A computer user is suing Microsoft Corp. over the company's Windows Genuine Advantage anti-piracy tool, alleging that it violates laws against spyware.
The suit by Los Angeles resident Brian Johnson, filed this week in U.S. District Court in Seattle, seeks class-action status for claims that Microsoft didn't adequately disclose details of the tool when it was delivered to PC users through the company's Automatic Update system.
Windows Genuine Advantage is designed to check the validity of a computer user's copy of the operating system. But the tool became a subject of heightened controversy earlier this month, after PC users began noticing that it was making daily contact with Microsoft's servers without their knowledge, even if their software was valid.
A Microsoft spokesman, Jim Desler, called the suit "baseless" and disputed the characterization of the tool as spyware. "Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said. Windows Genuine Advantage "is installed with the consent of the user and seeks only to notify the user if a proper license is not in place."
The lead lawyer representing Johnson in the suit against Microsoft, Scott Kamber of Kamber & Associates LLC in New York, was co-lead counsel for consumers in the lawsuit over Sony Corp.'s surreptitious placement of copy-protection "rootkit" software on PCs, through music CDs. That software, designed to prevent music from being copied illegally, disabled protections against viruses and spyware, potentially leaving unaware computer users vulnerable. Sony settled the suit.
View: Neowin Forum Discussion
View: Full Article @ Seattle Post-Intelligencer
The suit by Los Angeles resident Brian Johnson, filed this week in U.S. District Court in Seattle, seeks class-action status for claims that Microsoft didn't adequately disclose details of the tool when it was delivered to PC users through the company's Automatic Update system.
Windows Genuine Advantage is designed to check the validity of a computer user's copy of the operating system. But the tool became a subject of heightened controversy earlier this month, after PC users began noticing that it was making daily contact with Microsoft's servers without their knowledge, even if their software was valid.
A Microsoft spokesman, Jim Desler, called the suit "baseless" and disputed the characterization of the tool as spyware. "Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said. Windows Genuine Advantage "is installed with the consent of the user and seeks only to notify the user if a proper license is not in place."
The lead lawyer representing Johnson in the suit against Microsoft, Scott Kamber of Kamber & Associates LLC in New York, was co-lead counsel for consumers in the lawsuit over Sony Corp.'s surreptitious placement of copy-protection "rootkit" software on PCs, through music CDs. That software, designed to prevent music from being copied illegally, disabled protections against viruses and spyware, potentially leaving unaware computer users vulnerable. Sony settled the suit.
View: Neowin Forum Discussion View: Full Article @ Seattle Post-Intelligencer
Does no one know anything about the reason? It phones home to check whether or not it should turn itself off. If MS releases an update that conflicts with WGA, they can use thisphone home to disable WGA, thus allowing legit users to continue to use their system without issue.
Microsoft doesn't have the right to come into your PC and turn anything on or off without your explicit permision.
They didn't ask you if you wanted WGA or not, they forced it on you and now they want to use it to change some bits on your machine without anyone asking you if you want that or not. That's grounds for a lawsuit.
Some seem to want to sit here and clap like a trained seal for this thing, and they can go ahead, since they don't see to understand fully what it does. But don't knock others for being wary over something like this considering the track record Microsoft has for screwing things up.
Some seem to want to sit here and clap like a trained seal for this thing, and they can go ahead, since they don't see to understand fully what it does. But don't knock others for being wary over something like this considering the track record Microsoft has for screwing things up.
It does not trasmit your CD key during the daily phone homes that people are complaining about. As for the IP address, of course. Your IP is sent to any server you ever connect to on the internet. This would be no different.
Trained seals? More like someone with common sense who tends to be a little less paranoid.
Last edited by bangbang023 on 30 Jun 2006 - 02:07
Microsoft doesn't have the right to come into your PC and turn anything on or off without your explicit permision.
They didn't ask you if you wanted WGA or not, they forced it on you and now they want to use it to change some bits on your machine without anyone asking you if you want that or not. That's grounds for a lawsuit.
That can be argued but is besides the point. This update was applied after you explicitally allowed it to do so. It's not a mandatory update, it's a optional one. They also changed it from daily checks of a config file to every X days. Also, it doesn't disable Windows.. it disables the WGA software incase there is a conflict or it acts up.
It does not trasmit your CD key during the daily phone homes that people are complaining about. As for the IP address, of course. Your IP is sent to any server you ever connect to on the internet. This would be no different.
Trained seals? More like someone with common sense who tends to be a little less paranoid.
There's a key in the registry that contains a hash of your cd key. That hash IS sent and checked against a database. That little item IS your cd key. Saying that your key is not sent is not valid. If it weren't then Microsoft wouldn't know if any particular copy of XP was genuine or not.
So, with the cd key hash and an IP being sent to the servers, personal identifiable information is sent. There are no two ways around it.
It does not trasmit your CD key during the daily phone homes that people are complaining about. As for the IP address, of course. Your IP is sent to any server you ever connect to on the internet. This would be no different.
Trained seals? More like someone with common sense who tends to be a little less paranoid.
There's a key in the registry that contains a hash of your cd key. That hash IS sent and checked against a database. That little item IS your cd key. Saying that your key is not sent is not valid. If it weren't then Microsoft wouldn't know if any particular copy of XP was genuine or not.
So, with the cd key hash and an IP being sent to the servers, personal identifiable information is sent. There are no two ways around it.
Jesus Christ people don't listen or comprehend. The key is NOT SENT during the daily phone home process. Of course it's sent when you validate your install before updating your system, but the phone home process does not include the sending of any information.
This tool is becomming mandatory, so the current option whether or not you install it is immaterial. Microsoft is placing a tool on our hard drive that validate's windows, repeatidly. Now how can it do that unless it identifies our computers specifically? It cant. It is a needless, privacy destroying feature, that has no benefits to the end user whatsoever.
It is the very definition of spyware.
I am so annoyed by these "If your not doing anything wrong why do you care?" arguements. Everyone is entitled to some basic human rights. One of which is privacy, and the right to be left alone if you so wish. I value mine. I am prepared to fight for mine. Just because you dont care about yours, or dont care because your not doing anything wrong is in no way justification for the voiding of my rights. If you want to do it, you do it, but i'll make up my own mind thanks.
Oh and before anyone goes spouting rhetoric about "choice", Microsoft has a well documented monopoly. To do this is not only in violation of spyware laws, its also an abuse of their monopoly.
John
Last edited by *John* on 30 Jun 2006 - 00:31
Who do you thing put them in their monopoly position? We did. Everyone who bought or pirated windows helped MS become what it is today.
And even if they are a so called monopoly, that doesnt mean you have to use it. Theres apple and linux too, both are extremly viable options. The whole monopoly thing is old, the options now are alot better and it was a decision made by another human like a decade ago which is a long time in the computer world. The computer scene has changed immensley in the years since that decision.
Information collected during validation Q: What information is collected from my computer?
A: The genuine validation process will collect information about your system to determine if your Microsoft software is genuine. This process does not collect or send any information that can be used to identify you or contact you. The only information collected in the validation process is:
* Windows product key
* PC manufacturer
* Operating System version
* PID/SID
* BIOS information (make, version, date)
* BIOS MD5 Checksum
* User locale (language setting for displaying Windows)
* System locale (language version of the operating system)
* Office product key (if validating Office)
* Hard drive serial number
from j.cxp.net
from j.cxp.net
And that has nothing to do with the former daily phone homes which is what people are complaining about.
In my case, at work our bandwidth is like trying ( to make an analogy) to drink 100 gallons of water through a coffee straw. (in other words, SLOW). So, as a result we need all the bandwidth we can get, and when you have this program going to the internet every day, on 1000+ machines, it will in the end, make a difference.
I support their cause, even though most of the time you'll hear me telling people to give MS a break ( aka, the EC).
In my case, at work our bandwidth is like trying ( to make an analogy) to drink 100 gallons of water through a coffee straw. (in other words, SLOW). So, as a result we need all the bandwidth we can get, and when you have this program going to the internet every day, on 1000+ machines, it will in the end, make a difference.
I support their cause, even though most of the time you'll hear me telling people to give MS a break ( aka, the EC).
Maybe a kilobyte a computer for a split second.. Not that big of a deal.
That has to be the most idiotic statement I've ever heard. So, in your mind, if someone does not want to install this piece of software, they then lose the right to any further updates for their system?
And correct me if i'm wrong, but wasn't the polling schedule changed from daily to fortnightly?
Lastly, as other users correctly pointed out, the feature calls home to check whether it should disable itself, and does not validate you every day.
on this subject, i dont know what to think. while its not doing any harm, it is sort of like spareware. yes you agreed to it by accepting the update it came in. but if you didnt know it was in the update, it would then be just like how most spywares get onto a system, by coming with something else.
So, yes, this installed on a lot of people's machines without their consent, with no value to them whatsoever, was only for the benefit of the software company at the other end, had nothing to do with the system or OS security at all, wasn't able to be uninstalled, and phones home regularly.
That sounds a HELL of a lot like a form of spyware to me.
And I shouldn't HAVE to worry about how to turn it off on MY machine. Period.
BTW. I got original version of XP Pro SP2... and I don't have any problems with WGA
You've installed WGA, you are a legitimate user, you are playing by the rules.
In the Fall, Microsoft releases the "kill switch" version that shuts down your Operating System if WGA fails - which includes calling Microsoft to verify key, etc.
You feel you are okay. You are a legitimate user, you are playing by the rules.
But as soon as Microsoft implements this, what do you think ten thousand hackers worldwide are going to IMMEDIATELY start doing? (My guess is they've already started)
Cracking WGA.
To break it? No. That's child's play. Only takes them hours to do that now.
No, they're going to drink coffee and red bull until one of them is the first to crack the "kill switch" mechanism. Because once they do that, they can shut down ALL Microsoft machines all over the world...at will. Why? Because they think it will be fun and make them cool in the eyes of ten thousand "lesser" losers.
And guess what? Everyone who DIDN'T install WGA (you know, those pirates, privacy advocates, and the paranoid mentioned above) will still be using their computers. While everyone who owns legitimate copies and played by the rules will be screaming bloody murder because they trusted Microsoft (of all companies) to do no evil.
A single point of failure across 90% of a target population is a dream come true for a virus as well as a hacker.
I love, own, and use Microsoft products 20 hours a day. But I don't trust Microsoft not to be human. They make mistakes and/or there is always someone smarter than themselves out there.
lol which vx'r told you *that*!!!!!!!!!!!!!!!!!!!!!!
The concept of cracking it to control the kill switch is interesting, but the motivation to use it just isn't there.
Ummm, it that denial, or delusion?
And if they can make an execuable or something to do it locally instead of on a server then really it may as well just be putting a typical pc killong virus on the pc for all the end result matters. Besides the kill switch wont just kill the PC and prevent it being used, they will have some form of "reattempt" for the case that something in the communications did go wrong so if the PC was "killed" youd still be able to just reauthenticate it.
Unforseen major power outtage in the area where the authentication servers are. (hmmm, the whole northeast went dark once, didnt it?)
Major ISP pulls an Enron.
(Think WorldCom, Enron, etc.)
Moron at major ISP/DOD/company X cuts a major fiber optic feeder.
(has happened MANY times now, even the undersea line to Australia...wanna see an entire continent go Internet dark?)
MS (or a third party) releases a patch to something/anything that kills network connectivity for some users, thus making it impossible for WGA to phone home once failed.
(MS just pulled and then had to fix and reissue a patch that did just just that for dial-up users with the latest patch Tuesday)
(similarly, my DRM'd music files purchased from MusicMatch can't be played anymore because MS released a patch that killed the old MM DRM, and it seems MM is dead because they haven't updated their program in years, so...I have useless DRM'd data that I PAID FOR)
CISCO router firmware compromise due to source code theft, Denial of Service of key DNS name server or support structure, etc.
(all of these events have already happened, but the difference is, your computer still worked even though the Internet was down/slow/broken for a while)
Terrorist attack on said data center. A few tons of fertilizer driven by one nutter and they can take out 90% of the world's computers (business, government, personal) worldwide indefinitely.
(boy, they'd NEVER think of this one, ahem)
Any of these (unlikely?) scenarios would cause a single point of failure for a "kill switch".
And all of them would ONLY affect legitimate users...ahem.
It's effectively a backdoor scenario waiting to happen...and you all know it.
And, importantly, this increased risk is because of something that has NO VALUE to a single user of Windows XP (and Vista next) anywhere in the world. It only has a very minor value to Microsoft - who would see piracy dwindle substantially (and keep profits level with increased volume) if they just lowered their 1980's level monopoloy pricing (just like they did with the special $60 offers to Asian markets)...sigh.
So, I guess I will be removing/preventing WGA from my legitimately licensed Windows XP machines so they can have the same security (and I can have the same peace of mind) as all the people who stole the software, ahem.
And for those of you who mention the slippery slope, may I remind ALL of you that years ago, people said MS would go this way when WPA, etc. started being introduced. I was one of the people who thought MS would never go this far, that people were being paranoid. That is was (clearly) bad for business to inconvenience their own paying customers and put them at risk. Well, the earliest naysayers were right. I was wrong. MS is only going to keep taking us down the forced DRM path...for EVERYTHING, EVERYONE, EVERYWHERE.
I no longer trust that they won't misuse their monopoly, so...you win, Microsoft! It's time you should be granted Monopoly status by the government, then you can be regulated like the public utlity you have become. Congratulations.
Before I was calling it spyware, but I understand BangBang now. Cheers wise-dude.
I dont think he'll win though..
WGA is only downloaded and installed if YOU (the user of the computer) wants it. Sure you can complain that you HAVE to have it to install updates and use future products but that is M$ choice and they can do what they like...if you dont like it buy a mac or install linux...some distros are free so you might wanna avoid them..cant be having a legit o/s can we!!
Grow up...
Regards,
Mike
I understand...WGA checking once....but why the need to check every 14 days from the same computer.....does MS think..that once run..the user is gonna install a 'pirated' copy....and then again...you will either have to install the WGA over again..or avoid it...or maybe MS thinks the user is gonna 'change' keys on a daily bases...just to have something to do....get real retard.
I understand...WGA checking once....but why the need to check every 14 days from the same computer.....does MS think..that once run..the user is gonna install a 'pirated' copy....and then again...you will either have to install the WGA over again..or avoid it...or maybe MS thinks the user is gonna 'change' keys on a daily bases...just to have something to do....get real retard.
Reading comprehension, where hast thou gone?
It doesn't verify your installation every 14 days. It connects to the MS servers every 14 days and checks to see whether it needs to turn itself off or not, in case of a update that conflicts with it in the future.
And you believe this...want to buy a bridge off the coast of Florida?...it should check once..and shut down and delete itself..if they wanted to turn it back on..they can offer it again on the WU...if your assumption is right..which I highly doubt, this WGA will be exploited by a hacker soon and this so-called 'check in with the MS server' every 14 days will be too late for many.
And you believe this...want to buy a bridge off the coast of Florida?...it should check once..and shut down and delete itself..if they wanted to turn it back on..they can offer it again on the WU...if your assumption is right..which I highly doubt, this WGA will be exploited by a hacker soon and this so-called 'check in with the MS server' every 14 days will be too late for many.
Lol, I'm not going to argue with your insane logic. I'm the one presenting facts and you're presenting your own conspiracy theories. I've long learned there's no use in fighting someone who doesn't rely on any logic.
So, I'm 100% behind this lawyer. Bravo.
After all, these guys seem to be the only shepards willing to fight for the rights of you, their silent sheep.
'IF' that is true then the chances are your VLK key has been leaked, this has happened before with VLK keys and if you think about it you can't blame MS for this because this is another area MS are cracking down on, there were a number of news posts a couple of weeks ago about VLK changing with Vista because of companys taking the pee so to speak. Anyway, if a VLK key has leaked how is MS suppose to know who should and shouldn't be using it? Also i was under the impression that if you thought your key had been leaked you were suppose to contact MS about it and they would flag that key and issue you with another, theres something on the MS site about it.
Last edited by SIE on 30 Jun 2006 - 18:47
If it was such a critical issue that they needed to check every day (or every boot some articles have stated) to make sure something catastrophic doesnt happen with it, why is 14 days suddenly acceptable to them. Why did they cave so easily. So now according to their excuse all of us Windows users might be at some huge risk of having disfunctioning computers until it does its next phone home?
MS has to be full of it on this one.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.