Windows WGA and DRM
Excerpt from an article By Ryan Russell
Requiring Windows
system validation before users are able to download most updates
continues
to be
problem for legitimate customers and internet users as
a whole. Despite claims of offering better security,
windows genuine advantage (WGA) serves only
microsoft's marketing interests. — but you can eliminate
need for wga if you know the trick
Microsoft has long been considered a
marketing bully, but with WGA the company has taken its lack of
consideration for its customers to a new low. Windows Secrets Magazine
has aptly labeled an earlier version of WGA as "Microsoft spyware" in a
June 15, 2006, Top Story. More recently, in a March 30, 2009, news
update that PCs failing WGA validation don't automatically receive all
available patches from Microsoft. That spawned a critique from a
Microsoft spokeswoman, which was printed in O'Reilly's Known Issues
column on April 2. (There's also an Office Genuine Advantage program,
which you hear less about but has the same problems as WGA.)
We all want Windows systems throughout
the world to be patched for security problems as soon as fixes are
released. As a result of the fuss raised by the articles mentioned
above, I decided to take another look at WGA.
Here's what happens if a Windows machine fails WGA validation (or the
PC's owner, based on tales of disabled machines, is too frightened to
run WGA):
1. Automatic
Updates. If the machine is configured with Automatic
Updates (AU) enabled, Microsoft installs only those security patches
that the company rates as "Critical." Security patches rated
"Important," "Moderate," and below are not installed by AU, and no
other updates of any kind are installed.
2. Windows
Update and Microsoft Update. Microsoft's on-demand
patching programs, known as Windows Update (which updates Windows) and
Microsoft Update (which updates Windows and other Microsoft products)
will refuse to run.
3. Manual
downloads. Security patches of all levels of severity can
be downloaded manually from various Microsoft Web pages and installed
individually, if you know where to look.
The third point is the trick to updating a Windows system, regardless
of whether it passes WGA validation or you run WGA at all.
Let's examine how various people and companies are using this method.
The
Software Patch.
You can do without Automatic Updates and
Windows Update/Microsoft Update, which can be hamstrung by WGA,
Corporations are compelled by Microsoft to get Windows patches directly
from Microsoft's own servers. That means these services can only
install security patches and other updates whose files will install
without requiring WGA validation.
Fortunately, almost all Windows security
patches (of all severity levels) and many other Microsoft updates
install fine — regardless of WGA — if you download the files directly
or via a third-party service. Microsoft currently lists on a Genuine
Software page a few of its apps that do require WGA, such as Windows
Defender, Windows Media Player, and Calculator Plus.
In fairness, Microsoft should get credit
for posting all of its security patches (of all levels of severity) on
publicly available URLs. At least this policy does provide the files to
patch-management professionals who know these locations. By contrast,
such firms as Red Hat, Sun, and IBM require contracts and log-in
credentials before you can obtain some of these companies' Linux,
Solaris, and AIX patches, respectively.
The big question is this: why would
Microsoft cripple its consumer patching tools — Windows Update and
Microsoft Update — by disabling them if a PC doesn't pass WGA
validation? The only logical reason I can think of is because Microsoft
wants to push WGA, and denying updates to users is the best stick the
company can come up with. I believe this decision is a huge mistake.
Windows Update is a crucial service that
must remain free from chicanery, because Windows Update is the default
program for on-demand security checkups. In computing, defaults are
everything. Windows Update is installed and available in every recent
copy of Windows on the planet, whether those machines are correctly
licensed or not.
Many people disable Automatic Updates
because it's intrusive and has been used in the past to install WGA and
other non-security updates. If users can't run Windows Update as an
alternative to AU, there's a massive problem on the Internet. The
battle against malware is already bad enough, and we don't need
anything to make the problem worse. When millions of computers become
infected, the attacks from these machines become a problem for you, the
paying customer of Microsoft.
DRM exists at the expense of
paying customers
Call it what you will: WGA, Digital
Rights Management (DRM), anti-piracy, or copy protection. It abuses the
hospitality of paying customers in an attempt to thwart those who don't
want to pay. I don't object one bit to paying Microsoft for the
software I use. I do object to being forced to help a company in futile
efforts to combat copyright violators.
Copy-protection harms legitimate users
who are inconvenienced at best and forced to cope with nonfunctional
software at worst. The bad guys, by contrast, aren't harmed much at
all. Pirate operations have the money and time to defeat every
copy-protection mechanism. Once pirates have broken a DRM scheme, the
unlocked software might be salable for months without the pirates'
needing to deal with the protection any further.
Do you dislike having to insert a CD
into a drive to update Microsoft Office or play a game? Guess what:
users of the pirated versions of those programs generally don't have to
deal with that. Only the legitimate buyers are inconvenienced.
I've been analyzing flavors of copy
protection since the early 1980s. During those nearly 30 years, it's
always been the same. Copy protection primarily hurts legitimate users
while giving bad guys merely a short period of entertainment.
I do recognize the gray area between the
two extremes. There are many users who might violate a software
publisher's copyright if it were convenient to do so. But I still
believe that the punishment imposed on a software company's best
customers is not worth the tiny impact on the real pirates.
I'm not saying Microsoft has to give
away its products for free. I'm saying that a copyright owner's battle
against piracy is not my problem, so please quit making my life more
difficult in a vain attempt to resolve your legal issues.
Microsoft's lack of support for its best
users, in the name of protecting intellectual property, sometimes
reaches absurd levels. A recent example of this is Microsoft's refusal
to support its software on virtual machines unless the VM software is
Microsoft's own.
Microsoft has gotten really aggressive about license protection. The
pendulum needs to swing back in the direction of making things easier
for the company's customers.