Lawsuit Says Windows Genuine Advantage Anti-Piracy Tool is Spyware

39 comments to "Lawsuit Says Windows Genuine Advantage Anti-Piracy Tool is Spyware"

1. Snopesman says:

   Guess now the lawyers will be going after WinAmp, Adobe Acrobat, Java, and pretty much any other program that “phones home” on a schedule looking for updates. Or maybe they are just going after a payday from Microsoft since it has deep pockets? Maybe if they had any money, this guy could go after Ubuntu Linux and Mozilla, which also periodically check for updates, too, and don’t tell you when they are doing it. Guess he needs to go after Apple, too, they do the same thing — there’s even an extension (LittleSnitch, I think) that will tell you when apps are going out. But without the (non-Apple-provided) extension, you won’t know, either.

   June 29th, 2006 at 10:19 am

2. Jimmy says:

   Hehe, good points, he may as well sue over windows update as well.

   June 29th, 2006 at 10:23 am

3. Lewie says:

   I long for the days of DOS when my computer did what I told it to. Snopesman is right about all the stupid apps that sneak out to the net looking for God knows what. It’s my connection and I pay for it — I should have a say in what app I allow to use it. And I know ZoneAlarm & others will stop it all, but I shouldn’t have to do that; I should have the choice when I install the damn app.

   June 29th, 2006 at 10:28 am

4. Snopesman says:

   This is one of the reasons (besides lack of time) I have given up on PC gaming — with the assumed ubiquitous ‘net connection, game producers ship crap to make the holiday deadlines, that won’t work, and patch it later. With a console game, what’s on the disc is IT. Of course, MS has most likely brought the “ship it, then patch it” mentality to the 360, so I think the console games will soon go this way, too. If I’m every tempted to buy a PC game I generally wait 6+ months to not only get it in the discount bin, but also know that if I load the inevitable 25 patches, I can play it.

   June 29th, 2006 at 10:50 am

5. metermax says:

   The important difference between Winamp and this Microsoft ‘Tool’ that I see is that Winamp lets you opt out of phone home statistics when you install it, and you can turn them off later if you opted in. Winamp very clearly asks you if you would allow it. Microsoft didn’t give me a choice for that, as I recall. In fact, I didn’t know until weeks later that it was doing that, until I read about it.
   Its an interesting precedent for Microsoft. They added that window years ago for every time a program crashes, so you could have the option of sending information to them about it. (I wonder if they ever regretted that practice.) Now they’re just going to take information, without asking. That’s deceptive practices.

   June 29th, 2006 at 12:26 pm

6. Simon Scatt says:

   Many programms include spyware modules. Use anti-spyware for protect uoyr privacy.
   As for me, I like professional anti-spy software like Anti-keylogger by Raytown Corporation LLC.
   You can download it here: http://download.softsecurity.com/1/15/antikey.zip (3.22MB)

   June 29th, 2006 at 10:54 pm

7. vijay says:

   he should sue all the messengers. because that too contact server when you exchange messages. he may be looking out some fame or money.

   June 29th, 2006 at 11:49 pm

8. Ofsted says:

   It’s a shame. I came here looking for informed chat about what to do with this spyware - how to update securely and without it - but am disappointed. I didn’t think the lawsuit was just to make money - guess I’m too trusting.

   June 30th, 2006 at 1:49 am

9. Linux user says:

   Just one of the many reasons I switched to linux years ago. I never have to worry about this kinda stuff.

   June 30th, 2006 at 5:04 am

10. PJ says:

    This is why you should use a good firewall program. It blocks the crap coming in and lets you decide what programs you want to let out. Of course you have the option of not installing the WGA like I’ve been doing at work.

    June 30th, 2006 at 5:19 am

11. Snake says:

    Sifting through the fluff to find the few informed comments becomes a greater and greater task every day on these message boards.

    All the he programs listed by Snopesman comply with anti-spyware laws because they INFORM you that they are going to contact a site for updates, and ask you if you want to allow it to do so. In the same respect, Automatic Updates for windows does the same thing. However “Genuine Advantage” simply installs itself under the guise of being another patch from MicroSoft, and has no configurability whatsoever. That’s where the issue comes in.

    As to the one who commented about messenger services, you’ve obviously missed the point about the lawsuit. It has nothing to do with contacting ‘home’ servers, or even the number of times it’s contacted. It’s about allowing the user to make an INFORMED CHOICE about the access the program is allowed to have to the internet.

    If you have a messenger program, for example, it’s understood by most people that it will contact servers in order to communicate with other people, since that is the only way it could possibly work. However, if said messenger service kept logs of every conversation going through it’s servers, even disregarding the absolutely massive storage needed for any long-term storage, I would probably consider that an invasion of privacy.

    Similarly for programs that automatically update themselves, including windows, those auto-update programs are configurable and allow the user to choose how and when the connections are made.

    When you have a program that just gets installed under a false pretext, and then proceeds to start sending out information about your system without the user’s knowledge, or concent, you then enter the realm of spyware. Just as the name says “Spy”. It’s trying to gather information about you which you may or may not want gathered.

    It’ll be interesting to see if the MicroSoft lawyers put anything informing the user within the legalese EULA that pops up just before you install Genuine Advantage.

    Of course I doubt there’s anyone who actually reads those EULAs, so it would be easy enough to slip something in there that states exactly what they’re doing with the software, and as such, absolve themselves of any legal problems, since it becomes the user’s responsibility to read the documentation prior to accepting the terms.

    June 30th, 2006 at 5:37 am

12. Sam says:

    What concerns me is the possibility of other corporations paying Microsoft to scan user’s PC’s for pirated versions of their software, since Windows is on so many PC’s in the world…

    June 30th, 2006 at 6:08 am

13. Domicron says:

    Snake,

    ::golf clap::

    June 30th, 2006 at 6:36 am

14. jeff says:

    See, I think most of you are missing the point!
    My copy of Windows XP is unregistered, and until the stupid spyware Microsoft added without my knowledge, I was receiving all the security updates that were necessary and critical. Now, they are demanding that I register the software and are saying that my copy may be pirated.
    My only option? Pay again for the software that came with my system when I ordered it on-line from a small firm that has since gone out of business. I have no remedy, save to fork over hundred of dollars to microsoft (again) for problematic software that I already paid for.
    Why didn’t I register my copy? Because I hate microsoft and I don’t want them to know anything about me.
    I say, sue them for installing the root kit, win, and force microsoft to publish a removal tool so that I can get the security updates that fixes the inferior security protocols that allow hackers to get into my system.

    June 30th, 2006 at 6:47 am

15. Not Stupid says:

    Snopesman I believe the point he made was that Windows Genuine Advantage tool phones home without and options to disable, and without letting the user know it was doing it. Unlike winamp, acrobat, and java all of which alert you to that fact that they are doing that, and have options to disable it as even windows update does, so did you have a valid point to make, or did you just want to tell us you’re a MS Fanboy?

    I don’t know about Ubuntu linux, but when Mozilla checks for updates it does inform you, by asking if you want to install the update. You even state “— there’s even an extension (LittleSnitch, I think) that will tell you” so by not telling you the WGA is *not* which is the point of the lawsuit.

    Maybe you should *think* through your response before you post irrelevant BS. But hey, you got the first response, yeah you!

    June 30th, 2006 at 7:58 am

16. CJ says:

    So, Snake, do you recommend uninstalling WGA? I do not recall installing it on my work computers, but it is there. I’m not very techie savvy, so am not fully understanding the “ramifications” of having WGA on a computer.

    June 30th, 2006 at 8:00 am

17. tom says:

    #14 has earned his just rewards. If you believe his copy of XP is legit, I have a bridge for sale.

    Concerning other programs that “call home”. Sorry, but the vast majority of them (Adobe in particular) obscures that fact the best they can.

    This “attorney” and “client” initiatiing the law suit are not out to help anyone other than their own personal bank account balances. So much rightous indignation over WGA when the facts show it to be a trival matter to legal owners of Windows. My advise would be to either get a life or pay for products you use.

    June 30th, 2006 at 8:02 am

18. Tray says:

    Jeff: It is you, my good man, who is missing the point.
    That’ll Learn ‘Ya to register your stuff. Sounds to me as if ‘Microcrap’ did the right thing in your case! Much as I dislike them, I will never harangue a company for protecting its assets. By not registering you were, in effect, stealing from them. Gotta side with ‘the Gates’ on this one. …Oh, and don’t buy from unreputable vendors!

    If you hate them so much do what I did: Buy a Mac, and refuse to install their products on the machine. It’s a bit awkward sometimes but I’m over two years without MS nuttiness in my life.
    It was worth every penny of extra up-front money!

    June 30th, 2006 at 8:09 am

19. Just Another Frog says:

    #17 - Good point. My legal store bought copy of XP is showing up as legit under the WGA scrutiny on every single computer it is installed on. It’s certified legit, so I use it everywhere.

    Of course, the best option is never install patches from Microsoft. Ever. I keep one copy of Windows 98 (not SE) in mint condition running and connected directly to the internet just like Bill recommended back in 1997. No firewall, no antivirus, just good old Microsoft technology.

    On a side note, anybody out there tried one of those new X-10 cameras that Microsoft keeps popping ads up for? They must really like them.

    June 30th, 2006 at 8:59 am

20. jeff says:

    number 17 and 18 -

    I paid for a hand built system 4 years ago. On this system, I paid a premium of $170 for this OEM copy of windows XP. If it is a BS copy, it is certainly not my fault.
    As for not registering being equated to stealing, I disagree. I didn’t register it because I didn’t want them to have my personal information (again).
    And I will never buy from a one off vendor again.
    I considered buying a mac, but the price gap and functionality options are limiting factors.
    Soon enough. Believe me, I am seriously considering going linux or mac now.

    June 30th, 2006 at 9:18 am

21. Jovian says:

    there’s an easier way for MS to stop piracy… Stop charging 300 fucking dollars for an OS.

    June 30th, 2006 at 9:35 am

22. !!!^#!&*! says:

    BBNN!%@A

    June 30th, 2006 at 10:26 am

23. Umm What? says:

    Wow. Some of you really missed the point.

    The lawsuit charges that “Microsoft didn’t adequately disclose details of the tool when it was delivered to PC users through the company’s Automatic Update system”. No where in there does is say anything about what the software does. The claim is that they acted illegally by installing a software application on users computers without their knowledge or consent.

    They aren’t saying that Microsoft can’t make software that verifies registration information and transmits to a remote server, just that they have to inform the users first.

    June 30th, 2006 at 10:27 am

24. What Now says:

    Tray, since when is product activation the same as registration???? All I had to do was activate my legal copy of Windoze… I didn’t have to tell em whom I am…..

    June 30th, 2006 at 4:08 pm

25. Bill Gates says:

    #14 (and for Snake) The EULA for this new tool does a reasonably good job of explaining what the software will do, and details what information will be sent to Microsoft. It is also very brief as EULAs go. So, #14, if you had read the short EULA you would have known you’d be busted, and you could have cancelled the installation. That’ll be $100, please.

    And to those who say they are being penalized if they unknowingly buy pirated software (or a computer system with pirated software preinstalled): When you bought the pirated software, both you and Microsoft became the victims of a crime. While it’s an unfortunate situation to have to deal with, the fact is that because you were duped you do not have a valid license to run the copy of Windows on your system. Any decent EULA will include language explaining to the user that the software itself at all times belongs to the copyright holder, and that your purchase of the installation media or download merely entitles you to a license to run the software on a specified number of systems. This licensing agreement grants the vendor the right to reclaim the software (in much the same way that a stolen item is returned to its owner if recovered by the police), or to order its removal from your system. So none of this should be a surprise to you, nor should you be bent out of shape about having to buy a licensed copy of Windows.

    Think about this: if someone stole your Lojack-equipped car, then sold it to some other guy who needed it, and then the car was located by the police, would you let the guy keep the car? No, you’d want it back, or at least to be paid for it. And should the second guy be upset with Lojack because he didn’t know it was lurking there when he bought the stolen car?

    June 30th, 2006 at 7:27 pm

26. Fredo says:

    The whole lawsuit is assinine at best, considering there is an option to get automatic updates, or not be lazy and check for updates yourself. I’ve always reviewed and read any and all updates I don’t understand, and or don’t know what they’re for. Permission to access your system without your knowledge is granted when you activate automatic updates. Prediction? Utter failure and a swift dismissal of the case.

    June 30th, 2006 at 7:30 pm

27. jon says:

    I have 2 systems: one from HP with Windows installed, one home-built. That has Windows that I bought for another system which has been dismantled. Are they legal? They should be; I bought them legally. But other people bought legal systems, both installed and separate purchase, and had them flagged by MS as illegal. So I do a custom install of the updates, and refuse to install WGA each time. But I get “reminders” that WGA isn’t installed several times during each session. And MS keeps warning that they will require WGA soon [this fall]. So I’m finally pushed into what I’ve been thinking about for years–switching to Linux. I’m going with Kubuntu and OpenOffice. Now I have to find applications to replace ones that I’ve acquired over years, so it’s going to cost a lot, but that’s life. And MS [and programmers that write Windows programs] have lost the money that I [and my kids, an engineer and a financial consultant] would have spent. But that’s life too–and if this pushes enough people away from Windows there may be fewer programs written for it, which will make it less attractive to other users. So if MS hasn’t shot itself in the foot, its come close.

    June 30th, 2006 at 9:57 pm

28. John Baker says:

    The primary problem here is that most computer manufacturers are not required to provide the buyer with a geniune Windows XP cd rom. Some actually place the windows reinstallation on the very same hard drive that the windows installtion is installed on. Therefore when the hard drive dies, you cannot reinstall. Worse, the reinstallation disks are often not availabe or cumbersome to obtain. However, despite having a geninune windows license, they cannot go and buy the windows disk at most normal stores (they dont’ sell OEM copies). So when they reinstall using another copy of the cd rom, it is not the same as what was originally installed. When the MS geninue advantage program runs - it find the installation is pirated, but cannot distinguish that it might have been installed on a machine that actually has a valid license.

    This is a blatent attempt by Microsoft to make money based on their own ridiculous licenseing system. Microsoft should make one version of Windows XP and insist that all computer manufacturers provide that cdrom with every machine.

    June 30th, 2006 at 11:53 pm

29. Jimmy says:

    I’ll agree with that, every machine should come with a copy of the operating system that is installed on it, we paid for it, we should have a copy of “our” operating system.

    July 1st, 2006 at 6:47 am

30. russ says:

    Any and all software that auto updates in its default setting without input by the user should considered malware. While I understand the need for licensing tools, the pretzel logic of system crippling software the likes of symantec, roxio, aol, and others have gone on too long. Though it is very much the users choice to install such software, many are totally unaware of the seriousness of the the system wide impact of installing such software. I include Microsoft’s WinXP and up and coming Win Vista in this mass of “belch” ware because of it’s incessant harrassment of the end user to turn on or activate auto update, without an adequate explaination of the ramifications of using such a tool. This also applies to such useless crap as System Restore, which unlike it’s name, is in actuality unable to restore an end users system to a pre existing state, and system file checker, which inaccurately replaces validly updated files with older ones.

    July 1st, 2006 at 7:12 am

31. damn says:

    “by not registering you.. ..are stealing..” wow there are some fricking morons ’round here huh?

    July 1st, 2006 at 8:24 am

32. rizla says:

    I hope the guy kicks MS ass, just like the EU is about to do. WGA was listed as a critical update BS.

    July 1st, 2006 at 10:43 am

33. rizla says:

    I hope the guy kicks MS ass, just like the EU is about to do. WGA was listed as a critical update BS.

    July 1st, 2006 at 10:44 am

34. Chris says:

    Just bi-pass the windows genuine update and go to my computer, properties, and click on Automatic updates, then check “notify me, but don’t automatically download or install them.” This way you can uncheck what you don’t want, including Microsoft genuine update. I have done this and it has never loaded on my machine yet. But, I am sure microsoft will catch on and install it anyway with out any prompts within their new vista os.

    July 1st, 2006 at 6:22 pm

35. baaaahh! baaaaaaah!, what a bunch of mindless sheep!! says:

    wow, just…WOW!

    some of the responses in this discussion just further reiterate my belief that people are getting more and more stupid every day.

    to anyone who was bashing jeff (#14), saying that it was his own fault for not registering his copy of windows….WHAT? are you retarded, stupid, or do you just choose not to understand the difference between REGISTRATION and ACTIVATION?

    ACTIVATION is the method which MS employed originally to make sure that you have a valid & legal copy of windows. it was originally intended to insure that if the software was not activated within a certain timeframe, that it would be disabled from working properly (although it was speedily hacked/cracked). this has absolutely NOTHING to do with whether or not the software is REGISTERED. all REGISTRATION does is lets MS know WHO has the legal copy of their OS, which entitles the registree access to their software warranty…if you don’t register, you don’t get your warranty.

    REGISTRATION has absolutely NOTHING to do with verifying whether or not a particular copy of windows is legal or not (although you’d be pretty stupid - or in some cases, ignorant - to try registering an illegal copy of any software). you have every right to not register any product you buy, be it hardware or software…just know that by doing so, you pretty much waive your right to a warranty.

    i mean think about it….(and that’s the main problem here, there’s too much incessant babbling, and not enough actual, productive THINKING)….how many of you actually register EVERY product that you buy? washer/dryer? refrigerator? DVD player? TV? stereo system? MP3 player? that new copy of Battlefield 2 or Need For Speed or ? while there are many of you that do fill out those little cardboard registration cards and send them in, there are FAR, FAR more that do not…but that is their option, and in no way is it “illegal” to own a product just because it is not registered.

    why would an operating system be any different? the answer is: IT’S NOT. there is absolutely no reason your operating system should be disabled for being “illegal” just because you didn’t register it, assuming of course that it is a legal, ACTIVATED copy of the OS.

    if it is disabled because it is truly a non-activated, illegal copy of the software, that’s one thing, and justified. but even THAT is not the real issue at hand, here.

    the issue is that people have found out (or at least they think) that the WGA tool is doing daily calls to MS, without MS having given advance notification that it would do so. had they known ahead of time that the software would make these daily “calls”, the user may have opted NOT to install it. if that is truly the case, it’s called THEFT OF SERVICE, since it uses bandwidth without the user’s knowledge or consent. i will reserve judgement to the actual ruling in the case, as i am not a lawyer, nor do i currently have access to the terms and conditions for the software

    July 1st, 2006 at 11:42 pm

36. CW says:

    Okay, here’s my take:

    Take out this stupid WGA crap. I’ve actually seen totally legit systems get flagged as pirated, so it’s flawed. I don’t know how, nor do I care how, just remove it. I agree with others who say it should NOT be a “crital” update, last time I check my rig is just as well off w/o as it is with it.
    Those calling auto updates a security issue should be slapped. Most of the people that I’ve seen post here are more tech-savvy than your average consumer. We understand the risks in not auto-updating and such, however your neighbor down the road using a computer on broadband for the first time may not. These auto-updates are enabled by default (And should remain that way) for THEM. They won’t run a spyware check or defrag once a week because they don’t know or care. So either we have a majority of these machines relatively secure or just leave them all open costing untolds amounts of money, data loss, and countless security risks. Would be kinda funny if your neighbor’s rig was used in a DOS attack on your machine cause he never knew how to update huh?

    July 2nd, 2006 at 9:42 am

37. clifford says:

    Hope you come back soon!! nokia6630

    July 25th, 2006 at 2:54 am

38. bill says:

    Your site is amaizing. Can I share some resources with you? nokia6630

    July 26th, 2006 at 12:41 pm

39. anon says:

    #35 gave a good description of the difference between the reg/activation debate that was started here.

    I think all of you are missing the point.

    The installation of WGA Notification is the problem and is a spyware or at least has spyware signature profile written all over it. Please keep in mind that this program is different from WGA Activation which is a one time thing. WGA Notification always connects to MS on boot up and may connect periodically as well.

    There are ways to get around this “Notification” installation but unless you are already in the know it wont happen, the first 3 installations required on windows updates is installer, notification and some other update. If you don’t do it then you can’t use windows update.

    This is the reason for the lawsuit, MS is claiming it’s a critical update and without it you can’t do any further updates via windows update and if you flip over to the ms update the same thing happens again whether you’ve already installed “Notification” or not so there is no way to get around installing this “spyware” unless again you are in the know. Please keep in mind that somewhere around 90% of the windows users have no idea what they are installing nor do they care as long as the computer works, of course if you explained it to them I know they would be very concerned but might not do anything because they “trust” microsoft at least up to a point.

    This is what the lawsuit is about, misleading people to believe that WGA Notification is a requirement, without informing people of what exactly it does and by not providing an uninstaller or a way to uninstall this program.

    The closest comparison to this lawsuit is the sony rootkit installation. Which did all the same thing except did not tell you it was installing a program at least microsoft did tell you it was installing a program even if they didn’t tell you what it did.

    ps: PET PEEVE MR GATES - can you give a better description of what the hell all those updates are about? I look thru it and it basically are all worded the same way “This patches an exploit in windows that someone can gain control over your computer” What a generic way of saying nothing. How do we know if this is legit or another way to disguise a rogue program, or maybe its a placebo, if you give us more information on each patch we might be smart enough to think ahead and secure our computers in a different manner or disable services/processes that we don’t need and is the reason why this exploit exists in the first place.

    August 3rd, 2006 at 6:44 pm

Leave a comment