Microsoft's sordid spyware SNAFU (and the lion sleeps tonight)

Heeerrre's IT Blogwatch, in which fears grow that Microsoft is secretly spying on Windows users. Not to mention how not to watch the "big game"...

The Windows-Genuine-Advantage-is-spyware meme has been floating around for few days, but more details have emerged. The co-founder of People For Internet Responsibility, Lauren Weinstein, discovered this a week ago: "A recent Microsoft update to Windows XP, which modifies the tool that verifies the 'validity' of XP installations to insure that they are not illicit, may itself be considered to be spyware under commonly accepted definitions ... Genuine Advantage ... will now attempt to contact Microsoft over the Internet every time that you boot ... I fail to see where Microsoft has a 'need to know' for this data after a system's validity has already been established, and there may clearly be organizations with security concerns regarding the communication of boot-time information." And he later adds: "MS officials tell me that at this time the connections are to provide an emergency 'escape' mechanism to allow MS to disable the validation tool if it were to malfunction ... [they appear to] agree with my assertion that additional clarity and a more 'in your face' aspect to these notifications in such cases would be highly desirable."

» Groklaw's Pamela Jones has this to say: "Microsoft [asserts] that the Windows Genuine Advantage tool is not spyware ... and that one thing that distinguishes it from spyware is that they get consent before installing it. I question the accuracy of the statement ... I see a legal problem with consent, which I noticed by reading the EULA. I think I also see a problem with the statement Microsoft has issued with regard to what information it collects. And something in the EULA needs to be explained, because it doesn't match Microsoft's statement ... They don't need such information about you as your hard drive's serial number, the company that built your computer, what language you use, PID/SID, Bios information with an MD5 checksum, and where you are located to do any of the three things they say they are doing it for. Obviously, they are checking to know if you are a pirate, and they should say so straightforwardly. But does Microsoft need your hard drive serial number to know if you are a pirate? If you change it, is it any of Microsoft's business? Did they sell you that hard drive? But my point is, it's not mentioned in the EULA at all, so I don't see consent having been given. But it gets worse ... In what way is this not spyware? ... The notion of informed consent is that you have to know what you are saying yes to, and the party asking for your consent has an obligation to tell you the things you need to know to make an informed decision ... I have read a lot of contracts in my time, as part of my job, and I have no idea what this is saying."

» Mary Jo is more succinct: "Is WGA technically spyware? Of course, Microsoft's answer is no. But spyware is all in the eye of the beholder. If users are not properly notified about exactly what software a vendor installs on their systems and/or about the function and purpose of that software, it sure sounds like spyware to us."

» Joe Wilcox is worried: "Microsoft already uses the 'beta excuse,' to explain some of its behavior, but should the 'beta excuse' be seriously taken? ... The company isn't disclosing all that its beta software does, either because of oversight or intention ... I don't recall Microsoft ever publicly discussing that feature. On the contrary, the company emphasized how (the now testing) Windows Genuine Advantage Notifications would be unobtrusive and totally opt-in ... The language regarding the update clearly and emphatically stated it was necessary. There was no option to review the update or even reject it. So, I accepted the update. I didn’t know what the update was until the computer indicated that it was downloading the Windows Genuine Advantage Tool. That process is optional? ... Is Microsoft overwhelmed by so many betas at once that some important details are lost in the process? Perhaps Microsoft is taking a more aggressive posture with betas? ... should be important to Microsoft competitors and partners, because of the possible impact on them. [It] should concern Microsoft, too, as there are legitimate concerns about the response of partners and customers."

» Amit Agarwal shows how to stop WGA phoning home: "End the process wgatray.exe in Windows TaskManager and restart Windows XP in safe mode. Now delete the following files ... Start Windows Registry editor and delete the folder "WGALOGON" located in the following location."

» An anonymous Slashdot user gives virus writers a worrying idea: "A virus could use one of the 'Product-Key Changer' scripts ... to install a pirated product key on every infected computer (wiping all traces of the original key). This would render millions of genuine installations indistinguishable from pirated installations. What a mess for Microsoft! They would have to immediately 'kill forever' the WGA helper, and maybe even remove the WGA check on Windows Update. Such a virus would be a hard lesson to learn for the writers of all kinds of automated 'genuine' checks."

Buffer overflow:

    Around the Net

• Partha S: IBM : The India Story
• Rick Shangle: NetApp hits street with enormo-array... II
• Tom Olzak: Diversity in design: added value or liability?
• Hu Yoshida: RIM the New IT Rock Stars
• Robert Scoble: Correcting the Record about Microsoft
• Scott Karp: Why the Social Networking Backlash WILL Happen

    Around Computerworld

• Douglas Schweitzer: Good advice and timely, too!
• Martin MC Brown: Digital statements have non-digital flaws
• C. J. Kelly: VA cuts off remote access for 35,000 employees
• Mitch Betts: The nightmare of medical identity theft
• Angela Gunn: Gone; forgotten?
• Martin McKeay: Contradictory Statments
• Eric Ogren: Blu-ray's Mission Impossible: "Good morning Mr. Phelps ..."
• Shark Tank: A little tidying, a big mess
• Douglas Schweitzer: What's on your old drive?

And finally... The lion sleeps tonight

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.