Microsoft acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction.
Got to be stopped. Not much further down this road is total loss of control of your computer, and total loss of privacy. Even if there are no abuses now, and there may well not be, the potential for abuse is so great, and the temptation will be so great. Basic rule: your computer should never call home without explicit consent every time. What’s the difference between this and malware?
The intention. That can change overnight.
Fortunately no one has to use it.
Simple: Switch to Linux or some other “free” operating system.
My house has been “Windows-free” since November, 2002. I am no longer a slave to the Gates man! 🙂
Yeah, sure.
A software routine does not need to contact MS-servers on daily basis in order to shut down in case of a malfunction.
I consider this spyware. (And my Windows installation is legal btw. And unused since the downgrade to XP).
Rule #1: No software routine should ever call a remote procedure without explicit consent (every time).
Leave it to MS to come up with a more proactive way of finding bugs in their software. First, software developers managed most of their debugging internally. Then, as software became more complex, configurations more diverse, and applications more business-critical, most vendors started accepting bug reports from customers. In the PC era, MS and others created systems that can automatically detect a malfunction and help guide users through an automated bug reporting system.
But now, MS is trying to take the process full-circle and once again remove the user from the feedback loop. And what better way than to periodically poll the installed software and ask, “does everything seem OK over there?”
Now that this issue is out in the public (and apparently no one is filing any lawsuits), there’s only one thing left to do… develop an email trojan that installs a daemon that listens for these checkup requests and reports massive numbers of failures back to the poor server on the other end in Redmond, disabling WGA and causing yet another PR nightmare. Any takers?
They could tell us what port this runs on so I can block it.
This highlights is a key difference between proprietary and open source software. Microsoft has incentive to not reveal the details of the communication, like port number, protocol or packet structure. But open source software has no incentive to hide any such information, which makes it much easier to work with. (Of course, open source software would not need this particular application, but the analogy is still valid.)
Big Brother is Watching You!
More like a funny uncle you wouldn’t dare leave alone with the kids watching you.
This is seriously scary. I am not a user of Microsoft
Operating Systems but I have to use them occasionally.
Just the thought of this and the *fact* that this wasn’t
openly stated by microsoft when they started requiring
WGAs usage is 1984-esk.
To think about the rumors of NSA backdoors then, think
of what they are doing now?
http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/
All your computers are belong to us…
I share your fears especially for my customers who are brainwashed and convinced they can’t get by without using their software. I just hope this adds enough incentive for them to really consider the alternatives.
“Rule #1: No software routine should ever call a remote procedure without explicit consent (every time).”
Very funny. That would make firefox very usable indeed. Every single request (getting pages, images, flash movies, etc) is a remote procedure call. Would you like a consent box for each one? I think your rule needs revision.
If it is not reasonable and predictable that a software application is going to make a remote procedure call, consent should be asked for.
Don’t be so literal. When I click a link to go to OSNews I’m giving my browser explicit permission to to send HTTP GET (or rather to navigate DNS first) OSNews.
That in turn means I’ve given implicit permission to the rest of the process to load the full site. With my browser I can control in the preferences whether I want cookies to be enabled on this hostname, what scripts should be allowed to load and what plugins should work.
There’s a massive difference between some `piracy notification tool’ that phones home on a 24 hour cycle and an OSS web browser that /YOU/ control.
One could claim that installing WGA is giving consent.
The counter-argument to that is that you were not informed that WGA was going to connect every 24 hours.
The counter-counter-argument to that is that you aren’t informed exactly what severs images are going to be loaded from when you visit a web page.
P.S. I’m just being the devil’s advocate here. I agree with you in principal but maybe not in implementation/phrasing.
P.P.S. This is just one reason why writing good laws is very hard.
The counter-counter-argument to that is that you aren’t informed exactly what severs images are going to be loaded from when you visit a web page.
This one is void since the website isn’t installing anything (as a usual rule). It may do so, but in that case you’ll be notified by the OS and/or the browser in use.
If not the website’s behaviour can be considered illegal (at least in Denmark), and definitely a site to avoid.
Hence that’s why I wrote “(every time)” instead of “every time“.
The rule is fine. Your interpretion of it may however need some work
Two things need to be better thought out.
1) The undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction.
Windows Genuine Advantage is only needed when checking for updates, and if there is a problem that “requires” the Windows Genuine Advantage tool to be shut down, then it can be down at this time.
2) At least every 90 days, the tool also checks again to see if the copy of Windows is legitimate. Lazar said that’s because the company sometimes discovers that a copy of Windows that it thought was legitimate is actually pirated.
Again, this only needs to be done when checking for updates.
The company expects to have offered it to all users worldwide by the end of the year.
They make it sound like there is some advantage to having the Microsoft Police inspect your computer without a warrant.
Microsoft’s and my definitions of pirated differ a little. If I paid for a legal copy and it’s running on my PC, it’s not pirated–period. I think Microsoft would add caveats. Therefore, if I choose to run Windows (hey, I might), I see no advantage to having Microsoft inspect my PC.
Stop acting shocked. Free software advocates have been saying this for a long time. It’s only going to get worse. All proprietary software vendors are willing to compromise your freedom, privacy and protection to make a profit. Apparently, every time free software advocates bring this up, many of you retort by saying they are lunatics, or “you just don’t care for things like that.” Well, Microsoft and many other proprietary vendors will forever continue to take advantage of your nonchalance. They will abuse your freedom, privacy and protection. And you will do nothing about it, other than whine on osnews, because you are locked in. So give them all the ammo to be your Big Brother. Stop pretending to be shocked. Just silently bend over and take it like a man. They say it hurts less of you don’t struggle. And remember, Microsoft has your best interest in mind.
given today’s rather unsurprising announcement, i think it’s time for MS to change their name to ‘big bother’, who, as we all know, is the corporate equivalent of ‘big brother’
..is being sent? There is no need for anything to phone home to Microsoft. Your software is either legal or not, that does not change, as they say, over a period of a couple months. I have just written a letter to Microsoft asking what information they are getting. Can’t wait to see the response, or most likely the non-response.
I also find it strange they say it is “offered”, and you can refuse it. That is true, but then you can not get even security updates. I tried that and could not get anything any longer.
Edited 2006-06-08 18:06
I would’ve posted sooner, but I had to immediately reboot into Ubuntu Dapper. You see, I’d had a few nagging issues that I felt too lazy (and too self righteous) to sit down and work on. So I went back into Windows thinking everything would be easier.
That’s what I get for being lazy and taking the easy road.
Whether or not Linux is ready for the Desktop by the average Joe Sixpack’s point of view, the question that matters…
Is Windows overstaying it’s welcome on yours?
I think that was the LAST straw.
There’s a thing called firewalls. Just set up your home router to block any outgoing socket connections. Problem solved.
I think your missing the point.
>>There’s a thing called firewalls. Just set up your home router to block any outgoing socket connections. Problem solved.
nah, It most likely connects trough svchost, meaning that you can´t block it without kissing good-bye your network capabilities altoghether.
(excuse my poor english).
There’s a thing called firewalls. Just set up your home router to block any outgoing socket connections. Problem solved.
Well, blocking incoming is one thing, but if you’re going to block any outgoing connections, what’s the point of having net access?
I know nothing about the protocol setup, but I’d be willing to bet that they’re using standard http or https to phone home, otherwise they’d have trouble making it through corporate firewalls.
It would be next to impossible for home users to block that at the perimeter with a standard router, without cutting off web access altogether.
Symptom addressed is more like it. The problem is that Microsoft thinks this is OK. A firewall won’t change that.
You guys are right: if they’re using http, then that’ll be tough to block. But it shouldn’t take long for someone to figure out how to crack and break this. How long did it take for XP’s serial number activation to be broken?
By the way, why are you guys so shocked by this? Microsoft is a corporation. Corporations are usually authoritarian structures. How fast do you think some lowly paid contract programmer at Microsoft who dared to question pompous, bureaucratic managers will be fired?
I hope this won’t last too long. I hope conscious Americans out there will fight for the right to privacy. Things will get bad if Microsoft can call in the cops and arrest anyone who broke the license “agreement.” (I use the word agreement lightly, because it ususally implies both parties are compromising fairly. That isn’t the case in this situation.)
Totally agree with you.
Microsoft is making operating systems and their application programs as marketable values ( commercial software) and for profit of course and it’s doing that
very well.Pirates ( and irresponsible users) on the other side are doing their job as well. And that’s the point where the clash starts.
As long as you’re using MS software you’ll be suspect and tracked down to the point where you feel the burning power of Redmond’s magnifier glass.
I see no reason why Microsoft shouldn’t prevent pirates from doing their job.
Is Microsoft WGA the best way to do that I don’t really know , but from what they’re doing now – that’s it: take it or leave it. You have to love with or hate it.
I’m not really big Microsoft fan (rigth now I’m in love with Ubuntu 6.06 Dapper Drake and Vector Linux SOHO 5.1 and couple more or less known Linux distros ) Over the last decade or so I’ve collected dosen of MS operating system CD ( from MS-DOS 6.22 to WIn 3.11 to Win9x , Win NT, Win 2000 and XP upgrade version. All legal copies I’ve paid for retail boxes. Enough from me. The only MS machine in my home are Win2000 desktop and Win98 SE laptop.
In next couple years those two will certainly be exterminated from my home same way I’ve exterminated other operating systems I’ve found bad, insufficient in features or just boring ( including Linux and MacOS).
Talking about firewalls ,routers proxies and network perimeters while discussing MS security tools
( or just MS fair software usage testing tools) implies the fear of threat. And the threat comes either from
unfair use of MS software ( illegal copies ) or from
widespread opinion that Microsoft is evil per se.
Anyway, the moment you start using software someone else is in control of your PC not you.
The sooner you learn that the less frustration you’ll have as long as software is in fair use.
If you don’t feel confortable with software maker from Redmond do not use it. There are many other options out there and ,thank God, they are all on par with Mr.Gates’ labs products.
According to Zonealarm, WgaTray keeps trying to access the internet. I’m thinking this is the culprit…though I wouldn’t doubt it also went through, oh, svchost or anything of the sort.