Windows Genuine Advantage

Windows Genuine Advantage (WGA) is a program initiated by Microsoft that requires users of Microsoft Windows to validate their copy of several Microsoft operating systems when accessing several Microsoft Windows services, such as Windows Update, and downloading from Microsoft Download Center. Previously voluntary, it became mandatory for use of these services in July 2005.
 

WGA Software

When a user installs WGA, an Internet Explorer Add-on is added entitled "Windows Genuine Advantage." In early releases this could be readily disabled with the IE Add-on Management feature. A Windows Group Policy was added by later updates, causing this option to be unavailable by default - but still accessible if the policy was removed. As of May 2006, the latest update blocks management by some other means, possibly hard-coding WGA as an exception in the Add-on Manager.

The program uses either a stand-alone program to generate a key or an ActiveX control to discover if the license key is valid. If WGA determines that a user's copy of Windows was unauthorized, and the CD appeared genuine (including the holographic emblem present on real copies of Windows), then Microsoft will supply the user with a new CD. Microsoft also offers discounts to people who want to purchase a legitimate copy of Windows, but do not have a valid CD. Microsoft has indicated that they will continue to deliver critical security updates through their Automatic Updates service as well as on the Microsoft Download Center. The company does plan to make installation of WGA a requirement for use of Automatic Updates in part to be sure that customers who use support resources of the company are aware when their software is unlicensed or counterfeit. Although installation of WGA will be required for use of Automatic Updates all systems including those that fail to pass validation will receive critical security updates.

Beginning April 25, 2006, Microsoft began distributing Windows Genuine Advantage Notifications[1] as a "critical update" KB905474 to millions of Windows users. Users with unofficial copies will be exposed to alerts[2] at startup, login and during use of the Windows OS stating that they do not have a genuine copy of Windows. Users with legitimate copies will not see the alerts. On May 23, 2006, Microsoft updated the program, closing some forms of circumvention, but reportedly not all[3]. It was updated again on May 30, 2006, June 6, 2006 and June 27, 2006 though some forms of circumvention are still usable. The latest versions do not roll out world wide at the same time - the dates given are the earliest dates on which the versions appeared, so the actual version being offered in some places will be an earlier version than the latest release. It is still possible to opt-out of receiving this update using the "do not show" option at the Windows update site.

Microsoft has also launched the Office Genuine Advantage program, which validates installations of Microsoft Office.

Circumvention and DMCA

In the US, the Digital Millennium Copyright Act criminalizes production and dissemination of technology that can circumvent measures taken to protect copyright, not merely infringement of copyright itself, and heightens the penalties for copyright infringement on the Internet.

In September 2005, Microsoft filed lawsuits against a number of companies that sold unauthorized copies of software to unsuspecting consumers. The cases are important because the leads came from customers who learned they had counterfeit software from the Windows Genuine Advantage program [4].

On November 16, Microsoft released a standard Netscape WGA plug-in to complete the Windows validation process from Firefox and other non-Microsoft browsers [5] - although it does not use the Firefox extensions system, and thus is not supported by the latest version of the browser. Another workaround was released on December 25 to bypass WGA authentication by using a valid hash generated by a remote system. Microsoft responded with a cease and desist letter to the website host, and the workaround was taken down on January 6, 2006. Many people continue to validate on the Microsoft website from a public computer using a genuine copy of Windows, then write down the hash and continue to use it at home or work. As of June, 2006, Microsoft has not devised a way to prevent this method of circumvention. On May 4, 2006 Microsoft announced lawsuits for allegedly distributing unauthorized copies of Windows against eDirectSoftware of Montana, and Chicagoland resellers Nathan Ballog and Easy Computers [6].
 

Windows Genuine Advantage Notifications and Firewalls

Notification on the User Selection screen.

Some personal firewalls, though not the basic one in Windows, may alert on the method by which wgatray.exe is started, in the case of Outpost firewall, it is identified as a "hidden process". The wgatray.exe process itself can be firewall blocked, without apparent problems. Removing the reference to WGALOGON.DLL using HijackThis appears to effectively de-install this update, to the point where it will be offered again if it has not been marked "do not show".

A tool has been released by a firewall vendor to prevent WGA Notifications transmitting information from one's PC [7].

On Windows XP, under User Accounts in Control Panel, it is possible for an administrator to change the option of using the Classic Login Screen as an alternative to the Welcome Screen. It is suggested that when using the Classic Login, the prompts are not as frustrating as the graphics on the Welcome Screen.
 

Spyware accusations

The notification tool has been accused of spyware-like behaviour[8], "phoning home" on a daily basis [9] - Microsoft subsequently admitted the behaviour [10], but denied that it amounted to spyware[11]. Following pressure, Microsoft announced that in future the tool would only 'phone home' once every two weeks, instead of every day.[12] While Microsoft does not provide a proper method for uninstalling this piece of software, users concerned with privacy issues may manually uninstall the software by removing the executable files [13].

Microsoft is being sued[14] under anti-spyware statutes over WGA's non-disclosed "phone home" behavior. The outcome of the lawsuit has not been determined.
 

WGA Notifications to become mandatory?

Ed Bott reports on his blog a Microsoft tech support rep indicating that this fall, Microsoft plans to disable systems that are not running WGA Notifications. When Bott inquired about the issue, a Microsoft spokesperson indicated solely that "as the WGA Notifications program expands in the future, customers may be required to participate"[15].

In response to Mr. Bott's claims Microsoft denies having plans to disable systems that are not running WGA.

References

1. Microsoft.com - Description of the Windows Genuine Advantage Notifications application, retrieved 13th June 2006
2. Digital Inspiration - WGA Notifications, retrieved 13th June 2006
3. smh.com.au - Microsoft back to drawing board on piracy (sic), retrieved 13th June 2006
4. Microsoft.com - Microsoft Files Lawsuits to Protect Consumers and Software Resellers, retrieved 13th June 2006
5. Digital Inspiration - Windows Genuine Advantage supports Firefox, retrieved 13th June 2006
6. InformationWeek - Microsoft: Users may have to prove legal Windows use, retrieved 13th June 2006
7. The Register - How to stop Microsoft's WGA phoning home
8. Lauren Weinstein's Blog - Windows XP update may be classified as 'spyware', retrieved 13th June 2006
9. Microsoft's antipiracy (sic) tool "phones home" daily, retrieved 13th June 2006
10. Ars Technica - Microsoft admits Windows Genuine Advantage phones home, retrieved 13th June 2006
11. Lauren Weinstein's Blog - Microsoft responds regarding Windows XP update vs Spyware, retrieved 13th June 2006
12. ZDNet - Microsoft to ease up on piracy (sic) check-ins, retrieved 13th June 2006
13. Removing Genuine Advantage Notification | StaySecurePC, retrieved 28th June 2006
14. Lawsuit calls Microsoft's anti-piracy tool spyware | Seattle Post-Intelligencer, retrieved 29th June 2006
15. Is Microsoft about to release a Windows "kill switch"? | Ed Bott's Microsoft Report, retrieved 29th June 2006

Suggest this page to a friend