MS says WGA has caught 60 million Windows cheaters

According to a Microsoft manager, 60 million people have failed the Windows Genuine Advantage validation test. Microsoft claims the tool is nearly perfect at rooting out improperly licensed copies of Windows, with "only a handful of actual false positives." But the numbers don't add up.

Two weeks ago, I reported on a terse e-mail exchange with Microsoft, in which a spokesperson acknowledged that 80% of all computers that fail the Windows Genuine Advantage validation check do so because they are using stolen or pirated volume license keys.

I asked what I thought was a reasonable question: Where do the other 20% come from? According to the same spokesperson, those installations are caused by “various forms of tampering and unauthorized OEM installations.” I couldn’t get any more details.

Two days ago, After looking over this list, the numbers don't add up for me... Microsoft’s Alex Kochis, a member of the WGA product management team, published a blog entry trying to add more details to the discussion. In When a 'False Positive' isn't a false positive, he passes along one staggering statistic: “About 1 in 5 of the 300 million PCs that have run WGA validation fail.”

Yow! By my calculations, that’s 60 million people who’ve been informed by Microsoft that they’re running “non-genuine” copies of Windows.

But according to Kochis, Microsoft’s validation tool is nearly perfect, and virtually everyone who’s been tagged by the WGA Validation utility is indeed a pirate or a victim of a pirate:

To be precise, an actual 'false positive' would occur if WGA identified a specific copy of windows installed on a system as non-genuine or unlicensed when in fact it was genuine and licensed. Of the hundreds of millions of WGA validations to date, only a handful of actual false positives have been seen. Most of these were due to data entry errors that were quickly corrected and only occurred for a short period of time.

Given the extremely small number of technical failures of WGA why else might someone think that their system was falsely identified as running counterfeit Windows? If they aren't actual 'false positives' what are they? It turns out there are a number of scenarios that could result in a WGA validation failure that a user might be surprised by or even deny… [emphasis added]

He goes on to point out four scenarios:

  • Scenario 1: High-quality counterfeit copies of Windows. Apparently this number isn’t very large at all. As Kochis notes, “So far we've provided hundreds of free copies of Windows to users who've been ripped by high-quality counterfeit…”
  • Scenario 2: The user installs the same copy and key to more than one PC at a time. I don’t understand why this scenario occurs at all. Is the Validation utility really looking at individual keys and identifying people who are reusing a retail or upgrade copy? In this case, shouldn’t activation fail when the user tries to install the second copy?
  • Scenario 3: A friend or acquaintance offers to “fix” your computer and installs a pirated or “cracked” copy of Windows. I can definitely see this one happening, especially when a system is compromised by a spyware or virus infestation.
  • Scenario 4: You take your PC in to be repaired and the repair shop takes a shortcut by reinstalling a volume-licensed copy of Windows. Again, I can see exactly why this happens. How many customers bring in their official restore media? Not many, I’d wager. How many repair shops want to take the extra time (and charge the customer) to restore from the official media? What happens when the media that came with the PC is out of date and the shop has to install a service pack and several dozen patches? In that scenario, should the customer have to purchase a brand-new license when they already paid for one?

After looking over this list, the numbers don’t add up for me, and they certainly don’t explain why Microsoft is attacking this problem with such a vengeance. Scenario 1 is rare, and Scenario 2 shouldn’t occur at all if Windows Product Activation is working properly. In scenarios 3 and 4, some of those customers might be “upgrading” from Windows 98 or Windows Me, but I suspect that most already have a valid Windows XP license, and the person doing the repair took a shortcut to avoid the hassle of a manual install using a possibly outdated version of Windows. In those cases, the end result of the validation check is that the user is going to either have to reinstall their legitimate copy or jump through some hoops to change the product key. It’s a bookkeeping change that hassles the customer and doesn’t bring in any money to Microsoft’s bottom line.

Think about it: 60 million people have been hassled by Windows Genuine Validation. And for what? The numbers don’t add up.