July 29, 2005 9:09 AM PDT

Antipiracy flub for Microsoft

Microsoft's efforts to curtail counterfeiting hit a snag when hackers discovered a new way to bypass its Windows Genuine Advantage, only days after the antipiracy software's official debut.

The software giant announced WGA 1.0 on Monday. WGA requires users to verify that they have a legitimate copy of the operating system before they can download add-ons for Windows XP.

But within days of the software's release, a number of Web sites, including the popular Boing Boing blog, were posting details about how to bypass WGA.

According to several Web sites, a bypass is easily accomplished through any of several means, including pasting a JavaScript command string into the Internet Explorer browser.

For Microsoft, this marks another episode of people finding a way to bypass its WGA software. In the spring, during WGA's pilot phase, a security researcher outlined a method for bypassing the software using another Microsoft tool called GenuineCheck.exe.

Microsoft is investigating the new claims and will take appropriate actions, a company representative said.

"Because of the high value we are providing to genuine users, we are not surprised hackers would try a number of methods to circumvent the safeguards provided by WGA," the representative said. "It is important to note that this issue is not a security vulnerability, nor does it put any customers at risk. Windows users are not in danger."

Johannes Ullrich, the chief research officer at Internet Storm Center, said the JavaScript bypass method does not pose a security threat.

"It prevents the Windows WGA tool from being installed," he said, noting that he conducted tests on the workaround and found it could be easily applied.

For users who purchase computers with Windows preinstalled, Ullrich noted, some may be surprised to find that they have a pirated copy on their computer.

"Sometimes it's hard for users to determine if they have a pirated version. Some buy computers from less-reputable resellers or buy a CD off the street and may have trouble determining if they have a pirated version," Ullrich said.

Microsoft has estimated that roughly a third of the Windows copies installed worldwide are pirated.

17 comments

Join the conversation!
Add your comment
Value is Reallu Just Opportunity to Pay More
With all due respect to Microsoft Corporation, and I say this as a customer of MS for years with thousands of dollars spent on MS products, the so-called Genuine Advantages appear to be little more than discounted purchase opportunities, and the opportunity to be subject to a modern corporate equivalent of vigilante justice, especially as it relates to the growing DRM in Windows as we know it.

If one goes to the Genuine Advantage site where supposed free stuff is available, one sees a one-time discount on the perpetual-pay rentalware version of Outlook, and, among other not-too-hot deals, and opportunity to purchase some uninteresting online MS games at 50% off, and so forth.

Mr. Gates, these are conventionally known as commercial promotions; they are no more Advantages to we legal users than the "low-cost 3 months discount price" DSL service I am receiving, because, like my DSL "offer" from my ISP, I still have to pay something over time. And what I pay over time far outweighs what I gain.

We legal users also get to download the latest DRM-enabled MS Media Player, which includes a license term that allows MS or its partners to remotely disable PC functionality should they think we are doing something naughty copyright-wise.

How, with all due respect, is forcing us to let the content and/or software sector act as judge, jury and license executioner any advantage in practice, for anyone except the judge, the jury and the executioner?

At the very least let's see a right of appeal to public law courts when a Windows or Media Player user is to be license-snuffed by this vigilante justice system called Genuine Advantage and/or DRM.

And, please, stop claiming theere is a benefit when all we get for being honest is the opportunity to be controlled remotely, and to spend more money.
Posted by PolarUpgrade (103 comments )
Reply Link Flag
Looks like security updates require validation also
Last night I went to do my routine hourly M$ security update check and was asked to validate after checking either "Custom" or "Express" buttons. Looks like I'll have to download SP2 and other security updates to the HDD as files and then burn them to CD, since Windows frequently needs to be reinstalled in my house. (I have 4 PC's to maintain, and frequently upgrade hardware like Mobo and CPU's) I'm not letting the "Genuine Advantage" make my life any worse than M$ already has!
Posted by ray08 (64 comments )
Reply Link Flag
Here's a question
You have 4 pcs at home to maintain. Did you purchase a separate copy of windows xp for each pc? If microsoft has it's way, you'll have to.
Posted by thedreaming (573 comments )
Link Flag
Sounds to me like MS is looking for new help
Isn't that what companies do now. Find the hackers that cost them millions of bux, then turn around to hire them so they can make a more stable product? In any case, I'm sitting on the fence for this one. I do agree with MS trying to protect their OS, but on the flip side, by denying everyone using their OS (which is a security risk from hell), all the peeps that can't update are now going to be carriers of every virus and spyware hit on the internet. So in a since, they will now be helping spread this crap on the net.
Posted by (12 comments )
Reply Link Flag
Pay up.
How does anyone justify using pirated or improperly licensed software. While Microsoft may not be perceived as a victim, the simple truth is that software development is a business and all businesses and their employees deserve to get paid for their work. If you don't like Microsoft vote with your wallet. Their is no justification for stealing.
Posted by (1 comment )
Reply Link Flag
Amazing...
So, just let me get this straight: MS software sucks, but EVERYONE wants to have it, and even think of ways of getting it without paying for it.
Hummmm. I thought the idea was to use a Mac or get Linux instead. After all, all you want to do is stealing "bad" software.
Disgusting...
Posted by aemarques (162 comments )
Reply Link Flag
Well here is another little problem
I got a small network I take care of. Windows XP On the desktops Fedora Linux servers. As the sysadmin (go me) I use Linux to take care of everything including downloads. You know little things like MS AntiSpyware. Well I can no longer download it from MS on my Linux box (well at least from MS anyway) without that stupid WGA. I really have to blame myself here really. The owner wanted to make everything Linux not just the servers and I like an idiot talked him out of it. Lesson learner "The customer is always right"
Posted by Buzz_Friendly (74 comments )
Reply Link Flag
One In Three a pirate copy true or false?
Hmm , just where do they dream up these piracy numbers, is think of a number and multiply by a factor of 10,000? Strangely this number cited is identical to the same figure cited by RIAA, for pirated music cd's available to John C, given annual global sales this would mean that the dread pirates would require to run a factory or network or equivalent size to the big 4 major players! Even taking into account total retail sales of all independent sunday flea markets combined do not even come close to the annual retail sales on even one of the major players, or even one third of the declared annual retail sales @ M$. But then again by bypassing M$ WGA check, is a good indicator how weak buggy and error ridden the software is that they supply! You pays your money, and M$ whats you to pay more for less and less everyday! Linux is looking better everyday since you can compile from source to suit your needs!
Posted by heystoopid (691 comments )
Reply Link Flag
DUH
"Microsoft has estimated that roughly a third of the Windows copies installed worldwide are pirated."

The real answer is the one they don't want to hear...LOWER THE PRICE!!!!
Posted by robbtuck (132 comments )
Reply Link Flag
What a pile of steaming....
bull pucky:

""Because of the high value we are providing to genuine users...."

Yeah right. I say this with heavy heart, being a long time Microsoft supporter, but it is time for me to dump Microsoft.
Posted by R. U. Sirius (745 comments )
Reply Link Flag
Easier for the pirates...
than for the legit user. None of Microsoft piracy tatics have worked. It's easier to steal Microsoft products than to buy them. It has nothing to do with cost or the company. People will steal anything if they think they can get away with it.

Product activation, etc. just doesn't work when people can bypass it.
Posted by System Tyrant (1453 comments )
Reply Link Flag
Who gets hurt?
The hackers certainly are not hurting, they find ways around it and get the benefits of WGA. They will continue to find ways around these "protections" every time a new method is introduced. The people who are hurt are those who do not try to circumvent those methods, the delays in downloading extra code and waiting on servers to revalidate our key for the millionth time.

All that copy protection accomplishes is to make using the product more cumbersome to the general user who is also their primary customer.
Posted by zaznet (1138 comments )
Reply Link Flag
Doesn't confirm my versions
I am not so sure about this anti whatever stuff MS is trying to do. I have a Sony Vaio purchased new and a Dell Demension 3000 purchased new. Both came with XP Home installed from the factory. Neither will verify as valid versions of XP. So what do I do now? Seems either Sony and Dell are selling stolen software of the validation system does not work well.

Richard
Posted by (1 comment )
Reply Link Flag
Knew that would happen
Sooner or later, I knew that WGA would smack them right in the face! Windows came with your machine and it's a brand name, so the oem version on your machine is 100%, but the stupid WGA doesn't agree with you and now you're SOL! I just knew it!
Posted by thedreaming (573 comments )
Link Flag
whois the looser Now.
genuine advantage hmmm....

internet explorer 7 only for authenticated windows systems cool that will finally help fire fox/Netscape get minimal 33% of the browser market again.

xp users etc has to be genuine now to use windows update Hmm. OK Linux will now have a 33% market share in operating systems now

33% of all computers will not need Net framework ever again

33% of all computers will never need windows media anymore

33% of computers will not need directX products anymore

33% of computers will never really need MS office/outlook anymore

66% of computers will have 100% proof that they paid for all of above

66% of all computers will continue to have MS security risks/vulnerabilities/Bugs share with each other


ummmm WHOIS THE LOSER NOW !!!! ROFLMAO
Posted by Rijswijk (31 comments )
Reply Link Flag
EDIT
BTW the above is based on the fact that 33% of Windows users are crooks and does not even consider current Genuine Company's/owners/users getting feed up with Microsoft putting more effort in securing there products against theft than securing them against bugs/security flaws and switching to more stable/secure "FREE" products
Posted by Rijswijk (31 comments )
Link Flag
catcha 22
After manually un-installing Norton System Works, Windows Search was hosed as was Java scripting, which prevented me from accessing Windows Update.

A Google search led me to believe the problem was with Windows Scripting. I found the download on the MS site, but it wanted me to "verify" first... which of course, failed.

I finally found the Win Script file on another site and managed to install it, which so far has fixed the problems.
Posted by nxx (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.