Microsoft's "high priority" spyware installation exercise

probe

Microsoft is using windows update to install spyware as a “high priority” download on customers machines, a functionality normally reserved for software security bug fixes. To add insult to injury it is beta software, which could cause all sorts of internet problems if it misbehaves in the networking context.

And one has to wonder why this spyware is programmed to call home to Microsoft every day? If a machine had a legit copy of Windows XP installed on it on 13.6.2006 – it is most unlikely to have a fake copy next day.

There is no need for this level of surveillance. The vast majority customers have not agreed to it and there is no way to uninstall this microsoft malware. It is therefore in breach of national and European data privacy laws. News of this has been in the public domain for about a week and there hasn’t been a murmur from dataprivacy.ie or http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

Why not? And one wonders what is the interaction between this snooping campaign and Microsoft “Passport” back in Redmond, or perhaps even in Sandyford?

probe

http://news.zdnet.com/2100-3513_22-6083204.html?tag=nl.e589

NutJob

The responce

http://news.com.com/Microsoft+to+ease+up+on+piracy+check-ins/2100-7348_3-6082334.html

aidan_walsh

Hah. Thats been failing to install on my fully legit copy for the best part of a week. Has it installed for anyone here?

Ruu_Old

I had alot trouble installing update WGA Notification (KB905474), took it about 2 weeks before it finally installed! It would download with the other updates but be the only one that would "fail" to install. Legit copy here.

Blowfish

Ruu wrote:

I had alot trouble installing update WGA Notification (KB905474), took it about 2 weeks before it finally installed! It would download with the other updates but be the only one that would "fail" to install. Legit copy here.

I had same, it took a while but it installed eventually. It is possible to remove though if you know how, but I haven't bothered trying as i'm fully legit .

probe

Law firm Kamber & Associates who took Sony to the cleaners for their nasty rootkit have started a class action against microsoft for spyware. About time lawyers woke up to software companies, phone companies and ISPs who have no regard for customers' privacy rights... Most of these snooping bastards have deep pockets to pay the costs!

Lawsuit calls Microsoft's anti-piracy tool spyware
Company disputes claim, says action is baseless

By TODD BISHOP
P-I REPORTER

A computer user is suing Microsoft Corp. over the company's Windows Genuine Advantage anti-piracy tool, alleging that it violates laws against spyware.

COURT DOCUMENTS

Read the court documents (PDF 505K)
http://seattlepi.nwsource.com/dayart/20060629/msftwgasuit.pdf


The suit by Los Angeles resident Brian Johnson, filed this week in U.S. District Court in Seattle, seeks class-action status for claims that Microsoft didn't adequately disclose details of the tool when it was delivered to PC users through the company's Automatic Update system.

Windows Genuine Advantage is designed to check the validity of a computer user's copy of the operating system. But the tool became a subject of heightened controversy earlier this month, after PC users began noticing that it was making daily contact with Microsoft's servers without their knowledge, even if their software was valid.

"Microsoft effectively installed the WGA software on consumers' systems without providing consumers any opportunity to make an informed choice about that software," the suit alleges.

A Microsoft spokesman, Jim Desler, called the suit "baseless" and disputed the characterization of the tool as spyware.

"Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said.

Windows Genuine Advantage "is installed with the consent of the user and seeks only to notify the user if a proper license is not in place."

Microsoft issued a software update this week to address some of the concerns computer users had raised about the Windows Genuine Advantage tool.

The suit deals with one of the software industry's most controversial issues -- the circumstances under which companies should be able to deliver programs to computers, and what they must disclose to PC users when they do.

The lead lawyer representing Johnson in the suit against Microsoft, Scott Kamber of Kamber & Associates LLC in New York, was co-lead counsel for consumers in the lawsuit over Sony Corp.'s surreptitious placement of copy-protection "rootkit" software on PCs, through music CDs. That software, designed to prevent music from being copied illegally, disabled protections against viruses and spyware, potentially leaving unaware computer users vulnerable. Sony settled the suit.

But even those who have questioned the behind-the-scenes activities of Windows Genuine Advantage say the Microsoft tool doesn't appear to do anything damaging.

"It doesn't seem to me that this particular incident rises anywhere near the kind of damage that is normally associated with spyware," said Lauren Weinstein, co-founder of People for Internet Responsibility. "That's not to say that Microsoft should have done it the way they did. ... But that doesn't necessarily make it illegal."

Kamber acknowledged key differences between the Microsoft and Sony cases. But he said some of the same underlying principles are at work.

"The statute says that people have a right to know what's on their computer," Kamber said. "We're at a point in time right now where people's rights on their own computers and technology are really at issue."

Kamber declined to say how the suit began or to describe his client, Johnson, beyond calling him "a typical user of Microsoft operating systems."

Microsoft has said that the purpose of the daily check-in was to allow for changes in the tool's settings, because Windows Genuine Advantage was still in test mode. The company says those who installed the tool via the company's Automatic Update system have always seen a license agreement that gave information about the tool.

At the same time, a previous version of the WGA license agreement didn't explicitly state that it was making the daily check-ins.

"The disclosure was slim to none, and it certainly isn't what we're looking for as a matter of public policy from a distinguished company like Microsoft," said Ben Edelman, a Harvard University doctoral candidate and anti-spyware researcher.

Earlier this week, Microsoft released a finished version of Windows Genuine Advantage tool that it says no longer checks in daily with its servers.

The company also issued a revised license agreement that spells out in greater detail what Windows Genuine Advantage does, including the fact that it sends the PC user's Windows product key and Internet Protocol address to the company.

But the suit goes beyond that issue to challenge the company's practice of using the automatic updating system as one method of delivering the tool. Although Microsoft has delivered a variety of programs through Automatic Updates, it's most commonly used for security updates, and the suit alleges Microsoft effectively hid delivery of the tool under that guise.

Microsoft's Desler disputed that assertion and said the suit shouldn't obscure what he called the "real issue," software piracy. "The WGA program was carefully developed to focus on what is really an industrywide problem in a manner that is lawful, and provides customers with the confidence and assurance that they're running legitimate software," he said.

The suit, which seeks unspecified damages, makes claims under statutes including the Washington Consumer Protection Act and California Unfair Competition Law, in addition to anti-spyware statutes in both states.

http://seattlepi.nwsource.com/business/275780_msftsuit29.html

Capt'n Midnight

probe wrote:

have deep pockets to pay the costs!

Not as deep as they used to be,

back in 2003 - http://seattlepi.nwsource.com/business/131322_msftearn18.html they had $49Bn cash reserve

Because they've handed $87Bn to shareholders over the last 5 years they are now down to their last $35,000,000,000.00

Not sure what the position is now but back in 2001 they have other revenue streams apart from software / outsourced hardware. http://money.cnn.com/2002/04/12/pf/agenda_trail/index.htm

the company's short-term investments generated roughly $500 million in interest income and dividends, which came to 15 percent of the company's total quarterly pretax profits -- that's 1 of every 6 dollars.

With that much money fines until now have not been an incentive to disclose standards which could increase security. The new EU fines should help focus thier minds.

Ruu_Old

Im just after going through some of the Windows Updates installed a few minutes ago and there was the same one I mentioned (KB905474) trying to be installed again, very messy altogether. I guess it installs that one each time there are any updates available.

probe

Ruu wrote:

Im just after going through some of the Windows Updates installed a few minutes ago and there was the same one I mentioned (KB905474) trying to be installed again, very messy altogether. I guess it installs that one each time there are any updates available.

Same here - and one expects with everyone else.

Relentless terrorism!

Time the bastard EU stopped the sideshow of trying to unbundle Windows Media Player from Windows XP etc and dealt with the real issue of spyware software calling home, theft of information, and general snooping by software and comms companies.

probe

probe

Windows Genuine Disadvantage malware sighted
Topical malware tomfoolery
By John Leyden
Published Monday 3rd July 2006 14:14 GMT
Get The Register's new weekly newsletter for senior IT managers delivered to your in-box, click here.

Perfidious virus pushers have created a worm that poses as Microsoft's anti-piracy program, Windows Genuine Advantage (WGA).

The Cuebot-K worm spreads via AOL instant messenger in the guise of WGA. The timing of the release of the malware coincides with controversy over a feature in WGA that meant that the anti-piracy program "phoned home" with hardware and software data from PCs every time Windows started up.

Cuebot-K attempts to register itself as a new system driver service called 'wgavn', with the display name 'Windows Genuine Advantage Validation Notification'. Thereafter it runs every time a computer starts up. Users who attempt to remove the malware are falsely informed that getting rid of the program will result in system instability.

Once installed on infected machines, Cuebot-K disables Windows firewall and opens a backdoor on compromised machines, surrendering their control to hackers.

More information on the malware can be found in an analysis by anti-virus firm Sophos here.

http://www.theregister.com/2006/07/03/wga_worm/

probe

subway

probe wrote:

Time the bastard EU stopped the sideshow of trying to unbundle Windows Media Player from Windows XP

trying?
the did it a while ago.........
http://www.microsoft.com/uk/windows/editions/xp-pro/edition-n.mspx

probe

subway wrote:

trying?
the did it a while ago.........

How many copies of the dummed down Windows XP professional “N” have been sold? One suspects zero. Why would any sane person buy the reduced functionality version of the operating system? This settlement achieved nothing and is just pure political crap to justify the existence of the incompetent people in the EU involved in competition matters!

probe

rogue-entity

probe wrote:

Why would any sane person buy the reduced functionality version of the operating system? This settlement achieved nothing and is just pure political crap to justify the existence of the incompetent people in the EU involved in competition matters!

probe

Well, I believe XP N was for OEMs to let them ship alternative (and better) media players such as iTunes, WinAmp, Quicktime and most importantly, MPlayer and VLC. But, what the EU should have done is forced MS to remove Internet Explorer from windows and ship that so that OEMs could install better browsers such as Firefox or Opera by default. And it would also (indirectly) solve most of the current spyware problems.

I personally am hoping that the EU forces MS to release the code for its communications protocols specifically those needed to make Samba work as a full fledged Win2003 Domain Controller. Then the EU can focus on other areas where MS has been exploiting its market share.

the_syco

probe wrote:

To add insult to injury it is beta software, which could cause all sorts of internet problems if it misbehaves in the networking context.

Hmmm... gotta say, my 2K machine is working grand. My XP machine can't find webpages, or gives me the wrong ones.

Also, it keeps pointing back to http://www.microsoft.com/products/ceip (Firefox 1.5.0.4 and IE7 Beta2). I never agreed to send any info, btw. I've restarted my router, flushdns, etc, but no joy. Gonna look up "how to f*ck with your host file in 20 seconds", as I'm getting pissed off with it, and I've tried everything else:mad: