Microsoft removes another one of WGA's fangs

Microsoft removes another one of WGA's fangs

Summary: With the release of Service Pack 1, the Vista "kill switch" is now officially dead. An announcement earlier today by Microsoft reveals details of a new update that will detect two widespread activation cracks. What happens when your copy of Vista gets flagged as non-genuine? The answer isn't what you might expect.


Microsoft removes another one of WGAÂ’s fangsThis morning Microsoft announced another noteworthy change to its flagship Windows Genuine Advantage (WGA) program - an update to be rolled out later this month to all Vista users that will display a WGA warning dialog box when it detects either of two common Vista activation cracks. In the same announcement, they also for the first time showed screen shots of how WGA changes debuting in SP1 will take some of the bite out of a longstanding Windows product activation rule as well.

Now-departed Microsoft marketing chief Michael Sievert announced last December that Service Pack 1 would drop Vista’s “reduced functionality mode” (the notorious “kill switch”) in favor of a series of notifications and nag screens. WGA senior product manager Alex Kochis posted the details of today’s changes, with screen shots, on Microsoft’s Windows Genuine Advantage blog today.

The new WGA code in SP1 is designed to detect two of the most common activation cracks: one tries to fool Vista into thinking that it’s an OEM; the other fools the activation timer into waiting until some far-off date in the future. Later this month, before SP1 begins rolling out, Microsoft plans to deliver a Vista update that checks for the presence of those two specific cracks. Unlike XP’s WGA add-in, which was designed to confirm that the system’s activation was valid and wound up failing too often, this one looks only for the details of those two hacks. If it finds the “signature,” it displays the message shown here:

Activation crack detection update for Vista

It's worth noting that this first release of the crack-detecting update won't try to remove the crack or shut down the computer; Kochis says the detection and removal functions will be combined in the next release, with no date announced for that. In the upcoming version of this update, links on the informational dialog box will lead to webpages with repair details, but you can dismiss the dialog box immediately - and permanently, if you choose. Anyone who sought out and used one of these two hacks to avoid paying for a legitimate copy of Windows will probably not be surprised. (They can also use a different activation hack that Microsoft hasn't yet written detection code for.) In addition to those unrepentant pirates, however, Microsoft believes there are a significant number of technically unsophisticated customers who had their system upgraded by a friend or a shady repair shop and have no idea that it’s been hacked. For them, the new update is designed to serve as an early warning that they’ll have to deal with product activation sooner or later. 

The change in product activation kicks in whenever Windows decides that your system’s activation status is no longer “genuine” – a state of affairs that can come about if you fail to activate within the original 30–day grace period, or if the WGA validation code detects that your system has been tampered with, or if it appears based on hardware changes that the activated copy has been moved to another computer. In either of the latter two cases, activation is revoked and a three-day grace timer begins.

Previously, with both Windows XP and Windows Vista, the end of the grace period meant you had to activate, period. If you let the clock run out without activating over the Internet or by phone, Windows refused to run. With Vista SP1, you’ll see the dialog box shown here, which goes away after 15 seconds. If you’re not ready, willing, or able to deal with Microsoft’s phone activation line, you get to log in and use every Windows feature after the 15–second period has passed. In theory, a Windows user who doesn’t mind the nag screens can run an unactivated copy of Vista indefinitely.

Change to the activation dialog box for Vista SP1

The big question at this point is whether these changes have been properly tested and whether they’ll have any unintended side effects. (The current problems with one of the prerequisite updates for SP1 don’t inspire a lot of confidence in the Windows Update process.) Although this update looks small in scope, it’s still possible that it will result in false positives like last summer’s server-side glitch that flagged a bunch of genuine customers as pirates. A lot of people will be watching over the next couple months to see if Microsoft follows through on its promise to “build more trust in WGA”. With the recent round of changes, WGA certainly hasn't been rendered toothless. But its bite is now far less painful.

Note: an early draft of this story appeared briefly (for 10-15 minutes) on this site before the final version was posted.

Topics: Windows, Microsoft, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So what's new???

    Samo samo........... crap!
    Ole Man
    • In order to understand what is new....

      .... one must be capable of reading and comprehension. The new features are discussed in the article.
      • Right, exactly what I said

        More crap!
        Ole Man
      • Right ...

        so Ole Man has explained things for you in terms even you can understand.
  • Seems like Microsoft has lost its nerve...

    They might as well just be rid of WGA and activation keys altogether if this is all that will happen if it is a pirated copy.
  • Seems like Microsoft has lost its nerve...

    They might as well just be rid of WGA and activation keys altogether if this is all that will happen if it is a pirated copy.

    Mind you, even having a pirated copy running on someone's computer is probably preferable to Microsoft than that person running a copy of Linux, or going out and getting hooked on 'Cupertino Crack'.

    I suppose if they can get you hooked on Microsoft Meth first...
  • I'd expected this ...

    ... since SP1 disabled the two hacks quietly, there were going to be a lot of people out there finding their systems not working and no reason given. However, while I'm happy with the beta tested changes in SP1, applying an un-beta tested patch on top of that doesn't fill me with joy.

    BTW Ed, SL07-006 - You seen any mention of that on the Microsoft site anywhere? I've asked Kochis for clarification on this because I sure do hope it shows users more than that.
    Adrian Kingsley-Hughes
    • Yes, I did ask about that

      The error code is a hot link to a web page that is designed to show full details of the exploit and how it works. The devil is in the details, which I have yet to see.
      Ed Bott
      • Yeah ...

        ... I just got the same cut'n'paste reply too ... my guess is that they're playing this close to their chest. However, rumor is that this WGA update will detect more than the Paradox and grace timer hacks.
        Adrian Kingsley-Hughes
        • Nope

          The update will specifically detect only these two cracks. SP1 includes infrastructure that will allow them to detect others, but I am confident this update will be focused on only these two specific cracks.
          Ed Bott
  • RE: Microsoft removes another one of WGA's fangs

    Yeah right. Two days ago on XP I switched video drivers and had to re-activate. That wasn't part of the deal. No hardware was touched. Another reason to avoid Vista at all costs
  • RE: Microsoft removes another one of WGA's fangs

    Anybody seen steve jobs lol"
  • Time for Version 2.0 of the Cracks

    Throw some junk code in the patch and watch what happens.

    Then again, perhaps the update is looking for the effects of the patches rather than a file. If that is the case, this may be a bit more difficult to crack. Unless you can dupe the software in another fashion. Either way, crackers have a new challenge and will probably be quick to come up with a new solution.
  • RE: Microsoft removes another one of WGA's fangs

    Microsoft should spend more time in making there operating system more stable rather than, Adding WGA and pirate detection crap.

    Not a mac fan, but i don't hear much about wga or service packs as much as windows has in the past.

    Yes i know more of you out there use windows rather than mac, but far less problems with the mac.

    I do run a genuine copy of windows, but after vista's sp1 @#$@ up!,142617-c,windowsbugs/article.html

    This makes me lean towards linux or mac more @ more evey day, like chris pirillo has.

    Chris use's a mac with vista in virtual machine.

    Chris is not the only one that made the move to mac, but i hear more & people talking about mac because windows vista problems since it was released!

    Remember a good os is less time spend patching and updating!
    • I think Scott Finney switched too

      As well as Marty Wrin:

      Hello Linux! Or more accurately, hello
      Ubuntu since that's the distribution of
      GNU/Linux that I'm using. It's built upon
      the Debian distribution and is one of the
      most opensource and non-commercial of the
      Linux distributions.

      February 07, 2007 (Computerworld) --
      Editor's Note: This is the third installment
      of a series in which longtime Windows expert
      Scot Finnie gives the Mac a three-month
      trial as his primary machine for work and
      home use.
      Mac vs. PC cost analysis: How does it all
      add up?
      Everybody knows PCs are cheaper than Macs,
      right? Wrong! (At least sometimes.)

      I wouldn't be surprised if a bunch more
      people switched. Vista does NOT = Herbert
      Tareton (as in "I'd Rather Fight Than
      Switch"). Just the opposite, I'd say. Most
      people would rather switch than fight with
      Ole Man
      • Excellent Post, Ole Man!

        Thsnks for the great links!
    • You do hear about those things with Macs...'s just that the Mac equivalent of WGA is, well, owning the hardware in the first place.

      And as for service packs...well OSX just got one - it went from 10.4 to 10.5 (plus a couple of incrementals afterwards...). It got a hell of a lot of publicity, but they called it a new version of the OS and charged $129 for it.
      • Microsoft did the same thing

        with XP. Win 2000 is NT version 5.0 and XP is version 5.1. Most software companies charge for either major upgrades like going from 2.0 to 3.0 or minor upgrades like going from 2.1 to 2.2. Service packs and patches generally are reflected like 2.1a or or 2.11 etc.
  • RE: Microsoft removes another one of WGA's fangs

    This is just one more reason that microsoft is destined to fail. Instead of being happy that their marketshare is being propped up by eager misguided windows hackers, they are stifling their own userbase by annoying, intimidating, nagging and befuddling their customers.

    Windows is truly an operating system that sucks the life out of its users. I decided early on that microsoft should be paying me for emotional and intellectual distress whenever I used its piece of crap operating system, rather than the other way around.

    You don't have to switch to OSX, but at this point there is little argument against switching to linux, into a much more welcoming, friendly and expedious operating system environment.
  • RE: Microsoft removes another one of WGA's fangs

    If the end result is a that counterfeit user just has to wait 15 seconds and Vista will continue operating, it seems that MS has thrown in the towel. I mean, if you add 15 seconds to the rest of the boot cycle how much of an inconvenience is THAT? Not much.

    I haven't even tried out Vista yet, so I'm not at all aware of how long it normally takes to boot, but through previous iterations of Windows, 15 seconds is a small price to pay.

    I doubt if I will go to Vista in the future. Next computer will run either Mac OSX or some version of Linux.

    Krusty Baguette typing from Podunk, MA