Slashdot Log In
A Different Kind of WGA 'Problem'
Posted by
ScuttleMonkey
on Wed Aug 09, 2006 05:46 PM
from the foolproof-just-found-a-better-fool dept.
from the foolproof-just-found-a-better-fool dept.
Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. From the article: "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right."
Related Stories
[+]
Download From Microsoft Without a WGA Check 195 comments
Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."
[+]
Your Rights Online: WGA — Too Many False Positives 268 comments
An anonymous reader writes, "Microsoft insists that its Windows Genuine Advantage anti-piracy program is nearly flawless. But that's not the impression you get when you visit the company's WGA Validation Problems forum. Ed Bott at ZDNet went through 137 problem reports submitted there during a two-week period, each one accompanied by the output from the official Microsoft diagnostic utility, and found that 42% of the people reporting problems were actually running Genuine software. From the article: 'One large group consists of people who, for some unexplained reason, were displaying cryptographic errors related to digital signatures. The problem is so common, in fact, that Microsoft representatives have a canned response they paste into replies to forum visitors who appear to be showing false positives caused by these errors.' In a related story, the first WGA errors from Windows Vista and Office 2007 have appeared in the wild."
This discussion has been archived.
No new comments can be posted.
A Different Kind of WGA 'Problem'
|
Log In/Create an Account
| Top
| 348 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
A solution to your problem (Score:5, Funny)
I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try.
Here you go! [bsa.org]
Re:A solution to your problem (Score:5, Informative)
BSA is for proprietary violations.
Re:A solution to your problem (Score:5, Insightful)
Re:A solution to your problem (Score:4, Interesting)
(http://www.kibbee.ca/)
Re:A solution to your problem (Score:4, Interesting)
Fortunately for me:
* I did not use at that time and I do not use now unlicenced software, nor did the company I worked for at that time use unlicenced software.
* The law in my country would not put me in jail for using unlicenced software (only a fine).
* BSA do not have the right to make inspections in my country. They can log a complaint and have the police come to me.
Still, I was responsible for IT, and had to receive the letters, read them and explain to my betters what were those letters about every two weeks. I did not enjoy being threatened to be put in jail, being acused of stealing, and being taken for a full. The letters stopped arriving when I answered one of them, asked BSA to explain me why they think they have the right to do what they threatened to do, and had the word "lawyers" in that reply.
Why are they con artists ? I was in their database because my company already bought the software they claimed to "protect". BSA are lazy, at least around here: they don't look for infringers, they just pound honest people with threats in order to have something to report to their sponsors. BSA does not look for the interests of their sponsors, only for the money they pour into BSA for those "awareness campaings" etc.
Unfortunately for their sponsors,
after my experience with BSA:
* I don't buy or recomend to the people in charge to buy software from the companies members of BSA. There is always a good enough alternative, and running the risk of getting in the spotlight of BSA is not worth the trouble.
* I still think it's lame to use "pirated" software, but I am kinda glad so many people do it, as far as the sponsors of BSA are concerned.
* I run a clean shop, free as in free speech.
Post the key! (Score:5, Funny)
Corporate (Score:4, Informative)
(Last Journal: Friday January 30 2004, @06:40PM)
Re:Corporate (Score:5, Informative)
(http://www.fimble.com/)
Re:Corporate (Score:5, Interesting)
Re:Corporate (Score:5, Interesting)
(http://www.elflord.net/ | Last Journal: Monday March 19 2007, @10:35AM)
Re:Corporate (Score:4, Informative)
(Last Journal: Monday September 25 2006, @01:19PM)
However what might be happening (Score:5, Informative)
However just installing a copy of corperate unlicensed won't do anything. It doesn't activate and there's not a hard limit check.
To really test WGA you need to do something like get a known pirate key or take a non-volume copy of XP and install it on more systems than you are allowed to.
Re:However what might be happening (Score:5, Interesting)
Re:However what might be happening (Score:5, Informative)
(http://www.manitcor.com/)
Re:However what might be happening (Score:5, Insightful)
(http://sharpy.xox.pl/ | Last Journal: Wednesday September 14 2005, @02:12PM)
>pirate key or take a non-volume copy of XP and install it on more
>systems than you are allowed to.
Nope. That's what you need to trigger it.
To test it, you take most obscure cases of license violation plus most convoluted cases of legal use.
And then as result the test shows WGA is hopelessly broken.
Re:Corporate (Score:5, Interesting)
(http://www.chem.wsu.edu/ | Last Journal: Friday September 15 2006, @01:48PM)
Re:Corporate (Score:5, Interesting)
I work for a university, and I have a Windows XP laptop (university property) installed using our school of engineering key (we have a site-wide license). Is that a "corporate" version? Anyway, I had not booted that laptop in Windows in a LONG while, since I had been mostly using it with another hard drive with SuSE linux installed.
Recently, I booted it, and gave my ok to its doing 18 Windows Updates (techstaff won't support my laptop unless I do the updates). After doing the updates (from my home, I am not sure if this is relevant), Windows now claims that the copy is pirated.
Since it is certainly not pirated, I decided to simply not bother with it. The fun part is that in some couple of weeks, I am going to give a talk at Microsoft with that laptop... and no, I don't plan to fix it before then!
Re:Corporate (Score:4, Informative)
Re:Astounding logic (Score:5, Insightful)
(http://slashdot.org/~insanecarbonbasedlif/journal | Last Journal: Thursday November 08, @11:59AM)
That logic doesn't really follow at all. Anyhow, in tests like these, if you want to diminish false positives, then false negatives usually increase. We should be applauding Microsoft for not being overzealous.
But then again, this is slashdot. MS never gets applause here. At most a murmur of reluctant approval.
Re:Astounding logic (Score:5, Insightful)
(Last Journal: Tuesday January 30 2007, @08:29PM)
Re:Astounding logic (Score:5, Informative)
This is false. Machines that fail WGA cannot download OPTIONAL/NON-SECURITY RELATED updates. Security updates have been, and always will be, available for download by ANY machine regardless of its legal state.
Despite the fact that your claim has been echoed by many, many others, it remains false.
Who are the developers (Score:5, Insightful)
(http://slashdot.org/ | Last Journal: Wednesday April 28 2004, @12:34PM)
Are the best and brightest out there the ones that get stuck with this task? I would think it'd be the interns and that developers everyone hates that get the fun task.
I've used products that had good licensing tools. Keys that you enabled online, and enabled a number of users etc. Everytime it seems like it comes out of some smaller software company with small bright teams. I'm guessing in these cases the senior level codes and maybe even the whole team got involved.
Anyone out there have expierence writing key checkers and other piracy related pieces of functionality?
Re:Who are the developers (Score:5, Insightful)
(http://stage6.divx.com/)
I _hate_ crap like that. I use DriveCrypt for encryption (from securstar.de), and it has the most horrific license system I've ever had the displeasure to use. You have to activate your software and lock it to a computer, then if you want to use it on an alternative computer you have to uninstall it on the first, then enter a "deactivation" code on the website, then finally you can reactivate on the new PC. God forbid you should format one of your computers forgetting to deactive your license first. I even had a problem where a new version of the software wouldn't accept the current activation on the system. I had to uninstall the newer version, re-install the older version, uninstall it and de-activate, then install the new one again and activate it. At that point I was like "JFK!", and no, that's not a reference to Kennedy.
Lets face it: People hate activation, and for a good reason. It doesn't stop piracy. It doesn't really reduce piracy either. All it does it cause perpetual headaches to your legally licensed customers. I work on software products and was partly responsible for redesigning our software registration system, which used to also use online activation. We stripped out the 'activation' element and sales didn't drop at all, however the volume of support traffic that we had to handle due to activation issues (the largest type of support incident by far) dropped to almost nothing. Our customers were much happier people.
Secrets to succesful system: 1) Make a good product, 2) Don't extort your customers, 3) Make the registration process simple.
An example of a good registration system: I recently bought Sonar 5 from Cakewalk. It came with a serial code in the DVD sleave, which you punch into Cakewalks' website in exchange for a registration code that can be used perpetually. That's it. Simple. Cakewalk get their registration info, you get to use the software you just paid hundreds of dollars for as you want. Sure, there is an element of trust involved in that, but hey, you just paid a few hundred bucks. Maybe they ought to trust you after that. By comaprison, other similar software I have licenses for is heinous. Cakewalk earned a lot of respect from me because of this.
Pirates will pirate. People with morals who wish to support your work will pay where they can. Respect your customers.
Re:Who are the developers (Score:4, Informative)
(http://mirror.cs.vt.edu/ | Last Journal: Tuesday April 13 2004, @11:24AM)
Right, and people don't realize - no matter how complex the security lockout on the door, the pirates go in throught the window.
Which of these is harder to pirate?
Scenario 1:Scenario 2:The Pirates simply take out all the crap between "Start game" and "Play game", using decompilers and jump tracers and a bunch of crap that I don't know how it works, but get the general idea. They don't "defeat" the security. They just sidestep it. But the rest of us still have to deal with "you're not connected to the interweb tubes, you can't play this game".
~Wx
PS Yes, starforce supposedly is impossible to break. Except that it gets its grubby hands in to your computer and causes massive problems, including hardware failures, system instability, and blue screens.
Re:Who are the developers (Score:5, Insightful)
(http://web.lemuria.org/)
Except that there are torrents of every single starforce game ever around, and they all come with either cracks or mini-images, and there are at least a dozen competing "anti-starforce" tools.
Starforce is sold as being impossible to break. In the end, it's not any better than anything else.
Re:Who are the developers (Score:5, Informative)
(Last Journal: Thursday May 04 2006, @10:41PM)
The only way to stop the re-emergence of copy protection schemes (as were the craze in the mid 1980's with things like pro-lock) is to stop buying their products, instead relying on open source whereever the task at hand allows. DriveCrypt is one of things that you can easily get rid of. WGA is a little harder, but it's day will come.
This is surprising (Score:3, Funny)
(http://otlowski.com/)
Funny that... (Score:5, Funny)
(http://wot.narg.googlepages.com/)
Re:Funny that... (Score:5, Funny)
Many people just use their employeer's key (Score:3, Informative)
Re:Many people just use their employeer's key (Score:4, Interesting)
Those machines are likely set up with a corperate VLK, so the key on the sticker is not in use (and the company has arguably paid twice for their software, so those licences are "spare" too...).
I'm just worried that I'll buy (Score:3, Insightful)
How do ypu prove that you're not a pirate if MS says you are?
Re:I'm just worried that I'll buy (Score:4, Insightful)
http://www.betanews.com/article/NonLegit_Windows_
Re:I'm just worried that I'll buy (Score:5, Informative)
It's still a problem. (Score:5, Insightful)
(http://anti-slash.org/)
I personally know of at least half a dozen people who have subsequently either a) purchased a legitimate copy of Windows, b) downgraded back to their older, legitimate version or c) bought a Mac, because they lack the technical knowledge to keep up with the WGA arms race.
WGA is certainly going to reduce the level of Windows piracy. Unfortunately for Microsoft, it's going to do so because some people will move away from Windows altogether.
Simple fact is that WGA is utterly transparent and utterly irrelevant to most legitimate users, and even those it isn't, it isn't an issue for very long.
Re:It's still a problem. (Score:5, Interesting)
(http://www.hyperborea.org/journal/ | Last Journal: Tuesday September 11, @05:30PM)
I can't speak for "most legitimate users," but I can describe my own brief run-in with a WGA malfunction.
A few weeks ago, when the updated version of WGA was pushed out, my Dell-with-the-original-OS booted with a notice claiming that Windows was not genuine (despite the previous version of WGA reporting no problems). I grumbled about Microsoft's lying sack of *ahem* I mean, POS anti-piracy crap that couldn't tell a real copy of Windows from a fake one, then logged in, fired up a web browser, went to the Knowledge base, mucked around until I found a link that said something like, "Validate here"... and it said, "Oh, yeah, you're genuine. No problem, pal." (Actually, it's a Dell, so that would be "No problem, Dude.")
I spouted some variation of "WTF?" Then I rebooted the machine, just to check, and sure enough it said absolutely nothing about being a pirated copy of Windows.
I eventually concluded that Norton In(ternet)Security had probably blocked the initial validation attempt. With no desktop shell, I didn't have the chance to say "yes, let the damn packet through."
The whole process took maybe 10 minutes, but it was an annoying 10 minutes. I've had my share of frustrations with Linux,* but it's never told me I was ripping off RedSuMandrivuntu.
*My main PC is a Fedora Core box. My wife's main PC is a Mac. We share this Windows box, mainly for gaming.
I am having this same problem... (Score:4, Funny)
(http://geeksplosion.blogspot.com/)
Re:I am having this same problem... (Score:5, Funny)
Re:I am having this same problem... (Score:5, Funny)
(http://www.faqs.org/rfcs/rfc3675.html)
predictably -mostly the honest are inconvenienced (Score:4, Interesting)
Unfortunately -and predictably, in the course of 2 moves I have lost my activation key #s -I didn't glue them to my machines as recommended because I planned on moving the license to another, newer machine eventually.
Now I can't even finish the install without having to find some cracked key from some warez site. Then it won't let me install any security patches or Service Packs.
After the 30 days or whatever is up and I have to activate I then try the warezed key and am told that this key has been used too many times -Duh! a
and then I have to call MS support and get a new activation key from them. Fortunately they haven't given me too much grif, but its still a hassle.
Thanks to old flakey hard drives I have had to do this twice and now it has died a third time.
This time I said screw it and went to fry's and bought a new HP dual core media center PC for $750. so I guess MS won this round.....
But I will be trying this again since I have several more machines sitting around -I guess I'd better write down the key# the next time they give me one over the phone again. Does anyone know if the activation #s they give over the phone are 1-time codes or if they will work multiple times?
Has anyone had any luck just asking them for new activation codes?
-What's the speed of Dark?
Re:predictably -mostly the honest are inconvenienc (Score:5, Informative)
Once you have a working machine - activated and all - go to C:\windows\system32 and copy the files wpa.dbl and wpa.bak to secure off-computer location(s) like a USB key or even a floppy. When you need to reinstall XP due to HDD death or whatever, reinstall as normal with the key you used on the previous install (if you don't know the key, download Magical Jelly Bean Keyfinder, run it, and write down the key). After you install, boot into Safe Mode (hold down F8 at boot and select from the menu). Copy the old wpa... files back into your C:\windows\system32 directory.
-b.
Re:MORON! (Score:5, Informative)
(Last Journal: Monday November 28 2005, @09:58PM)
When the grandparent violated the terms of his license and installed Windows on a machine that is not covered by his license agreement with Microsoft, that installation of Windows became effectively "pirated".
I'm not saying that Microsofts OEM licensing scheme is a legitimate or morally correct form of business, but from a (IANAL) legal perspective, the guy violated his license agreement and then was completely astounded when WGA told him that he had violated his license agreement... (jokes about Microsoft software actually working well enough to do what it should aside...)
There is Anti-WGA cracks... (Score:5, Informative)
(http://spaces.msn.com/members/borgschulze/)
Feh! Windows XP Pirate Edition (Score:5, Informative)
(http://www.geocities.com/orion_blastar/contact/ | Last Journal: Tuesday April 03 2007, @07:19PM)
Want to really test the WGA? Use your original copy of Windows XP and search the Internet for a known CD-Key and install with that key that millions of other people have used. Then watch as the retail or OEM version of Windows with unpatched WGA files reports you as a pirate.
Ninja Pirate Hackers and Crackers have modified the WGA files with something called MSIL that is like assembly language. For example if a valid key is found, you might have a comparision done and a JNE to 2000:1345 which calls the part of the code that turns on the "Your copy of Windows is not legit" function. Turn that JNE 2000:1345 into a NOP and the comparison does not match and the program does not jump into the Anti-Pirate code. Or change it to a JE 2000:1345 and if a valid key is found it jumps to the Anti-Pirate code and if an invalid key it does not. Or just take the code at 2000:1345 that turns on the Pirated bit and fill it with NOPs. I am just guessing here, I could be wrong, but I think the pirated version of Windows and those WGA-Fix patches do those sort of things.
Meanwhile my legit copy of Windows XP has to have the WGA spyware on it to get updates from Microsoft. Yeah Windows Update and Microsoft Update require that I install WGA in order to use them. If not, no updates from the web. WGA trashed my fast user switching after it got installed. I can see the WGA files eating my system memory, CPU cycles, and using up bandwidth to report back to Microsoft, yes folks it is spyware. I would guess the pirate version of the WGA Fixed files remove the spyware as well.
Not only that I heard that the pirate version of XP has special tweaks and bug fixes that the retail and OEM versions do not have. Yet your chances of malware infections are greater with the pirate version, because you never know who last modified it before you got a copy. So beware.
can I get a link (Score:5, Funny)
(http://slashdot.org/)
Damn that Microsoft! (Score:3, Interesting)
(Last Journal: Wednesday August 09 2006, @07:09PM)
Why is this a problem for anyone but Microsoft (or those who have a perverse desire to be labeled as a pirate and then blog about it)? Do you suppose maybe he got a false negative because Microsoft is less willing to pull the trigger when in doubt?
Fraction of a percent... (Score:3, Funny)
Right. Remember, 3/2—or 119,990,000/2—is, after all, a fraction.
Just not a proper fraction.
Volume License Keys Always Pass The WGA (Score:5, Interesting)
e.g. HP has all the computers in the Sydney office running with one Volume License Key, now if someone were to leave HP's employ and continue to use the key MS would have no way of knowing so has to let it pass the WGA.
It has to just shrug and go well thats HP let it pass or risk annoying the hell out of a lot of HP people if they refuse it.
What MS shoudl do (Score:4, Funny)
Espeically since windows has become too complex for a purely software based solution to ever work reliably.
poor logic (Score:3, Insightful)
(http://www.taybin.com/)
It's okay... (Score:5, Funny)
It's okay, man. You don't have to prove yourself to us.
WGA - Microsofts Marketing at its finest (Score:3, Funny)
(http://slashdot.org/ | Last Journal: Wednesday November 07, @10:21PM)
Confidence and Peace of Mind
Your software is authentic, properly licensed and supported by Microsoft or a trusted partner.
Ongoing Improvements
You will get access to updates, enhancements, and innovations that help you protect and do more with your PC.
Capabilities You Expect
Your system will deliver the features, options, and performance you need to maximize your productivity and enjoyment.
Greatest PR/Marketing campaign ever. Don't you feel the Love?
Enjoy,
Who needs updates anyway? (Score:4, Informative)
I still have an unpatched Windows 2k SP3 box which has been running behind a firewall for the last 2 1/2 years. Still relatively fast and shows no evidence of malware infestation.
I can see updates being necessary on Server 2003, which is often quite buggy and needs patches for stuff to work, but an XP or 2k box doesn't desperately need the updates if it's used in a reasonably sane manner.
-b.
A simple bug (Score:4, Funny)
A 10MB mandatory patch should clear that one right up.
My WGA Issue (Score:3, Interesting)
(http://www.robbak.com/)
A client's laptop started complaining. I checked its key, and it did not match the key on the sticker. So I attempted to change the key. No go with MS's vba script. No go with the activation wizard (which is another suggested way to change it) - it stated that the key was invalid. Further 'hacking' with the activation wizard (No, I don't know what I did, but there was a maximum of three buttons I could have clicked, and one of them was 'cancel!') got me a key I could use on the phone, and, after telling a bored Indian the story ("Have you installed this software on any other machine?" - I swear that quoting a snatch of Alice in Wonderland would have succeded!) he coughed up the activation code. WGA no more, but my it's a drag!
If I charged them full price, It may well have been more than a new licence. Even so, it probably would have taken just as long to get it to accept the freshly bought key.
False positives waste hours of my work day. (Score:3, Interesting)
(Last Journal: Wednesday October 11 2006, @10:33PM)
Variant on WGA problems (Score:4, Interesting)
Had a problem last week that I'd never seen before...
I had to reinstall XP Pro at home, so duly provided my license key during installation. Much to my displeasure, I was then required to go through the whole WGA problem to get some critical security updates.
It flagged my license as a dud, and put my code on screen for me to see and sort out.
Except that it didn't put in my code - the one I'd set when I installed Windows - but a completely different code...