Windows WGA and DRM

Excerpt from an article By Ryan Russell

Requiring Windows system validation before users are able to download most updates continues
 to be problem for legitimate customers and internet users as a whole. Despite claims of offering better security, windows genuine advantage (WGA)  serves only microsoft's marketing interests.  — but you can eliminate need for wga if you know the trick


    Microsoft has long been considered a marketing bully, but with WGA the company has taken its lack of consideration for its customers to a new low. Windows Secrets Magazine has aptly labeled an earlier version of WGA as "Microsoft spyware" in a June 15, 2006, Top Story. More recently, in a March 30, 2009, news update that PCs failing WGA validation don't automatically receive all available patches from Microsoft. That spawned a critique from a Microsoft spokeswoman, which was printed in O'Reilly's Known Issues column on April 2. (There's also an Office Genuine Advantage program, which you hear less about but has the same problems as WGA.)
    We all want Windows systems throughout the world to be patched for security problems as soon as fixes are released. As a result of the fuss raised by the articles mentioned above, I decided to take another look at WGA.
Here's what happens if a Windows machine fails WGA validation (or the PC's owner, based on tales of disabled machines, is too frightened to run WGA):
    1. Automatic Updates. If the machine is configured with Automatic Updates (AU) enabled, Microsoft installs only those security patches that the company rates as "Critical." Security patches rated "Important," "Moderate," and below are not installed by AU, and no other updates of any kind are installed.
    2. Windows Update and Microsoft Update. Microsoft's on-demand patching programs, known as Windows Update (which updates Windows) and Microsoft Update (which updates Windows and other Microsoft products) will refuse to run.
    3. Manual downloads. Security patches of all levels of severity can be downloaded manually from various Microsoft Web pages and installed individually, if you know where to look.
The third point is the trick to updating a Windows system, regardless of whether it passes WGA validation or you run WGA at all.

Let's examine how various people and companies are using this method.
 The Software Patch.
    You can do without Automatic Updates and Windows Update/Microsoft Update, which can be hamstrung by WGA, Corporations are compelled by Microsoft to get Windows patches directly from Microsoft's own servers. That means these services can only install security patches and other updates whose files will install without requiring WGA validation.

    Fortunately, almost all Windows security patches (of all severity levels) and many other Microsoft updates install fine — regardless of WGA — if you download the files directly or via a third-party service. Microsoft currently lists on a Genuine Software page a few of its apps that do require WGA, such as Windows Defender, Windows Media Player, and Calculator Plus.

    In fairness, Microsoft should get credit for posting all of its security patches (of all levels of severity) on publicly available URLs. At least this policy does provide the files to patch-management professionals who know these locations. By contrast, such firms as Red Hat, Sun, and IBM require contracts and log-in credentials before you can obtain some of these companies' Linux, Solaris, and AIX patches, respectively.

    The big question is this: why would Microsoft cripple its consumer patching tools — Windows Update and Microsoft Update — by disabling them if a PC doesn't pass WGA validation? The only logical reason I can think of is because Microsoft wants to push WGA, and denying updates to users is the best stick the company can come up with. I believe this decision is a huge mistake.

    Windows Update is a crucial service that must remain free from chicanery, because Windows Update is the default program for on-demand security checkups. In computing, defaults are everything. Windows Update is installed and available in every recent copy of Windows on the planet, whether those machines are correctly licensed or not.

    Many people disable Automatic Updates because it's intrusive and has been used in the past to install WGA and other non-security updates. If users can't run Windows Update as an alternative to AU, there's a massive problem on the Internet. The battle against malware is already bad enough, and we don't need anything to make the problem worse. When millions of computers become infected, the attacks from these machines become a problem for you, the paying customer of Microsoft.

DRM exists at the expense of paying customers

    Call it what you will: WGA, Digital Rights Management (DRM), anti-piracy, or copy protection. It abuses the hospitality of paying customers in an attempt to thwart those who don't want to pay. I don't object one bit to paying Microsoft for the software I use. I do object to being forced to help a company in futile efforts to combat copyright violators.

    Copy-protection harms legitimate users who are inconvenienced at best and forced to cope with nonfunctional software at worst. The bad guys, by contrast, aren't harmed much at all. Pirate operations have the money and time to defeat every copy-protection mechanism. Once pirates have broken a DRM scheme, the unlocked software might be salable for months without the pirates' needing to deal with the protection any further.

    Do you dislike having to insert a CD into a drive to update Microsoft Office or play a game? Guess what: users of the pirated versions of those programs generally don't have to deal with that. Only the legitimate buyers are inconvenienced.

    I've been analyzing flavors of copy protection since the early 1980s. During those nearly 30 years, it's always been the same. Copy protection primarily hurts legitimate users while giving bad guys merely a short period of entertainment.

    I do recognize the gray area between the two extremes. There are many users who might violate a software publisher's copyright if it were convenient to do so. But I still believe that the punishment imposed on a software company's best customers is not worth the tiny impact on the real pirates.

    I'm not saying Microsoft has to give away its products for free. I'm saying that a copyright owner's battle against piracy is not my problem, so please quit making my life more difficult in a vain attempt to resolve your legal issues.

    Microsoft's lack of support for its best users, in the name of protecting intellectual property, sometimes reaches absurd levels. A recent example of this is Microsoft's refusal to support its software on virtual machines unless the VM software is Microsoft's own.
Microsoft has gotten really aggressive about license protection. The pendulum needs to swing back in the direction of making things easier for the company's customers.