In an effort to crack down on counterfeit software, Microsoft will require customers to verify that their copies of Windows are genuine before downloading security patches. The company has been testing a tool that can check whether a particular version of Windows is legitimate and from the middle of 2005 the process will be mandatory in all countries for Windows updates and add-on tools.
However, Gartner is warning IT administrators that WGA will result in more unpatched Windows systems and therefore an increased threat from compromised PCs - especially for companies that do not patch regularly.
According to Gartner analysts, "the WGA program will inevitably result in more unpatched Windows systems available on the Internet, so you must continue to improve your patching processes to protect your systems against worms and other malicious-code attacks spread by unpatched systems".
Nitin Acharekar, industry manager of security & services at Frost & Sullivan Asia Pacific, said that WGA is a positive move by Microsoft because more companies will have genuine updated copies of Windows. However, he sees the increased threat described by Gartner as "theoretical" rather than likely.
"Lots of compromised and zombie PCs exist now -- there are lots of illegal copies of Windows out there and not many consumers are savvy enough to keep their computers up to date. Theoretically, there is more of a threat but practically I don't think it will have much of an impact because not many consumers patch their computers and so the risk already exists," said Acharekar.