Is Microsoft’s WGA spyware?
p2p news view / p2pnet: Luke: "You lied to me. You said that Darth Vader killed my father." Obi-Wan: "When Anakin Skywalker turned to the Dark Side of the Force, the good man that was your father ceased to exist. So, what I told you was the truth — from a certain point of view." ~ Star Wars: Return of the Jedi – 1983
Pat (to Mystic Seer): "You’re just a stupid piece of junk, aren’t you?" Don (reading response): "It all depends upon your point of view." ~ Twilight Zone ("Nick of Time") – 1960
Lauren Weinstein uses the above quotes to kick off his blog on the Windows Genuine (Dis)Advantage effort. >>>>>>>>>>>>>>>>>>>>>>>>
Microsoft Responds Regarding Windows XP Update vs. Spyware
By Lauren Weinstein – Vortex Technology
In yesterday’s blog posting, I asked the implicit question: "Is Microsoft’s update of their ‘Genuine Advantage’ OS validity verification tool behaving as spyware?"
Within hours of that text becoming widely public, I received e-mail and a call from the director and the senior program manager for Microsoft "Genuine Windows" (their anti-piracy division). We three had a lengthy and friendly chat, and I believe that I can now answer this question. However, as you have probably already guessed, the answer is, "It depends upon your point of view."
And perhaps of more importance, it’s not clear that the spyware question alone is really the key issue in this case, since this is all part of a larger MS anti-piracy effort with broader implications for all concerned. In the long run, the real issues are clarity and control, as we shall see.
Microsoft has major piracy problems, on a massive scale – this we all know. They have been ramping up their infrastructure to prohibit "non-validated" copies of Windows XP from installing non-critical software updates. What many people don’t realize is that MS does not consider validation to be a necessarily permanent state. Even after a copy of XP has been validated, MS may choose to "revoke" that validation (via communications with their Windows Update site) at a later date if activation codes are found to be pirated in the future.
Why is the new version of the validity tool trying to communicate with MS at every boot? The MS officials tell me that at this time the connections are to provide an emergency "escape" mechanism to allow MS to disable the validation tool if it were to malfunction.
While most users will routinely accept the tool update from Windows Update, MS considers it to be (for now) an optional upgrade as part of a pilot program, as described in accompanying license information that (as we know) most users will never read. (I should note that while these materials do discuss Internet connections, they do not appear to notify users that the updated tool will make multiple connections to MS at various intervals, even on systems that are already validated.)
I was told that no information is sent from the PC to MS during these connections in their current modality, though MS does receive IP address and date/timestamp data relating to systems’ booting and continued operations, which MS would not necessarily otherwise be receiving.
Apparently these transactions will also occur once a day if systems are kept booted, though MS intends to ramp that frequency back (initially I believe to once every two weeks) with an update in the near future. Further down the line, the connections would be used differently, to provide checks against the current validation revocation list at intervals (e.g., every 90 days) via MS, even if the user never accessed the Windows Update site directly.
Can you safely block the tool from communicating with MS using ZoneAlarm or another third-party firewall? The answer appears to be yes. I’m told that if the tool can’t communicate with MS, validation checks will be made the next time the system communicates directly with the Windows Update site, in the same manner as has been done up to now since validation began.
We can argue about whether or not the tool’s behavior is really spyware – there are various definitions for spyware, and the question of whether or not you feel that the notice provided at upgrade installation time was sufficient is also directly relevant. I believe that the MS officials I spoke to agree with my assertion that additional clarity and a more "in your face" aspect to these notifications in such cases would be highly desirable.
But this is where an even more important question comes into play. Microsoft (and other software vendors) are moving inexorably toward a more "distributed" computing model where users are really "renting" software services, rather than buying commodity software products. The "rental" model implies long-term vender control over the use and applications of such software, with associated communications between user PCs and vender servers for ongoing authentication and other purposes.
The entire concept of authentication revocation will be utterly foreign to many users, who are used to assuming that once they’ve bought something that they believe to be legitimate – and that in fact has initially been verified as legitimate – it’s then theirs forever and can’t be disabled or restricted later.
And as we’ve now seen yet again, the communications issues associated with the rental/service model introduce a range of both real and perceived privacy factors and concerns that we’ve hardly yet begun to explore in depth as technologists or as a society.
One thing is certain regardless of your point of view – the sorts of issues that relate to this particular case are but harbingers of what’s to come, in terms of capabilities, controversies, risks, and more. The old models are dying, and if we don’t get ahead of the curve by understanding and properly framing the new models, we are likely to be very sorry after the fact.
==================
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
NOTE: p2pnet is being sued by Sharman Networks and Nikki Hemming, ceo of p2p application Kazaa. "The suit is a little odd, since P2PNet.net is a champion of peer-to-peer file-sharing, which is the same business that Kazaa is in," says The Globe & Mail. If you’d like to help p2pnet, or find out more, please go here.
June 9th, 2006 at 11:52 pm
It can not be closed with ctrl-alt-delete and it can not be uninstalled.
June 10th, 2006 at 6:08 am
It can be uninstalled, but it’s a process. M$ doesn’t provide an uninstaller or a “How to”, but if you type “WGA removal” into a search engine you will find a guide to manually remove it. It basically involves starting up in safe mode, deleting about 3 files in the system folder and some registry entries. Also, if you type “WGA” in the search box at Isohunt a removal tool will come up, though I’ve never tried it and can’t say for sure if it works or not. I don’t allow automatic downloads or installations and I refuse to install WGA, so I’ve had no need to try this tool, but it’s there.
As far as I’m concerned, if it phones home without my knowledge and approval… it’s spyware. Peerguardian blocks all my computer’s attempted contacts with M$ anyway.
June 10th, 2006 at 7:12 am
So protect yourself from the self-serving Monopolists who spy on your computer and dare to presume they can legally disable your computer. It’s not theirs. Period. Keep your fzcking hands OFF my system.
These business practices is what drives me so far away from Microsoft. Macintosh and Linux machines don’t spy on me.
For those of you who want to keep using Windows but want a modicom of privacy restored, go to this site and learn to use this free tool
http://www.xpantispy.org/
Rock on….
June 10th, 2006 at 7:15 am
The fact that the WGA installed AUTOMATICALLY on my Pc, without my permission.
I’ve always had updates set to downlaod them fo me, but I’ll choose what to install (so I don’t have to install some of the crap they try to force upon you). It’s always been like this, and always will be.
Yet when I come back to my computer, I see it trying to automatically restart (with one of those 5 minute countdown boxes and a simple “restart later” button there, one of those boxes that appears every 5 minutes as well!)
I forgot all about this, went down stairs, come back up to see my computer at the logon screen. And what do I see? A Nice big stain on the bottom right.
Somehow it had defied my wishes of letting me choose, installed itself, then automatically restarted my PC without my permission to completethe installation… and I know I’m not the only one to have ti installed this way…
Was not best please….
huds601
June 10th, 2006 at 8:11 am
I think it’s time to change your settings. When they came out with SP2 I read they were doing the same thing and changed my update settings to only notify me about new updates and I’ve avoided 3 bad installs now because of it. If you read my previous reply up above it can be removed. Another way to get rid of it, that I forgot to mention, is through system restore.
June 10th, 2006 at 9:03 am
Did a quick search and I can not find Microsoft is registered to such an activity within Europe. Which means they are in breach of data protection laws in Europe.
In fact they are in breach data protections laws within Europe if they software doesn’t allow you to turn it off. I doesn’t matter about 3 parts tools. In fact in Europe it HAS to turn off be default.
This is bigger then SONY BMG Rootkit spyware issue!
And to top it of they are selling there “OneCare” I wonder if shows it up Spyware, I bet not. Well there you have Spyware is not Spyware if from Microsoft!
June 10th, 2006 at 9:38 am
i installed it a couple of months ago because i thought it wqould be better than getting popups and warning and having to search for the registration numbers.
now after reading all of this, i went to the control panel and saw that it cannot be uninstalled – unless i do a system restore before the date i installed it – which would be a pain in the ass and i’m not even sure it would work on the wga.
i went to the update page looking for any info on it, as well as a possibility to uninstall it. all i found was a new update for the wga.
i won’t be installing it unless it, and all previous versions, can be uninstalled.
June 10th, 2006 at 12:53 pm
System restore will work. It is one option. Also as I stated in another comment up above:
It can be uninstalled, but it’s a process. M$ doesn’t provide an uninstaller or a “How to”, but if you type “WGA removal” into a search engine you will find a guide to manually remove it. It basically involves starting up in safe mode, deleting about 3 files in the system folder and some registry entries. Also, if you type “WGA” in the search box at Isohunt a removal tool will come up, though I’ve never tried it and can’t say for sure if it works or not. I don’t allow automatic downloads or installations and I refuse to install WGA, so I’ve had no need to try this tool, but it’s there.
June 10th, 2006 at 1:29 pm
http://antiwpa.org.ru/
June 10th, 2006 at 3:49 pm
i saw your earlier message after i posted mine.
i also don’t allow automatic updates and downloads, and i had chosen the wga for the reasons i said before.
i don’t like messing around in system folders so if anyone has used the tool successfully, please let us know here or by email.
February 26th, 2007 at 5:41 pm
February 26th, 2007 at 5:52 pm