Microsoft presses the Stupid button

Microsoft presses the Stupid button

Summary: When you’re the Evil Empire, it’s only natural to get a bad rap for everything you do. Microsoft gets bad-mouthed a hundred times a week for things that would be perfectly acceptable coming from anyone else. Given that level of criticism, it’s easy to ignore the times when they’re just completely, egregiously wrong.Microsoft’s new Windows Genuine Advantage authentication software which is now being pushed onto Windows users’ machines via Windows Update, is one of those occasions. Someone at Microsoft just pushed the Stupid button. And things aren’t going to get better until they stop pushing it.

SHARE:
TOPICS: Windows
122

Update 12-August: For a detailed discussion of what you'll see if WGA flags your copy of Windows as "not genuine," see Busted! What happens when WGA attacks and the accompanying image gallery.

When you’re the Evil Empire, it’s only natural to get a bad rap for everything you do. Microsoft gets bad-mouthed a hundred times a week for things that would be perfectly acceptable coming from anyone else. Given that level of criticism, it’s easy to ignore the times when they’re just completely, egregiously wrong.

The uproar over Microsoft’s new Windows Genuine Advantage authentication software, which is now being pushed onto Windows users’ machines via Windows Update, is one of those occasions. Someone at Microsoft just pushed the Stupid button. And things aren’t going to get better until they stop pushing it.

In a nutshell, here’s what’s happening. Two months ago, Microsoft released an update to its Windows Genuine Advantage authentication system via Windows Update. The WGA code checks your system to see if it’s been properly activated. If the activation is messed up – as it would be if you were using a pirated copy of Windows – you see a message telling you your copy of Windows is “not genuine” and your access to some Microsoft resources is cut off. WGA was originally intended to be part of Microsoft’s carrot-and-stick strategy for reducing piracy. Lawsuits against software pirates are the stick; WGA is the carrot. In theory, after you run the WGA code and prove that your copy of Windows is legit, you get access to cool downloads that aren’t available to Windows users who haven't jumped through the WGA hoop.

Fellow ZDNet blogger David Berlind has done an excellent job of unpacking the spin from Microsoft’s multiple statements about this situation. For details, see Does Microsoft's new WGA disclosure fall short? and With WGA, is Microsoft forcing Windows users to install and test pre-release software? Read both those posts and follow the links for the full details of this story.

I’m not all that concerned with the hysteria over the revelation that this app “phones home” to Microsoft. These days, I fully expect that any program I install will have a mechanism for updating itself or accessing help content online. As long as those mechanisms for online access are disclosed during installation and the actual update process isn’t malicious, careless, or deceptive, I have no problem.

No, the problem with Microsoft’s whole WGA program boils down to a simple rule: Do not mess with security. This episode violates that rule in three incredibly stupid ways.

Stupid mistake #1: This update should never have been included with Critical Updates. The Automatic Updates mechanism in Windows XP (and in the upcoming Windows Vista) is supposed to be a delivery vehicle for Critical Updates that fix security flaws in Windows. (From the Microsoft Update FAQ: “Automatic Updates is the easiest, most reliable way to help protect your computer from the latest Internet threats by delivering security updates right to your computer automatically.” [emphasis added]) There is no way, short of the most outrageous spin, that the WGA update can be considered a security update. By delivering a non-security-related update through this mechanism, Microsoft is breaking that promise.

Stupid mistake #2: The new WGA tool is wrong too often. If you’re going to punish your users, you had better be 100% right about identifying the offenders. Sadly, the new WGA code doesn’t come close to reaching this level of performance. A commenter on my blog reports that he’s now getting incessant notifications that his copy of Windows is not genuine. A close business associate of mine reports the same problem. What do they have in common? Both are using notebooks that had to be returned to their manufacturer for service. The repaired notebooks fail the validation process. A quick scan of recent posts at Microsoft’s WGA forum suggets this problem is unfortunately common.

Stupid mistake #3: The user is left high and dry. If you get a notification that WGA failed, what are you supposed to do? I haven’t seen the failure message myself, but my correspondents tell me it doesn’t offer any helpful steps for resolution. Neither does the Genuine Microsoft Software FAQ, which says:

What if my copy of Windows or Office fails the validation process?

See your reseller and ask for genuine Microsoft software, using the report provided during the validation session for support. The report explains why your system was unable to validate and provides instructions for further follow-up.

Oh, great. Have you ever phoned Dell’s support line? The apparently defective WGA tool is about to plunge an unknown number of users into a support nightmare for no good reason.

So what should Microsoft do now? Simple:

They should send a new update that disables and/or removes the WGA tool immediately, until it’s fixed.

They should set up a toll-free hotline that any Windows user can call if they’re experiencing problems with Windows Genuine Activation. (Microsoft already offers toll-free support for anyone who suspects they may be infected with a virus or a worm, so this doesn’t require a new infrastructure.) The agents on this line should have the authority to help a user override WGA problems.

They should apologize, publicly and profusely, for mixing an anti-piracy tool in with security updates and take steps to make sure that it never happens again.

And they should find whoever pushed the Stupid button in this case and put them on telephone support duty for the next six months. That might be an appropriate punishment. 

[Updated 12-June to fix typo.]

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

122 comments
Log in or register to join the discussion
  • Can't argue with any of your points.

    Well with one exception. Microsoft needs to include a PLAIN LANGUAGE EULA so users understand what they are agreeing to. In other words, shoot the lawyers!
    No_Ax_to_Grind
    • Not to mention

      a consistant EULA, one that does not change every time you download a security update.

      That's one nice thing about the GPL, BSD, SISSL, and any other reuseable license, whether you like the terms or can't stand them, you know exactly what those terms are every time you use them.
      Michael Kelly
      • What's in it for Microsoft?

        [i]Not to mention a consistant EULA, one that does not change every time you download a security update.[/i]

        On the contrary, changing the EULA with critical security updates is great for Microsoft. They can demand anything they want to, and history has shown that people will still agree to it.

        Once they get people desensitized to this kind of thing, they can kick it up a notch and aside from a little impotent griping on ZD blogs and TalkBacks, nothing will happen.

        Lather, rinse, repeat.
        Yagotta B. Kidding
    • That would be stupid

      [i]Microsoft needs to include a PLAIN LANGUAGE EULA so users understand what they are agreeing to.[/i]

      You mean like, [i]dud3, w3 0w|\| joo![/i]

      Face it, they have the customer over a barrel. Nobody reads the EULA anyway because there's really nothing they can do about it. [1] Meanwhile, it gives Microsoft a huge business advantage ([u]especially[/u] since nobody knows what they're "agreeing" to.)

      [i] In other words, shoot the lawyers![/i]

      On the contrary, since Microsoft has them and the marks don't that would be giving up a powerful business advantage. You've been downright eloquent on these boards about how Microsoft shouldn't give up any of their "edge;" this is no different.

      [1] Ever try marking one up and mailing it back, signed, certified, to MS Legal? With other contracts you can do that.
      Yagotta B. Kidding
      • Mailing them back ?

        Some of them aren't even printable. Some of them disables the copy/paste function. I found out some time ago when I got fed up with trying to sort out 17+ pages of legal humbo-mumbo language of which you can get half a page on the screen at one time. I wanted to send it to our company lawyers to have THEM as experts check was we were signing up to, and found out: Not printable, not copyable.
        Don't think that happened by mistake.
        pkrdk
    • I don't think he was sufficiently harsh, but I can't argue either...

      I am SO thankful that I avoided the sleazy, sneaky, unethical and totally inappropriate WGA download. For once, and I don't know why, I chose to read their EULA and decided there was no way that garbage was going on my computer.

      But you are correct in that the EULA was an amazing piece of work. The problem here is that if it was written in plain, clear language, more people might actually read it. That would be a problem for Microsoft.

      It might read something like: "If you install this software, we will be able to spy on your system. Your system will need to contact our system every day. If we have the slightest reason to think that you have not given us your money, right or wrong, we will make your computer difficult to use and will offer no assistance in correcting the problem."

      Yeah.... way to go Microsoft. Apparently you need to be despised even more than you already are.
      shawkins
      • What are you talking about?

        It checks a control file every reboot. That is it. It does no track your activity, spy on you in any way, ask for money(assuming you have a legit copy of Windows) or any of the other BS you say.
        If your that delusional, please seek real help. You deserve it. You need it.
        mdemuth
        • I don't know..... you tell me.....

          >>It does no track your activity, spy on you in any way<<

          How do you know that (for sure). If the bastards are sneaky enough to put this crap into a "critical security update" when it has absolutely nothing to do with security, who knows what else they are capable of.

          >>ask for money(assuming you have a legit copy of Windows) or any of the other BS you say.<<

          I never ONCE said that it asks for money. What I infered, but will state more simply for you, is that Microsoft's need for greed can make your life difficult, even you are in the right. What if I do have a legit copy of Windows but they seem to think it might not be (read the article). What are my options? How about none! Buy another copy of Windows I guess. It's happened.

          There is something very concerning about the latest step taken by Microsoft. Their contention that they may need to "shut down" the WGA makes me think they are heading toward the ability to shut down whatever they want, whenever they want. Don't think that will ever happen? You might be the one who is delusional. Nice chatting with you.
          shawkins
    • I think you missed the point

      The objective (from my reading) of the article is to point out that they (M$) misused their delivery mechanism and included non-security updates to the OS which precludes end-users from utilization of the additionaly functionality that they should be due if their copy of the OS is indeed genuine.

      Shooting lawyers doesn't solve the underlying issue.

      Here's to hoping that you are Brady disqualified.
      smoring
    • EULA

      Perfect point. Its mere length makes people want to click "Yes" without even reading it.
      Anti_Zealot
    • Shoot the lawyers-too easy

      Castration comes to mind; disembowelment a good option since most lawyers are gutless worms to begin with.
      dewey56
  • Obedience

    An open letter to the ZDNet contributors, that most influential of
    Windows user. Pull your collective thumbs out, stop griping
    about the Microsoft mistakes and switch platforms. Without the
    preparedness to do that, you're all looking like shills and
    apologists. The irony lies in the fact that these complaints do
    nothing but firm up Windows support. Advocacy does not take
    the form of idle complaints.

    Microsoft either has you over a barrel or they don't. If they don't,
    this experiment can take place. I'd recommend a switch to OSX
    and then a series of blogs about it. Be honest. Without this
    effort, these blogs are nothing more than comiseration sessions
    designed for strengthening an unhealthy codependancy.

    Most of your readers use Windows? The biggest service you
    could provide is to find out if they are wrong. Until then,
    everything you write is a disservice. The stupid button is not
    exclusive to Microsoft.
    Harry Bardal
    • Huh?

      I'm mostly happy with the Windows platform. Not interested in switching. Thanks for the advice, though.
      Ed Bott
      • If it looks like, sounds like, and

        apologizes like it, it must be shill.

        I use a lot of MS products but it's certainly not because I like them. It's an economic necessity like mandatory auto insurance. My other laptop is now a ubuntu machine. Looks like MAC OSX or this box moving to the same as I cannot trust MS to own my computer.

        http://www.groklaw.net/article.php?story=20060608002958907

        If you're happy with that, then why don't you surrender you civil rights too. It's just too much responsibility to handle and so easy to let it go. that makes a lot less stuff to think about or decide upon.
        msolgeek
        • Are you happy with your choices?

          If so then have the knowledge that others are too and don't really want or need you trying to force *your* choice on them.
          No_Ax_to_Grind
          • Choice

            For many on the Windows gravey train, this was never about
            choice. It's certainly not anyones place to force a choice upon
            us, but that's the point isn't it. Choice may have been forced ten
            years ago. Is it possible it's no longer in play.

            Ed's response "Everything is fine thanks". Means one of two
            things. Either everything is fine and the stupid button is a minor
            problem. Or he represents a cross section of the Windows
            community that is not empowered to change and is forced to
            rationalize the inability to be self directed. It's not my place to
            say.

            If however, the experiment does take place, and a change
            occurs, it will point to a 15 year long mistake. That's
            embarassing. The fact that the experiment won't take place is
            telling. There is nothing to lose. It points to the possibility that
            the collective ego can't let this lemon go, and couldn't bear the
            shame if it did.

            The notion that anyone on these boards can force anyone to do
            anything is rediculous so lets just put that rhetoric aside. It can
            be influential however, and unbiased agendas and more
            scientifically minded reviews should take the place of the current
            water balloon fights.
            Harry Bardal
          • Nice straw man you got there, Harry

            If you're going to have a debate, try to have enough respect to listen to and accurately summarize your opponent's argument.

            I never said "Everything's just fine, thanks." I said I'm generally happy with the platform and not interested in switching. Big difference.

            I've looked very carefully at the Mac platform, and it's not for me. In many respects, the DRM issues and gross violations of privacy are worse for Mac users than they are for Windows users. If I were to switch, I would have a year's worth of complaints about the horrors of the Mac.

            But just because I've chosen a platform doesn't mean I can't complain about it and ask for changes. Many of the things I've complained about over the past few years have indeed been fixed in Windows. I have confidence that this one can be as well.
            Ed Bott
          • He did allow for that possibility

            Not really a strawman, as he offered more than one possibility. Perhaps you missed the part where he said, "Either everything is fine and the stupid button is a minor
            problem."

            ---In many respects, the DRM issues and gross violations of privacy are worse for Mac users than they are for Windows users---

            Please explain what you mean by this. What violations of privacy are Mac users subject to? As for the DRM, note that Apple's FairPlay DRM is far more prevalent on Windows machines than on Macs, so unless there's some other DRM you know about, that's not much of an argument.
            tic swayback
          • Bring It

            Firstly, I appologize for likening "everything's fine" with
            "generally happy". They are clearly worlds apart. I'll quote you
            verbatum in future. Secondly, it seems it was wrong for me to
            interpret an article entitled "Microsoft Presses the Stupid Button"
            as a serious complaint. It would seem that "gross violations of
            privacy" are only a big issue on the Mac. Please don't alude to a
            spectral privacy problem that is so aggregious on the Mac that it
            won't allow you to try it on moral grounds. That's a crock. You're
            putting up with it now and an inch is as good as a mile.

            The point is, I'm not interested in hearing that you'd have
            complaints. I'm interested in the complaints. Without them these
            blogs are increasingly corrupt. How can Apple compete when all
            they can give you is a great computer, but Microsoft can give
            you a career. IT deserves the whole story and it's not being told.
            Without perspective on Windows, Windows reviews are
            advertisements. I'm lobbying for this perspective and hands-on
            feedback. Without genuine comparison, head to head, the two
            camps are just lobbing grenades at each other and it's time
            someone with a pulpit stepped up.

            With today's revelation that 60% of Windows boxes are owned, it
            would seem that privacy policies are the least of the platforms
            worries. Where do you stand on this, Microsoft's own data, and
            the massive indightment it is of your chosen platorm. Do you
            think this might be a larger endemic privacy problem? It makes
            WGA look like a pat on the head. Would you care to guess what
            percentage of Apple's boxes are owned.

            Spare us the righteous indignation. The only way to speak with
            any authority on Windows, is to do it in concert with the
            alternatives. Hiding behind marketshare doesn't cut it anymore.
            Harry Bardal
          • Clarification

            To clarify - 60% of compromised Windows boxes. 3.5 million
            machines out of 5.7 million infected.

            Thanks to Microsoft for those figures.
            Harry Bardal