Windows Genuine Advantage is still genuinely bad

Home

Newsletter

Search

Reviews

Polls

Contact

This issue

Library

Upgrade

Preferences

Unsubscribe

Windows Secrets Newsletter • Issue 194 • 2009-04-16 • Circulation: over 400,000

BONUS DOWNLOAD

All subscribers can get the Final Chapter — free

In the middle of May, the hardcover book Stealing the Network: The Complete Series Collector's Edition will be released, including the long-awaited Final Chapter. But all Windows Secrets subscribers can get the Final Chapter today — plus one other chapter from the forthcoming new edition — free of charge.

Our exclusive 24-page PDF excerpt is only available until May 13. The co-authors of the Stealing the Network series, a gripping work of fiction based on real-life security issues, include Timothy Mullen, Johnny Long, and Windows Secrets contributing editor Ryan Russell. To download your copy, simply visit your preferences page and save your updated information. A download link will appear. Thanks! —Brian Livingston, editorial director

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

Table of contents
TOP STORY: Windows Genuine Advantage is still genuinely bad
KNOWN ISSUES: Call to learn whether your Dell or HP is covered
WACKY WEB WEEK: Feeling twitterpated? You're not the only one!
LANGALIST PLUS: Solving "me first" software startup conflicts
PC TUNE-UP: There'll be no easy upgrade from XP to Windows 7
PATCH WATCH: Critical patches released for Internet Explorer

ADS

Free PC performance & security scan
Take a few minutes to find out why your PC is so slow. Run the free PC Pitstop Optimize 2.0 scan and receive a free custom report detailing common issues that might be keeping your PC from running at full speed. Over 100 million scans run. Scan now!
PC Pitstop

Automated PC repair — click to start
Never reinstall your XP again. 25 million spare parts for your operating system. Replaces bad files with functional ones. Free PC booster with every scan, try it now!
Reimage.com

See your ad here

TOP STORY

Windows Genuine Advantage is still genuinely bad

By Ryan Russell

Microsoft's system for validating Windows before users can download most updates continues to be a problem for legitimate customers and for Internet security as a whole.

Despite claims of offering better security, Windows Genuine Advantage (WGA) serves only Microsoft's marketing interests — but you can eliminate the need for WGA if you know the trick.

Microsoft has long been considered a marketing bully, but with WGA the company has taken its lack of consideration for its customers to a new low.

Windows Secrets has been tracking the WGA story for years. Editorial director Brian Livingston aptly labeled an earlier version of WGA as "Microsoft spyware" in a June 15, 2006, Top Story.

More recently, Brian remarked in a March 30, 2009, news update that PCs failing WGA validation don't automatically receive all available patches from Microsoft. That spawned a critique from a Microsoft spokeswoman which was printed, along with Brian's response, in technical editor Dennis O'Reilly's Known Issues column on April 2. (There's also an Office Genuine Advantage program, which you hear less about but has the same problems as WGA.)

We all want Windows systems throughout the world to be patched for security problems as soon as fixes are released. As a result of the fuss raised by the articles mentioned above, I decided to take another look at WGA.

Here's what happens if a Windows machine fails WGA validation (or the PC's owner, based on tales of disabled machines, is too frightened to run WGA):

Automatic Updates. If the machine is configured with Automatic Updates (AU) enabled, Microsoft installs only those security patches that the company rates as "Critical." Security patches rated "Important," "Moderate," and below are not installed by AU, and no other updates of any kind are installed.
Windows Update and Microsoft Update. Microsoft's on-demand patching programs, known as Windows Update (which updates Windows) and Microsoft Update (which updates Windows and other Microsoft products) will refuse to run.
Manual downloads. Security patches of all levels of severity can be downloaded manually from various Microsoft Web pages and installed individually, if you know where to look.

The third point is the trick to updating a Windows system, regardless of whether it passes WGA validation or you run WGA at all.

Let's examine how various people and companies are using this method.

How companies patch Windows and avoid WGA

An individual who wants to avoid WGA hassles could visit Microsoft's current security bulletin page and browse every new patch and advisory. However, it's unreasonable to expect average Windows users to read each bulletin and decide which patches to install.

A better solution is to use patch-management (PM) software. Every day, dozens of third-party vendors obtain patches from known locations that Microsoft hosts on the Internet. Once the patches are downloaded by the vendors, their software can push the patches out to PCs on a LAN with no worries about WGA. (Disclosure: The company I work for, BigFix Inc., sells a patch-management product that does this for large enterprises.)

Corporations should install a PM solution that resides on a server and pushes patches to individual PCs across a LAN. Network Computing publishes a Rolling Reviews page that analyzes several major PM applications.

Individual PC users have several options to install all security patches — whether rated "Critical," "Important," or any other level of severity — without WGA hassles. The following are a few examples:

The Software Patch. You can do without Automatic Updates and Windows Update/Microsoft Update, which can be hamstrung by WGA, by using The Software Patch. This is a free Web service that WS contributing editor Scott Dunn reviewed — along with a handful of other alternative update services — in his Oct. 4, 2007, Top Story.
Online Software Inspector. My Dec. 18, 2008, column described Secunia.com's Online Software Inspector (OSI). This free service scans your PC on demand. OSI then enumerates the security patches that are needed by your copy of Windows, in addition to patches for dozens of applications from Microsoft and other software vendors.
Personal Software Inspector. My previous column on OSI also described Secunia's Personal Software Inspector (PSI). This is a free download that you install and run on your PC. At present, its primary purpose is to inform you of security updates for hundreds of applications, and you should run PSI in conjunction with Windows Update or Microsoft Update.

It's beyond the scope of today's article to rate the pros and cons of every patching alternative. I hope to bring you a new review of the latest products and services in the coming weeks.

The third-party services mentioned above are compelled by Microsoft to get Windows patches directly from Microsoft's own servers. That means these services can only install security patches and other updates whose files will install without requiring WGA validation.

Fortunately, almost all Windows security patches (of all severity levels) and many other Microsoft updates install fine — regardless of WGA — if you download the files directly or via a third-party service. Microsoft currently lists on a Genuine Software page a few of its apps that do require WGA, such as Windows Defender, Windows Media Player, and Calculator Plus.

In fairness, Microsoft should get credit for posting all of its security patches (of all levels of severity) on publicly available URLs. At least this policy does provide the files to patch-management professionals who know these locations. By contrast, such firms as Red Hat, Sun, and IBM require contracts and log-in credentials before you can obtain some of these companies' Linux, Solaris, and AIX patches, respectively.

The big question is this: why would Microsoft cripple its consumer patching tools — Windows Update and Microsoft Update — by disabling them if a PC doesn't pass WGA validation? The only logical reason I can think of is because Microsoft wants to push WGA, and denying updates to users is the best stick the company can come up with. I believe this decision is a huge mistake.

Windows Update is a crucial service that must remain free from chicanery, because Windows Update is the default program for on-demand security checkups. In computing, defaults are everything. Windows Update is installed and available in every recent copy of Windows on the planet, whether those machines are correctly licensed or not.

Many people disable Automatic Updates because it's intrusive and has been used in the past to install WGA and other nonsecurity updates. If users can't run Windows Update as an alternative to AU, there's a massive problem on the Internet. The battle against malware is already bad enough, and we don't need anything to make the problem worse. When millions of computers become infected, the attacks from these machines become a problem for you, the paying customer of Microsoft.

DRM exists at the expense of paying customers

Call it what you will: WGA, Digital Rights Management (DRM), anti-piracy, or copy protection. It abuses the hospitality of paying customers in an attempt to thwart those who don't want to pay. I don't object one bit to paying Microsoft for the software I use. I do object to being forced to help a company in futile efforts to combat copyright violators.

Copy-protection harms legitimate users who are inconvenienced at best and forced to cope with nonfunctional software at worst. The bad guys, by contrast, aren't harmed much at all. Pirate operations have the money and time to defeat every copy-protection mechanism. Once pirates have broken a DRM scheme, the unlocked software might be salable for months without the pirates' needing to deal with the protection any further.

Do you dislike having to insert a CD into a drive to update Microsoft Office or play a game? Guess what: users of the pirated versions of those programs generally don't have to deal with that. Only the legitimate buyers are inconvenienced.

I've been analyzing flavors of copy protection since the early 1980s. During those nearly 30 years, it's always been the same. Copy protection primarily hurts legitimate users while giving bad guys merely a short period of entertainment.

I do recognize the gray area between the two extremes. There are many users who might violate a software publisher's copyright if it were convenient to do so. But I still believe that the punishment imposed on a software company's best customers is not worth the tiny impact on the real pirates.

I'm not saying Microsoft has to give away its products for free. I'm saying that a copyright owner's battle against piracy is not my problem, so please quit making my life hard in a vain attempt to resolve your legal issues.

Microsoft's lack of support for its best users, in the name of protecting intellectual property, sometimes reaches absurd levels. A recent example of this is Microsoft's refusal to support its software on virtual machines unless the VM software is Microsoft's own. (You can read the details about this in my blog entry posted April 2.)

Microsoft has gotten really aggressive about license protection. The pendulum needs to swing back in the direction of making things easier for the company's customers.

Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias "Blue Boar." He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Table of contents

KNOWN ISSUES

Call to learn whether your Dell or HP is covered

By Dennis O'Reilly

You can't rely on the information you find on some vendor Web sites to determine whether your overheating notebook qualifies for a free repair or replacement.

In a case recently publicized by Windows Secrets, you would need to contact the company's tech-support staff directly to find out whether your system is covered by a special extended warranty.

One of the more-disturbing trends in the computer industry is the silent recall. In such cases, a vendor replaces faulty equipment only after the customer complains about it, rather than actively contacting buyers of the defective products.

This appears to be the approach HP and Dell are taking with notebook computers they sold — computers that use a defective Nvidia GPU (graphics processing unit) that overheats, burning out laptops and tablets.

WS contributing editor Michael Lasky described the problem with these notebooks in a Top Story in last week's newsletter. He included links to a Dell forum thread and an HP forum thread, both of which describe the problem and provide more information.

However, several readers asked us for specific pages on the vendors' sites, to determine whether a particular notebook is affected. Unfortunately, the problem seems to affect even more Dell and HP models than are listed by the vendors. Trevor Valentine found out first-hand how difficult it is to find this information:

"Interesting article (especially to an owner of a possibly defective Compaq laptop). Curious to see if my wife's laptop was affected, I went in search of the defective lists that Mr. Lasky mentioned. This proved a tad tedious, as both Dell and HP seem to have done their best to bury any mention of a defective GPU.

"Here are the lists that I was able to find. I hope that other readers will find these helpful. Interestingly, the second Dell link has this posted:

Dell will offer a 12-month limited warranty enhancement specific to this issue. For all customers worldwide, we plan to add 12 months of coverage for this issue to the existing limited warranty up to 60 months from the date of purchase for the following systems ...

"HP lists all affected models along with instructions on possible 'resolutions.' The only lists I could find from Dell were listed on one of the corporate blogs."

HP's site offers document c01087277 with a list of Pavilion and Presario models the company says are affected. Dell hosts a forum post by "chief blogger" Lionel Menchaca that lists 10 Inspiron, Latitude, Precision, Vostro, and XPS models. A later Dell post lists 15 models.

I have personal experience that the HP list is incomplete, because an HP tablet that I owned — a Pavilion TX1100, which used the faulty Nvidia chip and got fried after only 18 months of use — is not included.

Tom Rupsis reminds us of another way to get a replacement for a defective product whose warranty recently expired:

"Michael Lasky's 'Dell and HP balk at replacing bad Nvidia chip' article suggested purchasing an extended-service warranty to cover expenses related to the overheating motherboards. As an alternative, look into the features provided with the credit card that may have been used to purchase the laptop.

"Many cards provide extended warranties at no additional cost to the consumer. I made use of this benefit when an HP laptop keyboard failed after 20 months. My MasterCard World card covered the cost of replacing the keyboard, even though HP's one-year warranty had expired."

Several readers pointed out that extended warranties for electronics equipment are often a waste of money, as a Consumer Reports article from November 2007 describes. However, the extended warranties offered by most major credit-card companies are usually free. This may be a good reason for you to charge your next computer purchase.

Tech support likes Malwarebytes' antispyware

Recommendations continue to pour in from readers in response to Ryan Russell's March 26 Top Story on programs that should be considered for the WS Security Baseline. A letter from an anonymous Microsoft tech-support staffer caught our attention:

"I read your newsletter and was disappointed by the offered antispyware listed. Spybot Search & Destroy was good back in the day, and so was Ad-Aware, but they aren't what they used to be. They're no longer effective, as the infection definition isn't being worked on as passionately as they had been.

"I work for Microsoft technical support, and 90% of the calls are due to spyware infections, so we ask customers to download Malwarebytes' Anti-Malware. They have a totally free version. It's the one we use for clients. It's so effective, I feel confident the PC you're using to read this has infections. Are you surprised? Even if it's just minor adware, it's an infection still.

"If it weren't for Malwarebytes.org, I'd be spending more time per call and asking customers to reload Windows more often, because finding one infection could take forever. ... The application is painless to install, isn't too bulky, and requires no reboot after install. The application is a winner all around.

"The Internet is full of scams. It's shocking to see it day in and day out."

Ryan's story never discussed Ad-Aware and mentioned Spybot Search & Destroy only because readers nominated it as one of the few options that will run on creaky old Windows 95 systems. But it's good to be reminded that some programs that were once highly rated are no longer up to par.

The free version of Anti-Malware, the program the MS staffer recommends, allows you to perform manual scans for spyware on your system. For U.S. $24.95, you can unlock the program's real-time protection, scheduled scanning, and scheduled updating. For more info, see Malwarebytes' download page.

Readers Trevor and Tom will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers' comments on our recent articles. Dennis O'Reilly is technical editor of WindowsSecrets.com.

Table of contents

WACKY WEB WEEK

Feeling twitterpated? You're not the only one!

By Katy Abby

Unless you've been hiding under a rock, you've probably been inundated by Twitter, the latest fad to take the social-networking world by storm. The 20-word tweets reflect every nuance of a tweeter's life, down to the most mundane activity. Celebrities such as Ashton Kutcher and Demi Moore have hundreds of thousands of twits hanging on their every tweet, and the numbers are growing.

Who really needs this much information on their friends and idols? Even more to the point, who wants to broadcast their humdrum existence in such explicit and uninteresting detail to the nit-picking masses? Take a look at this hilarious animated short that explains "The Twouble with Twitters." Just sit back, relax, and don't make a peep! Play the video

Table of contents

ADS

Are your computer's drivers up-to-date?
Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Drivers HeadQuarters

Get your message seen by 400,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
Windows Secrets Newsletter

See your ad here

PERMALINKS

Use these permalinks to share info with friends

We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam," and corporate filters start blocking our e-mails.)

The following link includes all articles this week: http://WindowsSecrets.com/comp/090416

Free content posted on April 16, 2009:

TOP STORY
By Ryan Russell
Windows Genuine Advantage is still genuinely bad
How companies patch Windows and avoid WGA
DRM exists at the expense of paying customers

KNOWN ISSUES
By Dennis O'Reilly
Call to learn whether your Dell or HP is covered
Tech support likes Malwarebytes' antispyware

WACKY WEB WEEK
By Katy Abby
Feeling twitterpated? You're not the only one!

You get all of the following in our paid content:

	LANGALIST PLUS By Fred Langa Solving "me first" software startup conflicts Playing referee when apps fight to load first When your right-click "Send To" options vanish Disk bloat and the "overloaded camel" syndrome A reader tips us off to a great uninstall tool
	PC TUNE-UP By Mark Joseph Edwards There'll be no easy upgrade from XP to Windows 7 Mainstream support for XP ends with a whimper Holes discovered in Trend Micro security apps Linksys wireless router is open to attacks Old worm follows in Conficker's footsteps
	PATCH WATCH By Susan Bradley Critical patches released for Internet Explorer Don't wait to apply these fixes for IE IE 8 upgrade to be offered via Windows Update A long-overdue fix arrives for WordPad Malicious Excel spreadsheets no longer a threat Image files combine to deliver malware Web credentials are the target of this attack Year-old Web server threat finally patched Enterprise firewalls get a rare update

Get our paid content by making any contribution

There's no fixed fee! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount by April 22, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.

A portion of your support helps children in developing countries
Each month, we send a full year of sponsorship to a different child. Your contributions in April are helping us to sponsor Heidy Joseline, a 3-year-old girl who lives with her family in Guatemala. Children International channels development aid from donors to Heidy Joseline and her community. We also sponsor kids through Plan USA and other respected agencies. More info

Use the link below to learn more about the benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support!

Table of contents

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Research Director: Katy Abby. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Scott Dunn, Mark Joseph Edwards, Michael Lasky, Woody Leonhard, Ryan Russell, Becky Waring.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Table of contents