ie8 fix
madison

The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

MS: 20% of WGA failures not caused by pirated keys

By | July 3, 2006, 4:07pm PDT

Summary: Microsoft isn’t interested in answering detailed questions about how Windows Genuine Advantage works. But via e-mail, they acknowledged that 20% of Windows users who fail the validation test are not using leaked or stolen keys. No wonder so many people are up in arms.

[Update 18-July-2006: In response to this and other questions, Microsoft has released some numbers about WGA failures. Details in this follow-up post: MS says WGA has caught 60 million cheaters.]

You don’t need to look very hard to find outraged Windows customers who have been branded pirates by Windows Genuine Authentication. And a hefty number of them claim they’re being unfairly targeted, with legitimate Windows copies that are being tagged as stolen or pirated. I’ve heard from several dozen people, and I’ve also seen credible stories posted on Microsoft’s public WGA newsgroups.

Now, via e-mail, comes confirmation from Microsoft that its false positive rate might be unacceptably high. Microsoft’s PR agency apparently e-mailed other tech reporters to try to spike the WGA “kill switch” story I reported on last week. Eric Lai of ComputerWorld got the memo and basically reprinted it with no analysis (Microsoft denies WGA kill switch in Windows XP). But Lai’s story does include one interesting new detail, a statistic that Microsoft confirmed in a follow-up e-mail to me:

Through its spokeswoman, Microsoft said that “80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys.”

Oh, really? Turn that statistic around: Microsoft said that 20% of all Windows users who fail the WGA validation test are not using leaked or stolen keys.

So what is the reason for WGA rejecting the other 20% of Windows licenses? ComputerWorld apparently didn’t ask, so I fired off an e-mail to Microsoft’s PR agency, who passed along a response from Cori Hartje, Director of Microsoft Genuine Software Initiative:

While we will don’t have specifics to share on other forms counterfeit installations, they mostly result from activities such as various forms of tampering and unauthorized OEM installations.

Yes, that’s exactly what they wrote. Besides being woefully ungrammatical, it’s also imprecise. How many are caused by tampering? How many by unauthorized OEM installations? And what exactly are those categories? Note that there’s no admission that some of those failures might be false positives.

Trying to pry answers out of Microsoft is difficult, because they refuse to grant interviews on this subject. And taking one question at a time via e-mail, with a lag time of a day or more between question and answer, is just insulting.

I’ll keep beating on this stone wall for as long as I can stand it.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Ed Bott Report”

Topics

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books written prior to fall 2011 have been distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press. As of November 2011, Ed is a partner in the independent publishing company Fair Trade Digital Exchange, which exclusively publishes his books.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

117
Comments
Add Your Opinion

Join the conversation!

Just In

RE: MS: 20% of WGA failures not caused by pirated keys
Goldcds 7th Sep 2009
You are an idiot. I do have a ligit copy of Office, it is a company PC, and I am getting the "not genuine" notice when I open Word and so are many other people. I am switching to Macs, OpenOffice, and Linux. Screw M$
View in thread
0 Votes
+ -
And then ...
Yagotta B. Kidding 3rd Jul 2006
I'll keep beating on this stone wall for as long as I can stand it.

At which point, what?

My money is on, "give up and if necessary fork out for another retail copy."
0 Votes
+ -
Enabling thievery!
deleweye 5th Jul 2006
"...fork out for another retail copy"?

In other words, if Microsoft screws up, they should be allowed to deny any responsibility and charge the customer for fixing it? The reason no one with three functioning brain cells will ever trust Microsoft is that their corporate policy and culture is exactly that - which in the real world is called thievery.

As long as spineless idiots put up with it, they'll continue to steal everything they're allowed to get away with.
0 Votes
+ -
"Should" has nothing to do with it
Yagotta B. Kidding 6th Jul 2006
In other words, if Microsoft screws up, they should be allowed to deny any responsibility and charge the customer for fixing it?

Just remember: "We don't care. We don't have to."
0 Votes
+ -
Thievery is not the issue or the problem
Cayble 9th Jul 2006
The whole problem here is the truly bizarre nature of software licensing that?s been created due to software producers and the entertainment media industries choice of format to supply their product on.

The format of choice is of course the venerable CD and now the DVD as well. They really like the CD and DVD format because it is perhaps the most cost efficient thing ever created in the history of mankind. The actual material in a CD is of so little cost it is almost worthless, and manufacturing costs are similarly inexpensive. Of course this isn?t just speculation; blanks can now be purchased for as little as 15 cents a piece when a consumer purchases in some degree of bulk. The only thing of value to a CD or DVD is the media that?s put onto it, and even the process of doing that is very inexpensive as well. So in the end, when you purchase software, music or movies on such media almost non of your money is used to pay for the actual ?thing? that the CD is, or the effort that went into creating the CD itself. In almost all cases the packaging cost more then the disk to produce. And of course the software and media producers love this, bigger, much much bigger profit margin then actually supplying media in a format that would require more material, perhaps many kinds of materials and actually do some real genuine manufacturing. That might cost them a buck or two per unit, and that?s lost money if they don?t charge the extra.

They started this back in the mid 80?s of course when the average consumer got the first taste of what a CD was all about, and they charged upwards of $20+ quite often for a CD when they first came out, significantly higher then the $4.99 many new vinyl LP?s could be had for at that same time. The gouged and soaked us for every penny because they knew we wanted the digital sound CD?s could provide. I recall reading an article back in 89 that said it cost the music industry about a buck and a half for the materials and labor to put a new CD on the shelf. It was then that I realized we had been had for sure, as it had to cost them at least that or more to put an LP, many times more the materials and packaging, on the shelf, and they had sold for ? the price of a CD.

And screw us over they did, and the format was so cheap to produce everyone in the whole industry, including software, decided to never change the course, even once tech improved and got cheap enough for the average consumer to reproduce CD?s. The whole world had always copied their vinyl LP?s and cassette tapes, they had used their VCR?s to record movies, and from day one people have always copied everything and anything they could for their own personal use, and most people expected they could run into trouble if they started selling copies of things, but most just did it for personal use and sharing with family and friends, and this had always been widespread and nobody seemed to be bothered.

Now because the software and media industry chose the most profitable method imaginable to sell their products on, and screw us price wise, they are in some difficulties because their precious format it also turns out can now be copied quite easily, and for the first time in human history they have decided to declare war on copying for personal use. Because of the format they have chosen, to prevent copying is almost impossible and as a result in order to at least make it more difficult they have to implement such draconian measures that it is absolutely bound to unfairly and unjustly create ?side effect? problems for many innocent members of the public. Again they are simply saying we want to keep this highly profitable format and we will even screw the public again in order to keep up the profits.

They create bizarre licensing schemes and anti piracy measures that boggle the mind and are certainly well beyond unjust from an historical perspective on how a human being expects to be able to use a product they have purchased. Remember, this is their fault, they chose the format and set the prices in order to screw the public out of huge amounts of cash, and now that copying has become easy, they are ready to screw the public again with counter measures that will harm innocent consumers just so they will not have to implement a new format that would actually cost them more even if it couldn?t be copied.
0 Votes
+ -
Virus activity causes WGA failures
simon89 4th Jul 2006
Following multiple machine failures because of Virus, Trojans etc. Windows has been reloaded many time by tech support. All of these cause problems with WGA and yet the root cause is poor security in Windows itself. Even when the machine is reloaded and the keys entered according to the EULA tag on the system unit you still get activation errors. For the 20% of failures - Microsoft should be paying us for wasted time talking to their activation line.
0 Votes
+ -
will cause lack of trust even disabling auto-updates
~doolittle~ 4th Jul 2006
Even if you aren't one of the 20% you may be 100% legit and simply disagree with the info collected like "PC manufacturer", "BIOS info/checksum", and the "HDD serial #" since it is definitly personal, identifiable info (not windows-specific) and disable the WGA tool or opt-out of installing it completely and in extreme cases disabling auto-updates completely.

With 3rd party freeware tools like autopatcher.com's patch rollup it is not unfeasable to go without auto-updates, but probably not a good idea for the "average" or non-technical user.
0 Votes
+ -
Contributr
No, those are not "personally identifiable"
Ed Bott 4th Jul 2006
"PC manufacturer" is not personally identifiable. Everyone who has a Dell (or Gateway or Sony or whoever) computer falls into the same bucket.

"BIOS info/checksum" is not personally identifiable. There are thousands or millions of people in each bucket.

Even the "HDD serial #" is not personally identifiable. It's unique, but unless it's correlated with personal information there's no way to identify a person.

I object to WGA for lots of reasons, but this ain't one.
0 Votes
+ -
I'm with you...
ju1ce 4th Jul 2006
I have legitimate Office/Windows software...

Problem is, I don't like people invading my privacy without my permission. Of which I have not given either with this WGA. It is quite simply spyware no matter how they look at it.

I hope someone takes it upon themselves to figure out how to disable this thing without it affecting your Windows. I'll be one of the first people in line for the product.
0 Votes
+ -
You gave the permission
pkrdk 6th Jul 2006
ny installing Windows, and accepting the EULA. It's normal to read what you sign, but I go fully with the opinion that the EULA is (on purpose?) written so nobody get's what it's about. They call it 'the contract between them and you'. With one big difference though: If you don't acceptt he cntract, you still havet to pay. That's methods I thought disappeared with the Mafia.
0 Votes
+ -
Who says they're not doing that?
Chad_z 4th Jul 2006
Even the "HDD serial #" is not personally identifiable. It's unique, but unless it's correlated with personal information there's no way to identify a person.

You're taking MSFT at their word on it. The same company that slipped WGA into an update without proper disclosure. Then tried to have their PR firm kill the story, then admit 20% of legitimate users might be having problems, though that figure could be less but it's hard to tell because we can't get a straight answer out of them.

This is the company you trust not to be assembling personally identifiable information?

I suppose you believe Bush is a uniter not a divider, too. And that Barry Bonds wasn't taking steroids and that Ken Lay really was innocent.
0 Votes
+ -
Contributr
I'm not taking Microsoft's word on this
Ed Bott 4th Jul 2006
There is nothing - zero - personally identifiable about a serial number for a hard drive. The only way that it could be correlated with personally identifiable information is if it were ALSO transmitted with something that was identifiable, or if you chose to provide personal information along with it.

I won't deny your right to be suspicious, but you'll have to provide some basis in reality for your suspicion before I take it seriously.
0 Votes
+ -
If they want to follow the chain of invoices...
ju1ce 4th Jul 2006
From your HD Serial Number, the manufacturer can tell you who they sold it too. All they gotta do is bring it up in their inventory system. happy

But MS technically can't do that. wink
0 Votes
+ -
Contributr
Look again...
Ed Bott 4th Jul 2006
The HDD serial number in question is not from the manufacturer. That serial number is on a label on the side of the drive. TYhe one that gets sent with WGA (or with WPA, for that matter) is a unique volume ID created when you format the hard drive. If you reformat, you get a new volume serial number.

I repeat, nothing personally identifiable.
0 Votes
+ -
HDD serial number
Bigfeet 5th Jul 2006
When you register a hard drive warranty the manufacturer (Maxtor, Western Digital, etc) will read the serial # directly from the drive. It's the same # as is pasted to the top of the drive.

WGA captures this. It's childs play to find the owner.
0 Votes
+ -
Don't I seem to remember
JCitizen 3rd Aug 2006
that Microsoft was sued about 4 or 5 years ago because the security section of a financial institution of one of the Fortune 500 companys, proved in court that Microsoft had not only gathered personal information from there computers, but someone in the Microsoft Corporation misused this information and the company that was in harms way sued Microsoft? I think they settled out of court. Duh!

Microsoft denied knowing that their software was gathering off base information. AS I remember- anyway. Have I got a bad memory, or has anyone else got any information on this?
0 Votes
+ -
You trust them that much?
donw1234 4th Jul 2006
Ed,

They are gathering information without asking for permission. Who is to say they are not gathering personal information along with other info.

After all, if their analysis tells them that a copy of Windows is illegally installed don't you think they would want to know who is running that system?
0 Votes
+ -
WGA Phones home
mypl8s4u2 5th Jul 2006
I?m surprised by the lack of information floating around this forum. Sort of like the right hand doesn?t know what the left hand is doing.

Microsoft admits WGA phones home:
http://www.betanews.com/article/Microsoft_Admits_WGA_Phones_Home/1149798507
http://arstechnica.com/news.ars/post/20060608-7017.html
http://www.p2pnet.net/story/9242

Legislation proposed to retain IP addresses, snoop on email attachments:
http://news.com.com/2100-1028_3-6078229.html
http://news.zdnet.com/2100-9588_22-6078229.html
http://talkleft.com/new_archives/014990.html

What you may need to understand is that in order for Microsoft to actually track you and locate you, both items above must be cohesive. Microsoft was collecting information from your PC as to your IP address, timestamp of the address, the BIOS of your computer, the manufacturer of your computer, and the basic language, each and every time up boot up. Yes, this information by itself won?t point any fingers but if legislation has its way, ISP?s will be able to retain IP addresses associated with phone numbers for two years. So, if M$ recorded the date and time of your IP address, then with the help of the ISP would be able to research their records as to who got that IP on such and such date and time. Bingo! They know exactly were you are.

Now about the ?kill? switch, M$ doesn?t per say have a kill switch but WGA somehow enhances WPA.

http://arstechnica.com/news.ars/post/20060702-7178.html
Vista?s role is also explained in this link and should prove good reading. Vista will be plagued by all sorts of issues. As for hacking, I?m afraid that history will once again repeat itself. There are hacks out there for Vista beta already. What I find interesting is that it seems that hackers have an advantage here. They seem to be ?fixing? the system more then the programmers at M$. I don?t like to be disrespectful, but if history tells us anything, it?s that time and time again, Programmers at M$ can?t program.
0 Votes
+ -
I'm not taking Microsoft's word on this
uM0p ap!sdn 5th Jul 2006
When you buy a hard drive and fill out a registration card and or warrenty (or filled out online) your name, address, phone number, favorite color, granma's maiden name, place you bought it ...etc...etc...etc..etc... and the crap in fine print at the bottom...... oh boy....... third party

Are people this gullable to M$
0 Votes
+ -
And...
pkrdk 6th Jul 2006
same company that within 48 hours got the identity of the person who wrote the 'I love you' worm, from the millions of MS Office users. How on earth is that possible if they don't collect personally identifiable info ?
0 Votes
+ -
RE: No, those are not "personally identifiable"
barsteward 4th Jul 2006
If they've got your IP address then its all personally identifiable
0 Votes
+ -
.. then we are in trouble
fredsmith6 4th Jul 2006
... because any website you visit, can 'identify' you by an IP address.
0 Votes
+ -
IP Address
jrhcod 5th Jul 2006
Which is how sites customize ads to you when you visit. They remember the IP and where it went the last time it visisted.
0 Votes
+ -
Contributr
Not personally identifiable
Ed Bott 5th Jul 2006
Yes, they remember the IP. They know that the computer that used this IP address visited a particular page, so they assume that the same computer is using that IP address today and they serve a related page.

Where is the personally identifiable information?
0 Votes
+ -
Maybe
mypl8s4u2 5th Jul 2006
If you are on Dynamic (your IP is different when you turn on the computer), then it?s not the IP they are tracking, it?s the cookie put into your computer that is being used. Microsoft is ?timestamping? your IP with date and time. If the ISP who owns that block of IP addresses are required to maintain log files of IP addresses by time stamp associated with your phone number, then all M$ needs to do is ask the ISP who owned what IP at such and such date. BAM! Your phone number shows up and they know your address.
0 Votes
+ -
Good point, mypl8s4u2....
yogeee 5th Jul 2006
Looking at it from that perspective, it is a very compelling reason to those who may indeed be using illegal software or operating systems; to stop, and either buy a legal distro (I would say copy but that at least in MS' case would be a paradox)- or seek to abandon windows and all associated apps for an alteernative. One that is free from all the nonsense that goes along with using windows (notice I didn't say OWNING, but using). I'll always keep my legally purchased "distro" of XP in the event that I ever DO get anything from MS ever saying my ip for whatever reason showed up as having an illegal copy of windows, regardless of the fact that it isn't used (besides, I'm not the type to sell someone else something I myself wouldn't use or trust - it wouldn't surprise me if THAT even constitutes pirate software now too, having bought a legal retail distro from an individual that has already used it; but doesn't use it or have it installed on anything anymore). The whole thing is just STUPID, really...like MS really gives a hoot whether or not a few thousand peeps are not able to use windows anymore. This whole thing about WGA has absolutely no more value than vista. It's simply a way for microsoft and it's garbage to maintain some of the spotlight. And quite frankly, I'm really getting tired of seeing it dominate the headlines.
0 Votes
+ -
Easy
pkrdk 6th Jul 2006
The personally identifiable part is that the ISP registers who gets what IP adress, when it was used and for how long. This is for billing purposes if you don't have flat-rate.

Changing to flat-rate won't help you. Various laws around the world have, first with the exuse of fighting child-porn and then terrorism, given whoever have acces to ISP info a tool that Stalin wouldn't even have dreamt about.

On the net, you are totally naked..
0 Votes
+ -
Every hear of the RIAA?
ffreeloader 6th Jul 2006
They are using IP addresses as proof of who a person is in their lawsuits. Tie that together with the serial # of the hard drive in your computer and it's pretty much a guarantee of who you are. It would be far too difficult to fake a hard drive with all the time stamps and other meta data associated with with files in NTFS so a hard drive serial number ties you to anything done on your computer and it's very personally identifiable..

The only way you're going to get rid of the data on the drive is to destroy the drive because with the forensic tools that are available today just about anything is recoverable. So, a combination of hard drive serial number, IP address, internet history from MS or your ISP's routers and/or proxy servers makes the combination of what MS admits to collecting very personally identifiable. Anyone who thinks it isn't is either very ignorant of what is referred to as "expectation of privacy" on the internet, sticking their head in the sand, or placing it someplace reachable only by bending over and sticking their head between their legs.
0 Votes
+ -
They are collecting info for the feds
clockmendergb@... 7th Jul 2006
Add Microsoft with At&t
mix with info from swiss banks.
Add a sprinkle of info from other yet unknown sources that have been paid for

crunch a lttle and you have a daterbase on most of the western world

At the same time Microsoft keeps the US government on its side and is not a monopoly anymore.

on its own it might not be identifiable but added together and we all loose.

On the other hand some people just love the government knowing all their business and will never believe they are capable of wrong doing
These are the same people who want microsoft to collect information from them and will never believe they might have another agenda that is not in their best interests.

Only time will tell who is right but in the mean time I will tend towards caution and believe the former.
0 Votes
+ -
Not identifiable?
jrhcod 5th Jul 2006
They also have your IP, NOW put IP and HDD serial together and they have the machine and the owner.
0 Votes
+ -
Contributr
How?
Ed Bott 5th Jul 2006
My IP address does not tell anyone who I am. It may, if they can correlate it with other information. But that won't work on a dial-up connection, where the IP address is different on every call. It won't work if you go through a proxy server, as millions of people do. It won't, if you're using a new IP address issued by your cable or DSL ISP.

And the HDD serial is a randomly generated number that also has nothing about me in it.

Do you actually understand how either of these technologies work?
0 Votes
+ -
dialup tracking
mypl8s4u2 5th Jul 2006
Your even more open and this is how. You dial up into an ISP, you get a timestamp of when you connected and what IP you were given. You were also required to submit a user name and password. The phone company would have a record of where the call originated, a timestamp of when the call was made, and the IP given at the moment. Legislation is being pushed in congress to retain log files of IP addresses as we speak.

http://news.com.com/2100-1028_3-6078229.html
0 Votes
+ -
Contributr
And you need a subpoena to get that info
Ed Bott 5th Jul 2006
Even when I put on my tinfoil hat, I can't find an interpretation that makes this "personally identifiable information."

In fact, by your interpretation, every single transaction on the Internet consists of personally identifiable information because it has an IP address attached. Which kind of makes the debate meaningless.
0 Votes
+ -
Now you are getting it....maybe.
TxTopgun 5th Jul 2006
People on the internet aren't as anonymous as they think. There are ways to track you that you wouldn't even dream of.
0 Votes
+ -
Maybe, maybe not...
mds_z 5th Jul 2006
It seems as though lately the need for subpoenas isn't what it used to be. Granted that seems to be mostly a problem with the government, but we'll see what the future brings.

Suppose MS decided to charge the people who have WGA failures with piracy. They could then subpoena the ISP for the information. Given that that they have "proof" of wrongdoing, it might not be very difficult. Certainly, it would be less trouble for MS than it was for the RIAA. And that's assuming that MS couldn't coerce the ISP into divulging the information without going to court. A company as big as MS has a lot of influence.

Yes, you can be tracked where you go on the Web unless you take measures to maintain your privacy. And I doubt even that is certain protection. But the issue as I see it is that MS is condemning people for failures in their own system, not necessarily because those people have done anything wrong. Perhaps a lot of people. And how will it be before they go the RIAA route? Will they then have to prove their innocence?

And if the "kill switch" is real, I can only hope that it doesn't affect Win2K. I've never liked the idea of product activation and haven't upgraded to XP mainly because of it (that and there's too much fluff that I neither need or want, without adding much of anything substantial to the OS). I'm rigorous in my licensing of software, to the point that friends give me a hard time about it. But this is making me think that in the case of MS, maybe they're right.
0 Votes
+ -
tracking account, not user or machine
mharr 5th Jul 2006
But that dialup tracking is for an ISP account. Same account can (and will) be used by multiple people and multiple machines. Same machine can (and will) use multiple accounts, and multiple ISPs. The possibilities make it fundementally impossible to track and tie a user, a machine, and an IP address by itself.
0 Votes
+ -
Maybe I wasn't clear
mypl8s4u2 6th Jul 2006
Your point is extremely logical but you are missing one piece. WGA phones home ?from? your computer with IP timestamping, along with bios, machine make, and a host of other information. True, the phone number would be hard to track for a dial-up, but if the need arises, they can put out a trace when you log in under said user name. This is currently how companies track hackers. Most hackers dial in from various locations, never from home. Rule #1, never hack from home. Rule #2, never use the same login more than once.
0 Votes
+ -
As a matter of fact....
TxTopgun 5th Jul 2006
Actually, I do know how both technologies work very well. Now let me ask you if you understand the rest of the picture? Apparently not.

Let me start by saying I personally don't have a problem with them knowing who I am.

Now for the reality you, and apparently others on this board, are missing. What is Microsoft's whole purpose in this? Answer: Trying to cut down on piracy. And just how does this 'cut down on piracy'? Simple, it allows them to identify illegal copies and where they are. Once they have identified those copies, they need a way to track down the people who have them, right? Otherwise there would be no consequence and thus no deterrent.

Just for the sake of argument, let's say you purchased an OEM sticker from one of the many sellers you can find on eBay at any given time...for the purpose of this discussion let's say it was from an EMachine. (Or as I have known to happen, someone just went to school, the office, or even the local department store and wrote down the serial number off the side of one of the computers on display.) I now take that 'valid' serial number and install Windows on a computer I built. Now keep in mind, it is an ACTUAL serial number from a ACTUAL computer.

Now lets look at what WGA tells Microsoft about you and your copy of Windows. First, the computer manufacturer probably isn't EMachine...red flag! That alone tells them your copy isn't legit. ?So what??, you say. WGA also tells them your IP address which even if it doesn't identify you directly, most likely gets them into a general vicinity (especially since most people who know enough to build their own systems are also running on a broadband connection which only changes IP addresses when the modem/router is reset?not when the computer itself is reset. Where I live, each modem is actually assigned a static IP.) At this point, let?s recap: Microsoft knows that the copy of Windows at a particular IP address at this particular time is invalid.

Now let?s assume you reboot you computer daily. When Microsoft gets XX number of hits that a particular invalid serial number is in use at XXX.XXX.XXX.XXX IP address, they now know you have a static IP address they can go to court with and find out who you are. Of course, if you are on a dial-up connection, the IP address will change every time you connect, but not by much since the numbers are assigned in blocks. It still wouldn't take many days for someone to figure out you are a dial-up customer of a particular ISP (and probably turn your computer on at about the same time every day as well). I wonder how much more they will need to narrow it down to be to get an order for the ISP to monitor who is connected to which of their dial-up IP addresses during a specific time period on a given day.

But wait, what if we assume you are using a proxy such as a router or gateway? They can?t tell which of the computers connected to it is yours, right? Let?s see, I have already narrowed down your general location, through the public IP address you are using. Within that relatively very limited group of computers, guess what, I would bet there is rarely a case where more than one has a specific BIOS checksum, a specific manufacturer, and a hard drive with a specific serial number. How much more personally identifiable do I need to be to file suit against a specific person for larceny? Not much. I have narrowed it down to a specific computer, with a specific manufacturer, with a specific BIOS checksum, with a specific hard drive, in a specific location (on your desk?)?tag, you?re it.

How do you think the recording industry tracked down people with songs on their computers? They didn?t even have as much information as Microsoft has.
0 Votes
+ -
Fool
Anonymous1565 19th Jul 2006
I can personally track you down to the position of your house based on your IP address.

Every ISP (dial up and DHCP and PPP) keeps logs of who logged on/off when for the past 2 years. They have to by law. Most proxy servers send a 'for xxx.xxx.xxx.xxx' in the http headers. Only anonymous proxies don't. All proxy servers are required to keep logs for 2 years.

The HDD serial number corresponds with the computer, which was purchased by someone. Was it you? Then the manufacturer probably knows you, and probably has your CC # and address.

With access to the appropriate logs; either through sapina or through mutual corporate relationships; a given party involved could very readily track you down to the point where they can take your identity without even batting an eye or coming within your state.

TIA = Total Information Awareness.

Making it distributed was genius.
0 Votes
+ -
I Could Care Less
jpgeorgia 5th Jul 2006
So what if Microsoft compares HDD serial number and IP and actuall finds out who I am? So What? If Microsoft wants my HDD serial number, IP, phone number, and the score on my 4th grade arithmetic test, I'd give it to them. Just what do you expect they would do with that data if they really wanted it? So many paranoid people!
0 Votes
+ -
the right to privacy
mypl8s4u2 5th Jul 2006
I am not all that thrilled that the company in question retains information about me for whatever reason. We are talking about a company who?s security measures are zero. What next, should we allow M$ to keep our social security numbers also? Why not, seeing as how you think we are paranoid people, I believe I have the right to privacy. That is one of the greatest things about this country. I can ?choose? not to participate and no one can force me.
0 Votes
+ -
Choice . . .
micjustmic 5th Jul 2006
Choose not to participate in Federal Income Tax, choose not to participate in property tax payment, choose not to participate in aqquiring a driver permit, but go ahead and drive a car . . .
and see what happens.

I'm not saying I agree with anything Microsoft has done here, I'm just pointing out that the choice NOT to do something isn't always in your hands, I don't care what country you live in.

Sadly, when someone agrees to the EULA they have agreed to everything stated in the EULA, even if they didn't read it and can't later say, "Well, I didn't know."

This is why when I buy software, then find the EULA shrink wrapped in with the CD, (keep in mind, once you break the shrink wrap on the CD you've agreed to the EULA and technically, are no longer able to return the software) I WILL NOT break that shrink wrap and will return the software. In this case they aren't even allowing you to read the EULA before you agree to it. I don't know about now, but Symantech was doing this and I'd point it out to people when they asked me to install Norton AV on their systems. Often they would agree with my point of view, if I can't read it, I'm not going to agree with it.

All too many people just click through the EULA and don't bother to read it, on screen or on paper, so if you install some software and in the EULA it states that you agree the software can install a tracker that will log, and send, everything you do on the web, it's the user that is to blame for allowing it.

I remember when Kazaa was very popular, too many calls would I get from people complaining their computers where running slow and they were seeing ads even when the Internet wasn't connected . . . well, 99% of those calls were from people that had Kazaa running and they never read the EULA when they installed it. It stated clearly that it was going to install a form of ad-ware along with the Kazaa client, and it also allowed for upgrades and add-ons to said ad-ware as they saw fit.

At the moment, WGA isn't mandatory, and it IS stated clearly in the EULA what it's for and what it's going to do. You have to click through a few pages to get full disclosure, and Microsoft has taken proper heat for it, but I don't install any updates from Microsoft, or anywhere, without clicking through all the information available, even if it takes me on a long web-jouney to parts unknown. But that's just me.

As to the false alarms on legal copies of Windows, I gave an opinion on this before.

I'd bet that most of this is caused by keys that were stolen even BEFORE the system was sold. Too many 'mom and pop' computer stores put their systems out on a shelf with the Genuine Microsoft tag right on the side of the system. Product key right out in the open. One store near me even has their computers sitting right on a shelf in front of a big plate-glass window. They don't even have to be open and you can walk up and copy the key(s) right off the computers.

Another problem is the fact that it's very easy to get a corporate key from the computers in offices. Small programs that fit easily on floppy disks and flash drives will sniff out the key and copy it to a text file right on said drive. Now you have a pre-activated key, all you need is a copy of Windows XP Pro Corporate (just look on Warez sites and Usenet, you'll find plenty of them) and you're good to go . . . and sure enough, usually these people are in the business of distibuting these copies, either free to friends or for a fee, now you'll have that corporate key all over the world eventually . . . and when Microsoft gets wind of it, they'll black-list it as they have the other common keys found on the Internet and elseware.

A company I contracted with for a while suddenly was blocked installing service pack 1 because their key was black-listed. Turned out a disgruntled empoyee in their IT department took their key and distributed it with a copy of XP Corporate on usenet and they didn't know about it until SP1 came out. Microsoft issued a new key, but it was a hassle. Every PC (something like 600 of them) had to have its key updated, then SP1 was finally pushed to all of them. You can guess this took quite some time, even with 5 of us doing the work.

Again, even if your key is totally kosher, it may have been used by someone even before you bought the computer. Plus, when you buy a used computer you don't know for sure that person isn't selling you a key that's been used a dozen times. All you have to do is call Microsoft, say you've upgraded your system and ran into WPA and need to reset. All they do is ASK if you have it on more than one system. If someone that's dishonest has it on 20 computers, they aren't going to say, "yes" now are they?
Now you buy that computer from them, they give you all the proper disks and paperwork so you assume everything is on the up and up, but you have a computer that has a key that's on 20 computers, and perhaps more, and maybe even growing by the day. Microsoft does eventually figure that out, they do keep a database of these things.

Mic
0 Votes
+ -
Extremely well put!!!
TxTopgun 5th Jul 2006
n/t
0 Votes
+ -
Yet it doesn't make a difference.
dave.leigh@... 5th Jul 2006
Your argument is well-put, and quite likely correct about the keys being stolen prior to sale.

This doesn't change the fact that, as per your description, the users who actually bout the computers did so in good faith and are the legitimate licensees of the software. The fact that these licenses somehow, in whatever fashion, got into the wild is simply not their problem.

I go to great lengths to make sure I'm using legal software. I either budget for it and buy what I can afford, or I use Open Source alternatives. Sometimes I put up with reduced functionality as a result; other time I find that the OSS alternative is much better.

So here it is, in no uncertain terms. I focus on my own problems. I don't have a problem with software piracy. Since I don't do it; it's not my problem. That's true for ALL legitimate users. OTOH, MICROSOFT has a problem with software piracy. Now, I don't give a rat's ass how they want to solve that problem for themselves UNLESS they choose some boneheaded solution that causes ME grief.

Sadly, that's what they've chosen. And that's what they continue to choose in the face of customer pressure. Frankly, dialing home less often isn't good enough. I don't care if it's a spy or a mole... It's still spyware regardless of how often it reports. If their software checked keys AT THE TIME OF INSTALLATION I'd say it was reasonable. Otherwise, fsck 'em.
0 Votes
+ -
really?
catflap@... 6th Jul 2006
since you "could care less", that means you care somewhat and could still care. if you "couldn't care less", that means you are at the absolute bottom of the scale and there's no more room to care.
0 Votes
+ -
He Couldn't know less
Ole Man 3rd Aug 2006
He doesn't have enough comprehension to know which end is up, let alone care less.
0 Votes
+ -
MSFT uses the MAC address
WiredGuy 5th Jul 2006
Microsoft collects the MAC address (yes I know that these can be cloned but only a tiny fraction of Windows users would know how) which is unique. Since the MAC address is tied to the Ethernet interface which is usually on-board, for most users, it will not change for the life of the computer. If the user decided to "register" (divulged personal information to Microsoft) at the same time they activated their copy of Windows, they know your name every time your PC phones home for WPA, WGA, Windows Update, whatever. Nobody ever gives their real personal information to Microsoft, do they?
0 Votes
+ -
re: MSFT uses the MAC address
astro_z 5th Jul 2006
That's rather unfortunate, since my laptop has
(at least) three: the wireless MAC, the built-in-ethernet MAC, and whatever the USB system cobbles together when i directly couple to my DSL modem via that connection.

Schizoid computers are fairly common...
0 Votes
+ -
re: MSFT uses the MAC address
mharr 5th Jul 2006
I would expect that WGA does not care which NIC is used, just priortizes of those that are available, and finding an onboard NIC would likely use that. It wouldn't care if it's in use or not, just which NIC is likely more or less permanent. A builtin NIC would probably be more useful than a USB dongle.
0 Votes
+ -
Can you please verify
mypl8s4u2 6th Jul 2006
I know that WGA phones home and I know what gets sent but I?ve never hear any one report that the MAC was being sent. Can you send me a link to read up on?
0 Votes
+ -
Flawed logic
BasharTeg 4th Jul 2006
This article is idiotic. Lets look at that quote again:

?80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys.?

And the article's attempted reversal of that statement is:

Oh, really? Turn that statistic around: Microsoft said that 20% of all Windows users who fail the WGA validation test are not using leaked or stolen keys.

Okay, what words are missing from your statement. Oh, I don't know, how about "volume license keys." So lets take what you said and add those words in:

"Microsoft said that 20% of all Windows users who fail the WGA validation test are not using leaked or stolen Volume License keys"

Wait, that means something totally different!!! That doesn't mean that 20% of people are innocent of piracy, that means that 20% of people aren't using leaked or stolen volume license keys. The remaining people could be using keys shared between multiple people using an activation crack to avoid activation until detected by WGA, or they could be using generated keys and again cracking to avoid activation until detected by WGA, or they could be using second generation generated keys which successfully activated until MS started filtering activation by product ID until detected by WGA.

This whole article is anti-Microsoft drivel intended to panic people who aren't pirating Windows about WGA, and on top of that the article is simply logically flawed.
0 Votes
+ -
RE: MS: 20% of WGA failures not caused by pirated keys
Goldcds 7th Sep 2009
You are an idiot. I do have a ligit copy of Office, it is a company PC, and I am getting the "not genuine" notice when I open Word and so are many other people. I am switching to Macs, OpenOffice, and Linux. Screw M$

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix