MS: 20% of WGA failures not caused by pirated keys
Summary: Microsoft isn't interested in answering detailed questions about how Windows Genuine Advantage works. But via e-mail, they acknowledged that 20% of Windows users who fail the validation test are not using leaked or stolen keys. No wonder so many people are up in arms.
[Update 18-July-2006: In response to this and other questions, Microsoft has released some numbers about WGA failures. Details in this follow-up post: MS says WGA has caught 60 million cheaters.]
You don't need to look very hard to find outraged Windows customers who have been branded pirates by Windows Genuine Authentication. And a hefty number of them claim they're being unfairly targeted, with legitimate Windows copies that are being tagged as stolen or pirated. I've heard from several dozen people, and I've also seen credible stories posted on Microsoft's public WGA newsgroups.
Now, via e-mail, comes confirmation from Microsoft that its false positive rate might be unacceptably high. Microsoft’s PR agency apparently e-mailed other tech reporters to try to spike the WGA “kill switch” story I reported on last week. Eric Lai of ComputerWorld got the memo and basically reprinted it with no analysis (Microsoft denies WGA kill switch in Windows XP). But Lai's story does include one interesting new detail, a statistic that Microsoft confirmed in a follow-up e-mail to me:
Through its spokeswoman, Microsoft said that “80% of all WGA validation failures are due to unauthorized use of leaked or stolen volume license keys.”
Oh, really? Turn that statistic around: Microsoft said that 20% of all Windows users who fail the WGA validation test are not using leaked or stolen keys.
So what is the reason for WGA rejecting the other 20% of Windows licenses? ComputerWorld apparently didn't ask, so I fired off an e-mail to Microsoft's PR agency, who passed along a response from Cori Hartje, Director of Microsoft Genuine Software Initiative:
While we will don't have specifics to share on other forms counterfeit installations, they mostly result from activities such as various forms of tampering and unauthorized OEM installations.
Yes, that's exactly what they wrote. Besides being woefully ungrammatical, it's also imprecise. How many are caused by tampering? How many by unauthorized OEM installations? And what exactly are those categories? Note that there's no admission that some of those failures might be false positives.
Trying to pry answers out of Microsoft is difficult, because they refuse to grant interviews on this subject. And taking one question at a time via e-mail, with a lag time of a day or more between question and answer, is just insulting.
I'll keep beating on this stone wall for as long as I can stand it.Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
And then ...
At which point, what?
My money is on, "give up and if necessary fork out for another retail copy."
Enabling thievery!
In other words, if Microsoft screws up, they should be allowed to deny any responsibility and charge the customer for fixing it? The reason no one with three functioning brain cells will ever trust Microsoft is that their corporate policy and culture is exactly that - which in the real world is called thievery.
As long as spineless idiots put up with it, they'll continue to steal everything they're allowed to get away with.
"Should" has nothing to do with it
Just remember: "We don't care. We don't have to."
Thievery is not the issue or the problem
The format of choice is of course the venerable CD and now the DVD as well. They really like the CD and DVD format because it is perhaps the most cost efficient thing ever created in the history of mankind. The actual material in a CD is of so little cost it is almost worthless, and manufacturing costs are similarly inexpensive. Of course this isn?t just speculation; blanks can now be purchased for as little as 15 cents a piece when a consumer purchases in some degree of bulk. The only thing of value to a CD or DVD is the media that?s put onto it, and even the process of doing that is very inexpensive as well. So in the end, when you purchase software, music or movies on such media almost non of your money is used to pay for the actual ?thing? that the CD is, or the effort that went into creating the CD itself. In almost all cases the packaging cost more then the disk to produce. And of course the software and media producers love this, bigger, much much bigger profit margin then actually supplying media in a format that would require more material, perhaps many kinds of materials and actually do some real genuine manufacturing. That might cost them a buck or two per unit, and that?s lost money if they don?t charge the extra.
They started this back in the mid 80?s of course when the average consumer got the first taste of what a CD was all about, and they charged upwards of $20+ quite often for a CD when they first came out, significantly higher then the $4.99 many new vinyl LP?s could be had for at that same time. The gouged and soaked us for every penny because they knew we wanted the digital sound CD?s could provide. I recall reading an article back in 89 that said it cost the music industry about a buck and a half for the materials and labor to put a new CD on the shelf. It was then that I realized we had been had for sure, as it had to cost them at least that or more to put an LP, many times more the materials and packaging, on the shelf, and they had sold for ? the price of a CD.
And screw us over they did, and the format was so cheap to produce everyone in the whole industry, including software, decided to never change the course, even once tech improved and got cheap enough for the average consumer to reproduce CD?s. The whole world had always copied their vinyl LP?s and cassette tapes, they had used their VCR?s to record movies, and from day one people have always copied everything and anything they could for their own personal use, and most people expected they could run into trouble if they started selling copies of things, but most just did it for personal use and sharing with family and friends, and this had always been widespread and nobody seemed to be bothered.
Now because the software and media industry chose the most profitable method imaginable to sell their products on, and screw us price wise, they are in some difficulties because their precious format it also turns out can now be copied quite easily, and for the first time in human history they have decided to declare war on copying for personal use. Because of the format they have chosen, to prevent copying is almost impossible and as a result in order to at least make it more difficult they have to implement such draconian measures that it is absolutely bound to unfairly and unjustly create ?side effect? problems for many innocent members of the public. Again they are simply saying we want to keep this highly profitable format and we will even screw the public again in order to keep up the profits.
They create bizarre licensing schemes and anti piracy measures that boggle the mind and are certainly well beyond unjust from an historical perspective on how a human being expects to be able to use a product they have purchased. Remember, this is their fault, they chose the format and set the prices in order to screw the public out of huge amounts of cash, and now that copying has become easy, they are ready to screw the public again with counter measures that will harm innocent consumers just so they will not have to implement a new format that would actually cost them more even if it couldn?t be copied.
Virus activity causes WGA failures
will cause lack of trust even disabling auto-updates
With 3rd party freeware tools like autopatcher.com's patch rollup it is not unfeasable to go without auto-updates, but probably not a good idea for the "average" or non-technical user.
No, those are not "personally identifiable"
"BIOS info/checksum" is not personally identifiable. There are thousands or millions of people in each bucket.
Even the "HDD serial #" is not personally identifiable. It's unique, but unless it's correlated with personal information there's no way to identify a person.
I object to WGA for lots of reasons, but this ain't one.
I'm with you...
Problem is, I don't like people invading my privacy without my permission. Of which I have not given either with this WGA. It is quite simply spyware no matter how they look at it.
I hope someone takes it upon themselves to figure out how to disable this thing without it affecting your Windows. I'll be one of the first people in line for the product.
You gave the permission
Who says they're not doing that?
You're taking MSFT at their word on it. The same company that slipped WGA into an update without proper disclosure. Then tried to have their PR firm kill the story, then admit 20% of legitimate users might be having problems, though that figure could be less but it's hard to tell because we can't get a straight answer out of them.
This is the company you trust not to be assembling personally identifiable information?
I suppose you believe Bush is a uniter not a divider, too. And that Barry Bonds wasn't taking steroids and that Ken Lay really was innocent.
I'm not taking Microsoft's word on this
I won't deny your right to be suspicious, but you'll have to provide some basis in reality for your suspicion before I take it seriously.
If they want to follow the chain of invoices...
But MS technically can't do that. ;)
Look again...
I repeat, nothing personally identifiable.
HDD serial number
WGA captures this. It's childs play to find the owner.
Don't I seem to remember
Microsoft denied knowing that their software was gathering off base information. AS I remember- anyway. Have I got a bad memory, or has anyone else got any information on this?
You trust them that much?
They are gathering information without asking for permission. Who is to say they are not gathering personal information along with other info.
After all, if their analysis tells them that a copy of Windows is illegally installed don't you think they would want to know who is running that system?
WGA Phones home
Microsoft admits WGA phones home:
http://www.betanews.com/article/Microsoft_Admits_WGA_Phones_Home/1149798507
http://arstechnica.com/news.ars/post/20060608-7017.html
http://www.p2pnet.net/story/9242
Legislation proposed to retain IP addresses, snoop on email attachments:
http://news.com.com/2100-1028_3-6078229.html
http://news.zdnet.com/2100-9588_22-6078229.html
http://talkleft.com/new_archives/014990.html
What you may need to understand is that in order for Microsoft to actually track you and locate you, both items above must be cohesive. Microsoft was collecting information from your PC as to your IP address, timestamp of the address, the BIOS of your computer, the manufacturer of your computer, and the basic language, each and every time up boot up. Yes, this information by itself won?t point any fingers but if legislation has its way, ISP?s will be able to retain IP addresses associated with phone numbers for two years. So, if M$ recorded the date and time of your IP address, then with the help of the ISP would be able to research their records as to who got that IP on such and such date and time. Bingo! They know exactly were you are.
Now about the ?kill? switch, M$ doesn?t per say have a kill switch but WGA somehow enhances WPA.
http://arstechnica.com/news.ars/post/20060702-7178.html
Vista?s role is also explained in this link and should prove good reading. Vista will be plagued by all sorts of issues. As for hacking, I?m afraid that history will once again repeat itself. There are hacks out there for Vista beta already. What I find interesting is that it seems that hackers have an advantage here. They seem to be ?fixing? the system more then the programmers at M$. I don?t like to be disrespectful, but if history tells us anything, it?s that time and time again, Programmers at M$ can?t program.
I'm not taking Microsoft's word on this
Are people this gullable to M$
And...
RE: No, those are not "personally identifiable"