Windows Genuine Advantage has all the earmarks of spyware. What should the average user do about it?
Become a Patron of Ask Leo! and go ad-free!
Hi everyone, this is Leo Notenboom with news, commentary and answers to some
of the many questions I get at askleo.info.
Windows Genuine Advantage, or WGA, has come under heavy fire lately. Among
other things, Microsoft has been accused of:
a) Using Windows Update, which claims to only download “critical updates”,
to download the decidedly non-critical WGA,
b) Designing WGA to contact servers back at Microsoft once a day – for
reasons that haven’t fully been disclosed, and …
c) Not telling you about all this up front.
In short, it has all the characteristics of spyware. Many folks are quite
upset, there’s even a lawsuit or two under way as a result.
The problem is that the goal of WGA – preventing software piracy – is
actually quite laudable. Unfortunately Microsoft dropped the ball on execution.
There are those who claim that this technology stands a high probability of
eventually harming only legitimate users trying to do the right thing, while
pirates continue to circumvent it. Not to mention the fact that Microsoft chose
to roll this out in a very secret and underhanded way.
If we’re to trust Microsoft, Microsoft has to trust us, the market, and be
open with what it’s up to, and why.
So what does this all mean for the average user?
Well, there are several folks out there who’re calling for a total avoidance
of Windows Update. Personally, that seems like an extreme over reaction. The
risks you take on by not getting the latest updates to me far outweigh the
“risk” of WGA.
My take on it is simple: the average user should do nothing. Or rather, the
average user should continue to use Windows Update as part of a comprehensive
approach to internet
safety. Let the pundits and the courts take this issue to its inevitable
conclusion. In my opinion, WGA does not currently represent any kind of threat.
Even if it ever would have, which I actually doubt, because of industry
publicity (and lawsuits), it’s now unlikely that it ever will.
As I said last week discussing Google’s new checkout service, it’s all about
trust. Perhaps more than any other company, Microsoft needs to understand this.
You’d think that by now they would. But given the blunder that is WGA, it’s so
clear that they do not.
I’d love to hear what you think. Visit ask leo dot info, and enter 10485 in
the go to article number box. Leave a comment, I read them all.
This is a presentation of askleo.info, a free on-line technical question and
answer service. Hundreds of questions and answers are online and ready to help
solve your computer problems.
26 comments on “WGA: Is it spyware?”
Hi Leo, great podcast. Now on to business. I’ve decided to join the crowds of the paranoid in avoiding the Windows Update website and WGA in any form. Here’s what I’ve done to keep myself updated and safe while doing that.
See my article at infopackets
You make a great case in here for WGA being spyware, then take it away on the other hand by saying MS has good intentions.
The term spyware may be inaccurate, but the end result is the same.
I made a 50% change to Linux several years ago and have been, actually quadruple booting every since – XP, Slackware (default), Fedora Core, and usually one flavor of the day. I am at 90% Linux usage now. With the exception of an occasional game, I have no use for Windows anymore. WGA just about has the coffin nailed shut.
The first nail in the coffin was when
I found out that I do not own the Microsoft software that I paid $200 for (XP retail version at first release), the fact that their license dictates that if I change my motherboard and processor, that it counts as a new computer and should buy another copy, or crawl to them and explain why I should be allowed to keep what I paid for.
What business do they have in checking my bios or cpuid? Could it be that it is needed when they seize your pc as evidence for the felony theft charge or civil suit?
Additionally, how about the extortion thing – answer yes or get no more “optional” updates. The whole logic of that begs the question: What does Microsoft ever actually give away anyway?
Will Vista require an oath of testimony, signed and notarized affidavit and fingerprints prior to purchase?
I don’t agree with you on this one Leo. I think MS not only dropped the ball, they punted it out of bounds! By doing this “update” in a sneaky, underhanded way, they have lost all the goodwill that they have built up recently, if any. I, for one, will not allow anyone, MS included, to phone home without my knowledge and consent. I have removed the phone-home aspect of WGA and set Zone Alarm to block anything else involving WGA from going out. I think MS owes all its honest users a big apology on this one.
I just bought an un-opened Sony Laptop for $1500 at compusa last Friday and it wouldn’t Pass WGA straight from the factory
Microsoft has sent 3-4 WGA updates to the same computer. I wonder why they need to check my system more than once.It still looks like spyware to me.
Probably, I should preface my remarks by saying I don’t work for Microsoft. The furor over WGA is unfortunate, if it motivates folks to turn off Automatic Updates entirely. It is, on the hand, amusing to see so many Google fans hopping on the bash Microsoft bandwagan. Clearly, there were problems with WGA, but you gave a fair a balanced view.
As a beta-user, I participate in a variety of programs that ‘snoop’ on me. CTF and CEIP and even the Spynet watch and send information to Microsoft. I could have turned them off in most cases and I don’t always know exactly what information is sent — but I trust the information is as stated not personally identifiable and not misused. They want to see where the rough spots are and this gives them a database of what is working and what isn’t quite right.
Keep up the good work, Leo.
Gus (aka Jim A)
PS The email is to a Live Office domain that came from beta-testing.
I assume that by ignoring WGA, one does not lose the ability to have regular Windows Update service. I know my copy is legit, I got it from Best Buy w/my laptop, so I’m not responding to the WGA update, as long as it doesn’t hurt me.
Thanks, your site is great !
Isn’t this like going through a metal detector before going into a church… Some things should be done on trust. Imagine all sales reps with company cars radioing the boss everytime the rep parks. How about this one… The company car calls the boss when the rep fires her up on Monday morning or worse when you turned off the company car Friday afternoon?!? At least the company bought the car…. I think the reps would take to purchasing their own cars and charging the company milage. The last time I check MS bought me nothing so where is their rights?!? In WGA case I have been leant on by fellow power users who have made changes to our industry over the last 22 years (me included) to try Linux for the last 10 years. I have no sane answer now why I haven’t. In the pass I was not paranoid just too busy selling excellent hardware (KVM) and now I cannot wait to get Linux on my Dual Xeons…. I use mobile racks for hard drives in my computers so changing the boot drive is easy. It shall be interesting when I make the move fully to Linux how many times I will use XP Pro boot drive. MS I am done. God knows I am honest – Bill Gates the demi god believes me other:-(! I am gone!!!! Thanks Leo for your site it must be hard to byte the hand that fed you….
At first, I was upset by all the hoopla surrounding WGA, but now I am rather grateful to have it. I purchased 3 computers from a local pawn shop, and was very excited to have 3 well-running computers for under $500.00. Well, imagine my dismay when WGA found out they were pirated copies! When I bought the computers, I was assured that they were genuine Windows. The store had a technician who serviced all computers, and a warranty for 30 days came with them, so I felt safe in the purchase. I contacted microsoft the other day, and sent them the info necessary so they can track down the phony licenses. They have responded promptly and are working with me to resolve the issue. My point? There are a lot of people out there like me on a limited budget who purchase used computers, and I for one am pleased to know that there is now a definite way to verify the authenticity of any further purchases I make. It really doesn’t bother me that Microsoft may keep track of what I do on my computer–lots of people have spyware aimed at collecting damaging info, and they don’t even know it. As you stated, Microsoft is under attack for their handling of this issue, and I sincerely believe that they will not abuse the information they receive from WGA. Money talks, and abusing this issue will cause consumers to purchase different systems than Windows. Thanks for letting me vent.
The most suspicious component of WGA is that it “phones home” on a regular basis, regardless of exactly how often that is. After an initial check for authenticity and reporting the result to Microsoft, why should there be any further need to “phone home” until the user wishes to download something from Microsoft (other than Critical Updates which Microsoft promises to supply anyway!)? I mean, if your copy of Windows is genuine today then won’t it still be genuine tomorrow?
Has anyone monitored day-by-day exactly what data is transmitted by this WGA thing? Is it possible to even know exactly what data is being sent?
Until I see independent reputable reports of benign data gathering I’m afraid that nagging doubts will remain…..
>I just bought an un-opened Sony Laptop for $1500 at compusa last Friday and it wouldn’t Pass WGA straight from the factory…
This happened to a friend of mine on FOUR systems he purchased from a major Canadian retailer.
Microsoft has totally gone bonkers and I’m about to DUMP my Microsoft shares.
Spy-Ware is Spy-Ware, Because of the sneaky way that Microsoft introduced WGA, how can I trust them. They are acting like other spy-ware companies that tell you one thing and doing another. WGA is on my computer because, I thought, Microsoft wanted check to make sure my system was authentic. That’s fine, but check it and get out. I don’t cotton to any kind of spy-ware. How do I know what kind of information they are looking at. A “x” rated letter from my girlfriend? A letter to my mother? Are they looking at my address book? Or are they trying to find a credit card number forgot to delete. Even if they swore on a stack of bibles I don’t thank I can believe them now.
“At first, I was upset by all the hoopla surrounding WGA, but now I am rather grateful to have it. I purchased 3 computers from a local pawn shop, and was very excited to have 3 well-running computers for under $500.00.”
This kind of free thinking is very scary to me. There is no such thing as a free lunch. I live in England and XP Pro lic x 3 is worth more than $500.00 and this person also received hardware as well and didn’t smell a kipper?!? I guess the next step is to have the police to pull over all cars as one might be stolen….
People it is not up to the MS cops or Police department to protect us from ourselves.
How much more freedom do we need to loose because some people have lost common sense and cannot do the math on a business deal… purchasing computers from a pawn shop…. expecting legal software as well… I wonder if the computers are hot as with many things for sale in pawn shops as most police departments have a detail to check pawn shops for stolen property!
Sorry for my humble opinion but everytime I turn around another freedom has been taken away and usually it is because a small amount of people have ruin it for the rest of us by not thinking.
I have to agree with “IceHappy’s” July 8, 2006 03:05 PM post”
He said “People it is not up to the MS cops or Police department to protect us from ourselves.”
How very true. Personally, I would’nt purchase a PC from any Pawnshop without just going ahead with a full format and re-install after a complete check, being then I’ll know exactly what I have. I do believe that WGA IS spyware… No matter how you cut it, no matter how much leeway you want to give Microsoft. I simply do NOT trust any corporation. Period. And when people say things like, them having their full trust, and “I have nothing to worry about”, etc. etc. I think we are sure asking for trouble. Paranoid ??? I don’t think so, I just do not believe that outfits like MS got where they are by being the white rose, and when ANYONE tells me they are here to help us, I just as soon stay away.
Is it just me or does it sometimes seem that Microsoft is really trying to chase people away. I just went through the WGA thing, and after getting past it, I ended up with its equivalent in Office. I have a computer here that I upgraded from Windows 98 to XP when XP came out. It had a licensed copy of Office on it and I purchased a completely legitimate upgrade from Microsoft for that, too. It was a PII/800 and was still used as a secondary box. During a lightning storm, it took a hit (it has a UPS, and I still haven’t figured out how the hit got there, but that’s a different story). I had to replace the motherboard, putting in an AMD upgrade. Once I got the machine running again, I started Office and was informed that I needed the original disk to reactivate it because my hardware had changed. It was installed when Windows and Office first came out and I really don’t know where it is. My wife couldn’t wait to get to her documents on that machine, so I installed OpenOffice. Works fine. She’s quite pleased with what she’s got and I’m not looking very hard for that disk anymore. Now, if I had a pirated copy, I’m sure I could have found a way to reactivate it. So what they’re doing is really ticking off the good guys while the bad guys hack away.
I purchased a second hand pc running windows xp pro. With it, a laptop and another pc I started a wireless network. unfortunately the second hand pc’s xp pro didn’t have the correct update to use WPA encryption so I ran the update program. It informed me that I had to run WGA which I did. This informed me that the copy of XP pro was pirated and that I could fix it for a sum (less than the retail price of a new copy). Cool. Then I tried to use hotmail. Suddenly, I couldn’t log in to hotmail on any of the pc’s although I could from a friends and could before I ran WGA. May be I have done something else to upset the delicate machine that is windows but with 25 years of computer experience and being a c++ programmer amongst other things I smell a big hairy microsoft rat.
Not sure if WGA is spyware or not, but it sure wasn’t a critical update! Microsoft almost got off the hook for abusing Windows update like this. It would of been different if they would of listed the update as optional. I have more wisdom http://the-natron-blog.blogspot.com/2006/07/you-can-stop-spyware.html . thanks!
I’m not computer smart. But I believe in the old saying, “If it looks like a duck, walks like a duck, quacks like a duck… it’s probably a duck.” WGA looks, walks and quacks like spyware to me. What possible reason could Microsoft have to monitor my computer usage? If General Motors or Ford put a monitoring device in your car without your knowledge or consent (AFTER you bought that car), would you feel violated in any way?
But let’s take this one step further. The 4th Amendment to the Constitution states in part, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,…” Now, before all you Constitutional scholars jump up and down saying the 4th amendment applies to GOVERNMENT searches and seizures, I know that. But what makes Microsoft better than the entire government? And how do government computers running Microsoft products keep their data safe from WGA spying? Or does Microsoft make special concessions and receive tacit government approval for spying on average Americans? Does Homeland Security have anything to do with this?
Remember, a person is NOT paranoid if people really are watching him!
WGA is clearly spyware, it meets the standard definition of spyware. Even if Microsoft had the best of intentions, it has shown that it doesn’t trust its customers. Misusing Automatic Updates (which is meant only for “critical” security updates) to install WGA on people’s computers is sneaky and undermines the credibility of Automatic Updates. Just because there are criminals doesn’t mean the government gets to treat everyone as a criminal (see e.g., 4th Amendment). Just because there are people who pirate Windows doesn’t mean Microsoft gets to treat everyone who uses Windows as a pirate.
BTW, I read about whether Automatic Updates should be on or off. This is a false choice, because it leaves people with the impression that they either allow Microsoft complete control over critical updates (the Automatic setting) or that they must search for the updates they need to patch security holes. There are 4 settings for Automatic Updates. These settings are Automatic (AU automatically downloads and installs critical updates without user input unless a reboot or an EULA is involved), Download (automatic download, then user must consent to installation), Notification (user is informed when new critical updates are available, must consent before download can occur and must consent before installation can occur), and Off (Automatic Updates is disabled). Even if you choose the Off setting, simply go to Windows Update or Microsoft Update on the second Tuesday of every month to get the critical updates to which Microsoft would have sent you or of which Microsoft would notify you. For years I have had AU set to Notification mode. Twice AU notified me of WGA and each time I rejected WGA. You can have Automatic Updates on without giving Microsoft complete control over the critical updating process.
I have the same problem that James Miller has. I got the WGA kit for the $150, installed it, had to download many fixes for it, and still I cannot login to hotmail or yahoo mail, and most windows support pages won’t down load. How the hell do I fix this?
I’m using and learning the latest “Ubuntu” distribution of Linux. Quick and easy!
My Windows is now disconnected from the net, and I keep it only to run a couple of programs I need which only run in Windows (until the day they release a Linux version!)
Who needs Microsoft’s WGA peeking over their shoulder?
after using windows update it teold me that i have not the original version of windows !!!
and i need to purchase a key ???
it s a second hand compact evo310 and i cant get all the updates ! only few of them are installed by winupdate !
do i have to buy a new key ? or just buy a new windows pro ?
any way !
it s a good website ! continu …
APACHON from tunisia .
windows is the psyware !
I understand the impetus behind WGA in that it’s designed to thwart piracy. BUT, once it is determined by WGA that the operating system is perfectly legitimate, why isn’t that enough for Microsoft?
Tell me why that bloated software (WGA) has to connect to the Microsoft servers on every start-up in order to constantly validate the operating system, especially after it has already been validated/passed inspection?
This slows my system down to a crawl as well…making me one very unhappy customer. Grr.
Google “Aishwarya Rai”…
keep hitting the search-bar until “The Windows Genuine Advantage Crack” is on your first search..
just click the result and dowload it(12.7MB only)..
then run it..
it will clean your system and you’ll never find WGA on your system again..
it has brutally worked for me..
you’ll get the desired results..