Microsoft admits WGA failures "coming up more commonly now"

Microsoft admits WGA failures "coming up more commonly now"

Summary: An independent analysis of reports to Microsoft's Windows Genuine Advantage support forum confirms that problems with the company's anti-piracy program are growing. Our investigation found that 42% of people reporting WGA problems were running copies of Windows XP that Microsoft's own diagnostic utility confirmed as Genuine. Microsoft support representatives even have cut-and-paste answers that acknowledge these problems "are coming up more commonly now." Why does Microsoft continue to insist that WGA is problem-free?

SHARE:
TOPICS: Microsoft
326

Scrolling through the posts on Microsoft's official WGA Validation Problems forum is like reading accident reports from a multiple-car pileup on Interstate 5. Many of the victims are completely innocent and have no idea what hit them, and cleaning up the mess can be a nightmare.

Even a casual reading of the posts at the WGA Validation Problems forum makes it clear that WGA has serious problems. But Microsoft refuses to share any hard data about WGA installations, making it impossible for independent observers to quantify the extent of the problems. Until now, that is.

With the help of a researcher, I went through a sample of 137 recent problem reports from actual Windows users, posted publicly on the WGA Validation Problems forum. Our research was the online equivalent of listening in to two weeks worth of calls to Microsoft's support lines. The results we found directly contradict Microsoft's insistence that "only a handful of actual false positives have been seen."

According to our analysis, 42% of the people who experienced problems with WGA and reported those problems to Microsoft's public forums during that period were actually running Genuine Microsoft Windows. That's not just our opinion, either. Those statistics were reported by the Redmond-approved Microsoft Genuine Advantage Diagnostic utility.

In our research, we discovered that two Microsoft employees have publicly and repeatedly acknowledged that a particular type of WGA false positive is "coming up more commonly now." We found a widely used security tool from McAfee that triggered WGA failures on perfectly legitimate systems. And we read dozens of reports from frustrated Windows users whose systems are running legally licensed copies of Windows XP but who are blocked from receiving security updates via Windows Update and who are blocked from installing premium Microsoft downloads such as Internet Explorer 7 because the WGA tool mistakenly identified their Windows installations as counterfeit.

Here are the gory details:

eb_wga_errors.png

Among Windows users who submitted WGA problem
reports to Microsoft's public forum in a two-week period
in August, 42% were running Genuine software, as
confirmed by Microsoft's official diagnostic utility.

Our methodology was as follows:

  • We reviewed all discussion threads from the WGA Validation Problems forum, beginning with threads started on August 1 and continuing in sequence until we reached new discussions dated August 15. Choosing this range of dates allowed us to be certain that Microsoft representatives had had sufficient time to respond to every post. We also looked at a sample of more recent posts and found reports that were similar to those during the sample period.
  • We counted only forum threads containing output generated from the Microsoft Genuine Advantage Diagnostic utility. Microsoft's representatives insist that users run this utility and paste the results for analysis before they will agree to resolve any issues on this forum. This effectively eliminated "chatter" and posts that didn't directly relate to WGA.
  • We tabulated the Validation Status field to divide the total sample of problem reports into the "buckets" Microsoft uses to classify Windows users for its WGA program. The overwhelming majority - all but 6% - of the validation results fell into four categories: Genuine, Blocked VLK, Invalid Product Key, and Not Activated.

As the graph shows, 39% of problem reports were from people who were indeed using counterfeit software, activated by an invalid product key or a stolen or leaked volume license key that has been blocked by Microsoft. But we were shocked to discover that the largest group of reported problems - representing 42% of the reports in our sample - came from people running copies of Windows that were Genuine, according to the MGA Diagnostic tool.

We have every reason to believe that this group is a representative sample of people who have experienced unexplained WGA notifications telling them they're running counterfeit software. (Obviously, it doesn't include people who knowingly installed counterfeit copies of Windows.) If anything, they represent a slightly more sophisticated group than average, because they were able to track down the WGA Validation Problems forum. But there's no indication that this group is otherwise atypical.

So, where did those false positives come from?

One large group consists of people who, for some unexplained reason, were displaying cryptographic errors related to digital signatures. The problem is so common, in fact, that Microsoft representatives have a canned response they paste into replies to forum visitors who appear to be showing false positives caused by these errors. Here's a sample of the canned text, posted by Microsoft's Phil Liu. We read these exact same words over and over and over again in forum threads during our sample period:

The issue seems to lie with the "unknown" signature that is coming up more commonly now. The "unknown" signature denotes a problem with detecting digital signatures. [emphasis added]

That snippet - "unknown signature ... coming up more commonly now" - appears in at least 30 different threads between July 31 and September 18. The solution isn't easy, especially for a computer novice. Microsoft's representatives instructed users to open a Command Prompt window and type 10 separate commands to re-register system DLLs. The repair procedure worked, but this victim's response was typical:

That fixed the problem. I was able to get the updates and no more counterfeit messages. I think there is an issue with this new validating software. I am for stopping piracy - but this is crazy.

Another set of problems were caused by a registry-cleaning utility called QuickClean, which is part of McAfee's Internet Security Suite. According to McAfees' promotional copy, "McAfee QuickClean technology helps optimize your computer performance, eliminating drive-clogging 'Internet build-up' (e.g., temp files, cached files, file remnants, Active X code), unused programs and other unnecessary clutter to free up valuable disk space." Unfortunately, it also "cleaned up" the information the WGA utility used to identify legitimate copies of Windows XP.

A post on McAfee's support forums first reported this problem on July 31. This thread, started on August 11, is the first to document the problem on Microsoft's support forums:

One of the tools on the new Security Center is a "quick-clean" tool, which I ran because my computer was running a bit slow. The next morning, after a McAfee security (definitions) update and a reboot, WGA flagged my computer as non-genuine.

Over the next three weeks, another nine users added posts to this thread saying they were experiencing identical problems. Microsoft's Phil Liu posted an update on August 31, confirming that McAfee had finally issued a patch on August 30. In other words, users of a very popular security suite for one full month were one click away from falsely being accused of running counterfeit software. That problem is now solved, but there's no indication that WGA is robust enough to protect itself from other system-level utilities that might cause similar problems in the future.

And then there are the Microsoft customers who receive no help at all after reporting that WGA notification messages were flagging their software as counterfeit even when the MGA Diagnostic utility showed it was Genuine. Most get canned responses telling them to go visit Microsoft's WGA Diagnostic page or update the WGA Notification utility or run a command to re-register the Wgatray.exe program. This thread is typical, with two separate customers reporting that the canned responses didn't work and no follow-up from Microsoft. We found dozens of these cut-and-paste responses to Microsoft customers reporting that their Genuine software had failed WGA validation. Did the fixes work? No one knows, because the original posters either never returned to the forum or never posted a reply. Only 20% of the forum threads we looked at included a follow-up message from the original poster indicating that they had solved the problem.

And the reports we analyzed here are from customers who actually managed to find their way to the WGA Validation Problems forum. On our test machine, running a counterfeit copy of Windows XP supplied to us by Microsoft, clicking the pop-up WGA Notification bubble led to a page that offered to sell us a Windows Genuine Advantage Kit for $149. The page includes no acknowledgment that the errors might be caused by problems with digital signatures, with third-party software, or with a failed WGA Notification installation. Since I published Busted! What happens when WGA attacks (including this Image gallery showing the WGA process at work), Microsoft has made no attempt to improve the help it offers users who may be experiencing false positives.

How many legitimate customers are simply paying Microsoft an extra $149 because it's easier than going through the hassle of working out the problem? If the answer is more than zero, it's too many.

Last Thursday, I contacted Microsoft's WGA team and offered to discuss the details of this story with them so they could comment on it. Despite repeated follow-up messages from me, they have declined the opportunity to hear about this story or to comment on it.

Update 26-Sep 6:15AM PDT: After this story was posted, a Microsoft spokesperson who had not read the story and had declined the opportunity to review any details about our findings sent an e-mail statement affirming the company's confidence in WGA. You can read that statement in this follow-up post

Want more background on WGA? Read my previous reports.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

326 comments
Log in or register to join the discussion
  • This is crazy

    Those stats, whilst I'm sure many will argue they are not wide enough in scope to draw any absolute conclusions, confirm what everyone has been thinking since the inception of the WGA program.

    The system is obviousely fatally flawed!

    As a developer I empathise with the difficulties facing MS in protecting their software, but surely it is better to err on the side of caution than penalise legitimate customers.

    I only hope the WGA built into Vista is more reliable, although I'm not holding my breath.
    nmh
    • Coming soon! 100% failure rate!!!

      If it was 6% in June and July and grew to 42% by August, then we'd better expect a 100% failure rate by the middle or end of October 2006.

      And a warning to the early adopters of Vista:

      Vista is a counterfeit product from the get go! Just mark my words, the minute you install it, WGA will refuse to recognize your copy of Vista and therefore it will shut down your computer. The next step is to call the software police on you. They are collecting your parameters as we wait for the validation which will never come.

      If you think I'm paranoid, ask the owners of those 42% for their opinion.

      What's that?

      [i]Your[/i] computer just failed WGA?

      Welcome to the fold....
      bart001fr
  • Question

    You said people with windows installs that failed WGA validation could not get security updates? Is this something new? I thought MS was going to continue to provide security updates, just not "bonus" downloads. If they are refusing security updates, it gets frightening.
    ebrke
    • Yes and no

      WGA validation is required to install from the Windows Update website.
      The automatic update service does not require WGA.
      zmud
    • I've updated the post

      In theory, a non-Genuine copy of Windows XP can get security updates via Automatic Updates. But you can't use Windows Update to get them manually, nor can you get the security benefits of updates like IE7 if Microsoft claims, accurately or not, that your copy of Windows is counterfeit.
      Ed Bott
  • Bad business practices

    Hacking off your paying customers is bad business. In a non-monopoly situation, it could cost you your customers. Unfortunately, that won't apply here.
    bbbaldie_z
    • Huh?

      Sure it applies here.

      We're one example.

      I don't understand comments like these.

      Microsoft has market domination because of OEM retail distribution.

      Microsoft does not have a monopoly. There are alternatives to Microsoft.

      Asserting that Microsoft does have a monopoly and computer users don't have alternatives is a public disservice.

      Such a perspective supports only Microsoft every bit as much as the official Microsoft party line, "Nothing is wrong. No need to don lifejackets."
      Cardhu
      • This sounds like a call for Tux!

        Seriously, CHOOSE a flavor of Linux...ANY flavor. They're either free or a HELL of a lot less than Windows anything.

        At this point in technology there's no reason for anyone to be tied to Microsoft for anything. If you called most of the major program makers, I'm pretty sure a Linux version of their software is already done or in the works.

        And if they don't and you need their software, use wine!

        Even factoring in the extra money Linux techs are worth, they're worth it, you'll be saving much more money in the long run.

        As far as the server goes, I don't bother with windows since SMB was tweaked to the point it can act as the PDS. You pretty much can choose which server flavor you want. SuSe with Novell is a favorite because Novell is very easy to use and work with.

        And the updates are far more frequent than once a month. Additionally security - nuff said.
        Airwolph
        • Not The Only Option

          Yes, a version of Linux with WINE makes sense for legacy Intel microprocessor systems.

          As of five weeks ago, our own new computer purchases are strictly Apple.

          So the point is, there are options with more reputable entities than Microsoft.

          My wife, a lifelong Apple user, is still laughing.

          Ten years ago, when we first joined our lives together into one, I promised to show her the true value of Windows compared to Apple systems.

          I sure did. You betcha.

          The little MacBook we bought my stepdaughter for high school is a sweet little system.

          My wife notes that, it may take a little while, but I am trainable. Fortunately, she is an incredibly patient woman.
          Cardhu
      • Are you kidding?

        [i]Microsoft does not have a monopoly. There are alternatives to Microsoft.

        Asserting that Microsoft does have a monopoly and computer users don't have alternatives is a public disservice.[/i]

        Yeah, they do. First most computer users do not know or anything outside of windows, they buy a computer turn it on and use it.
        Second M$ has so infected everything that a lot of software people need to use will only work on windows. IE only websites come to mind.
        Sure there are alternatives, but M$ and their goons have done everything in their power to limit everyone's choice and pigeon hole users into a Windows environment.
        DarthRidiculous
        • The Flea

          A flea confined to a glass with a cover will bounce high enough to hit the cover only a limited number of times.

          After that, the cover can be removed. The flea will stay in the glass.

          You're welcome to choose to stay in yours. We aren't.
          Cardhu
          • Message has been deleted.

            DarthRidiculous
          • Message has been deleted.

            Cardhu
        • Then we have to convert them one by one.

          I'm trying to convert my friends and family now. Nothing worthwhile comes easily.
          Hrothgar - PCLinuxOS User
          • Exactly

            People who can warn and advise others to avoid the Mircosoft trap must do so.
            Cardhu
      • The obvious question then:

        ---I don't understand comments like these.---

        Are you going to quit using Microsoft products because of this?
        tic swayback
        • Unrelated Topics

          I was referring to comments along the lines of:

          "It's hopeless. You are under Microsoft control. You have no alternatives. So just admit it and get back in line."

          I consider comments such as these just as unhelpful as the official Microsoft party line:

          "Nothing is wrong. You can trust us completely for quality products, integrity, and top-notch customer care."

          I consider neither perspective supported by facts.

          My observations on such comments are independent of our own decision on whether or not to abandon Microsoft. But yes, we are no longer Microsoft customers, as I have stated elsewhere in this thread.

          We didn't make that decision because of the above comments. We made that decision because we concluded that Microsoft has abandoned any pretense of scruples in its business practices.
          Cardhu
    • RE: Bad business practices

      You are dead wrong on that. WGA is the primary reason I
      completely wiped a Windows XP Pro installation and installed
      Linux. And I have to say I couldn't be happier with the decision. I
      will also not be upgrading the remaining Windows machine to
      Vista, but will be installing Linux on it at the end of the year.
      Protagonistic
      • I'm witcha

        I'm a Linux user myself, preferring RedHat. However, I've never messed with WINE. I just installed VMWare on my home system. I'm going to put FC4 on and play around with WINE. If I can make Dreamweaver and IE work well, I'll join you.

        Why IE? I'm a web designer. I have to run the garbage to make sure my sites look 0K, since that's what the rest of the world uses.
        bbbaldie_z
      • What's your flavor?

        Mine's PCLinuxOS. I Got it tweaked sweet, Still working on the game front(configing Cedega & Vid card together can be frustrating) hope to have WOW up soon!
        Hrothgar - PCLinuxOS User