Trust no one, especially Microsoft

Trust no one, especially Microsoft

Summary: The software giant has damaged its reputation on security still further by pushing out unfinished software as a high priority update

SHARE:
TOPICS: Security
3

Microsoft is on shaky ground when it comes to trust. United States and European legislators have already hung the software giant by its heels for practices that are conspicuously "antitrust". So the news this week that Microsoft has once again tap-danced on the face of dependability by pushing out unfinished code to customers isn't exactly surprising.

The already controversial Windows Genuine Advantage (WGA) programme — where users authenticate their copy of Windows in order to receive the latest patches and software add-ons — has repeatedly shown itself to be more insidious than previously thought.

Launched in September 2004, WGA asks people to validate their Windows installation when they download additional Microsoft software online. The system checks to see if your version of Windows is activated properly. If not, it assumes that you could be using a pirated version of the OS and blocks you from accessing certain Microsoft services.

The accuracy of this system has already come under fire for limiting access to key updates for those users who don't want the hassle of complying with WGA. Microsoft insists that this is not the case, and that all customers will continue to have access to critical updates. However, this is where semantics comes in — it seems the software giant has a different take on "critical" to the rest of the industry.

It has emerged that a key part of a new addition to the WGA programme — WGA Notifications, which validates the authenticity of Windows software installed on a PC — is not finished code. What is more, WGA Notifications is being punted out as a "high priority" update, effectively forcing users to install on their machines code that is still being developed.

Complexities aside, the bottom line is that Microsoft is messing with the two things it cannot afford to mess with — security and trust. It has an implicit duty to make patching and software updates as easy and obvious as possible for users, but has instead opted to subvert a fundamental process in its quest to bolster licensing revenues.

At the company's annual Tech Ed conference this week, the company was keen to bang the drum about bringing more third-party developers on board and developing community around its products. But the attitude displayed over the WGA programme shows that Redmond needs an urgent information update of its own when it comes to engendering trust in its user base.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Actions speak louder then words.
    anonymous
  • I would just like to point out that Microsoft's WGA program is designed to prevent pirated copies of windows from getting non-critical software updates. I.e. Windows Media Player etc.

    It is important to remember that under the EU ruling on Microsoft and the Anti-competitive behaviour, it was something that affected the "middleware" components of the OS like Media Player,Internet Explorer etc.

    Under that ruling, they had to provide versions of the OS in the EEA, without these components.

    In order, it would seem, to further comply with this ruling, Microsoft are quite rightly only making the enhacements available to those who have genuinely licenced copies of their OS.

    Although I agree, that it is somewhat questionable to be "pushing" the WGA code out if it is not completed fully yet.

    It would seem that Microsoft is using this mechanism as a testing ground for the code.

    Ultimately, users do not have to install it, and it is their perogative to do so and it is not something MS are saying must be installed or your copy of Windows won't get critical bug fixes.
    anonymous
  • Come on, how long before Microsoft makes WGA a "critical" component of the OS without which it won't run? This is a step towards major control freakery and will happen unless people act now.

    There's a simple way to beat this control freak attitude. It's called Linux.
    anonymous