Another WGA failure

Another WGA failure

Summary: I just experienced a Windows Genuine Advantage failure. Only it’s not a false positive, like the horror stories I’ve been hearing for nearly two months now. No, I just installed a pirated copy of Windows using a stolen product key, and Microsoft's Windows Genuine Advantage tool says I'm perfectly legal. The whole story reveals a lot about how poorly the WGA program is being run.

TOPICS: Windows

[Update 10-August: It took a few days, but I'm now officially a pirate. Don't miss the follow-up post here along with the accompanying image gallery that shows the WGA process in action.]

I just experienced a Windows Genuine Advantage failure. Only it’s not a false positive, like the horror stories I’ve been hearing for nearly two months now. No, this one was a false negative. The whole story says a lot about how Microsoft is approaching the WGA issue.

A few weeks ago, I spoke to some of the folks on the WGA team and asked them to send me a pirated version of Windows XP. I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. According to Microsoft, 80 percent of the 60 million people who have been nabbed by the WGA validation tool are running versions of Windows with stolen or pirated volume license keys. These versions of Windows are supposed to be available only to corporate customers and only as upgrades. Unlike retail versions, they don’t require activation, which makes them an ideal target of pirates and bootleggers.

According to Microsoft, many of the people who end up with these “non-genuine” copies of Windows are themselves victims. The unauthorized OS might have been installed by a repair shop, or they might have purchased what they thought was a legitimate copy of Windows from an unscrupulous reseller. I wanted to install a pirated copy so I could experience exactly what these customers go through and report the results to you. I still can’t quite believe how difficult it’s been. Here’s the story so far.

On July 18, Microsoft's WGA team promised to send me a disk with a product key from their blocked list. It was supposed to arrive via overnight service, but it was never sent. After several follow-up messages, I was assured on July 26 I would have something by the end of that week. The package finally arrived the next week, on August 1. It contained a CD-R with a handwritten label that read “Windows XP SP2 – VLK,” and a 25-character product key on a small slip of paper.

Over the weekend, I hoisted the Jolly Roger, cleared a partition on a test machine, slid the CD into the drive, and prepared to join the ranks of Windows pirates. Unfortunately, the product key that Microsoft had sent me didn’t work. Instead of a smooth installation, I got an error message: "The Product ID which you entered is invalid. Please try again." I fired off a request for assistance to my contacts at Microsoft. Nearly 72 hours later, I still haven’t received a response other than a note that confirms my message was forwarded to the correct person.

No problem, I thought. I’ll just do what any red-blooded pirate would do and Google for a working product key. It took me about 15 minutes to find a web page containing five volume license keys that had reportedly been posted on September 9 2004. Surely if I can find a leaked VL key on a search engine, Microsoft can too, right? If these keys have been floating around the Internet for two years, surely they’ve been tagged as stolen by Microsoft, and I’ll get a WGA failure that I can show the world.

I restarted the installation using the VL media Microsoft had supplied me and entered one of the bootleg keys I found. It worked. After installation completed, I set up an Internet connection and downloaded a slew of updates, including the WGA Validation tool and the WGA Notifications utility. I then restarted, fully expecting to see a series of stern messages telling me I’d been busted.

Only that’s not how it worked out.

My bootleg key worked perfectly. I went back to Windows Update and downloaded a series of Optional Updates and drivers that are only available to Genuine Windows users. I went over to the Internet Explorer homepage and downloaded the latest beta of IE7, passing a validation test twice – once on the download and again on the installation. And five minutes ago I went over to the Windows Defender page – this is another free utility that’s only available to Genuine Windows users – and the validation check waved me right through.

That’s where I stand right now. The folks who are running the WGA program are having troubles getting the little stuff right, like putting a CD in the mail and proofreading the product key they sent with it. They haven’t managed to identify a stolen product key that’s been floating around the Internet for nearly two years. I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try.

But these same people want us to believe that the WGA software they’ve developed is nearly foolproof. They claim that all but “a fraction of a percent” of those 60 million people who’ve been denied access to Microsoft updates and downloads are guilty, guilty, guilty.


Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • stupidity at its finest

    60 million victoms of false negatives and 1 false positive.

    wheres your faith now, hows that for security !
    not of this world
    • I'm willing to bet (lots) that this isn't the only false positive. (nt)

      • Who cares about false negatives anyway?

        If there's a false negative that's MS's problem. I really don't care and I don't see why anyone else other than MS should care.

        False negatives don't affect the consumer. False positives do.
        Michael Kelly
        • WGA affects everyone

          "If there's a false negative that's MS's problem. I really don't care
          and I don't see why anyone else other than MS should care."

          Because WGA affects everyone as everyone has to jump through the
          WGA hoops even those that have never used pirated software.

          Why honest force people to jump through these hoops if it isn't
          even effective at catching the dishonest people?
          Richard Flude
  • What do you expect Ed?

    Do you really think that Microsoft is going to develop WGA, sneak it in to people's PCs and then turn round and say [i]"Whoa! What a mess we made of that one!"[/i]

    No - they'll play the stupid game and keep denying anything's wrong in the vain hope that they'll get it fixed before too many pain-in-the-a*s journalists and bloggers write too many stories that it is all a first rate disaster.

    Do you think it was a coincidence that they took nearly a month to get a disc out to blogger who was going to write a damming article?
    • I've already written the "damning article"

      In fact, I've written a whole series of damning articles about WGA, including the "kill switch" piece that has been more widely read than anything else on the topic.

      The point of getting this code was so that I could experience what a user of a "non-genuine" Windows copy sees. Microsoft claims that the experience is very respectful of users and helpful and informative and non-threatening. So it is in Microsoft's best interest to deliver this.

      Never blame on conspiracy what can be explained by incompetence.
      Ed Bott
      • LOL!

        [i]"Never blame on conspiracy what can be explained by incompetence."[/i]

        There is that of course!

        I suspect the truth is a mixture of both, with the rush to cover up (or ignore) bad faults causing Microsoft staff to take their eyes off the ball and therefore causing more disasters and mistakes. It's not an uncommon scenario and many companies have gone through it. I'm sure that Microsoft's WGA dept - in panic mode - is no different.
      • I got a false negative

        I was shocked to get the message "You may be a victim of Priracy." on my Dell laptop. We all know that Dell only sells Microsoft products with their laptops so how could this be? I was pretty upset. When I went to check it out the link that was behind the message, I got to a page which said that perhaps my calender / system clock was off. Sure enough. I checked and it was set for November instead of August. And that triggered the WGA to tell me I was a victim. The only victim I am is one of Microsoft incompotence.
        If you want to get the message perhaps changing your date time might work.
        • Actually, that's a false positive

          Ed Bott
        • what a bunch of @-holes

          So, if my computer time and date are off, that is a trigger? How @#%S$ stupid can the programmers be? I think it?s because WGA is trying to timestamp the box to send to MS and MS is checking and saying that we can?t approve you because the date and time are off. So phoning home it?s important to have the correct Date and Time. How else can MS bend you over and screw you like no tomorrow. You are an idiot for having MS and MS is an idiot for pushing WGA out as a critical update. I say they should hang the programmers for not being able to program. I say to Billy boy, stop hiring your children to write code. Bring in some real professionals, oh, my bad, they?re too busy programming for linux, at least, a just cause.
      • And We Wish to thank you Ed Bott

        We being a representive of linux community!

        Microsoft is pusing people over to linux like never before. I am so glad for this occurance and your articles are helping people to experiment with more robust OS's like Mepis Linux "The Window's Killer". and Xandros "The Windows Like Linux". Keep up the good work!
        • Plugging Away

          Dude, we get the point: you like Mepis. You plug it in every message you post.
          Your Mom 2.0
          • Are you sure?

            I hadn't noticed! ;) ]:) (That was inteded as sarcasm...)
            Linux User 147560
      • Getting False Positives

        We have found it easy to get the WGA warning to
        appear at work. Simply install a personal
        firewall (We use Symantec Client Security) and
        have it block the phone home feature.

        This seems to reliably cause many of our new
        laptops to report the WGA violation.
      • Article


        You should send it to ""

        Attention Ms. Greta Van Susteren.
    • Makes perfect sense

      The problem is that the software is not illegal, the key is. You can take any version of windows and use just about any key to at least load it. Only with the onslaught of SP2 did that change, and only when WGA launched did activation become mandatory.<p>

      When I first loaded Windows Professional, I was asked if I wanted to register and I chose ?no?. From that moment on, I was never asked to activate. When SP1 came out, I was very reluctant to load it upon the horror stories I?ve heard about MS sneaking in spyware via this update. But my Windows was exhibiting strange problems which I noted were time sensitive. I believe that SP1 is somehow a circumvention to the first version (build) of windows. When SP2 came out, it forced it?s own firewall onto my system which already had a fire wall which I felt would do a better job than anything MS could put out. Still with the built in firewall, even disabled, I could not uninstall it and it seemed to conflict with my chosen firewall. I had lots of problems keeping the configuration right since the loading of SP2. <p>

      When WGA came out through ?critical updates?, it some how enhanced and enabled WPA. The first message everyone got was that there copy could be illegal but after WGA made it?s call to MS behind everyone?s back, it registered what was on your system at that time and then disabled the warning messages. If it found that the key was previously registered, it would continue to bug the user and without notice, 160 days later, you are locked out of the system until you fix the problem. So, from the initial, Windows WPA was either non-functional or disabled at load time. At the loading of WGA, and your notice, WPA was reset to expire after 160 days. So, if you don?t change the key, you will be locked out. <p>

      In terms of a damming article, MS doesn?t care. There have been some very good requests but I?m afraid it?s fallen on deft ears over at MS. First the report said that Vista would launch with the ability to uninstall core components such as the browser, firewall and defender. Now the story is reversed. You will not have a chance because it will all be integrated.<p>

      Remember, Billy is only working on his charity because it?s a tax deduction, not because he cares for others.
  • 80 percent of 60 million....

    [i]80 percent of the 60 million people who failed the WGA test were using pirate copies.[/i]

    So that means that 20 percent, ie. [b]12 million people[/b] who were using genuine, paid-for copies of Windows are now subject to daily messages calling them thieves?

    Way to go, Microsoft!
    • Follow the links to the other articles

      I wrote about this last month. It's slightly more complicated than that. Microsoft says those 12 million people were using other types of illegal copies. But still...
      Ed Bott
      • balony

        Obviously, WGA can?t tell an illegal key from a valid one even if a valid one byte them in the @$$. It?s a wonder MS got as far as they did. But on another note, if I were a bully and kicked the @$$ of my competition I guess I?d be up there too. But MS did more then just kick @$$, they committed murder on so many levels. They are a great whore. They slept with their competitors and stole their secrets then they killed them without mercy. MS will bend you over, blow you left and right to achieve their goals and when done with you, put a bullet in your head and not break a sweat. They are the great gangster of today and there is no stopping them. No country is large enough to topple MS. You can not stop the influx of MS products. Even if Vista launches, the drones will load it and run it and deal with the problems and love it. Why, because if companies like Dell and Gateway, and IBM, were to have the balls to stand up to MS, they would be eliminated like yesterdays news.
        • Confused

          Aren't you talking about Walmart ?