| MS Expands Anti-Piracy Program, Reissues Patch
Microsoft today began expanding its anti-piracy
program by quietly pushing out a software update that in many cases automatically
scans Windows computers and reports on whether they are powered by unlicensed
software.
The new pilot program is a fairly broad expansion
of Microsoft's Windows Genuine Advantage program, under which the anti-piracy
check was required only for users who wish to download security updates
or other free programs from Microsoft's site. Under WGA, users who chose
to receive fixes via Automatic Updates were not prompted to install and
run the anti-piracy software.
Starting today, however, Windows XP users in
the United States who have set up automatic security updates will receive
the anti-piracy tool. After installation and reboot, they may find their
computers popping up an alert that reads: "This copy of Windows is not
genuine; you may be a victim of software counterfeiting." Microsoft also
is pushing the new tool out to auto-update users in Britain, Malaysia,
Australia and New Zealand.
I hadn't heard about this program until today,
when my laptop -- which of course is running a legitimate copy of XP Home
Edition -- received this update today and prompted me to restart. When
I rebooted the machine and went to "Add Remove/Programs," the hyperlinked
Microsoft Knowledge Base article that was supposed to describe more about
this patch was not available, so I sent a few questions over to Microsoft.
Below are their answers:
How does Microsoft plan to disseminate this?
Through automatic updates?:
"Yes. As part of the pilot program, some customers
in the U.S. U.K., Malaysia, Australia and New Zealand will be invited to
receive WGA Notifications through Automatic Updates (AU) to learn whether
or not they are running genuine Windows. Customers who opt in to the pilot
and learn they are using non-genuine versions of Windows will receive a
message during logon that their copy of Windows appears to be non-genuine
and will be directed to the WGA Web site to learn more. If they choose
not to obtain a copy of genuine Windows at that time, the customer will
receive reminders until they are running genuine Windows. While the pilot
is presently opt-in, as it expands later in the year, AU and WU customers
may be required to participate. Users who have not validated their machines
as genuine through WGA will not be able to download IE 7 and Windows Defender
among other downloads and updates. However, they will not be denied critical
security updates" (my emphasis added).
Will the Windows customer who uses auto-updates
have the opportunity to decline this update and still install other updates?:
"The pilot is opt-in, so all participants are
given a choice about whether or not they wish to participate. The opt-in
is via a License Terms dialog, and users can chose to accept or decline.
Only users who accept will receive the software. Once installed, participants
will have the option to suppress notifications for some length of time.
Customers [already] running genuine Windows Advantage will be unaffected
by WGA notifications. Users running non-genuine Windows will see the notifications
at boot time, login time, and periodically to via a system tray bubble
notification. Messages are displayed until the system is running genuine
Windows. Users can choose to suppress the notifier. The notifier will remind
such users that they are not running genuine Windows and direct them to
the WGA failure page, where they can learn more about the benefits of genuine
software and take advantage of the Microsoft genuine Windows offers designed
to help victims of counterfeit software. All users are able to receive
High Priority Security & reliability updates regardless of their validation
status. Users will not have the option of uninstalling WGA Notifications"
(again, my emphasis).
What has been the rate of acceptance among
Windows users to the Genuine Advantage program so far? How many potentially
pirated versions of Windows has Microsoft received reports of thus far
through the WGA program and installed tools?
"To date, we have already validated more than
150 million systems worldwide with WGA. As of March 2006, the WGA notifications
program has been offered to more than 13 million users and we estimate
an additional 13 million customers will receive the program with the present
expansion. The ultimate goal of WGA is to differentiate genuine Windows
software from non-genuine software. WGA also helps Microsoft learn more
about counterfeit resellers and their illegal practices. We don't have
specific numbers to share."
Microsoft wouldn't acknowledge it, but the
folks over at an unofficial Microsoft watch site called Windows Observer
have posted a bunch of PowerPoint slides that look like they were designed
for dissemination to Microsoft OEM manufacturers. If you scroll through
those slides, you'll see that yes, Microsoft has had 150 million validation
attempts so far, approximately 35 million of which failed. If true, that
would suggest that slightly more than one in every five Windows XP systems
is powered by a pirated version of the operating system. Yikes.
What exactly happens in the event that the
tool finds a PC that is suspected of running a counterfeit version of Windows
(what info, if any, is then shared with Redmond)?:
"WGA Notifications is for Windows XP users.
Our client software does not collect any information that can be used to
identify or contact a user. We use the same process used by many popular
search engines and Web sites to determine where their users are from --
a form of IP lookup. This IP lookup process does not include any information
that is used to identify you or contact you, and only gives a rough geographic
representation of where users are located."
This slide over at WindowsObserver would appear
to indicate Microsoft knows pretty well where all the infringers are in
the US.
Microsoft also said it is planning to expand
the anti-piracy pilot to Microsoft Office products. Initially this will
affect users of various foreign language versions of Office, including
Brazilian Portuguese, Czech, Greek, Korean, Simplified Chinese, Russian
and Spanish.
Microsoft has every right to defend its intellectual
property rights, and I don't for a single second begrudge the company for
trying to quash software piracy, which is a very costly and global problem.
But I'm a little concerned that this action could cause a number of Windows
users to turn off automatic updates completely, and as such leave their
systems unpatched and sitting ducks for would-be attackers who might use
those machines for criminal purposes.
For my part, I turned off Automatic Updates
several months ago, mainly because I got sick of telling Windows not to
install its "malicious software removal tool," (even though I checked the
box next to "don't ask again" or something to that effect, Windows asks
permission to reinstall the program every time other updates are available).
Microsoft also released today an update to
fix a Windows security patch (MS06-015) it issued a week ago that caused
problems for some users of Hewlett-Packard hardware and software, as well
as some Windows users who have certain Nvidia graphics cards installed.
Microsoft said that if you are configured to
receive automatic updates, you don't need to do anything: "It will detect
if you have the problem and deliver the update to you. If you have not
yet installed MS06-015, the revised version will be offered to you." Automatic
update users will also get a complimentary copy of the new Windows anti-piracy
tool as well |