Is Microsoft about to release a Windows "kill switch"?

Is Microsoft about to release a Windows "kill switch"?

Summary: Windows Genuine Activation is a mess. And according to one published report, it's about to get even messier. If Microsoft's online check determines that your copy of Windows isn't "genuine," will it shut you down completely? Microsoft says that just might be in their plans. Uh-oh.

TOPICS: Windows

[Update, 4-Oct: Microsoft has introduced the Software Protection Platform, which contains features very similar to what I describe here. See For Vista, WGA gets tougher.]

[Update 12-August: For a detailed discussion of what you'll see if WGA flags your copy of Windows as "not genuine," see Busted! What happens when WGA attacks and the accompanying image gallery.]

[Update, 30-June 8:40AM PDT: Microsoft responds, sort of. Details in this follow-up post.]

Two weeks ago, I wrote about my serious objections to Microsoft’s latest salvo in the war against unauthorized copies of Windows. Two Windows Genuine Advantage components are being pushed onto users’ machines with insufficient notification and inadequate quality control, and the result is a big mess. (For details, see Microsoft presses the Stupid button.)

Guess what? WGA might be on the verge of getting even messier. In fact, one report claims WGA is about to become a Windows “kill switch” – and when I asked Microsoft for an on-the-record response, they refused to deny it.

Last week, a correspondent on Dave Farber’s Interesting People list posted some comments about his experiences with Windows OneCare Live. In the middle of the post, he added this tidbit:

I like to review updates before they are installed. The only update that I have not installed is the latest WGA because of the security issues related to it.

I called Microsoft support to see if there is a hidden option to say, "yep, I've got updates turned to manual... it's okay." The rep said, "No and why wouldn't you want to get the latest updates to Windows."

I responded with the issues relating to WGA. He spent some time telling me that WGA was a good thing, etc. I reiterated that I have accepted all the updates except WGA and just want to review the updates before they're installed on my machine.

He told me that "in the fall, having the latest WGA will become mandatory and if its not installed, Windows will give a 30 day warning and when the 30 days is up and WGA isn't installed, Windows will stop working, so you might as well install WGA now." [emphasis added]

I'm wondering if Microsoft has the right to disable Windows functionality or the OS as a whole (tantamount to revoking my legitimate Windows license) if I do not install every piece of software that they send it updates.

That can’t be true, can it? I’m always suspicious of any report that comes from a front-line tech support drone, so I sent a note to Microsoft asking for an official confirmation or, better yet, a denial. Instead, I got this terse response from a Microsoft spokesperson:

As we have mentioned previously, as the WGA Notifications program expands in the future, customers may be required to participate. [emphasis added] Microsoft is gathering feedback in select markets to learn how it can best meet its customers' needs and will keep customers informed of any changes to the program.

That’s it. That’s the entire response.

Uh-oh. Currently, Windows users have the ability to opt out of the Windows Genuine Advantage program and still get security patches and other Critical Updates delivered via Windows Update. The only thing you give up is the ability to download optional updates. Hackers have been working overtime to find ways to disable WGA notification. If WGA becomes mandatory, would it mean that Microsoft could prevent Windows from working if it determines – possibly erroneously – that your copy isn’t “genuine”? That’s a chilling possibility, and Microsoft refuses an easy opportunity to deny that that option is in its plans.

Over at Ed Bott’s Windows Expertise, I’ve been soliciting feedback from Windows users who’ve been burned by WGA. So far, I’ve received 20 comments. Here’s a sampling:

  • I have an XP Media center with a promise RAID 0 4-disc array. When I installed the WPA it broke the drivers for the array by causing failed delayed writes (half of the array just “disapears”.) If I do a system restore to before the installation of the WPA everything goes back to working just fine.
  • [S]ince installing WPA … I’ve had blue screens and a total inability to boot. I had to run the XP repair function to get the computer to boot. I had a damaged boot sector on the hard drive. I am running two drives on a RAID 1 config.
  • I purchased a SEALED OEM copy of XP Professional. WGA said the license key was already used. I called MS and they said I should uninstall and buy another copy. I told them I wasn’t made of money and hung-up.
  • Microsoft rejected the product key that came with the ThinkPad I’m using. I had to call in and they gave me another code to enter which supposedly worked but now I get the blue screen of death about every other time I reboot. I’ve also lost all internet connectivity.
  • I sent my Compaq Presario notebook for service repair, and it fails the WGA check. I have a legal version of windows xp professional on it. But I have no way to correct this problem.

What’s most disturbing about this whole saga is Microsoft’s complete lack of transparency on the issue. And before the ABM crowd jumps in with predictable “What did you expect?” comments, let me argue that Microsoft actually has a fairly good track record on transparency issues in recent years. Windows Product Activation is very well documented, and when a similar uproar occurred in 2001, it was squelched quickly by some fairly prominent postings from high-level executives who provided details without a lot of spin. Likewise, the Microsoft Security Response Center has done an exceptional job at providing quick responses to security issues. (Just ask Adam Shostack.)

Currently, no one at Microsoft is blogging about this fiasco. No executive has been quoted on the record about it. There are very few technical details available, and those that have been published are being tumbled through the spin machine and spit out as press releases.

If Microsoft really does plan to turn WGA into a kill switch in September, be prepared for an enormous backlash.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And at some point in the future

    when this happens (and at some point it will), a large group of people will accept it, and a little further in the future those people are going to find windows shut down if they are perceived, rightly or wrongly, to have any pirated material on their hdd. I think it's going to be all downhill from here.
    • So what's with the Update Notification I got today...

      I have my update settings turned to notify only. I got a new notification for an update regarding "WGA Notification" just today. This is after I was stupid enough to install the WGATray debacle on both of my XP Pro machines.

      Is this part of the "plan" too? Get it out there before we realize what being done to us?
      • How could it be without your knowing ...

        ... if they sent you a notice?
    • Assuming this actually happens

      This would be that Mistake that allows Linux a strong foot hold on the desktop market.
      • Yep

        And I can't believe that the people at Microsoft aren't smart enough to realize this. That's why there has to be more to the story. Keep in mind that the whole scenario was presented as a 'what if' by the blogger, based on piecing together tidbits from disparate sources.

        Carl Rapson
      • Already has...

        I have already moved the majority of my computer use to Linux and believe it or not, I love the new Linux ... it is quite ready for the Desktop on my hardware and I even get beautiful transparency with KDE and don't need a major video card upgrade to get it.

        I have had it with Microsoft. I have been a person who loved everything to do with Windows (and Linux) for years. I have had two computers, one Linux and one Windows. But Microsoft has gone way over the edge now. I don't even buy Intuit products because they do this crap that Microsoft is gonna pull.

        So my answer is simple.

        Now I have one Linux computer, and one dual boot Windows XP Pro and Linux, and it spends 98% of its time in Linux. When the dual boot computer goes to Windows, it has no Internet connectivity at all ... disabled the NIC device entirely and unplug the network cable just to be sure they can't turn it back on.

        Microsoft draws fire for stealth test program

        And wait for Vista! You think this is bad ... you ain't seen nuthin' yet.

        More postings about that too.
        • Why not ...

          [i]Now I have one Linux computer, and one dual boot Windows XP Pro and Linux, and it spends 98% of its time in Linux. When the dual boot computer goes to Windows, it has no Internet connectivity at all ... disabled the NIC device entirely and unplug the network cable just to be sure they can't turn it back on.[/i]

          You might be better off running your XP machine in a VM. That way you can set it up without networking to begin with.
          Yagotta B. Kidding
          • excellent idea...

            I may just do that when I get a faster computer or more RAM.
        • That's why I think MS would have to be stupid to do this

          I had Intuit problems with Activation. People won't put up with that kind of crap.

          WPA has been enough of hassle. At least Microsoft support is reasonable. Intuit is not.
      • Microsoft isn't that stupid

        The day Microsoft actually implements some way to successfully prevent software piracy, and people have to pay full price to use their software, their days as dominant software provider will be counted.

        This will especially be true, if their way of doing it could be percieved as intrusive by their customers, or if it somehow creates more trouble for their paying customers.

        Looking at the new Novell desktop, and MacOS-X that both leave Microsoft XP and even Vista in the dust with respect to usability, users will not be without other options.
      • I doubt it.

        I'd actually be more willing to bet that it makes no signifigant difference in Microsft's market share.

        They'll simply fire up the propaganda machine and tell people that this makes their software CHEAPER by controlling piracy. Every OS they've released to date has promised faster speed and greater stability. (Um right. Can you imagine trying to even LOAD Vista on a Pentium 90?) People buy into it. They BELIEVE it. Tell them enough times that WGA makes their software cheaper and more stable and they'll believe that, too. If it falsely lables their software as not genuine, they'll think THEY did something wrong.

        If it kills a corporate desktop or two, that's not a problem. The poor pleb sitting at the desk will get suspected of downloading something (s)he shouldn't. Small businesses will be inconvenienced, larger ones will have their IT staff reload the PC.

        If it kills a server, this is probably the worst case for Microsoft. Again though, the largest business impact will be with small business, and it won't affect home users at all. Small businesses are too busy doing what they do to keep the money coming in. Larger businesses will simply have their IT staff reload the server, operating the domain on a backup server for a day. The end result is that Microsoft gets off scott free.

        WGA causing instability? Prove it! Maybe there's some interference with some device driver, but then it'll be the non WHQL driver that takes the blame.

        I use Windows XP Pro at home. I have a machine that's a dedicated media server. It could as easily be running Linux, and probably would be, except that when I looked, I could not get Linux drivers for the TV Tuner/Capture card (Part of its duties as a media server is to function as a VCR.) So it's running Windows because I can get the hardware drivers. My other machines I use to play video games. Oh wait, they don't make Linux distros for those either, and WINE doesn't run them. Again, I'm using Windows XP Pro there, so that I can load up a bunch of network games.

        What're my alternatives at this point? OSX may or may not run my software, and Apple hardware is far more expensive. Linux won't run my software. In order for Linux to make serious inroads, it'll have to have more backing from the software companies. When PC gaming software is as readily available for Linux as it is for Windows, it'll be time to start looking at a switch. Office software isn't a problem.
    • Apple's looking good

      If Microsoft does this, I guess I'll have to go to Apple. I have a good copy of XP Pro Enterprise and will not even call them as that other person did. If I get that response to go buy another copy that would seal the deal on going to the Apple store. Good luck Microsoft on getting past this one. Maybe They're trying to tell Bill that if he leaves his empire will crumble to the ground.
    • At some point in the future...

      Some hacker will find a way to send the 'kill switch' to a large number of computers around the world.

      I can't wait for Microsoft and the markets reaction to such a predictable attack to most of the computers in the world.

      I am nt a Microsoft basher, but sometimes I wonder who is running the show up there.
    • Microsoft had better watch it

      Their OS?s are operating on millions of computers, if they bring this jackass method in, and it is anyway flawed and peoples computers start shutting down in error, how long do you think it will be before they have a pile of lawsuits sitting on their corporate desks that far outweigh the bucks they may be saving in anti piracy.

      Consider the problems that might arise due to a computer shutdown that could cost enormous money? We are dealing with millions of computers here and many of them are tasked to invaluable jobs that are time sensitive, and if a shutdown occurs on a properly licensed machine, its going to come back on Microsoft like a concrete block to the head. Not only will they end up in court hundreds of times over, but the customer drop off will begin, first a trickle, then an avalanche. Who?s going to pay $100+ for an OS that may permanently in fact shut down ON PURPOSE and by design if there is an error?
      • Read the EULA ... I'll wait

        The only financial liability Microsoft has if its software causes you to have a catastrophic loss of data or even a computer hardware failure is to replace or refund the cost of the installation media -- even if the problem is their fault, and even if you can prove that they knew that the problem existed.

        And it says specifically in the EULA that it should not be used in "Mission Critical" situations.

        As for the number of customers dropping off, the OS is installed on the computer when you buy it. Microsoft has been paid. OEM tech support will blame Windows for your problems (but note that most of them will void your hardware warranty if you wipe Windows off the HD and go with something else) and Microsoft will blame the OEMs. Rinse. Repeat.
        • Read your consumer sales law... I'll wait

          Fortunately most countries in the world have laws regulating what is allowed and what is not allowed to put into contracts in consumer sales related situation. Among such things are typically liability issues. So it is quite irrellevant what the EULA says in such situations.
      • Now there's a nasty thought!

        Ever since a well-meaning friend tried to overcome my resistance to M$ back when DEC and C/PM were the most usable business models, and gave me a portable DOS 2.11 to "wean" me, I have watched in horror as the Red(mond)Cult worked their vile crap on an innocent world - first by openly refusing to release any version that didn't notoriously negatively affect Lotus.
        Each successive "release" was to overcome the stupidity and unworkability of the latest fiasco. Back then the only people interested in Macs were those who wanted more advanced graphics.
        It strikes me as funny that M$ - with its unblemished history of software that fails out of the gate(s) - can really produce, this late in the XP game, a product that will work, ... even if the goal is to disable the Operating System. I have yet to experience an OS that "works" without constant maintenance from them/us.
        Although it was slow, the Commodore was a far more reliable system, as were the C/PM driven lines from Osborne, but they were run out of existence by the "big boys".
        The only thing having two products to choose from (Apple & "PC"/M$) has proven universally is that malware can run far more efficiently on either and thus destroy more work than when there were many different platforms out there, but the customer could spend his time producing rather than performing the chutes and ladders daily routines of trying to fix what should have never been broken in the first place.
        Yes, I have continued to buy XP crap because I wanted to edit video and prefer more than one button on my mouse, and insist that the mouse move at my command - not like a rubber band-driven "Etch-A-Sketch" action that I have not been able to overcome since the first Macs (They still give me a horrible arm ache when I must work/use/(give me a better term) on a Mac.
        I wish someone could come up with a version of C/PM-Geos driven simple ware that would interact with our present third-party software; then we could be talking about how much we love using it and concentrate on production again instead of all the problems associated with M$ - even when it's almost working.

        It's bad enough that we must fight M$ just to keep our computers running; but the fact that they are now deliberately hacking away at their product that we already made them richer than anyone deserves for .5arse usability is frustrating beyond reason.
      • Who's going to pay $100+ ?

        Especially when another OS can be had for the price of a magazine, or even free from the web for the time it takes to download and burn to cd/dvd.

        Not to do a commecial plug here, but there are several Linux magazines with cover CDs or even more commonly now, a DVD with up to 4 GB of programs on board, sometimes including several distributions (flavors of the same OS with different packages).

        One that a lot of you are familiar with are the offerings from Future publishing, one of which is Linux Format, on the shelves every month with a DVD inside the magazine in a sealed evelope.

        There are other european magazines with disks in them, but very few if any from the States, as if it were a sin to give away a disk full of software with the mag.

        Ask you local news retailer to stock Linux mags, and if he won't, go elsewhere, where they do or gladly will.

  • Someone Needs to Step Up NOW

    It's obvious someone at MS needs to step up and stop this nonsense. Either confirm or deny what is about to happen, otherwise there is going to be mass hysteria over this.

    Frankly, I'm scared. I have a totally legal copy of Windows XP (bought with my laptop), and none of the Genuine Advantage stuff will install here. If I'm about to get shut off through no fault of my own, they had better come out with a fix for this problem and pronto!
    • don't worry too much

      i should think that if the WPA/WGA isn't installed there's nothing MS can do. as long as you don't want to install stuff through windows update (there are other means i hear) MS can't just shut off your machine. i don't think MS would be able to put WPA on pre-built machines either due to people who don't have internet access. just don't install the WPA/WGA stuff and you should be ok.
      DISCLAIMER: i don't use windows on my home computer, so take what i've just said with a pinch of salt. i'm merely giving my THOUGHTS.
      Scott W