Windows Announces WGA 2.0: Now With Periodic Updates

If Microsoft maintains a list of its least-popular ideas, initiatives, and software programs, Windows Genuine Advantage (WGA) has to be near the top. Initially marketed as a voluntary tool when it launched in September of 2004, Microsoft announced just six months later that any user who wanted to access non-critical security updates for their OS would be required to install WGA. Despite Microsoft's attempt to bill WGA as a security feature, public opinion of its "Genuine Advantage" has been anything but good. This is partly Microsoft's fault. The company has, at various times, attempted to sneak WGA on to computers through unspecified Windows updates, and got caught with its fingers squarely in the cookie jar back in 2006 when it was revealed that the service phoned home daily to MS to confirm that a system was really genuine. Vista's initial flavor of WGA was even more draconian than XP's; the OS would only enter a reduced functionality mode for an hour at a time once the preset time period had passed. Microsoft later changed this with Vista SP1; the new system settles for annoying you incessantly as opposed to blocking system access.

Note: Initially, IE users without a validated copy of Windows weren't allowed to download IE7. This has since changed—IE8 is offered to an XP system as a critical update even if WGA isn't installed. Microsoft is serious enough about getting people away from IE6 that it's willing to give a new browser out to anybody.

Once More, With Squealing
In a recent
post at The Windows Blog, general manager Joe Williams discusses the company's plans for the next generation of WGA, now called WAT (Windows Activation Technologies). In addition to periodically phoning home to make certain your OS remains authentic, WAT will now automatically update itself to keep you 'protected' from what Microsoft terms "activation exploits." Once again, instead of sticking to the truth ("You just might owe us money,") we see WGA WAT trotted out as a feature. "This new update is further evidence of Microsoft’s commitment to keeping customers and partners secure," writes Williams. "The update will determine whether Windows 7 installed on a PC is genuine and will better protect customers’ PCs by making sure that the integrity of key licensing components remains intact."

According to Williams, WAT is voluntary (his emphasis) although we'd like to point out that WGA was also voluntary for the first six months of its life and is still technically voluntary now. This has not stopped the company from attempting to sneak it on an XP system during the patch processs when using Automatic Updates. Like WGA, WAT doesn't transfer any personally identifiable information (PII) when it contacts MS's servers. Here's how it works, according to Williams:

Once installed, the Update...[identifies] known activation exploits. If any activation exploits are found, Windows will alert the customer and offer options for resolving the issue...Machines running genuine Windows 7 software...will see nothing. If Windows 7 is non-genuine, the notifications built into Windows 7 will inform the displaying informational dialog boxes with options for the customer to either get more information, or acquire genuine Windows. The desktop wallpaper will be switched to a plain desktop (all of the customer’s desktop icons, gadgets, or pinned applications stay in place). Periodic reminders and a persistent desktop watermark act as further alerts to the customer.It is important to know that the customer will see no reduced functionality in their copy of Windows—a customer’s applications work as expected, and access to personal information is unchanged. The Update will run periodic validations (initially every 90 days). During validation, Windows will download the latest ‘signatures’ that are used to identify new activation exploits – much like an anti-virus service. When tampering, disabling, or missing licensing files are discovered, the WAT Update runs a check and repair weekly to ensure that the licensing files are properly repaired.

The key advantage of WAT over WGA (for Microsoft) is that it turns a pirate's one-time evasion into a never-ending chase. WAT may not transfer any PII back to home base, but you can bet it'll transfer information on what processes or programs might have been used to alter the Win 7 activation process. Microsoft can then adjust its algorithms accordingly and issue a 'patch' to cure what it views as an infection. The thieves, pirates, and assorted scoundrels responsible for stealing Windows must then create a new work-around—and as that work-around becomes more popular, the chances of it encountering WAT increase. Eventually the two cross paths, MS diagnoses and fixes the exploit, and voila—it's back to square one.

Evaluating WAT

It looks so innocuous.

Let's clear the air immediately on a few points. Microsoft's goal with a program like WAT or WGA has never been to catch individual users. The company has much bigger fish to fry; its primary targets are the companies and organizations that engage in software counterfeiting on a massive scale. This fact is underscored by Microsoft's approach when it believes a customer is running a counterfeit copy of Windows. Thinking has obviously shifted away from the draconian 'punish the criminal' model and towards an approach that could be summarized as 'annoy the customer as much as possible.' It's not much fun, but it beats the alternative. If we examine the history of the WGA program, Microsoft is being more open and transparent about what the program is and how it functions. Regardless of what you think of WAT, that's a good thing.

Having said all that, there are three flaws in the WAT model that concern us, particularly since one of them undermines Microsoft's assurance that WAT will remain voluntary. First, there's the fact that Redmond spends a significant amount of time painting WAT as a security mechanism designed to keep your PC safe. In reality, WAT only protects you against the possibility that whoever built your PC charged you for a legal OS and installed a legal one. That's it. Microsoft likes to talk about how pirated copies of Windows may contain viruses, but that's a confusing association for the not-so-savvy customer. The best way to avoid this potential problem is to strip out the psuedo-security chatter and describe the program differently.

Secondly, WAT is going to be updated on a regular basis, which means MS will have the opportunity to break it on a regular basis. The solution in this case is ample testing and quality control—valid users suddenly deemed invalid by false positives aren't going to be happy.

Finally (and most importantly), there's the question of whether or not WAT can actually perform its function as a voluntary program. In the past, dodging WGA was (mostly) a one-time deal. Now, WAT will phone home and update itself every few months, which increases the chance it'll catch new cracks and/or continue to annoy pirates to update. On the one hand, it effectively raises the annoyance bar, which is meant to shunt people towards going legit. On the other, however, it encourages people to opt out of the 'voluntary' update. Microsoft likes to claim that one of the benefits of being 'genuine' is having full access to Windows Update, but has anyone actually jumped through the various bells and hoops just to download language packs and a handful of games?

A number of people will focus on the fact that WAT 'phones home' for updates on a regular basis, but the anti-WAT/WGA crowd were standing on much stronger ground when WGA would lock you out of your own system if it thought you weren't licensed. Annoyance is annoying, but it's hard to argue that Microsoft doesn't have the right to get on the nerves of those who have, unwittingly or not, stolen its product.