Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on How innocents can be penalized by Windows Genuine Advantage

From: David Farber <dave () farber net>
Date: Tue, 13 Jun 2006 20:05:37 -0400


Begin forwarded message:

From: Robert Alberti <ip () sanction net>
Date: June 13, 2006 7:26:16 PM EDT
To: dave () farber net
Subject: Re: [IP] How innocents can be penalized by Windows Genuine Advantage 
Reply-To: alberti () sanction net

Here's how my laptop got on the list:

I bought a Sony Vaio TX with a preinstalled version of Windows XP. I
discovered when I opened the box that Sony does not provide any driver
or OS DVDs with the machine - you can download all the drivers, or pay
extra for them to mail you the DVDs.

I did not like the configuration as delivered: tons of garbage demo
software that I did not want was included, and the drive was partitioned
in a manner I did not like.  So I wiped my drive and used my own
original windows XP disk to reinstall XP, including all service packs
and Sony drivers that I wanted.

I attempted to use the Windows key provided in the sticker on the bottom
of the laptop, but for reasons I do not know the key would not work with
my original version of Windows XP.  So I used the Windows XP key that
came with the disk, which I have always used for each of my laptops in
turn - laptops which I wipe with secure erasure software when I move off
of them (assuming the drives work, which is not always the case).

Maybe being installed on several laptops in turn has gotten my key onto
a list of "pirated" keys, or maybe some other criteria has failed.
Regardless, when WGA was rolled out, my laptop did not pass.

If Windows wants to provide me with a key-changing program, I would be
happy to try the code that came with my laptop. Maybe it will even work.

I'm not holding my breath.

Robert Alberti, CISSP, ISSMP
Sanction, Inc.
http://sanction.net

On Tue, 2006-06-13 at 18:34 -0400, David Farber wrote:


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: June 13, 2006 12:24:27 PM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: How innocents can be penalized by Windows Genuine Advantage


Dave,

In the wake of the controversy triggered by my earlier discussions
regarding Microsoft's "Windows Genuine Advantage" (WGA) behavior,

( http://lauren.vortex.com/archive/000178.html ,
   http://lauren.vortex.com/archive/000179.html )

I've received a lot of e-mail from folks who assert that they are
being unfairly tagged by Microsoft WGA as having illicit systems,
with continuing warning messages and attendant future restrictions
on their ability to obtain non-critical updates.

As I've noted previously, I have no sympathy for genuine pirates.
However, there is a common thread running through many of the
reports I'm seeing, suggesting that innocent users may easily end up
with "pirate" versions of XP without their knowledge, and with no
entirely clear and practical path to rectifying the situation.

The scenario is obvious once you think about it.  People start off
with the legit copies of the Microsoft OS that come pre-installed on
their computers (relatively few people ever install their own OS, or
would care to risk the process in any case -- most use what comes on
their machines).  The OS copy is legal, authenticated, and paid for
as part of the system.

Now the trouble starts.  They have a disk crash or other serious
system problem.  They take their computer back to the store's repair
depot, or to a third party computer repair entity.  The computer is
fixed and seems to be fine again.  Then suddenly, they start
receiving WGA piracy warnings.

Why?  It appears that it is *exceedingly* common for repair
operations to reinstall based on "cloned" or otherwise duplicated
copies of the Microsoft OS, rather than try to restore or
reauthenticate based on the original users' OS serial numbers or
authentication codes.  Original restore disks and key information
cards/labels are frequently missing, making it difficult to
duplicate the original authentication environment.

Service depots tend to frequently have a working configuration that
they can easily clone to repaired systems, and since the user
originally paid for one copy of the OS (with their computer, now
wiped out as part of the repair process), and ends up with a single
copy afterwards, it's not like there's now an additional copy in use.

Once their systems have been flagged by WGA, users may have a
serious dilemma, even if MS is willing to provide clean versions of
the OS to persons who can demonstrate that they are unwilling
"piracy" victims.  Most of these users don't have original "pirated"
disks to send over to MS.  In fact, such users are likely not to
understand what is going on at all in this respect, since -- as far
as they knew -- their systems had simply been fixed and then were
working fine -- until WGA kicked in, that is.

If MS could provide such users with a simple way to update their
authentication keys that might be one solution, but an alternative
such as having to completely reinstall a fresh copy of the OS
would be completely beyond the pale for most users.

I have not yet received a response from officials at Microsoft to
e-mail I sent several days ago, asking specifically how they
intended to deal with these kinds of WGA situations.

As Microsoft ramps up WGA enforcement, we are likely to see
scenarios such as these -- involving innocent users -- appearing in
potentially very large numbers.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
    - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
    - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com



-------------------------------------
You are subscribed as ip () sanction net
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting- people/ 





-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: