[ISN] Microsoft product phones home every day

InfoSec News isn at c4i.org
Fri Jun 9 12:44:12 EDT 2006


By John Oates
8th June 2006 

Microsoft has admitted that Windows Genuine Advantage (WGA) will phone 
Redmond every day - something it neglected to tell users before they 
installed it.

WGA is designed to detect pirated copies of MS software but is also 
creating some false positives - two UK dealers have contacted the Reg 
to report customers complaining that WGA had branded their software as 
an illegal copy.

The software checks what is installed on your machine and then reports 
back to Microsoft - it sends your IP number and information on your 
software set-up. If your software is dodgy you will start receiving 
pop-up reminders from Microsoft.

Michaela Alexander, head of anti-piracy at Microsoft UK, told the Reg: 
"First of all this is a pilot - customers have the choice to subscribe 
or not. WGA is very careful about which license keys are checked - 
some numbers have been leaked and therefore have been culled by 
Microsoft. If customers bought a genuine copy of Windows but as a 
result of a poor installation or a repair a different license key was 
used then WGA would flag it as not genuine."

But Alexander said all this was detailed in the opt-in process. But 
she added: "The last thing we want is unhappy customers so we are 
investigating this - but it is a pilot and this is part of the 

The word from the US is that Microsoft will change WGA so it only 
phones home once a fortnight, instead of every day, and will do a 
better job of letting users know what the software is doing. More from 
Seattle Post Intelligencer here [1].

One of the dealers with the original problem emailed us the following:

 The problem was caused by an active-x control being blocked by IE 
 security. The fix was to go to http://www.microsoft.com/genuine/diag 
 and following instructions. 
 This runs through a series of checks to ensure that the validation 
 process can operate correctly, then advises of the necessary changes 
 in IE setup to permit correct validation. In the case of our clients, 
 the problem was correctly diagnosed and the resolution worked fine. 

 It's just alarming that for a simple security problem, Microsoft had 
 informed the end user (by way of a message displayed on their screen) 
 that they might be [quote] "The victim of software counterfeiting". ®

[1] http://seattlepi.nwsource.com/local/6420AP_WA_Microsoft_Monitoring_Piracy.html

More information about the ISN mailing list