Lawsuit seeks to tag WGA nagware as spyware

Sebby · Sep 09, 2009, 13:08:39

From The Register:

QuoteA US lawsuit has alleged that Windows Genuine Advantage (WGA), Microsoft's controversial anti-piracy software, is little better than spyware.

A lawsuit (which seeks class-action status) filed in Washington district court last week also cries foul over false advertising as well as allegations of privacy law violations, Electronista reports. More specifically, the suit alleges that the XP version of WGA was offered to users as a security update rather than as an anti-counterfeiting technology.

More here. It's about time if you ask me.

Simon · Sep 09, 2009, 13:19:21

I don't have a problem with WGA. Surely, the only ones that do, are those running pirated copies of Windows?

Sebby · Sep 09, 2009, 13:25:54

Wrong. It wants to install updates on every machine, even if Windows/Office is activated and validated on your machine, and these updates often give a false positive. They also send data to Microsoft without you knowing. Why should genuine users be targeted?

Simon · Sep 09, 2009, 14:00:09

Can't say I've had any false positives. Lots of software phones home. Can't see the difference myself.

zappaDPJ · Sep 09, 2009, 14:18:06

I'm very much in favour of this and I hope it goes against Microsoft in court. WGA appears to have become very aggressive in the last few months, I've personally come across several instances of false positives. If it happens to you, calling Bangalore will get you nowhere. In all cases it was necessary to buy a second copy of the operating system. Further to that WGA is targeting people that have purchased and are using OEM versions of XP and Vista which probably accounts for the majority of users that build their own PCs. Again the only way out is to purchase a new operating system or do what I did and install a hack that circumvents WGA. For the record my legitimate copy of XP Pro doesn't even say it's OEM and even if it did I bought it in good faith and have used it on one PC for many years.

To the best of my knowledge I've never used a pirated copy of any MS operating system and over the years I purchased MS products to the tune of many tens of thousands of pounds both as an individual and as a bulk purchaser. I've now been locked out of two legitimately purchased products. In my view alienating genuine users is counter productive and I agree that the detection methods are intrusive and amount to spyware. I've applied the hack to all my legitimately purchased operating systems and I will continue to do so.

Dangerjunkie · Sep 09, 2009, 15:05:18

Hi,

I've been a victim of this piece of junk on three occasions. All of them were genuine corporate XP Pro installs on company-owned hardware. Two of them happened in Baghdad offices where shipping replacement kit was difficult and expensive (and of course to the couple of machines I only had 1 of each model so I didn't have the Ghost image discs yet). I do have a theory that there is more to WGA than just the serial numbers matching certain VLKs (Volume License Keys) as two of the machines were attached to public satellite broadband rather than the corporate network when they got hit. Every machine in the building was running the same serial number (the paid-for company-wide license) and none of the others pinged so the serial number must be OK.

I also find the software very rude: If you spot WGA Notification in Windows Update and tell WU to hide the update and not offer it to you again it bitches every time you run Update that you have "hidden important updates" and that you are putting your machine at risk in such a way that would make a less-knowledgeable user believe they needed to turn it back on. Then, after you hide it in WU, if you have automatic updates turned on it will get installed by that even though you have explicitly indicated you do not consent to it being installed by WU. There is no way to stop this if your updates are set to fully automatic. I keep mine set to "notify me but don't download" as I often use satellite networks where bandwidth is scarce (and expensive - up to $10 per MB - Yes, per MEG

) and I don't want Windows deciding to download a 300MB service pack in the middle of the night without my say-so. With automatic updates set as I do it is possible to open the update manager and set WGAN as a hidden update so it won't get installed that way either. I just don't see why I should have to since I already said no!

If it does get downloaded and you hit cancel when it tries to install it phones home transmitting your computer's information and saying you have prevented it installing.

WGAN doesn't seem to stop anybody who wants to pirate (you can download instructions on the net that tell you how to fool it into thinking it has successfully validated your install even if it hasn't). Of the machine's I've encountered where it has gone off at least 75% of them have been genuine installs.

Cheers,
Paul.

Sebby · Sep 09, 2009, 15:40:10

In contrast, Mac OS requires no license key and does not have to be activated. Pirating is very rare because it's sensibly priced. I think Microsoft are approaching the problem from the wrong angle.

Ray · Sep 09, 2009, 15:53:31

Sebby.

Dangerjunkie · Sep 09, 2009, 16:08:02

Quote from: Sebby on Sep 09, 2009, 15:40:10
In contrast, Mac OS requires no license key and does not have to be activated. Pirating is very rare because it's sensibly priced.

Agreed. I know lots of Mac users and every one has paid for their OS update discs. I think there's also an element that OS-X updates generally bring new things that the user likes whereas Vista (for example) brought performance-sapping DRM (with a promise that it would let you do cool things in the future) and countless "pain in the ****" popup "are you really sure you want to let Windows Update err... update system stuff?" messages.

This is one way I think MS have got it totally wrong. It asks so many (unintelligible to the average person IMHO) questions that the average user will just click "yes" because they don't understand the message but they want something to happen. Both OS-X and Linux do this much more intelligently IMO. When those pop a "give me your password to prove you really want this program to do that" boxes, you read it because it doesn't happen often and it's important. Vista doesn't demand the password so if you leave your kids or Aunt Lucy at your login they can answer those questions without your knowledge if you're in the kitchen making a cup of tea.

QuoteI think Microsoft are approaching the problem from the wrong angle.

If the purpose was to prevent piracy then I think they have got it wrong. If the purpose is to annoy people who have the money to pay into paying (and make sure that no 1st world company could claim in court they didn't know their software was illegal) whilst not stopping people who can't pay from pirating then I think they've got it right. Piracy has been kind to Microsoft. If you're not going to give anyone money for an OS they'd rather you didn't give them money for an OS than didn't give Linux money for an OS. If Microsoft got what they said they want (the total elimination of piracy) so everyone who couldn't afford Windows had to buy a Mac (more than a PC with Windows) or install Linux then I think the Windows to Linux install ratio would be much less in MS' favour.

Cheers,
Paul.

Glenn · Sep 09, 2009, 16:27:38

We have a lot of laptops, that after a WGA update, it proclaims that the licence is invalid, even though it uses a global corporate licence key, and the majority of the other company PC's are all working fine with the same key.

Rik · Sep 09, 2009, 16:33:36

WGA is just another example of a software house causing grief for legitimate users while users of hacked copies will carry on untouched. Pointless, irritating and I hope the court case succeeds.

Ray · Sep 09, 2009, 16:39:48

I agree, Rik, it's certainly caused me some grief in the past when I've had hardware problems and had to reinstall Windows 2 or 3 times in a short time frame. Then it comes up you've exceeded the number of activations and have to phone up MS to get it activated, also had the same thing with Office once as well

Corel are another lot who do it as well, I've had to phone more than once to reactivate my copy of PSP.

They then wonder why people use pirated or hacked copies.

Rik · Sep 09, 2009, 16:42:33

Indeed, Ray. It's like the record industry, everything is down to piracy. Rubbish! A lot is down to the lack of equitable charging.

Ray · Sep 09, 2009, 16:45:20

I'm sure it is, Rik, charge a fair and reasonable price for something and people are more likely to willingly pay for it.

Rik · Sep 09, 2009, 16:57:01

Especially if we know we're not paying twice as much as American customers for exactly the same product...

Ray · Sep 09, 2009, 16:57:50

Indeed.

Gary · Sep 12, 2009, 09:19:58

I think MS have every right to use WGA its a way of protecting us against pirated copies that do not get patched which cause havoc by becoming easier targets for malware, yes false positives occur, but as a company you would rather want a few than to loose in this case millions of dollars, even MS are not doing great right now with lay offs etc so tightening up WGA is self preservation. Other software has similar caveats, but they are not a whole operating system and less in your face but most of us never get bothered by WGA anyway and a few that do out of the sheer numbers of windows machines I think shows the software runs pretty well. Fighting the hand that feeds you seems pointless, if you dislike windows checking your not a thief buy a mac of use Linux, or better still suck it up and move on and stop moaning about something so trivial. After all your car alarm may be sensitive and go off to often maybe, thats intrusive and annoys people but you are damn glad it works and your car is still there every morning, not that dissimilar from WGA really, and if it locked you out would you want to hack your cars protection so it did not work? No you call up the dealer and try and get it sorted, Microsoft have phone numbers too.

bobleslie · Sep 12, 2009, 13:12:27

Dangerjunkie · Sep 13, 2009, 13:27:01

Hi,

I disagree with your points fundamentally. I'll try to explain why here. Please don't take anything in this post personally. It's not intended to be any kind of insult.

Quote from: Gary on Sep 12, 2009, 09:19:58
I think MS have every right to use WGA its a way of protecting us against pirated copies that do not get patched which cause havoc by becoming easier targets for malware

XP encourages automatic updates to be turned on by default. I've not left any of our false-positive machines in that state for long enough to be sure but IIUC WGA denies access to many updates so it is in fact WGA that is responsible for the most vulnerable machines becoming unpatched.

Quoteyes false positives occur, but as a company you would rather want a few than to loose in this case millions of dollars, even MS are not doing great right now with lay offs etc so tightening up WGA is self preservation.

As a company that buys this software I would rather people were copying it than it affecting the operation of a business machine which is located in a hostile part of the Middle East. When it did happen to me, shipping a replacement machine cost more than the value of the machine, took the best part of a week and involved 6 people having to make an unnecessary and dangerous journey to Baghdad airport to collect it. If I'd had a ghost image to reinstall from there would still have been the issue that it was my staffing budget the error in their WGA was eating up.

Tightening up WGA isn't self preservation. Anybody who wants to fool it and deliberately run a pirate copy still can.

QuoteOther software has similar caveats, but they are not a whole operating system and less in your face but most of us never get bothered by WGA anyway and a few that do out of the sheer numbers of windows machines I think shows the software runs pretty well.

We have a number of business-critical packages that require dongles or activation. This is not a problem. None of those phone home on a regular basis and revise their decision as to whether the software is genuine. I find it very difficult to sign off a product as reliable when that can be changed on the whim of the vendor. I have personally had 3 machines fail WGA in error.

QuoteFighting the hand that feeds you seems pointless, if you dislike windows checking your not a thief buy a mac of use Linux, or better still suck it up and move on and stop moaning about something so trivial. After all your car alarm may be sensitive and go off to often maybe, thats intrusive and annoys people but you are damn glad it works and your car is still there every morning, not that dissimilar from WGA really, and if it locked you out would you want to hack your cars protection so it did not work? No you call up the dealer and try and get it sorted, Microsoft have phone numbers too.

If I'm on an expedition which has cost over a hundred thousand dollars to a remote location where replacement kit isn't readily available I do not regard this as trivial. I can test everything before going but I can't eliminate the possibility something like this may happen on the road. I can only carry so much spare gear. It costs money and teh air shipping is bad for the environment.

Microsoft are not "the hand that feeds us". They are a company we choose to buy products from not a charity that gives us things of benefit out of the goodness of it's heart. My business case for purchasing a software product assumes that product will be sufficiently reliable. Bugs happen but there is a big difference in my view between something accidentally not working and functionality deliberately being disabled.

For my own business I have done as you suggest. I now run Linux. I benefit from better reliability, not having to pay out money on antivirus products and not having to regularly clean up spyware.

I don't think the car alarm is a good example. It would put me in the place of MS (the person doing the inconveniencing, not the victim) In that example I would have an object that is keeping my neighbours awake and be happy to let that continue as long as nobody stole my car. That sounds pretty selfish to me. If my car did something that inconvenienced me, like the radio no longer working, the immobiliser kicking in or being unable to change the oil on the manufacturer's whim, that would be different. If my car immobiliser regularly stopped me driving my car because Citroen decided it wasn't genuine then yes, I would rather not have an immobiliser.

We (my customer) have given up calling Microsoft. We have about 10,000 Windows licenses and they couldn't be less interested. Our IS department just tell us to reghost the machines if this happens. If they won't be responsive with the amount we spend then a home user has no hope.

Cheers,
Paul.

Rik · Sep 13, 2009, 15:23:35

I'm with you 100%, Paul. MS is only inconveniencing genuine customers, the exact opposite of what they should be aiming for.

zappaDPJ · Sep 13, 2009, 16:28:28

I also have to take issue with some of what Gary has posted. The number of false positives that have occurred by Microsoft's admission is around 1%. That amounts to at least 5,000,000 users which is genrally considered a very conservative estimate. From personal experience phoning Microsoft will not get your software reactivated if it has been flagged by WGA. A family member recently had a false positive on a genuine and legitimately purchased copy of XP. Despite still having the original disk and activation code to hand, Microsoft would not reactivate it. This resulted in days of frustration which ended with a complete re-installation of a new operating system, applications and data.

It's more than an inconvenience to be locked out of something you have legitimately purchased. To use the car alarm analogy, if the alarm goes off by accident then the only way forward would be to buy a new car

5,000,000 users locked out of legitimately purchased software is unacceptable. I wouldn't deny Microsoft the right to protect their interests but they can't be allowed to do it with such an unacceptable payload. I use other software that dials home such as vBulletin. To the best of my knowledge no registered user has ever been locked out of that and where problems have occurred the publisher has gone to great lengths to resolve things on a one to one basis.

Dangerjunkie · Sep 13, 2009, 18:50:36

Hi,

Another time (again in Baghdad) someone had bought a machine for the office at the computer market. The machine was built from parts rather than being a pre-built box from a recognised manufacturer. I discovered the copy of Windows on it was hookie so I sent my assistant to the computer district to buy a genuine copy (The company is a big copyright owner and it would be the height of hypocrisy to steal other people's stuff whilst expecting people to respect our copyright.) He visited every store in the computer district and couldn't find a genuine copy. The shop owners couldn't understand why on earth we wanted to spend $180 on a genuine copy of Windows when they had copies to sell us for $1.

Most machines I've seen on sale in the Middle East have been shop's-own build rather than pre-builds from big vendors. I would say that at least 90% of machines are like this and given the above attitude to software I could be pretty sure that the vast majority of those are running pirate Windows. We're looking at some of the least experienced user communities in the world (The Iraqis, for example, didn't have computers until about 4 years ago.) These machines won't be running genuine, subscribed antivirus and with WGA restricting their access to updates the computers are going to be infected with just about everything going. We've noticed at work our Arabic translators' machines getting infected far more than the English speakers and malware gangs seem to be targeting Arabic websites. The surge in connectivity in the Middle East and Africa is putting more machines online and increasing the problem.

For these reasons I view WGA as an act of selfishness. It is preventing machine updates thereby increasing the number of infected machine bombarding us with spam and contributing to crime.

Cheers,
Paul.

*edit: fixed typos

Rik · Sep 13, 2009, 18:54:26

Well said.

Ray · Sep 13, 2009, 19:08:13

Seconded.

Gary · Sep 16, 2009, 08:11:13

esh · Sep 16, 2009, 15:59:58

I can't help laughing at "WGA". I mean, I can kind of see where management were coming from when they implemented it, but as for the PR department... it is the most creepy and insidious name ever for a piece of software that effectively is there to "let you use your legally purchased OS". Yes, the genuine advantage is you can use what you bought and your computer won't get screwed up! ...... maybe. If it's a good day.

Rik · Sep 16, 2009, 16:05:00

You old cynic, you.

esh · Sep 16, 2009, 17:28:04

Please insert Disk 1 of Microsoft Orwell 84.

Rik · Sep 16, 2009, 17:29:59

At least that was worth reading...

Sebby · Sep 16, 2009, 18:24:28

I know what you mean, esh. There's no advantage to users, genuine or otherwise; only to Microsoft.