While Microsoft continues to both defend and roll out its spyware-like Windows Genuine Advantage (WGA) service around the world, the company is facing two WGA-related threats. First, security researchers have identified a software worm that disguises itself as WGA. Second, a new class-action lawsuit was filed against Microsoft, alleging that WGA is spyware and that Microsoft is misleading consumers about the technology.
WGA is a downloadable software service that Microsoft makes available via Windows Update and Automatic Updates. The service is divided into two components: WGA Validation, which checks to ensure that your PC isn't running a pirated version of Windows XP, and WGA Notifications, which is the piece that has raised privacy and security concerns. WGA Notifications was designed to display annoying pop-up alerts to users who are running pirated versions of Windows. But the software was also secretly phoning home to Microsoft servers every time an XP system rebooted. And Microsoft had made WGA a critical security update on Windows Update and Automatic Updates, despite the fact that it was until recently in beta. That means millions of users inadvertently downloaded unfinished Microsoft code to their PCs without understanding what they were doing and how the software behaved.
Since owning up to the software's clandestine behavior, Microsoft changed WGA Notifications so that it doesn't phone home on every system reboot. But the company also took WGA out of beta and began rolling out the service, automatically, to Windows users worldwide. A class-action lawsuit was filed in the state of Washington, alleging that Microsoft was violating California and Washington consumer-protection laws. Unfortunately for Microsoft, that was only the start of its WGA-related problems. Security researchers at Sophos identified a worm called Cuebot-K that disguises itself as WGA and is spreading via AOL's Instant Messenger network. The worm identifies itself as "wgavn" and "Windows Genuine Advantage Validation Notification," and is installed to run each time the system boots. If the user tries to disable the worm, he or she is warned that doing so could result in system instability. Behind the scenes, Cuebot-K disables the Windows firewall and opens a back door from which hackers could remotely control the PC, steal personal information, or launch Distributed Denial-of-Service (DDOS) attacks.
But wait, there's more. A group of companies and individuals has filed a second class-action lawsuit against Microsoft for delivering spyware to consumers in the guise of WGA and deceiving consumers about its intentions. The suit complains that WGA secretly communicates with Microsoft's servers and "gathers data that can easily identify individual PCs," contrary to Microsoft's assertions. Microsoft says the suit is without merit. "This distorts the real objectives of the [WGA] program and obscures the real issue, which is the harm to consumers posed by software piracy," a Microsoft spokesperson said. "As with all of our programs, we've gotten constructive customer feedback, the program has evolved, and we've made improvements. Microsoft continues its efforts to foster better communications with its customers."
Microsoft's anti-piracy tool, Windows Genuine Advantage (WGA), was recently found to be regularly contacting Microsoft without informing the user that such contact was taking place. Privacy advocate Lauren Weinstein discovered that WGA would attempt to contact Microsoft each time the computer was booted and daily if the computer was left running and not rebooted each day. On June 8, 2006 Microsoft announced that it had modified the latest version of WGA to only contact the company's servers once every two weeks. Nevertheless, a third-party has stepped in to prevent WGA from regularly contacting Microsoft's servers.
Firewall Leak Test, a site known for its testing of firewalls, published the RemoveWGA tool this month. RemoveWGA allows WGA to perform normal Windows validation to ensure a copy of Windows is not pirated version, but the tool then prevents WGA from contacting Microsoft at regular intervals by removing the notification components that are part of the WGA installation package. In July 2005 WGA became manditory in order to download some types of software and updates from Microsoft's Web site. In April 2006 the company launched an Office Genuine Advantage (OGA) pilot program for its Microsoft Office suite. The RemoveWGA Web page states that "the validation part [of WGA] is mandatory for some [none-critical] downloads from Microsoft, but the notification part [of WGA] is not mandatory at all, and you are able to install all of the security updates without [using the notification feature]." Microsoft announced on June 27 that it had completed its pilot for WGA. The company will now begin a phased rollout of the tool to Windows XP users worldwide. The company also stated that it had modified the End User License Agreement (EULA) for WGA and has made available a set of instructions for removing previous versions of WGA Notifications from affected computers. More info at: