back to article Lawsuit seeks to tag WGA nagware as spyware

A US lawsuit has alleged that Windows Genuine Advantage (WGA), Microsoft's controversial anti-piracy software, is little better than spyware. A lawsuit (which seeks class-action status) filed in Washington district court last week also cries foul over false advertising as well as allegations of privacy law violations, …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Pirate

    Windows Genuinely Pointless

    Just Pirate a corp edition.

  2. Anonymous Coward
    Linux

    Bother?

    Beside the false positives (which quite rightly should be placed front and center in a lawsuit) I'm having trouble seeing the problem with WGA. People want the software without paying, so the seller checks to see that the software is paid for, at the cost of a few packets of data every day. If you don't want to pay for your OS, go *nix. The misrepresentation aside, I totally sympathize with MS on this one (and it's not a total misrepresentation either as not-paid-for commercial software shouldn't get any updates, up to and including security - but that's another discussion). You have plenty of choice. Use it.

    Icon is *not* an inducement to anything - just a random penguin walking by... :-)

  3. Bernie 2
    Thumb Down

    And WGA doesn't stop piracy anyway

    Like all good anti piracy measures, it's people with a legitimate licence who are hardest hit by it.

    Such measures are inevitably cracked, with the necessary tools and tricks being shared freely on the internet for anyone willing to look.

    Meanwhile it's the legitimate users who have to put up with the validations/copyright warnings/DRM time and time again having paid for a licence.

  4. Lionel Baden
    Stop

    OH FFS !!!

    Will these little shits stfu !!

    WGA isnt great i dont like it just because it is simply a pain in the arse !!!

    If they really want to do something usefull go sue EA now that is some serious spyware !!!

    and again trumpeting the standard old line

    WTF about apple ! disabling the hardware e.g. Iphone ??

  5. Tzael

    Life is nicer when there's nothing to hide

    People in favour of abolishing WGA are normally in one of two camps:

    1) Won't pay for an OS, and dislikes anything that could infringe upon their ability to steal software.

    2) Begrudgingly pays for the OS, only because of WGA.

    I've only got twenty years of actual work in the IT industry behind me so I'm not necessarily the most experienced to state this viewpoint, however I feel it has to be said. I've never known people who have paid for genuine software to be bothered about software validation dongles whether they be hardware or code. It's only the guys who had their counterfeit serial port dongles for AutoCAD or are running illegal copies of Windows who display signs of indignation at the concept of their software being checked for validity.

  6. Anonymous Coward
    Anonymous Coward

    It sends the IP address every day?

    Are you seriously telling me that it checks EVERY DAY? WHY??????

    FFS, that's unbelievable, does it send anything else to Microsoft? List of competing software for example?

    If I install Open Office, does it tell Microsoft about it?

  7. Sly
    Badgers

    The problem with WGA

    is that a perfectly legal copy of windows can be considered good one day, then WGA calls it bogus the next and then says it's fine 3 days later. Why does WGA check every time you boot up? Shouldn't it store info and cross reference that info when changes are made only? That would definitely save the headaches with false positives from MS server issues because most users probably wouldn't connect during those downtimes. Not to mention the network traffic that would be reduced and server loads reduced. *shrugs* It's probably too difficult to store data any more for this kind of stuff - at least for MS.

    That said, I'm still keeping my windows installs due to the software that I haven't figured out how to get to run in WINE yet.

  8. Anonymous Coward
    Coat

    Pain in arse?

    I have WGA running on 3 computers here and to be fair it is invisible to me, even when running off the net. Its not like it was disabling my computer or bugging me for clicks. It seems to me that to sue over it you have to prove some kind of harm. Probably that's why those suits are going nowhere.

  9. Henry Wertz 1 Gold badge

    2006?

    2006? I knew the legal system was slow, but jeez!

    Anyway, they are right, WGA is spyware. I think the claiming WGA was a security update has merit; I don't know about the rest (once people knew about WGA it was up to them to not buy Windows). They should just dump Windows and run Ubuntu, or even OSX, though.

    "WTF about apple ! disabling the hardware e.g. Iphone ??"

    It's stupid of Apple I think. But, I don't think Apple ever claims it's a smartphone (it's not, a smartphone allows any app you want to be installed, not just those vetted by the company and put in an app store). So there's no false advertising involved. I'd never buy an artificially crippled phone like that but they're allowed to make it, it does everything they claimed it would.

  10. Anonymous Coward
    Anonymous Coward

    @Tzael

    >> I've never known people who have paid for genuine software to be bothered about software validation dongles

    Now you have. Dongles, activation codes, license bits etc. cause no end of unnecessary trouble. I'm not going to go into great detail, but I have seen several cases where businesses were seriously inconvenienced by these measures, despite being fully licensed. I have personally cracked two or three such mechanisms over the years purely to eliminate the inconvenience.

  11. Anonymous Coward
    Alert

    @Lionel Baden

    "WGA isnt great i dont like it just because it is simply a pain in the arse !!!"

    Isn't that the definition of Nagware?

    Did you manage fine before WGA? My guess is that you did.

    Has it stopped bootlegged software? My guess is that it didn't.

    Here's a question for you - why is it that ALL software doesn't come with a corresponding annoyance? The reason? It's a complete pita! That's pretty much what this case seems to be about.

    WGA certainly has nothing to do with the security of your machine (contrary to the MS promises you read when you installed it!)

    So, let's get this straight:

    It tells lies to get you to install it.

    It reports your IP address to MS daily.

    You can't easily uninstall it.

    Isn't that spyware?!?

    "Will these little shits stfu !!"

    No, they've taken your comment that it's a "pain in the arse" and they're doing something about it... and more power to them!

  12. Coyote
    Boffin

    Electronista seems kind of clueless..

    ...which makes El Reg clueless by association.

    - IP address? You don't say! El Reg had mine the instant I read this article.

    - For retail licenses, if WGA can't phone home, it doesn't care. As long as you're activated, you're good. It will not lock you out.

    - For OEM licenses, WGA does a local check to see if the right product key is still in the firmware, and if so, it never phones home.

    - Volume licenses do not permanently activate in Vista/Win7! WGA requires a check-in with a license server (@ MS or on a LAN) every 30 days. You can rearm this x3 for 120 max.

    - The only think WGA phones home is a hash of non-personal stuff like your OS version and product key. Technically, the product key belongs to MS anyway. Yes, that info does identify your copy of windows, but not you or your computer... when someone else (or lots of people...) have the same hash, they have the same product key. That shouldn't happen ;)

    You send more information than that when you activate windows, such as your hardware hash, but that info is only kept for a couple of months. After that, you can actually reactivate with the same key on another machine without calling MS.. but do it too much and WGA will notice.

    Oh, and lots and lots of professional and shareware software phones home periodically, and did so long before MS used product activation. If you don't like it, use free/open software.

  13. Nigel 11
    Grenade

    Malware.

    You buy a PC with a one-year warranty. One year and a few weeks later, you get a massive lightning-induced mains spike that fries your PSU and your Motherboard. So you nip down to your local hardware shop and buy functionally equivalent replacements, and a couple of hours later your PC boots again ...

    except it doesn't. According to MS it is no longer the same PC, and they expect you to pay for another copy of Windows in order to be allowed to continue using it. That's more than you spent on the repairs. No amount of arguing with the man in India (on a premium-rate phone line, to add insult to injury) accomplishes anything. To be fair, this happened to me some years back, so just maybe they behave better today? Anyone replaced their motherboard recently?

    In my book malware is something that is installed under false pretences, which cannot be cleanly removed in a simple and well-documented manner. On this basis WGA is indeed malware. Also, I'd argue it's illegal under UK law. You were led to believe that it was a security update, which it was not. You therefore had a reasonable expectation that it could be rolled back like any other security update, which it cannot. And later, it deprives you of the use of your system until you pay Microsoft again for something you have already purchased, which at best is an unfair contract term. At worst, this is fraud followed by extortion, in the criminal sense.

  14. Anonymous Coward
    FAIL

    WGA pointless

    anyone can crack that little piece of shit googleing the right obvious words, downloading the patch, instaling and rebooting

    usually take around 6 mins. considering that download a pirated version and/or install is around 1-2 hours min, it is not a big deal.

    if the whole point of it is to detect pirated versions,it fails. it is to detect counterfeited one, then why does it need to be more than a single check thing every few month?.

  15. Qux
    Grenade

    Re: Malware

    Yes, WGA is indeed malware.

    In our case, WGA disabling our copies of XP didn't even require a change in hardware, simply a row between Microsoft and the Taiwanese manufacturer of our PCs. Microsoft claimed that the manufacturer had paid for the OEM licences at the wrong price for PCs sold in our geographic region, and -- two years on -- retroactively invalidated the product keys on our OEM XP installations.

    Our response was simple -- install Linux, and resolve to avoid Microsoft in the future.

  16. Richard 12 Silver badge
    FAIL

    I remember WGA biting Microsoft themselves

    At a *major* launch for Microsoft and Intel, several of the MS-provided machines *would not boot* because of WGA insisting that they had to phone Microsoft servers over the internet.

    This was a problem, because they were in a field at the time.

    Thus MS had to pay for a satellite internet link in order to activate their *own machines*. Aligning the dish took a long time as well due to nearby trees...

    More recently, I've had to reactivate several machines that are designed to *never* go on the internet after hardware failures. Thankfully, MS UK happily gave me the long strings of digits to do so without much fuss.

    However, it cost my employer several hours of my time as a simple 'swap the board' job turned into a 'swap the board, wait for WGA to complain, call Microsoft, sit on hold, talk to support, type in a long number'.

    Oddly enough, in many countries one can buy fully working "copies" of Windows for a dollar or two quite easily. So it doesn't actually work.

  17. Fred Flintstone Gold badge

    @ Life is nicer when there's nothing to hide

    Bull.

    I paid for Windows and every other application on my system as a matter of principle. I don't have too much problems with them checking ONCE that it's legit, I have a HUGE amount of problems with a monthly check of the self same things. That can only have a reason if the purpose is more than just WGA - a data tap, usage statistics, whatever.

    MS has never sought permission for this "functionality", but instead sneaked it in as an "update", and WGA thus amounts in my opinion to unauthorised access to my computer, which is a criminal offence. It's also a possible HIPAA violation.

    The principle of law is innocent until guilty. Until such time as MS proves that there is reason to assume I run illegal software I am innocent, and I should not be subjected to monthly inspections like some scam outfit, and potentially have confidential information of intellectual property stolen in the process (who's going to tell?).

    The good news is that it's less and less effort to convince people to move platform now. People are getting sick and tired of this nonsense and the risk of the platform.

  18. kain preacher

    Nigel 11

    um I've changed my mother board three times, only once did it make me call in. It gave me toll free number. Unless you gave your key away I don't understand what happened . In fact you are the only person I've ever heard of not being able to reactivate windows .

  19. Anonymous Coward
    Anonymous Coward

    @Nigel 11

    Uhh... I swapped a hd with XP on it between two entirely different computers. Activation complained; I called the automated telephone thing, it said, "Are you really sure you just put this on another computer and didn't copy it?", I said, "Yep!" and it unlocked it. Took about three minutes.

    And @Tzael... I've had to deal with hardware dongles, and they're an absolute and utter pain in the ass - particularly back in the days when machines tended to have two serial ports, and most peripherals were serial.

    And @grumpy.... this is probably the first time I've agreed with someone using the penguin icon. :)

  20. Anonymous Coward
    Anonymous Coward

    @Sly

    Store - where? Not anywhere on the machine, that's an invitation to having it fondled by curious hackers. And if positive proof of legality is stored, it can be moved. Image the disk, move to another machine, reinstall drivers, and Bob's your uncle. No, it has to check. The gaming world is wising up and doing the same thing. Steam, Stardock etc. make money for their owners for one reason only: they check every time.

    Don't like it? Don't use it then. It's not as if they force you... hey... ;-)

    So: support hardware retailers that give you choice. Don't let OEM licenses prosper. Speak up. It's the only way of making things change for real.

  21. SImon Hobson Silver badge
    FAIL

    I have to say ...

    I'm fully in agreement that this is a bad bit of software.

    As other said, they LIED about it's function, It has nothing at all to do with protecting the users and has no security function for users. So users did not give "informed consent" when it was installed.

    If you don't install it, my understanding is that you stop being able to install security updates. Since no-one in their right mind would go without those, it's effectively been installed under duress.

    And once it's installed, it sends information about your system to a third party outside of the EU. We don't know what information, we just have to trust Microsoft that it doesn't include personal or sensitive or private information, and we have to trust them that it will be handled fairly. So we have no idea what information or what it will be used for, and it's send outside of the EU. SO that's another infringement of the UK DPA.

    And of course, it gives Microsoft the ability to remotely deprive you of the use of your property - with no advanced notice, no third party oversight, and no appeals process. Under English law that would be considered an unfair contract term.

    I did try complaining about this several years ago - needless to say the authorities weren't interested.

  22. Chris iverson
    Grenade

    @Malware

    umm yes I have. Other than having the computer throw errors about new hardware for a half hour and then the activation link bug me for a day or two. reactivated windows over the web and all was well. Even spent time cleaning the registry of all my old bits of hardware. Could have imaged yes but the same problem would have cropped up.

    Grenade cause I want to blow something up

  23. John Dougald McCallum
    Boffin

    WGA + activation

    Shortly after buying this computer that I am typing this reply on the hard drive died and I got a replacement under guarantee after loading XP got a message to put in the activation code phoned Microsoft in London I think it was got the code.No demand for money was made,and no I did not tell them it was a fairly new computer still under guarantee .

  24. Ken Hagan Gold badge

    @Nigel 11

    Yours was an activation problem, not a WGA problem, and to be honest Microsoft are probably within the letter of the law. The OEM licence you received with your machine was dirt cheap, tied to the hardware and obtained through the vendor. You don't have much of a case when you ask MS for a free replacement to go with different hardware.

    Now *I* reckon that's a "cruel and unusual" licence, which is why I use Linux on all my machines except for one *retail* copy of XP (which I've so far moved to a completely new machine twice without complaint from the activation code), but not everyone wants to pay £150-200 pounds for a copy of Windows that is actually theirs rather than the OEM's.

  25. Anonymous Coward
    Thumb Down

    That's Why I Binned Vista

    I run it on a Parallels VM. The installation was a standard (expensive) MSDN one.

    Every time I upgraded Parallels, it would chalk up a "new system" for WGA. After the second time it called me a thief, I just binned it, and use a friends' computer to test my sites in Vista.

    I have no problem with software developers protecting against piracy (I am one, and our software has anti-piracy protection). However, there's no excuse for the hoops M$ makes you jump through, just so they can humiliate you.

    http://blimptv.blogspot.com/2007/11/vista-sucks.html

  26. Robert Hill
    Gates Halo

    @Nigel et al

    I have moved mobos several times on my current copy of XP, and it has always been painless. I did have an initial installation issue, called a toll free number, was given a string of digits, and it has been flawless ever since...and that was very early in XP's lifespan until now.

    WGA IS a security update in my book - cracked versions of Windows are ripe with embedded malware (yes, those disks you can buy in Asia for £2 often have it pre-installed, as do many torrents!), and MS insisting that people who want to buy Windows use legit copies stops worms and viruses from spreading to the overall community. That was incidentally MS's own line, and it does make sense to me. The fewer cracked copies, the better support from MS, the fewer pre-installed malwares, and the better the overall ecology of Windows machines.

    I mean, BEFORE MS got serious about stopping malware (and they are much better now), the entire industry SCREAMED BLOODY MURDER at them for not making it more secure. MS has gotten better with security fixes, they insitututed WGA to try and stop cracked copies they could not support (especially as many cracked copies could not/ would not install updates anyway for fear of breaking their free copy!), and they have released malware detection and removal tools at little or no charge. Compared to where they were 10 years ago, that IS an improvement, and WGA is part of it. And frankly, we all gain from it, because our MS-centric desktop computing environment is getting more secure...

    I don't thing Bill usually deserves a halo (except for his and Melissa's charity work), but in this instance I will give him the benefit of one...

  27. Tom 35

    @David W

    "I've had to deal with hardware dongles, and they're an absolute and utter pain in the ass -"

    We have an old system at work that is only used once a month to create some reports, the software uses a USB dongle. Someone thought the system was in the way so they pushed it back, dongle hit the wall and crunch. No longer supported, can't get a new dongle so I spent 3 hours cutting away broken epoxy and soldering on little bits of wire to get it working again. Once they finish pulling all the data and create new reports in crystal the thing is getting trashed.

  28. James 63
    Big Brother

    WGA == malware?

    It walks like malware, and quacks like malware - it goes sniffing around your computer doing things you'd rather it didn't, dials home, borks your system, and takes a bit of fiddling to get rid of.

    WGA was the straw that finally made me go the way of the penguin. An OS is supposed to not get in your way of doing what you're trying to do with your computer, and after a couple of false positives from WGA my mind was made up.

    So many icons seem appropriate - Fail, Pirates, Black Helicopter, Big Brother, Penguin, Evil Bill...

  29. Jeffrey Nonken
    FAIL

    @Pain In Arse

    "I have WGA running on 3 computers here and to be fair it is invisible to me, even when running off the net. Its not like it was disabling my computer or bugging me for clicks. It seems to me that to sue over it you have to prove some kind of harm. Probably that's why those suits are going nowhere."

    Yet another person with the arrogance to assume that if something works for HIM, the problems 30 million other people have cannot possibly be significant.

    Hey, guess what? MY notebook battery hasn't blown up. All you folks missing limbs and suffering third degree burns are just whining about nothing.

  30. Anonymous Coward
    WTF?

    @Nigel 11

    I am using the same OEM copy of XP that came pre-installed on a computer I bought about 5 PCs ago. Since then I've installed it every time I upgraded (and three of my upgrades replaced all of the internals - motherboard, graphics, CPU etc.). I have never had any problem, and if I did, there is a toll free number to phone and you just tell them you have upgraded, and they unlock it, just like that!

    It's clear you're talking out of your arse. Was this a hypothetical scenario that you just made up based on your expectations and not experience?

    Although WGA has never caused me trouble, never in fact noticed it or had it interfere in any way, it does annoy me that it was advertised as an important security update; it wasn't really made clear what it was actually for, or what it would do, and that I disagree with.

  31. Andus McCoatover

    @Coyote

    "IP address? You don't say! El Reg had mine the instant I read this article."

    Actually, El Reg. got the IP address of the pub I'm in the instant I read this article on the public machine in this boozer.

    So fuc*king what?

    You used the icon "May contain highly technical content requiring kindergarten education level or below"??? FFS!!!

    (Sarah - can we get a 'Christ-in-shitty-nappies' icon. Probably looks like a bloke slapping his forehead in utter frustration. Pretty-please! - Then, I'll believe in the Moderatrix Fairy. Honest.)

  32. Anonymous Coward
    Gates Horns

    WGA - totally pointless

    My three children all use XP (my wife and I wouldn't touch it - we use OS X). Two of the copies are legal, one pirated.

    Can you guess which ones cause the problems? That's right, both legal copies have had problems installing add-on software or updates caused by WGA. The pirated copy works, and has always worked, perfectly.

    Can someone remind me again why I should want to pay M$ and what exactly the "Advantage" of WGA is?

  33. The First Dave

    @Coyote

    El Reg didn't get _my_ IP address - just the natted address of my corporate proxy.

    When I'm at home it is similar - they get the IP address of my ADSL modem, but with this, MS can get the actual end point IP address, and potentially so can anyone evesdropping on that conversation, which gives them a much better chance of penetrating either network.

    Since it is a private IP address in both cases, what fecking (legitimate) use is it to MS?

  34. Pascal Monett Silver badge

    @Tzael

    "People in favor of abolishing WGA . . ."

    Yeah sure. Well, let's put this in another context. Let's suppose that every single time you wanted to start up your car, a cop was waiting and you had to show ID and drivers license. It's still your car, you paid for it and you maintain it and insure it, but you can no longer go anywhere until the cop says okay.

    And sometimes the cop is drunk and doesn't get clear instructions over the walkie-talkie, so he says no. No discussion possible, even if your wife is pregnant and on the verge of giving birth.

    Still in favor of the system ?

    Well I'm not. I paid for my shiny XP disk, I can take it out whenever I want and look at it as long as I like. I am ready to accept that Microsoft checks - upon installation - that there is a disk and that it is legit. After that, any following check is just harassment.

    And I hate being harassed.

    Next : WGA required for securing hacked PCs. I call bullshit. Those copies sold at $2 a pop have no WGA and they are the problem, so why should mine bother me when I paid through the nose for it ?

    People who are in favor of draconian Big Brother surveillance have nothing to worry about, it's exactly what they are going to get. Freedom, on the other hand, needs to be faught for.

  35. ChrisC Silver badge

    @Tzael

    The embedded C compiler I used in my first job had a parallel port dongle. Worked OK on the mid 90's spec PCs that we originally had in the office, but following a long overdue round of hardware upgrades in the early 00's it took several hours of faffing around with dongle driver settings, BIOS settings etc. before the damn thing would be recognised again. Also meant that we had to keep specifying new PCs with parallel ports, or hope that the existing PCs we had kept on working... Later versions of the compiler switched to USB dongles, but the cost of buying the new version and the time spent checking it for project compatibility with the older version (we already knew it could be a pain in the arse just switching between minor revisions of the same compiler, let alone going to a complete new major version) meant this wasn't much of an alternative.

    Changing companies, I then found myself using said USB-dongleised version of the compiler. Which, as it turned out, was only slightly less of a pain in the arse. Plug it into a different USB port than the one it'd been when you ran the licencing utility, and watch in amazement as the compiler complained about being unlicenced. Have to use a different dongle to the one you'd originally authorised (we had 3 shared between 10 engineers) and you had to go through the whole authorisation process again - and if you forgot to save your original licencing data files first, you then had to reauthorise once again when you went back to using your original dongle.

    Granted, dongle swapping was also a problem with the parallel port version, but with two notable differences:

    1. the parallel port dongles had a nice big flat paper label on them that clearly showed their unique ID number, whereas the USB dongles had a rather small reference number (which wasn't the same as the actual ID number used by the licencing software) printed semi-legibly directly onto the curved casing... anyone got a magnifying glass handy?

    2. using a different parallel port dongle simply meant editing one text file to change the dongle ID number, no need to save backup copies of binary licencing files or reauthorise.

    Meanwhile at home, following completion of a new PC build, I tried to install the full version of HollywoodFX I'd bought a couple of years previously. Not unsurprisingly, given the complete change in hardware, the activation code from the previous installation didn't work. Tried doing a fresh activation using the web-based licence tool provided, got repeated errors about pages not being available. Tried logging into my HollywoodFX user account to get a code there, only to discover that the version of HFX I had was no longer listed on the page for requesting new codes.

    Had the same problem with Delphi 7 - can't use the activation code from my old PC because the hardware ID is different, and can't get a new code because the official activation process never returns with the required data.

    In both cases, I ended up resolving the problems by obtaining cracks. Which is a pretty crappy way to get a 100% legit software installation working the way it should - how many PC users, when faced with a similar re-activation problem, wouldn't consider looking for, or wouldn't risk using, a crack, and would end up buying a newer version of the software just so they can continue using it?

    As far as the specific perils of WGA go, I've had my XP Pro setup (again, fully legit) claiming to be dodgy and in need of immediate reactivation when all I did was switch it on after being powered down overnight, and no, it hadn't installed any updates as part of the shutdown process the previous day - nothing about the hardware or software setup on that PC had changed from one day to the next, yet WGA thought otherwise. Granted, all it took to fix it this time was an online reactivation, but will the same be true the next time? And what if this had happened if I'd been without a net connection or near a phone line (say, if I'd just boarded a long-haul flight and switched on my laptop to do a few hours work?).

    So add to your list a third category:

    3) Have willingly paid for a piece of software, only to then see it rendered potentially useless due to a protection scheme which is no longer supported by current hardware or the software manufacturer, or which is buggy/poorly implemented/overly sensitive and thus capable of falsely flagging a legitimate setup as being dodgy.

    I appreciate that some companies are sufficiently paranoid (or have been badly enough burned in the past) about piracy to feel that locking down their software is the only way to go. But as my own experience shows, all this does is to, sooner or later, piss off the people who've paid for the software - if someone wants to use the software without paying for it, someone somewhere will have developed a crack, keygen or other workaround for whatever protection scheme has been used. I really don't mind paying for a bit of software if it does what I want it to do at a price I can afford, but in return I expect to be able to continue using that bit of software indefinitely, regardless of how many times I might need to reinstall it on the same PC or transfer it onto completely new PCs.

This topic is closed for new posts.

Other stories you might like