WGA: better, but still not good enough

Scott dunn By Scott Dunn

When it was first released, Microsoft’s Windows Genuine Advantage (WGA) was widely criticized for spyware-like qualities and numerous false positives.

Since then, Microsoft has given its anticopying program a number of changes, but they’re not enough to give this tool a positive reputation.

The way that WGA works today

Microsoft bills Windows Genuine Advantage as a way to let customers avoid the security risks of malware-laden counterfeits. WGA is supposed to detect whether a user’s copy of Windows is counterfeit and, if it is, tell the user how to obtain a genuine copy.

Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

Windows 8 Hacks: Tips & Tools for Unlocking the Power of Tablets and Desktops

Subscribe and get our monthly bonuses - free!

Want to hack the new Start screen and tiles for your Win8 Device, the new Lock screen, the new tile-based apps, or the automatic notification information? Yes, you can do that. How about running other operating systems inside Windows 8, running Windows 8 on a Mac, or hacking SkyDrive and social media? We'll show you how to do that as well. Get this excerpt and other 5 bonuses if you subscribe now!



WGA affects users of both Vista and XP. The impact is potentially greater on Vista, where a copy found not to be genuine has certain features disabled, including the Aero interface, Windows ReadyBoost, and portions of Windows Defender. WGA is unavoidable in Vista, since the technology is built into Windows itself.

In Windows XP, failure to be validated by WGA means users cannot download some content (such as optional updates) from Microsoft. In addition, XP users may be treated to alerts complaining that their version of Windows is not genuine, and advising them how to correct the situation. However, unlike Vista users, XP customers may be able to avoid WGA by watching what they install on their systems.

Windows Genuine Advantage has two components, validation (which checks for an authentic licensed version) and notifications (the software that alerts you if you fail validation). In XP, the two are separate downloads.

To learn if your XP system has either of these components, do the following:

Step 1. Start Windows Explorer and choose Tools, Options.

Step 2. Click the View tab and select Show hidden files and folders. Then uncheck Hide protected operating system files (Recommended). Click Yes to confirm, and then click OK.

Step 3. To learn if your system has the WGA Validation Tool, search for the file LegitCheckControl.dll in Windows’ System32 folder. If you find it, the Validation Tool is already on your system.

Step 4. Finally, to learn if your system has the WGA Notifications software, search for WGATray.exe or WgaLogon.dll. These files indicate the presence of the Notifications utility.

If you already have these on your system but haven’t experienced any problems, you probably don’t need to take any further steps. Some Web sites tell you how to remove the Notifications software (the more annoying of the two components) or provide a free tool for deleting it. Others provide hacker techniques for removing the Validation Tool. I haven’t tested these enough to make an endorsement, so use them at your own risk.

If you don’t have the Validation or Notifications tools on your system, you can avoid them by avoiding Windows Update, Microsoft Update, and Microsoft’s download Web site.

You can still get updates without WGA by using the Automatic Updates control panel (more on that later). But as my stories in the Sept. 20 and Sept. 27 issues have shown, allowing Automatic Updates to install files can create its own problems. (A silent update that began in July 2007 had the effect of preventing Windows XP from installing security patches after XP’s “repair” function had been used.)

To have full control over your update process without allowing WGA to be installed, the Software Patch site lets you pick and choose the updates you need. I reviewed this process in the Oct. 4 newsletter.

Even with the Software Patch approach, you may need to exercise caution. High-priority updates do not require WGA to be installed, but any downloads from the “Optional updates” section may include WGA components as part of the installation process. Be sure to read the installer screens carefully in each case.

What’s new with WGA?

Microsoft has attempted to make WGA less odious by changing some of the features that initially brought a great deal of criticism. For example, early versions of WGA sent information from users’ computers to Microsoft every day. This was later changed to weekly. These regular reports were supposed to have stopped by the end of 2006, according to a Microsoft statement.

But that doesn’t mean data is never sent to the home office. WGA sends Microsoft information about your computer hardware every time it does a validation check (for example, when you attempt to download certain updates). Microsoft denies that any personal information is being collected.

But earlier this year, Heise Security reported that WGA sends encrypted telemetry back to Microsoft in some cases — for example, when a user cancels a WGA installation. Microsoft responded on the WGA blog, detailing what information is sent and when. The post was less than reassuring to writers like Robert Moir, who commented that Microsoft is never going to restore trust as long as it continues to behave in a suspicious manner.

Another complaint about earlier versions of WGA was that Microsoft installed it without adequate disclosure. For example, editorial director Brian Livingston reported on June 15, 2006, that WGA was installed silently via Automatic Updates on system set to update automatically, as though WGA were a critical security patch.

A recent Knowledge Base article, number 892130, implies that Automatic Updates won’t install WGA validation, saying, “The Automatic Updates feature is not affected by the WGA validation check. Therefore, you can use the Automatic Updates feature to make sure that you receive critical Windows updates.”

My own tests appear to confirm this. Updating a clean install of Windows XP SP2 using Automatic Updates did not result in any detectable component of WGA being added to my test machine.

Unfortunately, the sites known as Microsoft Update and Windows Update still contain the same misleading language for manual updating that was reported by David Berlind of ZDnet over one year ago. On both sites, an offered download claims that it will update some components of Windows Update. It isn’t mentioned that WGA will be installed unless you click a button labeled Details. Only then is it apparent that the promised “enhancement” is actually the WGA validation tool.

WGA problems persist for Windows users

Unfortunately, despite some positive changes in WGA, problems continue to crop up:

• In August 2007, a problem with Microsoft’s WGA servers mistakenly labeled thousands of computers as “nongenuine,” restricting some Vista capabilities for a time. This was reported by Susan Bradley in the paid version of the Sept. 6 Windows Secrets Newsletter.

• A number of popular software products, including PC Tools Spyware Doctor and Trend Micro Internet Security, have caused WGA to report “nongenuine status” or prevent activation, as reported on a Microsoft online forum. Users have had to download updates for the implicated products in order to correct the problem.

• Trial versions of some Office 2007 products have also been known to flag Windows as not genuine. According to a Microsoft spokesperson, this problem has been corrected for all trial versions of Office as of Jan. 23 of this year.

• Microsoft claims that “false positives” (legitimate Windows systems being seen as counterfeit) are extremely rare. But as Guardian journalist Jack Schofield points out, even if that number is as low as Microsoft’s estimate of 1%, that could still affect around 5 million users.

• Upgrading or making multiple changes to your computer hardware can cause a system to fail WGA validation. The Web site APC pointed out just a month ago that installing the Intel Matrix Storage Manager application and changing a video card was enough to knock out Vista’s activation. Users can correct the situation by phoning Microsoft, but it’s an annoyance nonetheless.

Despite Microsoft’s claims to the contrary, WGA offers few if any benefits to the average user. If you know you’ve bought your copy of Windows from a legitimate source and have no reason to suspect piracy, WGA does little to help you. On the contrary, WGA could conceivably become a headache if you upgrade your computer hardware or if Microsoft experiences more problems with their WGA servers.

The software giant needs to find better solutions to the problem of piracy, rather than make the legitimate customer pay the price for problems facing Microsoft itself.

Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine’s Here’s How section.
= Paid content

All Windows Secrets articles posted on 2007-11-29: