MS: 20% of WGA failures not caused by pirated keys

MS: 20% of WGA failures not caused by pirated keys

Summary: Microsoft isn't interested in answering detailed questions about how Windows Genuine Advantage works. But via e-mail, they acknowledged that 20% of Windows users who fail the validation test are not using leaked or stolen keys. No wonder so many people are up in arms.

TOPICS: Microsoft

[Update 18-July-2006: In response to this and other questions, Microsoft has released some numbers about WGA failures. Details in this follow-up post: MS says WGA has caught 60 million cheaters.]

You don't need to look very hard to find outraged Windows customers who have been branded pirates by Windows Genuine Authentication. And a hefty number of them claim they're being unfairly targeted, with legitimate Windows copies that are being tagged as stolen or pirated. I've heard from several dozen people, and I've also seen credible stories posted on Microsoft's public WGA newsgroups.

Now, via e-mail, comes confirmation from Microsoft that its false positive rate might be unacceptably high. Microsoft’s PR agency apparently e-mailed other tech reporters to try to spike the WGA “kill switch” story I reported on last week. Eric Lai of ComputerWorld got the memo and basically reprinted it with no analysis (Microsoft denies WGA kill switch in Windows XP). But Lai's story does include one interesting new detail, a statistic that Microsoft confirmed in a follow-up e-mail to me:

Through its spokeswoman, Microsoft said that “80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys.”

Oh, really? Turn that statistic around: Microsoft said that 20% of all Windows users who fail the WGA validation test are not using leaked or stolen keys.

So what is the reason for WGA rejecting the other 20% of Windows licenses? ComputerWorld apparently didn't ask, so I fired off an e-mail to Microsoft's PR agency, who passed along a response from Cori Hartje, Director of Microsoft Genuine Software Initiative:

While we will don't have specifics to share on other forms counterfeit installations, they mostly result from activities such as various forms of tampering and unauthorized OEM installations.

Yes, that's exactly what they wrote. Besides being woefully ungrammatical, it's also imprecise. How many are caused by tampering? How many by unauthorized OEM installations? And what exactly are those categories? Note that there's no admission that some of those failures might be false positives.

Trying to pry answers out of Microsoft is difficult, because they refuse to grant interviews on this subject. And taking one question at a time via e-mail, with a lag time of a day or more between question and answer, is just insulting.

I'll keep beating on this stone wall for as long as I can stand it.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And then ...

    [i]I'll keep beating on this stone wall for as long as I can stand it.[/i]

    At which point, what?

    My money is on, "give up and if necessary fork out for another retail copy."
    Yagotta B. Kidding
    • Enabling thievery!

      "...fork out for another retail copy"?

      In other words, if Microsoft screws up, they should be allowed to deny any responsibility and charge the customer for fixing it? The reason no one with three functioning brain cells will ever trust Microsoft is that their corporate policy and culture is exactly that - which in the real world is called thievery.

      As long as spineless idiots put up with it, they'll continue to steal everything they're allowed to get away with.
      • "Should" has nothing to do with it

        [i]In other words, if Microsoft screws up, they should be allowed to deny any responsibility and charge the customer for fixing it?[/i]

        Just remember: "We don't care. We don't have to."
        Yagotta B. Kidding
        • Thievery is not the issue or the problem

          The whole problem here is the truly bizarre nature of software licensing that?s been created due to software producers and the entertainment media industries choice of format to supply their product on.

          The format of choice is of course the venerable CD and now the DVD as well. They really like the CD and DVD format because it is perhaps the most cost efficient thing ever created in the history of mankind. The actual material in a CD is of so little cost it is almost worthless, and manufacturing costs are similarly inexpensive. Of course this isn?t just speculation; blanks can now be purchased for as little as 15 cents a piece when a consumer purchases in some degree of bulk. The only thing of value to a CD or DVD is the media that?s put onto it, and even the process of doing that is very inexpensive as well. So in the end, when you purchase software, music or movies on such media almost non of your money is used to pay for the actual ?thing? that the CD is, or the effort that went into creating the CD itself. In almost all cases the packaging cost more then the disk to produce. And of course the software and media producers love this, bigger, much much bigger profit margin then actually supplying media in a format that would require more material, perhaps many kinds of materials and actually do some real genuine manufacturing. That might cost them a buck or two per unit, and that?s lost money if they don?t charge the extra.

          They started this back in the mid 80?s of course when the average consumer got the first taste of what a CD was all about, and they charged upwards of $20+ quite often for a CD when they first came out, significantly higher then the $4.99 many new vinyl LP?s could be had for at that same time. The gouged and soaked us for every penny because they knew we wanted the digital sound CD?s could provide. I recall reading an article back in 89 that said it cost the music industry about a buck and a half for the materials and labor to put a new CD on the shelf. It was then that I realized we had been had for sure, as it had to cost them at least that or more to put an LP, many times more the materials and packaging, on the shelf, and they had sold for ? the price of a CD.

          And screw us over they did, and the format was so cheap to produce everyone in the whole industry, including software, decided to never change the course, even once tech improved and got cheap enough for the average consumer to reproduce CD?s. The whole world had always copied their vinyl LP?s and cassette tapes, they had used their VCR?s to record movies, and from day one people have always copied everything and anything they could for their own personal use, and most people expected they could run into trouble if they started selling copies of things, but most just did it for personal use and sharing with family and friends, and this had always been widespread and nobody seemed to be bothered.

          Now because the software and media industry chose the most profitable method imaginable to sell their products on, and screw us price wise, they are in some difficulties because their precious format it also turns out can now be copied quite easily, and for the first time in human history they have decided to declare war on copying for personal use. Because of the format they have chosen, to prevent copying is almost impossible and as a result in order to at least make it more difficult they have to implement such draconian measures that it is absolutely bound to unfairly and unjustly create ?side effect? problems for many innocent members of the public. Again they are simply saying we want to keep this highly profitable format and we will even screw the public again in order to keep up the profits.

          They create bizarre licensing schemes and anti piracy measures that boggle the mind and are certainly well beyond unjust from an historical perspective on how a human being expects to be able to use a product they have purchased. Remember, this is their fault, they chose the format and set the prices in order to screw the public out of huge amounts of cash, and now that copying has become easy, they are ready to screw the public again with counter measures that will harm innocent consumers just so they will not have to implement a new format that would actually cost them more even if it couldn?t be copied.
  • Virus activity causes WGA failures

    Following multiple machine failures because of Virus, Trojans etc. Windows has been reloaded many time by tech support. All of these cause problems with WGA and yet the root cause is poor security in Windows itself. Even when the machine is reloaded and the keys entered according to the EULA tag on the system unit you still get activation errors. For the 20% of failures - Microsoft should be paying us for wasted time talking to their activation line.
  • will cause lack of trust even disabling auto-updates

    Even if you aren't one of the 20% you may be 100% legit and simply disagree with the info collected like "PC manufacturer", "BIOS info/checksum", and the "HDD serial #" since it is definitly personal, identifiable info (not windows-specific) and disable the WGA tool or opt-out of installing it completely and in extreme cases disabling auto-updates completely.

    With 3rd party freeware tools like's patch rollup it is not unfeasable to go without auto-updates, but probably not a good idea for the "average" or non-technical user.
    • No, those are not "personally identifiable"

      "PC manufacturer" is not personally identifiable. Everyone who has a Dell (or Gateway or Sony or whoever) computer falls into the same bucket.

      "BIOS info/checksum" is not personally identifiable. There are thousands or millions of people in each bucket.

      Even the "HDD serial #" is not personally identifiable. It's unique, but unless it's correlated with personal information there's no way to identify a person.

      I object to WGA for lots of reasons, but this ain't one.
      Ed Bott
      • I'm with you...

        I have legitimate Office/Windows software...

        Problem is, I don't like people invading my privacy without my permission. Of which I have not given either with this WGA. It is quite simply spyware no matter how they look at it.

        I hope someone takes it upon themselves to figure out how to disable this thing without it affecting your Windows. I'll be one of the first people in line for the product.
        • You gave the permission

          ny installing Windows, and accepting the EULA. It's normal to read what you sign, but I go fully with the opinion that the EULA is (on purpose?) written so nobody get's what it's about. They call it 'the contract between them and you'. With one big difference though: If you don't acceptt he cntract, you still havet to pay. That's methods I thought disappeared with the Mafia.
      • Who says they're not doing that?

        [i]Even the "HDD serial #" is not personally identifiable. It's unique, but unless it's correlated with personal information there's no way to identify a person.[/i]

        You're taking MSFT at their word on it. The same company that slipped WGA into an update without proper disclosure. Then tried to have their PR firm kill the story, then admit 20% of legitimate users might be having problems, though that figure could be less but it's hard to tell because we can't get a straight answer out of them.

        This is the company you trust not to be assembling personally identifiable information?

        I suppose you believe Bush is a uniter not a divider, too. And that Barry Bonds wasn't taking steroids and that Ken Lay really was innocent.
        • I'm not taking Microsoft's word on this

          There is nothing - zero - personally identifiable about a serial number for a hard drive. The only way that it could be correlated with personally identifiable information is if it were ALSO transmitted with something that was identifiable, or if you chose to provide personal information along with it.

          I won't deny your right to be suspicious, but you'll have to provide some basis in reality for your suspicion before I take it seriously.
          Ed Bott
          • If they want to follow the chain of invoices...

            From your HD Serial Number, the manufacturer can tell you who they sold it too. All they gotta do is bring it up in their inventory system. :)

            But MS technically can't do that. ;)
          • Look again...

            The HDD serial number in question is not from the manufacturer. That serial number is on a label on the side of the drive. TYhe one that gets sent with WGA (or with WPA, for that matter) is a unique volume ID created when you format the hard drive. If you reformat, you get a new volume serial number.

            I repeat, nothing personally identifiable.
            Ed Bott
          • HDD serial number

            When you register a hard drive warranty the manufacturer (Maxtor, Western Digital, etc) will read the serial # directly from the drive. It's the same # as is pasted to the top of the drive.

            WGA captures this. It's childs play to find the owner.
          • Don't I seem to remember

            that Microsoft was sued about 4 or 5 years ago because the security section of a financial institution of one of the Fortune 500 companys, proved in court that Microsoft had not only gathered personal information from there computers, but someone in the Microsoft Corporation misused this information and the company that was in harms way sued Microsoft? I think they settled out of court. Duh!

            Microsoft denied knowing that their software was gathering off base information. AS I remember- anyway. Have I got a bad memory, or has anyone else got any information on this?
          • You trust them that much?


            They are gathering information without asking for permission. Who is to say they are not gathering personal information along with other info.

            After all, if their analysis tells them that a copy of Windows is illegally installed don't you think they would want to know who is running that system?
          • WGA Phones home

            I?m surprised by the lack of information floating around this forum. Sort of like the right hand doesn?t know what the left hand is doing.

            Microsoft admits WGA phones home:

            Legislation proposed to retain IP addresses, snoop on email attachments:

            What you may need to understand is that in order for Microsoft to actually track you and locate you, both items above must be cohesive. Microsoft was collecting information from your PC as to your IP address, timestamp of the address, the BIOS of your computer, the manufacturer of your computer, and the basic language, each and every time up boot up. Yes, this information by itself won?t point any fingers but if legislation has its way, ISP?s will be able to retain IP addresses associated with phone numbers for two years. So, if M$ recorded the date and time of your IP address, then with the help of the ISP would be able to research their records as to who got that IP on such and such date and time. Bingo! They know exactly were you are.

            Now about the ?kill? switch, M$ doesn?t per say have a kill switch but WGA somehow enhances WPA.

            Vista?s role is also explained in this link and should prove good reading. Vista will be plagued by all sorts of issues. As for hacking, I?m afraid that history will once again repeat itself. There are hacks out there for Vista beta already. What I find interesting is that it seems that hackers have an advantage here. They seem to be ?fixing? the system more then the programmers at M$. I don?t like to be disrespectful, but if history tells us anything, it?s that time and time again, Programmers at M$ can?t program.
          • I'm not taking Microsoft's word on this

            When you buy a hard drive and fill out a registration card and or warrenty (or filled out online) your name, address, phone number, favorite color, granma's maiden name, place you bought it ...etc...etc...etc..etc... and the crap in fine print at the bottom...... oh boy....... third party

            Are people this gullable to M$
            uM0p ap!sdn
        • And...

          same company that within 48 hours got the identity of the person who wrote the 'I love you' worm, from the millions of MS Office users. How on earth is that possible if they don't collect personally identifiable info ?
      • RE: No, those are not "personally identifiable"

        If they've got your IP address then its all personally identifiable