Microsoft draws fire for stealth test program

There have been some well documented articles around the web showing how upset Windows users are about the antipiracy tool Microsoft has called a “high priority” update where they pushed it out through Windows Update — out of cycle on top — to many Windows users.

This new stealth ‘prerelease’ (read: beta) software’s name is WGA Notification Tool.

Millions of Windows users may unwittingly be test subjects for an unfinished Microsoft antipiracy tool.

The software maker has been delivering a prerelease version of Windows Genuine Advantage Notifications software to PCs as a “high priority” item in the built-in update feature in Windows. The tool, also known as WGA Notifications, is used to validate the authenticity of Windows software installed on a PC.

The move is a first for the software maker. Microsoft normally asks people to join test programs before it initiates the download of any such trial software.

It is not a first according to Microsoft Monitor’s experience with WiMP 11 and the new URGE service, or the earlier version of WGA Notification Tool through One Care in May 2006 either.

Further, Microsoft Monitor also talks about Microsoft Live Mail that was recently rolled out:

About 3,000 Windows Live Mail Desktop testers will see contextual ads and keywords alongside their mail, whether from Windows Live Mail or another service. The new function is turned rather than turned off, with the user choosing to flip the on-switch, so to speak. Testers will get the feature and must turn it off if they don’t want it. Microsoft’s more typical software behavior is opt-out, to let the user decide whether or not to turn on the feature. The company contends that “turned on” is necessary for the Windows Live Mail Desktop beta and that no final decision has been made on opt-in versus opt-out. I want to call this out. No decision is a change, regardless of what Microsoft might eventually do, because the approach has been consistently choice–let the user decide.


“I don’t think that we have done it before,” David Lazar, director of the Windows Genuine program at Microsoft, told CNET on Monday. “WGA Notifications is a unique program.”

They say randomly selected Windows users, but I have seen this on several computers I have looked at in the last couple days as a Windows Update as a yellow shield alert in the system tray.

Plus just about everyone I have talked to on the Internet has also had this ‘presented’ to them or installed because of Microsoft’s shoddy Windows Genuine Advantage Installation Process.

In another article entitled “MS anti-piracy tools phone home, raising consent, disclosure and security questions,” David Berlind at ZDNet blogs, talks about this and also links to his previous article about the FIRST attempt, often failing of the WGA Notification Tool at the end of April 2006, entitled “Hackers working hard to circumvent Microsoft’s anti-piracy tech” where he says:

Included in the Windows Update that Microsoft pushed out to XP users at the end of April is a piracy checker that double checks the authenticity of your XP installation. For some odd reason, the update didn’t take place on my system until yesterday.

He wrote that article on June 1, 2006 and now less than two weeks later, this thing comes through again.

On my computer, on April 26th I believe it was, I installed the first of what I thought was the WGA Notification Tool because I felt compelled to do so in order to be able to continue to get Updates and downloads from Microsoft.The first time around, the WGA Notification Tool appeared to fail entirely although it said it installed successfully?! But the files and so forth that were supposed to be there and visible, were not there. Later they seemed to mysteriously appear.

Then on June 8, 2006, I was notified about it again — and again “out of cycle.” So I am thinking, wow, something must be wrong! Why am I getting this stupid thing again! I have a legitimate copy of Windows XP Pro. What gives?

Well, I read over the EULA and felt REAL uneasy about it, but from the EULA it gave the impression that you would not be able to get downloads from Microsoft if you didn’t do this. So I let it install. Boy, do I wish I had never done that. It can’t be removed! And now every day and upon every boot it runs. Upon boot, TCPView confirms that as one of the last things that loads upon boot, all of a sudden FOUR instances of WGA Tray show up, they do something on the Internet, and then they all disappear.

I posted about this on Scot’s Newsletter forums in a topic entitled “WGA and WGA Notification Tool – “from a certain point of view:”

—< <>>—

A new version of the Windows Genuine Advantage Notification Tool was recently downloaded out of cycle from Microsoft on my computer which got me wondering what was up. I installed it and all went well with the installation the first time with this installation of it, unlike the last time when it failed miserably.

I found this posting Windows XP Update may be classified as spyware on the Lauren Weinstein’s Blog and a further posting Microsoft Responds;

Microsoft Responds Regarding Windows XP Update vs. Spyware

Luke: “You lied to me. You said that Darth Vader killed my father.”
Obi-Wan: “When Anakin Skywalker turned to the Dark Side of the Force, the good man that was your father ceased to exist. So, what I told you was the truth — from a certain point of view.”
— Star Wars: Return of the Jedi – 1983

Pat (to Mystic Seer): “You’re just a stupid piece of junk, aren’t you?”
Don (reading response): “It all depends upon your point of view.”
— Twilight Zone (“Nick of Time”) – 1960

Greetings. In yesterday’s blog posting, I asked the implicit question: “Is Microsoft’s update of their ‘Genuine Advantage’ OS validity verification tool behaving as spyware?”

Within hours of that text becoming widely public, I received e-mail and a call from the director and the senior program manager for Microsoft “Genuine Windows” (their anti-piracy division). We three had a lengthy and friendly chat, and I believe that I can now answer this question. However, as you have probably already guessed, the answer is, “It depends upon your point of view.”

And perhaps of more importance, it’s not clear that the spyware question alone is really the key issue in this case, since this is all part of a larger MS anti-piracy effort with broader implications for all concerned. In the long run, the real issues are clarity and control, as we shall see.

Microsoft has major piracy problems, on a massive scale — this we all know. They have been ramping up their infrastructure to prohibit “non-validated” copies of Windows XP from installing non-critical software updates. What many people don’t realize is that MS does not consider validation to be a necessarily permanent state. Even after a copy of XP has been validated, MS may choose to “revoke” that validation (via communications with their Windows Update site) at a later date if activation codes are found to be pirated in the future.

Why is the new version of the validity tool trying to communicate with MS at every boot? The MS officials tell me that at this time the connections are to provide an emergency “escape” mechanism to allow MS to disable the validation tool if it were to malfunction.

While most users will routinely accept the tool update from Windows Update, MS considers it to be (for now) an optional upgrade as part of a pilot program, as described in accompanying license information that (as we know) most users will never read. (I should note that while these materials do discuss Internet connections, they do not appear to notify users that the updated tool will make multiple connections to MS at various intervals, even on systems that are already validated.)

I was told that no information is sent from the PC to MS during these connections in their current modality, though MS does receive IP address and date/timestamp data relating to systems’ booting and continued operations, which MS would not necessarily otherwise be receiving.

Apparently these transactions will also occur once a day if systems are kept booted, though MS intends to ramp that frequency back (initially I believe to once every two weeks) with an update in the near future. Further down the line, the connections would be used differently, to provide checks against the current validation revocation list at intervals (e.g., every 90 days) via MS, even if the user never accessed the Windows Update site directly.

Can you safely block the tool from communicating with MS using ZoneAlarm or another third-party firewall? The answer appears to be yes. I’m told that if the tool can’t communicate with MS, validation checks will be made the next time the system communicates directly with the Windows Update site, in the same manner as has been done up to now since validation began.

We can argue about whether or not the tool’s behavior is really spyware — there are various definitions for spyware, and the question of whether or not you feel that the notice provided at upgrade installation time was sufficient is also directly relevant. I believe that the MS officials I spoke to agree with my assertion that additional clarity and a more “in your face” aspect to these notifications in such cases would be highly desirable.

But this is where an even more important question comes into play. Microsoft (and other software vendors) are moving inexorably toward a more “distributed” computing model where users are really “renting” software services, rather than buying commodity software products. The “rental” model implies long-term vender control over the use and applications of such software, with associated communications between user PCs and vender servers for ongoing authentication and other purposes.

The entire concept of authentication revocation will be utterly foreign to many users, who are used to assuming that once they’ve bought something that they believe to be legitimate — and that in fact has initially been verified as legitimate — it’s then theirs forever and can’t be disabled or restricted later.

And as we’ve now seen yet again, the communications issues associated with the rental/service model introduce a range of both real and perceived privacy factors and concerns that we’ve hardly yet begun to explore in depth as technologists or as a society.

One thing is certain regardless of your point of view — the sorts of issues that relate to this particular case are but harbingers of what’s to come, in terms of capabilities, controversies, risks, and more. The old models are dying, and if we don’t get ahead of the curve by understanding and properly framing the new models, we are likely to be very sorry after the fact.


Posted by Lauren at June 6, 2006 09:40 PM

red emphasis at the end of posting mine.

—< <>>—

There have been some great responses there including the following links:

Rons: Infoworld article by Robert Cringley

Ed Foster’s Gripelog link that Cringley posted is great too:

Windows users who download Microsoft’s new Windows Genuine Advantage (WGA) Notifications application aren’t just agreeing to have anti-piracy nagware installed on their computer. They are also agreeing to the harshest Microsoft End User License Agreement I have ever seen, and that’s saying something. Not only does Microsoft place restrictions on your right to criticize the software, it won’t allow you to uninstall the software or to test it in an operating environment.

And his wiki link to the WGA Notification Tool EULA which makes it very clear that MS has all rights and the user has NONE.

As far as I can see … this is just the training wheels for Vista, and by extension for the new FULLY DIGITAL ERA … welcome to software/hardware police, music/movie police, Broadcast Flag (to keep you from skipping commercials or watching something they don’t want you to watch – no fair use), Plugging the Analog Hole (so there’s no fair use left at all), total vendor control over the new RENTWARE which is all that will be left if they can get the last of the marbles in place, and Microsoft knows it.

(See our posting entitled: Output Content Protection – DRM – and Windows Vista)

They are weaning users into the ‘inevitability’ — in their corporate minds — for accepting this load of crap.

And the worst part about it … this whole load of crap has been sold as a bill of goods to OUR OWN government (that is supposed to be of, by and for The People); and wonder of wonders (the new software/hardware police for corporate america) bought and paid for by our tax dollars….oh, and the lobbyists.

And why are the citizens sitting back and letting this happen? I have no idea.

I don’t think the agenda has changed one bit and I also think that computer and other technology development companies — with their hardware, software, operating systems, EFI to replace BIOS, PVP-UAB, Trusted Computing Modules TPM, PVP-OPM playing right into the ‘entertainment cartels’ hands…and why? Because it fits in with THEIR PLANS AS WELL. It will make rentware software, music and movies, television and radio all that much easier .. and that doesn’t even begin to address the dangers to privacy and more! (1, 2, 3, 4, 5).

And you can bet that by the time, the ‘this OS is expired’ ‘hit’ goes out for Windows XP, many will just cave and buy the next Windows because they will be even more dependent upon them with their One Care, their Windows Defender, MS Office, IE browser — and as Lewmur mentioned even many ‘required’ websites are built only for IE such as in the medical field (which is an excellent example) — and Microsoft and the entertainment cartels just can’t wait for that to happen because all their little chess pieces will be in place with Vista and all the entertainment center hardware for the most part will be in place by then, they think.

People’s need to have the latest, greatest thing will be their undoing. One must have the latest music, movies, games, software, hardware!

This is just another notch in the ladder toward the total rentware philosophy that corporate america as been pushing for — remaking their cash cow (out of their current and future users, consumers) and that is one of the biggest problems with this WGA Notification and the constant daily (or 14 day if/when they move it to that) — there is NO reason to daily, weekly, bi-weekly, monthly or even annually, or on every boot REVERIFY already verified LEGITIMATE users.

And thanks to Specmon at Scotsnewsletter Forums for this great article at Groklaw:

Microsoft’s Calling Home Problem: It’s a Matter of Informed Consent

Yes, there is coming a time … my crystal ball is getting much clearer … soon I will see no more Windows in my future.

Tag Cloud

%d bloggers like this: