You need to know this!!!

Brian Livingston, who runs Windows Secrets (www.windowssecrets.com) has documented well the spyware activity of Miscrosoft's Windows Genuine Advantage, which acts like it is a critical download you need, but it is not.

The software "phones home" to MS and reports information about your computer that is both none of its business (it doesn't even tell you that it will be doing this!) and that, in fact, creates an opportunity for MS to know far too much about your computer and its contents than it ever should be allowed to know. Here are some of the things the software does:

1) It does not disclose itself and its purpose before installing.

2) It transmits data back to MS about your system, such as the computer's manufacture, lanugage and locale, enough data to easily IDENTIFY individual computers.

3) It downloads other software and morphs itself. The software can be updates to control even more command of information and it can morph to prevent discovery and to enable its secret operations

4) The software is difficult to get rid of (if you do disable it, you will not be able to do anymore updates until it is re-enabled!).

This software is also a "beta," which Microsoft is on record as saying that people should be careful with beta software. What they never told the public is that this software is beta.

This isn't a joke, folks. Brian Livingston's newsletters contain everything you will need to know about this spyware. I highly, highly recommend you read them. He started covering this stuff around early August, I believe. It is the July newsletters that have the bulk of information. Further, he has suggested people set their Automatic Update to first ask whether the operator wants to do an update. He has also given information out about a company called Shavlik, who produce a sophisticated and thorough set of patches so that people can avoid MS's Windows Update.

I hope you take this seriously, and I hope you all will notfy everyone you know. I am not one to get on the bandwagon of scams and fads. This is not one of those.

Starkman

 

Wow, dude...where have you been? This is old news. There's even software available on Majorgeeks that will remove Windows Genuine Advantage Notification Tool. Please see this link. You're right; its a major hassle. Every machine I patch, I make sure NOT to include that, and make sure that I'm never reminded about it again.

Microsoft was actually sued for this, because they labelled it as a "critical security upate", which of course, it is not. There is a conversation on this topic in the lounge that I would link you to if I could find it....

 

Yeah, I suppose I'm a bit behind the power curve! I think, though, it's worth re-posting just to mention Brian Livingston's newsletters. They are thorough and excellent. But thanks again, Mada. (Hek, as late as I am to so much going on around me, I should be able to miss my funeral for a few years or so....more time to browse here!)

Starkman

 

Honestly though, can we really blame Microsoft for this? If I had spent years and tons of money developing a product, I certainly would want to protect it, which is no easy task in the digital world.

I can't justify all their practices, but they actually do alot of good as well! The documentation on their products can't be beat. Their knowledgebase is amazing. They have developer forums, it professional forums (Technet), and they even dedicate professionals to some newsgroups. All at no cost.

Not to mention their extensive work in Africa. Please see this link to an article describing the measures they're taking to help eliminate poverty in the region.

So you see, Microsoft is like any other corporate entity. Its only as good as the sum of its individuals. I'm sure there are shifty, evil uber-capitalist types, but there's obviously good people there too. And in lieu of the costs rendered by the above services, I think I can forgive them for wanting to make sure that their product isn't being stolen from them.

 

I don't object to anyone wanting to protect their software, but the method stinks: lying, deception, undisclosure, and accessing information on people's computers without telling them.

What bothers me more about this then anything is if MS is left to get away with this, you can sure as hek bet that there's going to be even more privacy invasion in the future.

Starkman

 

I think these claims are a little off base.

This is false. There is a complete description available on Windows Updates. Yes, it may be a mystery to some users who receive it via automatic updates, but that is true of EVERY microsoft patch.

Yes, they HAVE to be able to identify a computer. OEM licenses, for example, are to be used on ONE COMPUTER ALONE. How else would you enforce that? At least there is nothing PERSONALLY identifiable taken by MS. They don't have access to the store's receipts, and they don't have access to debit/credit card information if they did.

This is false. The notification tool can be removed, and you can still receive updates. The notification tool can be avoided altogether, and you can still receive updates. Even if they DO find that your OS is illegitimate, you can still receive security updates via automatic updates. Perhaps you're thinking of the companion software, the Validation tool? That's perfectly legit, and only blocks you from Windows Updates if you are found to be running a pirated copy of Windows.

This is the only one that I can't say for certain isn't true. I've always known its files and registry keys to be in the same place, but if you really believe this, why not try putting it on a dummy box, and running Filemon and Regmon to see exactly what it does to your system. If that's not enough for you, you can also use Dependency Walker to profile key program files, and see what other files they call, and what functions are expected to be there.

All you can truly peg on WGA Notification Tool is that it was originally mislabelled, which is now corrected, and that it is maybe a little overzealous by checking your OS' validity every time you boot. (I mean, who goes to a pirated version after installing a legitimate version?!?!?)

 

Hey there, Mada_Milty,

Remember, I was going off information that was from July. A lot has changed about this mess, I'm sure. It's just that after searching this site, I didn't find much about the subject, so I thought that somehow it just didn't come up.

Back in July, WGA gave little at all for the novice to know what was going on. The description then did not explain what WGA was, what it did and how it reported back to the Mother ship. It simply didn't.

There was more being identified than necessary, which leads to more instances of unneccessary identification of information. It's one thing to validate a software license; it's another to start collection information about the computer itself. The phone-home stuff was originally going on every 24 hours....for what? To validate the software? I'm sorry, but that ain't up-and-up.

Not orginally. When you deleted the WGA update, it regenerated itself. Further, it would not let you download other updates if the update site didn't detect it (if it had been removed). Once again, things may have changed since then.

No, it was far more than just mislabeled (as a critical update); it was spyware that was not presented as such.

Starkman