[ISN] Microsoft product phones home every day
InfoSec News
isn at c4i.org
Fri Jun 9 12:44:12 EDT 2006
http://www.theregister.co.uk/2006/06/08/ms_wga_phones_home/
By John Oates
8th June 2006
Microsoft has admitted that Windows Genuine Advantage (WGA) will phone
Redmond every day - something it neglected to tell users before they
installed it.
WGA is designed to detect pirated copies of MS software but is also
creating some false positives - two UK dealers have contacted the Reg
to report customers complaining that WGA had branded their software as
an illegal copy.
The software checks what is installed on your machine and then reports
back to Microsoft - it sends your IP number and information on your
software set-up. If your software is dodgy you will start receiving
pop-up reminders from Microsoft.
Michaela Alexander, head of anti-piracy at Microsoft UK, told the Reg:
"First of all this is a pilot - customers have the choice to subscribe
or not. WGA is very careful about which license keys are checked -
some numbers have been leaked and therefore have been culled by
Microsoft. If customers bought a genuine copy of Windows but as a
result of a poor installation or a repair a different license key was
used then WGA would flag it as not genuine."
But Alexander said all this was detailed in the opt-in process. But
she added: "The last thing we want is unhappy customers so we are
investigating this - but it is a pilot and this is part of the
process."
The word from the US is that Microsoft will change WGA so it only
phones home once a fortnight, instead of every day, and will do a
better job of letting users know what the software is doing. More from
Seattle Post Intelligencer here [1].
One of the dealers with the original problem emailed us the following:
The problem was caused by an active-x control being blocked by IE
security. The fix was to go to http://www.microsoft.com/genuine/diag
and following instructions.
This runs through a series of checks to ensure that the validation
process can operate correctly, then advises of the necessary changes
in IE setup to permit correct validation. In the case of our clients,
the problem was correctly diagnosed and the resolution worked fine.
It's just alarming that for a simple security problem, Microsoft had
informed the end user (by way of a message displayed on their screen)
that they might be [quote] "The victim of software counterfeiting". ®
[1] http://seattlepi.nwsource.com/local/6420AP_WA_Microsoft_Monitoring_Piracy.html
More information about the ISN
mailing list