Last week I had the opportunity to ask Alex Kochis, Senior Product Manager on the Genuine Windows team, a couple of questions relating to Windows Genuine Advantage. The replies are interesting and I thought I'd share them with readers here.
Question: Why are applications such as nProtect GameGuard, Trend Micro Internet Security, PC-Cillin Anti-Virus and PC Tools Spyware Doctor causing Windows to enter a non-genuine state?
Kochis: The first issue is that some ISVs unfortunately have written their applications to write to protected memory spaces or modify code that should not be modified. So far, the ISVs that we have seen that have made this mistake are well-intentioned, but it is not always possible to tell the difference between a well-intentioned piece of software that is not behaving well and a malicious one. When this happens, even the well-intentioned software may trigger tamper detection or, in this case, can cause product activation to reset.
Separately, there is a known app compat [application compatibility] issue in which a piece of software (in this case, QuickBooks) deletes a file as part of its normal operation. Unfortunately, while deleting this file, the software also deletes the folder created by Windows Vista to store files such as the one QuickBooks creates. If this folder is deleted when our code looks for it, it will think the system has been tampered with.
Question: How exactly is WGA protecting customers?
Kochis: Windows Vista is more proactive in protecting itself than Windows XP was. In fact, some of the behavior we’re referring to here also occurred on Windows XP but could not be reacted to as effectively as Windows Vista is able to react. The tamper detection technology built into Windows Vista works to both protect Microsoft’s intellectual property but also serves to protect key system files from being tampered with in a malicious way. Many of the ways that Windows XP was pirated involved modifying binaries and changing fundamental ways in which the OS functioned to facilitate the piracy. These kinds of modifications (notably to the Windows setup process) can destabilize the system in dangerous ways. In fact, one of the recent attempts to hack some of the licensing components of Windows Vista was so destabilizing that we began to see relatively large numbers of system crashes through our Online Crash Analysis tools. Considering how these kinds of hacked versions are sold on street corners, for download online or even preinstalled on PCs, it would seem that the kind of protection our tamper detection technology offers is of significant value to our customers.