"Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction." The EULA is suppose to disclose this daily call-in feature. Lauren Weinstein, who is co-founder of People for Internet Responsibility, was one of the first people to notice the daily communications to Microsoft.

http://news.yahoo.com/s/ap/20060607/ap_on_hi_te/microsoft_monitoring_piracy;_ylt=AujEpciXDaznfIp7r oidcYMjtBAF;_ylu=X3oDMTA0cDJlYmhvBHNlYwM-


Excuse me while i laugh my posterior off at this lame BS excuse.. Then i'm going to install another Linux machine.

Ah....but just wait until a sufficiently large law firm gets wind of this....Microsoft paid for about half of my new computer as part of a settlement involving, if I recall correctly, price-fixing.

Warrantless searches of one's computer ought to be worth a bit more, don't you think?

hmmm.. thats an intriguing angle. It will be interesting to see what comes of this latest scandal, i do know it makes me even less interested in seeing Vista when its released. While i'm not as vehemently anti-microsoft as some I do get a huge chuckle every time i hear their 'trusted computing' mantra. I havent found any information on whats being transmitted in the packets back to Microsoft yet, i guess the propeller heads are taking a day off..

I do see average joe six pack user getting a little wiser to the ways of the world, hell, even my dad has a dual boot machine with Linux and Windows 2000 that he set up himself.. and dad is not the sharpest knife in the drawer when it comes to computers. I have no illusions of Microsoft losing their stranglehold on the market anytime soon, but i do see more and more people embracing alternatives. Choice is always a good thing.

Hows that new machine treating you anyway?

It's been working quite well, though I think it will really shine once I get a DSL connection (soon). Love being able to have as many windows open as needed without risking a crash, and the graphics truly are astonishing by comparison to the old machine.

Now all I need is a couple of good old shoot 'em up games with hi-res graphics for stress relief. "The House Of The Dead" is always a good one, but there have been so many improvements in graphic design since....

Half Life 2 was an enjoyable shooter.. decent graphics and a fairly involved plot.. I also enjoy playing Call of Duty.

Glad the machine is living up to expectations!

The most wonderful thing about the new machine is being able to have as many windows open as I want without overtaxing the memory, a frequent problem with the unit it replaced.

That and being able to run "Flight Simulator" (the only Microsoft product I've never had a gripe with) at full resolution. I've actually been retracing some of the routes I followed while working with an aerial photography company during the early 80s. Back then I ran the camera, occasionally holding the yoke while the piliot ate his lunch. Now, I get to be in charge! Yippee!

Only complaint is that the fields do not feature farmers on tractors (and the geography is not accurate). When we got bored, we used to have a grand old time lining up behind them and doing a power dive that pulled out just over their heads...you didn't hear that from me, by the way, as the FAA would not have been happy, but it's been more than 20 years....

www.flightsim.com For all your flightsim realism needs. Registration is free and they have a database of millions of add-ons, scenery, planes, nav aids.. you name it. I've been able to pretty faithfully recreate the scenery around Pennsylvania. I tend to fly military birds mostly, satisfying my need for speed... Still haven't managed to perfect greasing a heavy Tomcat down on a pitching carrier deck at night during a rainstorm.. :(

A friend of mine partcipates in some kind of virtual airline, flying a real schedule with real people providing air traffic control. Seems a little bit much to me, but hey.. could be fun.

I'm signed up with that site--there was once a complete rendering of Minnesota scenery that was remarkable accurate but it does not appear to exist any long. Some of the aircraft downloads are intriguing--I may try an ultralight one of these days.

Haven't gone the virtual airline route--as you say, it seems a bit much. But some people really seem to enjoy it.

I've never managed a carrier landing either, and am very good at getting the Concorde to simply stop flying and drop like a rock.

http://www.adwarereport.com/mt/archives/000294.html

June 12, 2006

How to disable Microsoft's Windows Genuine Advantage From Spying On You

1. End the process wgtray.exe from the "Processes" tab on the Task Manager Manager (press ctrl-alt-delete to bring it up.)

2. Restart Windows XP in safe mode by rebooting and pressing F8 while it's starting.

3. Delete the following files:

c:\windows\system32\wgatray.exe
c:\windows\system32\dllcache\wgatray.exe

4. Start Windows Regsitry Editor and delete the following entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\WinlogonNotify\WGALOGON

At this point, your private data will no longer be sent to Microsoft every time you start your PC.
.

Thanks Paul....would be nice to know that Big Bill was not watching me.

If you actually ever download anything from M$ (like patches and service packs), their verification process looks for that "Genuine Advantage" process to be running. If not there, user will have to reinstall before download.

If anyone has captured packet data on this, I'm sure it would be possible to stop the "Phone home" traffic at the firewall, which would make more sense.

John, did some surfing this morning and came across this article on Groklaw...the article is pretty lengthy..

Sunday, June 11 2006 @ 11:18 AM EDT

No doubt many of you saw on Slashdot the article "Microsoft Talks Daily With Your Computer" or in Steven J. Vaughan-Nichols article for eWeek titled, Big Microsoft Brother, about allegations that Microsoft's Windows Genuine Advantage validation tool phones home daily to report information to Microsoft about you on each boot. Lauren Weinstein broke the story on his blog. Microsoft has now put out a statement, asserting that the Windows Genuine Advantage tool is not spyware, that they're going to change it some, and that one thing that distinguishes it from spyware is that they get consent before installing it. I question the accuracy of the statement.

David Berlind did a fabulous job of discovering that in fact the tool has two parts, one of which is new, the Notification part, as you can see in his helpful series of screenshots. First, he explains how the applications actually work. His research indicated to him that Microsoft asks permission for only one of the two, but the wrong one. I think it's muddier even than that, after reading the EULA. Thanks to Berlind's work, I believe I see a legal problem with consent, which I noticed by reading the EULA. I think I also see a problem with the statement Microsoft has issued with regard to what information it collects. And something in the EULA needs to be explained, because it doesn't match Microsoft's statement. Let me explain.

Vaughan-Nichols lists the information Microsoft says it is collecting, which matches the Microsoft statement's list:
Now, when you use Windows Genuine Advantage for the first time, it gathers up, Microsoft tell us, and it will grab your PC's XP product key, PC manufacturer, operating system version, PC BIOS information and user locale setting and language.

Nothing at all, Microsoft assures us, that could identify us or what programs we use, or anything like that. No siree. No chance of that.

Microsoft actually collects more information than that. I have some additional details I found on Microsoft's own website that I thought you'd want to know.

Let's look at what Microsoft currently tells customers about the validation tool and what information it collects:
Information collected during validation

Q: What information is collected from my computer?

A: The genuine validation process will collect information about your system to determine if your Microsoft software is genuine. This process does not collect or send any information that can be used to identify you or contact you. The only information collected in the validation process is:
* Windows product key
* PC manufacturer
* Operating System version
* PID/SID
* BIOS information (make, version, date)
* BIOS MD5 Checksum
* User locale (language setting for displaying Windows)
* System locale (language version of the operating system)
* Office product key (if validating Office)
* Hard drive serial number

Q: How does Microsoft use this information?

A: The information serves three purposes:
* It provides Web page flow, tailoring the pages you see based on your responses.

* It conveys demographics, which help Microsoft to understand regional differences in Windows or Office usage.

* It confirms user input. User input is often compared against data collected from the PC in order to determine whether to grant a user’s request for additional access.

I think we can discount those three items as being the purpose behind taking in our hard drive serial numbers. Microsoft is not checking our hard drive serial numbers to provide web page flow, convey usage demographics, or confirm user input, unless they are also perusing the contents of our hard drives, which they claim they are not. Of course, once they are inside your computer, there's really nothing much stopping them, if they felt like it. So why does Microsoft collect information like that and what are they doing with it? The above statement surely isn't all. They don't need such information about you as your hard drive's serial number, the company that built your computer, what language you use, PID/SID, Bios information with an MD5 checksum, and where you are located to do any of the three things they say they are doing it for. Obviously, they are checking to know if you are a pirate, and they should say so straightforwardly. But does Microsoft need your hard drive serial number to know if you are a pirate? If you change it, is it any of Microsoft's business? Did they sell you that hard drive? But my point is, it's not mentioned in the EULA at all, so I don't see consent having been given. But it gets worse.
http://www.groklaw.net/article.php?story=20060608002958907

and this snippet on Dslreports.com regarding the contents of Legitcheckcontrol.dll.



PT-BR: Alguém analisou o arquivo LEGITCHECKCONTROL.DLL??
EN: Somebody analyzed the archive LEGITCHECKCONTROL.DLL??

Using STRINGS.EXE (sysinternals) I've get this...

clientTime
cookie
Ping
PingResult
pingLevel
Cookie
ServicesMachine
ServicesName
ServicesTime
SuccessFlag
ReportingEvent
PrivateData
UserAccountName
ComputerDnsName
ExtendedData
DeviceID
OSLocaleID
OSVersion
BiosRevision
ComputerModel
ComputerBrand
MiscData
ReplacementStrings
DetailedVersion
ServicePackMinor
ServicePackMajor
Revision
Build
Minor
Major
BasicData
AppName
Win32HResult
SourceID
EventID
NamespaceID
EventInstanceID
TimeAtTarget
SequenceNumber
TargetID
ComputerTargetIdentifier
Sid
UpdateRevisionIdentifier
RevisionNumber
UpdateID
ProcessorArchitecture

SerialNumber
Win32_PhysicalMedia
SystemLCID
UserLCID
%s(GMT%+.2d:%.2d)
TimeZone
aSYSTEM
Date
ReleaseDate
minor
SMBIOSMinorVersion
major
SMBIOSVersion
SMBIOSMajorVersion
SMBIOSBIOSVersion
Win32_BIOS
BIOS
MachineData
Settings
ReducedGetSP2
ReducedVLKID
ReducedReminders
value
key
KeyType
MPAExtendedData
MSXML.DOMDocument
ScanData/Scan[%d]/text()
ScanData/Scan[%d]/@match
ScanData/Scan[%d]/@end
ScanData/Scan[%d]/@start
ScanData/Scan
dGeneral
MSPPLocationID
OEMSpecific
OEMInfo.Ini
ProductID
\Device\PhysicalMemory
PCI\VEN_
HardwareID
SYSTEM\CurrentControlSet\Enum\
Enum
\Device\Video
HARDWARE\DEVICEMAP\VIDEO
m..
SCSIAdapter
hdc
Class
\Enum
SYSTEM\CurrentControlSet\Services\
Identifier
DiskPeripheral
CdRomPeripheral
Type
Driver
HARDWARE\DEVICEMAP\Scsi

PT-BR: Se somente as informações coletadas no processo de validação é:
EN: If the only information collected in the validation process is:

* Windows product key
* PC manufacturer
* Operating System version
* PID/SID
* BIOS information (make, version, date)
* BIOS MD5 Checksum
* User locale (language setting for displaying Windows)
* System locale (language version of the operating system)
* Office product key (if validating Office)
* Hard drive serial number ..."

PT-BR: Porquê meu arquivo DATA.DAT* tem 11.854 bytes?
EN: reason the archive DATA.DAT* has 11.854 bytes?

*C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage\data\DATA.DAT

I still have a copy of Windows 95 around.....don't think I'm not tempted....

Speaking of which, I bought a copy of "Windows 98 For Dummies" some time ago. Took it back and demanded a refund as it was of no use. No matter how hard I hit the computer with the book it still refused to run.

Supposedly a way or the way to bypass M$ and their checking up on you when you update is to go to an alternative site like WindizUpdate. I use this almost exclusively anymore. It requires that you have java turned on (for the scanning of your system) and it may be that you need to have cookies turned on as well (but don't hold me to that or quote me on it). You also need to have their plugin installed. It's very similar to the old update/scanning system that CNET used to have but discontinued. In any case WindizUpdate can be found here:

http://windowsupdate.62nds.com/

ALSO, it should be noted that this is a way to get the updates without having to use M$IE! :D Works like a charm with K-Meleon, Firefox, Mozilla, Opera, and possibly a lot of other browsers as well. The four browsers that I just mentioned are my chosen four and I've used this service with all of them. Their plugin is competely benign. It should also be known that if for whatever reason your copy of WinXP is not deemed to be "legitimate" <ahem> you can still get the apps and patches that you need without having to go through any inquisiton about it. :rolleyes: -I- don't have to worry about that myself because I don't now and I don't intend to ever use XP in the foreseeable future.
.

call me paranoid, but i don't see how that site would be any more 'secure' than microsoft. At least with microsoft I know how far i trust them, i know nothing about these folks other than they are hosted on a Godaddy server.

as far as I know Java is no more secure than ActiveX, so where's the advantage other than being able to grab updates from Microsoft whether you have a legit copy or not of the OS?

I'm not saying there's anything nefarious at 62nds.com , they may very well be on the up and up. Just strikes me that caution and some investigation of the site and plugin may be in order.

call me paranoid, but i don't see how that site would be any more 'secure' than microsoft. At least with microsoft I know how far i trust them, i know nothing about these folks other than they are hosted on a Godaddy server.

as far as I know Java is no more secure than ActiveX, so where's the advantage other than being able to grab updates from Microsoft whether you have a legit copy or not of the OS?

I'm not saying there's anything nefarious at 62nds.com , they may very well be on the up and up. Just strikes me that caution and some investigation of the site and plugin may be in order.
I never said it was more secure. It's a way to get official updates WITHOUT using M$IE,... and bypassing the "Microsoft Genuine Advantage Bullshit" as you so call it. Believe me,... it's completely benign (harmless). I absolutely loathe having to use M$IE and would rather use an alternative browser of my own choosing, and this is a way to do it.
.

My misunderstanding then.. I'll take a look at it this weekend, Might come in handy. If it will allow me to completely ditch IE, hell, i'm for that.

From a newsletter by Brian Livingston - Windowssecrets.com

Windows Genuine Advantage — the controversial program Microsoft auto-installed as a "critical security update" on many PCs starting on Apr. 25 — not only causes problems for many users but has now been proven to send personally identifiable information back to Redmond every 24 hours.

This behavior clearly fits any plausible definition of "spyware." Some tech writers have said categorizing WGA as spyware is arguable. But I have no hesitation in calling the program a security nightmare that Microsoft should never have distributed in its present form.

In my May 25 newsletter, I called Microsoft's WGA download a "severe blunder." It causes serious problems for some legitimate Windows users and was sprung on customers with no notice other than a press release the day before.

No PC-using company that values security and reliability can allow a program like WGA to send data to a distant server, download additional software, morph its behavior, or remotely change the functionality of Windows (as I describe below). I don't believe individuals should put up with this, either.

Today, I'll explain the problems and let you know what you can do to fix them.

If the spyware label fits, wear it

In a statement released on June 8, Microsoft officially denies that WGA is spyware. Let's settle this question right off the bat so we can quickly move on to more important things.

Microsoft's denial is based on its own definition of spyware:

"Broadly speaking, spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose. WGA is installed with the consent of the user and seeks only to notify the user if a proper license is not in place. WGA is not spyware."
This is patently absurd. Many spyware programs, such as peer-to-peer file sharing applications, are knowingly installed with the user's consent. The user downloads the software to get music, a screen saver, or whatever other benefit is promised.

What makes a program spyware, among other things, is that it operates in ways that aren't clearly disclosed before installation and it reports data back to a central server. Furthermore, this activity needn't be malicious. Many spyware programs do nothing more than serving up targeted advertising or tracking anonymous marketing behavior. If a user wants such tracking functions, they might be fine. But if the user wasn't clearly made aware of this, whether or not such software has a malicious purpose, it's still spyware.


http://windowssecrets.com/comp/060615/#story1

From a newsletter by Brian Livingston - Windowssecrets.com

<----- snipped ----->

If the spyware label fits, wear it

http://windowssecrets.com/comp/060615/#story1
Already been there and read it about as soon as it came out. I'm subsribed to "Brian's Buzz" put out by Brian Livingston AND I've got all that stuff in an RSS feed so I tap into it often anyway. MY take on it is that they're trying to change the perception of "spyware" by changing the definition of it,.. much like the term "hacker". A hacker -used- to be a good thing but the term has been perverted into something else altogether different from the original.
.

I'm starting to believe some of the conspiracy theorists, I think Microsoft is heading for a subscription model.. No one will own the software, but you'll pay an access fee to use it. Changing the definition of Spyware would be the first step in getting folks to accept apps like WGA.


Agreed on hacker.. the public at large makes no distinction between white hats and black hats. They just hear hacker and panic.

**edit
btw Paul, just stumbled across this.. Thought you might be interested in it.
http://www.reactos.org/xhtml/en/index.html

You may well be right, Cap'n. Matters are beginning to remind me of a book I read some years ago (can't remember the title but it was a semi-parody of all the millenialist books floating around at the time). In the novel, Armageddon takes place between an evil Bill Gates and an Israeli computer hacker. The former wants everyone to use an operating system that requires wearing an interactive headband which reprograms peoples' minds (that and the mouse are "the mark of the beast"), the latter keeps knocking his efforts down with viruses.

In the end, the hacker wins out and develops his own operating system. His shuts down at sunset on the Sabbath, updates itself during the day, and then returns to life squeaky clean after sunset. The Bill Gates character, if I remember right, falls victim to his own operating system.

Wish I could remember the title....it was pretty funny.

That story sounds somewhat familiar to me, though i can't quite place the title either. If you do happen to remember, please let me know. Sounds like good reading :)

From Firewall Leak Tester comes directions (and a small utility to download) on how exactly to stop WGA from phoning home.

http://www.firewallleaktester.com/removewga.htm
.

) Barry Libenson, CIO at Ingersoll-Rand Co., was skeptical earlier this year when Microsoft Corp. contacted his company about possible license-compliance problems yet insisted it had no plans to pursue an audit.

Microsoft claimed that the Hamilton, Bermuda-based tools and machinery manufacturer likely didn't have enough Office licenses, nor enough client-access licenses for SQL Server, based on its experiences with customers of comparable size and revenue.

But instead of invoking the audit clause in Ingersoll-Rand's contract, Microsoft suggested a collaborative approach and offered to engage a third-party consultant to help the company reconcile the products it was using versus the software it had purchased.

"We said, 'This sounds like an audit,' " recalled Libenson. "But they recoiled when I used the word audit. They said, 'This isn't an audit.' It was almost like a script to make sure we didn't feel that way."

During the past year, Microsoft has approached some 1,200 U.S.-based corporate customers it suspects may not be licensed properly, based on the data mining of its volume-purchase history records, according to Juan Fernando Rivera, the software maker's director of worldwide software asset management.



http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=112346&source=NLT_AM&nlid=1

The question of whether Microsoft's Windows Genuine Advantage program might qualify as spyware has been simmering ever since people figured out that the anti-piracy tool was checking in with the company's servers on a daily basis, unbeknownst to computer users. This week, Microsoft changed and clarified its practices, although it says nothing underhanded was going on to begin with.

Here's the new twist: A Los Angeles PC user has now made the spyware allegations explicit, in a suit filed this week in U.S. District Court in Seattle. Here's the complaint:
PDF: http://seattlepi.nwsource.com/dayart/20060629/msftwgasuit.pdf

Microsoft spokesman Jim Desler said the suit shouldn't distract from the purpose of Windows Genuine Advantage, the company's efforts to combat piracy.

But the lead lawyer for the plaintiff, Scott Kamber, said the case aims to make sure that "when something is put on people's computers, it is done with informed consent." Kamber added: "Microsoft has every right to fend off piracy, but they have to do it in a way that is consistent with the disclosure requirements of consumer protection statutes. That's what this case is about."

A Microsoft spokesman, Jim Desler, called the suit "baseless" and disputed the characterization of the tool as spyware.

"Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said.

Windows Genuine Advantage "is installed with the consent of the user and seeks only to notify the user if a proper license is not in place."

"The statute says that people have a right to know what's on their computer," Kamber said. "We're at a point in time right now where people's rights on their own computers and technology are really at issue."

But the suit goes beyond that issue to challenge the company's practice of using the automatic updating system as one method of delivering the tool. Although Microsoft has delivered a variety of programs through Automatic Updates, it's most commonly used for security updates, and the suit alleges Microsoft effectively hid delivery of the tool under that guise.

Microsoft's Desler disputed that assertion and said the suit shouldn't obscure what he called the "real issue," software piracy. "The WGA program was carefully developed to focus on what is really an industrywide problem in a manner that is lawful, and provides customers with the confidence and assurance that they're running legitimate software," he said.