I just experienced a Windows Genuine Advantage failure. Only it’s not a false positive, like the horror stories I’ve been hearing for nearly two months now. No, this one was a false negative. The whole story says a lot about how Microsoft is approaching the WGA issue.
A few weeks ago, I spoke to some of the folks on the WGA team and asked them to send me a pirated version of Windows XP. I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. According to Microsoft, 80 percent of the 60 million people who have been nabbed by the WGA validation tool are running versions of Windows with stolen or pirated volume license keys. These versions of Windows are supposed to be available only to corporate customers and only as upgrades. Unlike retail versions, they don’t require activation, which makes them an ideal target of pirates and bootleggers.
According to Microsoft, many of the people who end up with these “non-genuine” copies of Windows are themselves victims. The unauthorized OS might have been installed by a repair shop, or they might have purchased what they thought was a legitimate copy of Windows from an unscrupulous reseller. I wanted to install a pirated copy so I could experience exactly what these customers go through and report the results to you. I still can’t quite believe how difficult it’s been. Here’s the story so far.
On July 18, Microsoft's WGA team promised to send me a disk with a product key from their blocked list. It was supposed to arrive via overnight service, but it was never sent. After several follow-up messages, I was assured on July 26 I would have something by the end of that week. The package finally arrived the next week, on August 1. It contained a CD-R with a handwritten label that read “Windows XP SP2 – VLK,” and a 25-character product key on a small slip of paper.
Over the weekend, I hoisted the Jolly Roger, cleared a partition on a test machine, slid the CD into the drive, and prepared to join the ranks of Windows pirates. Unfortunately, the product key that Microsoft had sent me didn’t work. Instead of a smooth installation, I got an error message: "The Product ID which you entered is invalid. Please try again." I fired off a request for assistance to my contacts at Microsoft. Nearly 72 hours later, I still haven’t received a response other than a note that confirms my message was forwarded to the correct person.
No problem, I thought. I’ll just do what any red-blooded pirate would do and Google for a working product key. It took me about 15 minutes to find a web page containing five volume license keys that had reportedly been posted on September 9 2004. Surely if I can find a leaked VL key on a search engine, Microsoft can too, right? If these keys have been floating around the Internet for two years, surely they’ve been tagged as stolen by Microsoft, and I’ll get a WGA failure that I can show the world.
I restarted the installation using the VL media Microsoft had supplied me and entered one of the bootleg keys I found. It worked. After installation completed, I set up an Internet connection and downloaded a slew of updates, including the WGA Validation tool and the WGA Notifications utility. I then restarted, fully expecting to see a series of stern messages telling me I’d been busted.
Only that’s not how it worked out.
My bootleg key worked perfectly. I went back to Windows Update and downloaded a series of Optional Updates and drivers that are only available to Genuine Windows users. I went over to the Internet Explorer homepage and downloaded the latest beta of IE7, passing a validation test twice – once on the download and again on the installation. And five minutes ago I went over to the Windows Defender page – this is another free utility that’s only available to Genuine Windows users – and the validation check waved me right through.
That’s where I stand right now. The folks who are running the WGA program are having troubles getting the little stuff right, like putting a CD in the mail and proofreading the product key they sent with it. They haven’t managed to identify a stolen product key that’s been floating around the Internet for nearly two years. I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try.
But these same people want us to believe that the WGA software they’ve developed is nearly foolproof. They claim that all but “a fraction of a percent” of those 60 million people who’ve been denied access to Microsoft updates and downloads are guilty, guilty, guilty.