handed to you. You've obviously spent more than a few minutes on the WGA issue, having posted multiple times to this thread. Be proactive, not reactive. If something has a chance to affect you in a negative way, look into it before hand. Don't wait until after it hits you to try and figure out what's wrong, and how to fix it. That's just a general life rule!

Judging by your /. post history, I could probably safely assume you visit here pre

Re:

[Shaper_pmp]

Fair point, and a strategy which I shall most assuredly be applying from now on.

While it's a good way to avoid any nasty little surprises that are discovered quickly, you've got a big tradeoff between how long you delay patching and how long it takes for someone to find a problem with a Windows patch. I can't remember how long it took for the WGA dialling-home story to break, but I vaguely rmember it being more than 48 hours.

It also doesn't (IMO) absolve Microsoft from their wrongdoing. Sure it's a good w

Re:

[toleraen]

It also doesn't (IMO) absolve Microsoft from their wrongdoing. Sure it's a good way to avoid getting bitten, but it doesn't make it alright for MS to either spy on their users or foist beta-quality software on people under the guise of production-ready code... :-/

And on that point I whole heartedly agree with you! I am in no way trying to relieve MS of any wrongdoings. Dogs will always bite, I'm just trying to explain how I get bit less without having to put Spot down. It isn't fail-proof, but it helps

Re:

[Curmudgeonlyoldbloke]

I agree - I don't think that the current version tries to phone home repeatedly. On my work PC the original WGA version was prevented from doing so by a software firewall rule (which I haven't changed). I haven't seen any alerts from it for some time.

Obviously this isn't proof - any software running as part of the OS can do what it likes (including turning on and off third-party firewall rules) but it's a pretty good indication.

Re:

[IHawkMike]

Normally, the site will install an ActiveX control that verifies that your copy of Windows is genuine. Instead you can bypass this check by running the mgadiag too and modifying the download URL with the code that the tool displays. My copy of Windows is genuine so I don't know if a non-genuine copy gives a working code or if you have to use a code from a legal copy.

Re:

[Tatsh]

A nongenuine Windows will return a non-working code, but I'm talking about Windows XP only. Any non-genuine 2000 or below will return a working code, and if you use Firefox and use the separate app method provided on the download site, you can run that on Windows 2000 and then download the files and of course, then use them on an XP machine.

Or you can take the code generated from the Windows 2000 or below (best with 98SE, which M$ doesn't care about anymore) and just type it on your Windows XP machine. This

Re:Correct me if I'm wrong...

[paganizer]

....or you can do what I did; modify your hosts file with "127.0.0.1 update.microsoft.com" so that any time it tries to automatically go to windows update, it can't.
Then, go to WinDiz at windowsupdate.62nds.com using a non-IE browser. It's faster, more secure, doesn't TRY to make you install the latest DRM upgrade, just the critical patches.
The Only system I have that I let go to windows update is my Media Center laptop; it has to be running all the latest DRM/Spyware to work properly, so I just go with the flow and Isolate it on my home network.

Re:Correct me if I'm wrong...

[RemovableBait]

Except, you can't block access to Windows Update or certain other Microsoft websites by using the HOSTS file. You just can't.

Microsoft wrote some sort of hack into Windows so that requests for Microsoft websites (including update.microsoft.com and microsoft.com) cannot be blocked or redirected by malware or viruses.

Try it and see for yourself: put two lines in the HOSTS file, '127.0.0.1 google.com' and '127.0.0.1 microsoft.com' (without the quotes). For the uninitiated, the HOSTS file is located in \Windows\system32\drivers\etc, and you'll need Administrator priveleges to edit it. Now open up your favourite web browser and try to open google.com. You'll find that Google is unreachable and returns an error. Now try microsoft.com and watch as the page merrily loads.

Maybe you'll need to rethink your tinfoil hat solution for avoiding Automatic Updates?

Re:

[Anonymous Coward]

....or you can do what I did; modify your hosts file with "127.0.0.1 update.microsoft.com" so that
any time it tries to automatically go to windows update, it can't.

don't forget to modify your dnsapi.dll and dnsrslvr.dll files, as well. the sneaky bastiches hard-coded the ip's. your hosts file isn't the first place that windoze looks when resolving a DNS/ip issue; it's the last [locally].

cheers.

Microsoft provides ways to disable WU.

[Optic7]

These two technet articles should be helpful:

How to turn off the Windows Update feature in Windows XP [microsoft.com]

You receive one or more error messages when the system administrator disables Windows Update or Microsoft Update [microsoft.com]

Re:Correct me if I'm wrong...

[Red Alastor]

Normally, the site will install an ActiveX control that verifies that your copy of Windows is genuine. Instead you can bypass this check by running the mgadiag too and modifying the download URL with the code that the tool displays. My copy of Windows is genuine so I don't know if a non-genuine copy gives a working code or if you have to use a code from a legal copy.

I did not test for a cracked version of Windows but I just did for Linux (using crossover to run the .exe). It worked flawlessly. So I believe the OP probably failed to follow the instructions properly (maybe did not remove the quotation marks).

Re:Correct me if I'm wrong...

[Darkman, Walkin Dude]

Even better, when you're submitting a story to slashdot as AC, it might be best to omit linking directly to your email address.

Just a thought.

Re:

[jZnat]

Uh, maybe he doesn't have an account here? Just a thought...

Re:Correct me if I'm wrong...

[Jade E. 2]

I did the same thing, went to a test machine with an old blocked VLK and tried it, no dice. Then I realized... Hey, wait a minute. This looks like it's just a shortcut to inputting your product ID by using a hash... I wonder what would happen if I just replaced the hash with one from a valid system?

Not having a valid windows system handy I was willing to run a somewhat questionable executable on, where could I get a valid hash? Oh hey, look at that. Right there in the article it says "(example &Hash=6VJPCR9)". I appended that to the URL, and bingo. "Genuine Microsoft Software".

Re:Correct me if I'm wrong...

[Bing Tsher E]

Not having a valid windows system handy I was willing to run a somewhat questionable executable on,

That sentence alone is enough to get me riled up. Granted, I'm one of the people who stepped gracefully off the Microsoft Bus as soon as 'Product Validation' became a reality. (I even run Windows 2000 and the first version of Office 2000, which are the two last versions on their respective lines to not have the 'phone home' features)

It sorta chills me to think of being afraid to run particular binaries on a machine that I own and am legitimate owner of, because a 'phone home' feature will nark on me.

My copies of Windows 2000 and Office 2000 are the full retail-box versions (about the most expensive way possible to buy Microsoft's products). I used to buy a lot of their stuff. Not any longer. And I'm not alone.

Re:

[Jade E. 2]

Don't get me wrong, I'm not worried about that wgacheck thing phoning home, I'm worried about the off chance that it fubars the box. The windows servers aren't my domain, and I don't really feel like explaining to their admin that I was running some supposed "internal microsoft tool" on one of his fragile boxes when it crashed. Besides, I'm not supposed to know the admin password he hasn't changed in 3 years.

Re:

[Linker3000]

Totally agree - it's a pain and has happened to some of our laptops which suddenly 'decided' they were not running genuine versions of windows even though they were.

The real pain-in-the-ass though is that wonderful message '...an update has been installed that required a reboot...' - that really hurts when you left the office with your PC password locked and running a ssh session doing something unspeakbly long on a Linux server.

Good job the auto reboot can be disabled.

Re:

[dolmen.fr]

that really hurts when you left the office with your PC password locked and running a ssh session doing something unspeakbly long on a Linux server.

You should have a look at GNU Screen [gnu.org] (tutorial [kuro5hin.org]).

Re:

[sydb]

Seconded, GNU Screen rocks and only takes five minutes to grok it. It really is worth those five minutes.

What would be really nice is if someone would integrate screen into an ssh daemon, so it just worked without having to start screen before doing something long-winded.

Re:

[sydb]

Yes, as I was writing my post I thought of that as a possibility, but it would be a step forward in terms of ease-of-use if some ssh daemon just did it automatically. I have to use Windows terminal services at work, and you disconnect and reconnect to existing sessions like a GUI GNU Screen. You don't have to think "how can I make this work", it's built-in. For most people, they just want stuff to work. I don't care, because I can type screen or edit my bash_profile, but many people don't even know Screen e

Re:

[Linker3000]

Thanks - caught sight of the app last week!

Re:

[MobileTatsu-NJG]

"It sorta chills me to think of being afraid to run particular binaries on a machine that I own and am legitimate owner of, because a 'phone home' feature will nark on me."

I totally agree with your sentiment. In fact, I'm keeping 2K around for exactly the reasons you've stated. But I do have doubts as to whether or not the narc'ing will land me in any real trouble. It might prevent me from running something, but I wouldn't expect the Feds to come knocking on my door. Not only would that be expensive for

Re:Correct me if I'm wrong...

[mcrbids]

I used to buy a lot of their stuff. Not any longer. And I'm not alone.

But you're in a very small room. Most people don't know or care about stuff like this. It measures somewhere between a traffic fine for accidentally running a red light and being late for a video rental.

And how many people do you represent? Do you buy for a corporation? Large group? Somehow, I doubt it.

I'm an OSS kinda guy (I write this on my Fedora Core system, using Mozilla) and love it, and have even made sure that our software works on Windows, Mac, and Linux - but none of our customers have *EVER* used our Linux software. A small (but meaningful) percentage of our users are on Macs.

Truth is, much as we who are interested in this stuff might like otherwise, this stuff just doesn't matter to most people - and to those whom it does, Microsoft really is cheaper.

Ever try to support desktop software? Yes, it's getting worse on Windows, but it's still not too bad, compared to supporting some XYZ linux flavor:

Q. What Operating System are you using?
A. Linux
Q. Ok, what UI are you using?
A. What?
Q. I mean, what Window Manager?
A. What's that?
Q. When you click on the start button, what do you see?
A. There is no "Start" button...
Q. Is there a button where you click on to run a program?
A. Yeah.
Q. When you click on it, what does it say?
A. Enter Command
Q. That's it, "Enter Command"?
A. Yes.
Q. So how do you do stuff?
A. What kind of stuff?
Q. You know, look at a website.
A. Oh, a website! I use Firefox!
Q. Good, how do you find FireFox?
A. It's on my desktop!
Q. So are you using Gnome or KDE?
A. I don't know what you're talking about.
Q. (deep sigh)
A. So, you're looking at a screen, right?
Q. Yes.
A. And there's a task bar on it, right?
Q. No. ......

See where this is going? Linux is not for end users. It probably could be - but it just isn't there now. Ubuntu just might be getting there. Macintosh OSX is there. But for end users, only through some very controlled interface, and in some limited capacity.

Now, I was talking with my father-in-law the other day, and he indicated that he would *never* use Linux. I laughed, and told me that he did, every day. And not only that, but he raved to me about it!

With a look of surprise, he asked me how/where - and I pointed to his Dish DVR. (which is Linux-based, all the way down to an ext2/3 filesystem)

Re:

[Stormwatch]

So are you using Gnome or KDE?

I'm using Xfce, you insensitive clod!

Re:

[sydb]

Sorry, but this is stupid. It's stupid to support "Linux", because it's a kernel. It's stupid not to ask a user what distro they're using, because distros have default UIs, ususally Gnome, and users will know what distro they're using, because it usually tells them that when it starts up, or they chose it when they bought or downloaded it.

If a user doesn't know what distro they're using, then they wouldn't know what version of Windows they were using either.

Re:

[jez9999]

Exactly what I was gonna say. If the user was using Ubuntu, they'd contact Ubuntu support. If they were using Redhat, Redhat. Suse, Suse. etc.

The GP post is a complete strawman argument; any company who offered support for 'any' Linux distro deserves what it gets. It's like offering support for 'any' Windows distro.

Re:

[BigDogCH]

Not that I diagree with you, but he didn't say he was supporting linux, he said he was supporing desktop software. If you had been in support, you would realize that the above statements are very realistic. Just last week I had a user who said they were running Windows, and it turned out to be Linux ("Oh yeah, some other type of Windows"). I have also had the reverse, where they told me they were running Linux, but it was Windows (they installed a linux distro, but the bootloader would prompt them for wh

Re:

[mcrbids]

If a user doesn't know what distro they're using, then they wouldn't know what version of Windows they were using either.

But, on either Windows or Macintosh, it's EASY to tell them how to find out what flavor they're running. That is not true for *nix. And so long as this is the case, the "Year of the Linux Desktop" will never happen.

There's no such consistency when using Linux. Are they running KDE 2/3/x? Are they running Gnome 1.x/2.x? Stuff moves around constantly - there's the "normal" Gnome, the "RedH

Re:

[drew]

Ever try to support desktop software? Yes, it's getting worse on Windows, but it's still not too bad, compared to supporting some XYZ linux flavor:

Q. What Operating System are you using?
A. Linux

You've already got it wrong on the first line. If you ask my wife what Operating System is installed on my laptop, she'll answer without hesitation "ooboontoo". She didn't realize Ubuntu was actually Linux until I told her- after it had already been on the laptop for almost 6 months. She knew all that time what Li

Re:Freezing the upgrade path, migrating, and dongl

[rtb61]

Microsoft also knew which was the better operating system, they charged more for win2kpro than they did for xp. Kind of boogles the mind that according to their pricing the older operating system was worth more and according to their marketing the older operating system was worthless and only fit to be upgraded to the latest operating system. I once spoke to a microsoft rep and he challenged me on downgrading from a legal copy of XPpro to win2kpro with out paying them (for what, the downgrade package ????!!

Re:Correct me if I'm wrong...

[Ninwa]

Using a valid download center key you can download the file on a machine with an invalid VLK, but you still can't install it. This is the case at least with IE7, so I assume it's the same with other software as well. The installer does its own validation check. So ultimately, what do we gain except now we have the installer, which doesn't do an invalid user any good, because it checks for the key. And it doesn't do a valid user any good, because they could've gotten it anyway, without this!

So what the hell is the point of this?

Re:

[Ginger Unicorn]

it's for people who have a legit copy of windows, but don't want to install WGA.

Re:

[nschubach]

Couldn't you just edit the MSI with Orca and remove the Condition or did they change that recently as well? (you could even extract the MSI using one of the many tools available) I had to do this several times on my Win 2000 build so I could run software that "was not supported" on 2K.

Re:

[Jade E. 2]

That building's connection is provided by a company on the top floor that NATs everything but the server rooms. There are something like 1500 users on that outgoing IP, including the open wireless network in the coffee shop on the first floor (and boy does it cause some interesting problems sometimes.) And a 7 digit alphanumeric hash of a 25 digit alphanumeric product key means there are roughly 8x10^19 collisions for each hash. (Less that that because not all the keys are valid, of course, but still.)

No

Re:Correct me if I'm wrong...

[Achromatic1978]

I love it. Slashdot's editorial ethics prevent it from linking to ways of getting around Apple DRM, but happily offer up links to getting around Microsoft DRM??

you're wrong

[Martey]

In that article [slashdot.org], the editor claimed:

Engadget does not provide a link to QTFairUse6, and neither will we.

If you had read the Engadget article [engadget.com], or even looked at the comments [slashdot.org], you would have realized that Engadget did provide a link.

If anything, I think it was editorial laziness rather than ethics that resulted in that article not having a link.

Re:

[Legion303]

Wait, Slashdot has editors?

Re:

[cliffski]

yeah kinda weird isnt it. I have a legit copy of windows, it came with my PC preinstalled, exactly as I, the customer, wanted it. I dont mind paying for it, because I get a hell of a lot for my money, and its my O/S of choice. I've done enough coding to appreciate the shedloads of work that went into Windows XP, and dont resent the cost of it. If microsoft won't let me get patches without checking I paid for it, thats absolutely fine. I do exactly the same with the software I sell. Rather than have to dig o

Re:

[EvilIdler]

I download the authentication tool in Linux and run it with Wine.
Then I download whatever patches or service packs I need in Opera,
so it's pretty much the same as the article shows.

Re:

[ncc74656]

windiz update will let you update versions of windows that Microsoft thinks is not registered correctly.

It also lets you use Firefox instead of IE to grab your updates, which is reason enough to prefer it.

One thing

[cow_licker]

All recent files on there check once more for "authentic" installs once you run the downloaded file.

Re:

[garcia]

Not the ones I downloaded. I couldn't get DirectX installed the other day (I bought and paid for XP from a retail store but MSFT doesn't believe it's a "genuine" key so I couldn't give a fuck less) but it worked with this little round-a-bout.

IT'S A TRAP

[SomeGuyFromCA]

And how long before this gets worked around by bunches of Microsoft drones who suddenly somehow know about it?

I got it! This was a plant by management at Microsoft to see how many of their staff come up to them saying that they read "somewhere" about a WGA hole!

Re:IT'S A TRAP

[garcia]

Oh come on, someone at MSFT just wanted to get a new chair.

Re:

[jb.hl.com]

For some reason, that comment gave me an intriguing image of Steve Ballmer working in a sofa shop.

Free delivery, naturally. By air mail.

Re:

[megaditto]

1) Trick editors into accepting a fake story that nevertheless violates MSFT's rights under the DMC(P)A
2) ...
3) Profit?

WTF?

[E IS mC(Square)]

Is this not old news [google.com]?

Re:

[E IS mC(Square)]

Better yet : http://www.google.com/search?q=Disable+Windows+Gen uine+Advantage [google.com]

Isn't this illegal???

[www.sorehands.com]

Isn't the WGA a form of content protection? Only a pirate and this is a serious felony. Publishing this will convince the children that theft is allowed.

We must get homeland security involved.

Re:

[vtcodger]

Of course it's illegal. I don't think anyone much cares. What you are seeing is another step toward the eventual (and probably inevitable) implosion of Intellectual Property law. For some reason IP owners seem unable or unwilling to grasp the simple fact that to be acceptable, DRM has to work (nearly) perfectly, not be intrusive, and not interfere with fair use. Much of Fair Use isn't really there as a sop to consumers. It's there to legitimize things that everyone knows consumers will do whether it is

Re:

[Cal Paterson]

I don't know, but certainly not you.

Hmm...

[Anonymous Coward]

Doesn't an email address defeat the purpose of being an anonymous coward?

Re:Hmm...

[Surt]

Doesn't an email address defeat the purpose of being an anonymous coward?

I don't think you understand the momentousness of this occassion.

HE'S THE GUY The anonymous coward. How many times have we been irritated with his postings? How often has he trolled? Now we finally know who he is! I foresee the greatest email bombing to ever hit the net in final retaliation for his long years of tormenting us all.

Re:

[SeaFox]

HE'S THE GUY The anonymous coward.

Wait, so did this guy post as AC but accidentally put his email address in? Or is he this [slashdot.org] Anonymous Coward?

Re:

[SeaFox]

Oh, wait. Scratch that. I just noticed the spelling is different.

Re:

[Duds]

I nearly registered as Autonomous Coward way back in the day.

Re:

[iabervon]

Only if it's actually yours...

No WGA check on...

[Anonymous Coward]

Well you could use DOS 6.22.... I'm sure that isn't checked.

Re:

[Technician]

Too bad this was discovered. The more people understand DRM the more they look at alternatives. At home I have one machine converted to Ubuntu and have 5 more to go.

basically

[Anonymous Coward]

On each download page, add &Hash=6VJPCR9 to the url and you can download without the check.
The code changes regularly, at which time you need mgadiag.exe to find the new code.

the real patch here

[FudRucker]

http://www.kernel.org/ [kernel.org]

Mirror for the lazy

[stevetures]

mirror for the lazy:
http://mirrordot.org/stories/3627c5be2ac21048d6da6 04b34dc63bb/index.html [mirrordot.org]

Generalized way to find the hashes

[Anonymous Coward]

You don't even need some silly executable to find the daily hashes to append to the url. Microsoft provides a ready community [google.sh] where the latest codes are reported!

The Article

[Anonymous Coward]

Download everything from Microsoft without WGA Check
Monday, September 4th, 2006 | Translate to: German flag Spanish flag French flag Italian flag Portuguese flag Dutch flag Greek flag Japanese flag South Korean flag Russian flag Chinese flag

When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.

All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the "Download Center Code", this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.

A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.

        &Hash="download center code"

Replace the "download center code" with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.

To sum it up for the lazy ones:

      1. download mgadiag.exe
      2. start mgadiag.exe and look at the download center code
      3. visit a download page at microsoft.com
      4. append &Hash="download center code" to the url (example &Hash=6VJPCR9), no quotation marks needed
      5. Hit enter

Microsoft is probably going to fix this soon, it is working nevertheless at the moment.

Update: I created two images to show you the difference that the &hash= entry makes:

My trick

[Megane]

My trick is to download stuff via a Windows 2000 install. I've only done it once just the other day, but it was from a W2K installed from one of those install CDs that had a setup file changed to bypass the CD key. (for which everybody knows the "default" key anyhow, so this was really just to save me time when installing)

Since I know that someday Microsoft will probably decide to take all the W2K patches offline, my plan is to download a copy of the installers for every patch that was auto-installed.

Crossover

[Upaut]

So far I have never had a problem with the WCT (Windows Checker Thingy) and my copy of Crossover Mac. So I cannot validate this proccess. On the other hand, Codeweavers seems to have solved this problem...

this is nothing

[sdnoob]

mgadiag.exe still 'phones home' to verify your windows and to obtain the download code (being a diagnostic tool, it also displays some additional license information).

it's no different than running the manual verification using the 'alternate tool' (i.e. the method, still available, that firefox users had to use before microsoft released a netscape/firefox plugin version of the activex checker). http://go.microsoft.com/fwlink/?LinkId=50344 [microsoft.com] (genuinecheck.exe at microsoft.com)

the only thing this will bypass is the installation of the verification activex (or plugin)... so you're still being subject to the 'body cavity search' -- the only difference is that you get to choose when you drop your drawers...

Basically for patching a pirated copy of Windows?

[BeeBeard]

Many of us know firsthand that activating a Microsoft product can often be an onerous task, but this seems a little suspicious. Assuming that:

1. someone owns a valid Windows license and
2. they're pretty organized and didn't misplace their key and
3. they believe that Microsoft does not collect private information using WGA

then why would circumventing WGA be of use to them? In that situation, is patching a pirated copy of Windows the only realistic use for this trick? Could somebody chime in and suggest *a

A couple of options

[krray]

I prefer this method: go to AutoPatcher [autopatcher.com] and choose your OS (Win2K, XP, 64, or 2k3). Benefit here is that they do have some nice registry tweaks and/or installers (TweakUI for example) all rolled in for you. Wonderful to bring a new install "up to speed" in as few clicks as possible and keep the file size requirements to a minimum.

Don't trust somebody other than Microsoft themselves? (I can even write that with a straight face :)

Go to: Microsoft Downloads [microsoft.com] and Search in the Windows sub-section. Search for "iso-9660". Be amazed. Problem with this is these downloads are huge (not that I mind on a 10Mbit synchronous pipe :) -- they cover the same Windows families, but to get one you have to download it ALL. This is, of course, good for multi-flavored environments...

Me, myself, and I? I prefer to click on the Apple and choose "Software Update..." (or softwareupdate -ia from the command line). Of course on the servers a good 'ol fashioned "yum update" does the trick. But hey, that's just me. Microsoft is making this WAY TOO HARD -- and I've begrudgingly paid for each and every one of my Windows installs (personal and/or corporate).

An Alternative to Windows Update

[towzzer]

http://windowsupdate.62nds.com/ [62nds.com] This site downloads all the updates using their own firefox plugin. It also doesn't install WGA or checks.

Re:

[rob1980]

That's interesting, but I'd sooner be caught naked in the streets than getting my OS updates off of some random site on the internet I know nothing about.

Re:

[BeeBeard]

I'm in the same boat. Their patch site is reaallllyyy fishy. Usually I would see links to it in random forums along with comments from one-time posters like "I assure you it's 100% safe!" even before somebody raised the issue of security. Plus, a substantial number of virus checkers routinely flag their plugin and even their website as containing viruses. I was quickly scared away.

Re:

[Kargan]

I was a bit skeptical about WinDiz Update at first, but it actually seems to work pretty well. All the updates show up in Add/Rem Progs properly and everything's as stable as it ever was, so they must have installed okay as far as I can tell. It's actually a bit quicker than Windows Update too (big surprise, eh?).

muBlinder.. the best way to get around WGA

[SilentCreep]

Works every time i use it. http://www.p2plife.com/forums/Official_muBlinder_P age-t320.html [p2plife.com]

Car Analogy

[SteveTheRed]

Would you buy a car if you had to get your VIN checked every time that you needed to buy parts for it? Would you buy a car if you knew that there was going to be a manufacturer recall almost every day that required replacing or adding parts? I'll add a twist: what if you thought that same brand of car was the only brand allowed in your company parking lot? What if you thought that brand of car was the only brand of car that you could get parts for?

I think that the above hypothetical scenario is a simple analogy of what I like to call "The Windows Problem". Nobody likes WGA. Nobody likes the endless parade of patches and hotfixes that require a reboot as often as not. Nobody likes having to be ever vigilant against security threats. People are starting to see that Windows is very flawed. Since we as a society have spent the majority of our IT budget for the last 20 years on making this one OS the (often) only platform for our IT solutions, how do we change course now?

There are those who believe that once people hear the Good News about Linux they will throw off their Microsoft shackles and march hand-in-hand into the FOSS promised land. OK, maybe I overstated that a little, but you get the point and you know the type. Ubuntu is ridiculously easy to install, but my mother couldn't do it. She uses XP because that's what Dell installed on her computer. Even though she sees Windows as the only reasonable alternative, she still bitches about it. "Normal" people had a hard enough time getting Windows to do what they want it to do, and they'll be damned if they are going to learn it all over again.

Unless everyone else switches first.

Re:

[scum-e-bag]

how do we change course now?

Force all schools to use linux.

WGA even for "security" updates?

[Killer Eye]

Is WGA applied universally to downloads, even ones meant to fix serious problems? Or, for instance, can you always download security patches without the rubber gloves?

Probably not. I can imagine hundreds of illegal copies of Windows already taken over and turned into spam bots, etc. and thanks to WGA, there is no way to fix them. Can WGA keep these machines off the Internet, keep them from harming others? No.

In time, networking protocols evolve, systems change, etc. so these wide-open networked machines

Re:

[Michael_John]

No, you can still get critical security patches even if you are running a bent copy of Windows, for exactly the reason you stated about machines getting zombied.

WTF

[Agram]

What's wrong with this picture: a company (granted, not with much of a positive reputation) tries to minimize rampant piracy by encouraging validation of your purchased license. In return you get 5 years worth of free updates plus additional software, which although of dubious value is still free as in beer (i.e. Security Center, Firewall, Malicious Software Removal, etc.). Does Windows have tons of problems? Yes. Is it totally crappy? Hell. no. Is this move something to bitch about? Absolutely not. People especially from the Apple camp should hold their tongues as even though OSX is a lot less prone to exploits (it's not that simple but for the sake of conserving valuable bandwidth, let's leave it for the time being as such), since OSX release in 2001, if users wanted to keep-up with updates, we had to dish out $100/year for every incremental update since (and some of which were touting bug fixes as one of "hundreds" of new features). All in all, we are talking about another ~$500.00 since year 2001. Now, on Windows, yes one had to get anti-virus software et al, but most of that is, believe it or not, free (google for AVG anti-virus suite for instance). So, when the Vista comes out with a $400 price tag for the top enterprise package, I think that should still leave Windoze users with a nice Franklin smiling in their pockets. Now, as far as security and virii go, that's yet to be seen...

All that being said, I've written this post on my triple-booting MBP. And just for the record: after having dealt for many years with all of them, I have to admit that I hate Windows, OSX, and Linux with passion (ok, Linux less so simply due to its philosophical supremacy), despite the fact that (or should I perhaps say because?) I use all three on a more-or-less daily basis...

How responsible

[curtisk]

"Today on Slashdot: How to bypass a companies attempt to disrupt piracy of their product"

I'm waiting for "How to download from (pay)iTunes without paying for it" and "Circumvent Payment in Valve's Steam"

Works with WINE...

[CrezzyMan]

Ran MGADiag on Wine / Fedora Core 5 and the hash it spat out worked like a charm.

Re:That was fast!

[treeves]

The server at www.ghacks.net is taking too long to respond.

Maybe they should ghack into some other servers and steal some bandwidth! Pfffft.

Re:Why the fuck..

[narzy]

Some people just don't like to be frisked every time they want to download or install a piece of software. For me it is the equivalent of getting a cavity search every time I go to the airport. I really just don't enjoy my holes being probed at every turn. My copies of XP are valid and I could really do without WGA.

Re:

[westlake]

For me it is the equivalent of getting a cavity search every time I go to the airport. I really just don't enjoy my holes being probed at every turn.

I think someone has been scarfing up way too much porn on the side.

Re:

[alienmole]

Nice kneejerk reaction, but the real reason to do this is if you have a legitimate copy of Windows, but don't want Microsoft's phone-home crap on your PC.

Re:

[d_jedi]

Don't install WGA notifications (seperate download, unneeded to download genuine Windows software). No phone home. Problem solved.

Re:

[kimvette]

OK. Download Windows Defender from another computer, say, to a fileserver in a clean net/dirty net configuration. Now try running the installer on the other machine on the clean net, oops. guess what? It requires WGA to be installed in order for it to install. WTF?

Microsoft has gone too far with this bullshit. Stop treating paying customers like criminals. All you folks are doing is alienating your legitimate customer base while not deterring the professional "pirates" in the slightest.

For good reason too

[ImaLamer]

WGA has caused a machine of mine to reboot almost daily. I don't know exactly why, but every time it does there is a wga error log in the temp directory (with entries up to the time it rebooted). I've googled it and tried to find the exact cause, but none of the other solutions worked and no one else seems to have the same exact problem. I just get random reboots.

The worst part is that I didn't even download WGA, it did it all by itself. I didn't have automatic updates on, but then one day it was on. The ne

Re:Why the fuck..

[topham]

As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.

The short description, XP decided it needed to Activate (could NOT log in without activating it), but I hadn't finished installing drivers; forcing me to phone up their support instead of doing it online.

Then, because I had not yet installed the rest of the hardware (which; without the drivers installed were causing the machine to reboot, or bluescreen before windows even started). the Windows Activation bitched at me again when I was done. At least this time it gave me a 3 day window before it would deactivate; this gave me an opportunity to install the rest of the drivers, etc.

This second time it forced me to call Microsoft again, even though the network connection was now working fine, because the machine had changed too much, and been activated too many times.

Then it lead me to believe I could just use the automated method (the voice recognition is actually pretty good), but after reading a billion digits to the computer it decided I wasn't allowed to do it that way and passed me off to an operator.

And you think I want to trust WGA if I need a hot-fix to add security patches, etc?

The only people not having problems with Windows XP Activation and WGA are the damn pirates.

Re:Why the fuck..

[matt328]

As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.

I feel your pain. I provide all our company's in house tech support. If a machine goes down and needs a hard drive replaced, I don't fudge around calling up Microsoft when the WPA thing starts bitching. I have a utility that patches an operating system file, and bam, no more WPA or WGA bullshit. If they want to accuse me of being a pirate, they can come on in and look at the product key hologram stickers on every box I do this to. Its not that I'm pirating it, I just don't have time to jump through all their hoops. Alot of my users do all their work on the computer, and if its down for more than 2 hours or so I start to get flak.

Re:

[notanatheist]

Because you're a n00b. Original post stated doing an upgrade which means dropping a new board in and hoping Windows boots or doing a repair on the new hardware so you don't have to do a clean install. Once the OS is loaded it whines about massive earth shattering hardware changes requiring you to activate RIGHT NOW!! so the world doesn't end. Sometimes you get 3 days. Well, if you can't log into Windows to install drivers to try and activate online you have to call one of the ever friendly barely speaking e

Re:Why the fuck..

[Bing Tsher E]

The only real reason to go around WGA is if you're using a pirated copy of Windows.

Incorrect. I, personally, have Windows machines, but I'm not foolish enough to let machines running Windows to have close connection to the Internet. So if I wanted to download updates I would want to do it from this NetBSD machine, which is what I customarily use for online things (and which is routed to the Internet).

My Windows machines are authentic, and I have all the 'paperwork' and media to prove it. I'm just not gonna hang them out on the net.

And it makes perfect sense that people who want to apply all the patches to secure a Windows system are going to want to get those updates first on an already secured system. Am I supposed to connect my machine with a freshly installed Day Zero copy of Windows 2000 (I pre-registered to pre-order Windows 2000 before it came out, so I have first release media with all the exploits, etc.) online to download security patches? Do I seem like I'm nuts?

Re:

[anothy]

in addition to the other (entirely valid) reasons noted by folks for wanting to get around the horridly flawed idea of WGA authentication: i run windows inside emulation, generally without a direct real-world network connection. it's much nicer to be able to download bits in my native environment and move them over at my leisure.

Re:

[SaDan]

Why not charge more? The more legit users they can get to pirate software, the more reason they have to implement DRM and other wasteful technologies to combat piracy, etc.

They're making work for themselves, basically, and charging honest people a hell of a lot of money to stay honest.

Good luck to them. I've finally collected the last pieces of the puzzle for Linux at home, and will be removing the last Windows machine (wife's PC) off of my network in a matter of weeks.

No more fucking MS bullshit. Adios.