Microsoft SUED for Malware aka "WGA"
 

http://seattlepi.nwsource.com/busine...sftsuit29.html
----------------------


Thursday, June 29, 2006

Lawsuit calls Microsoft's anti-piracy tool spyware
Company disputes claim, says action is baseless

By TODD BISHOP
P-I REPORTER

A computer user is suing Microsoft Corp. over the company's Windows Genuine Advantage anti-piracy tool, alleging that it violates laws against spyware.

COURT DOCUMENTS

Read the court documents (PDF 505K)
http://seattlepi.nwsource.com/dayart...sftwgasuit.pdf

The suit by Los Angeles resident Brian Johnson, filed this week in U.S. District Court in Seattle, seeks class-action status for claims that Microsoft didn't adequately disclose details of the tool when it was delivered to PC users through the company's Automatic Update system.

Windows Genuine Advantage is designed to check the validity of a computer user's copy of the operating system. But the tool became a subject of heightened controversy earlier this month, after PC users began noticing that it was making daily contact with Microsoft's servers without their knowledge, even if their software was valid.

"Microsoft effectively installed the WGA software on consumers' systems without providing consumers any opportunity to make an informed choice about that software," the suit alleges.

A Microsoft spokesman, Jim Desler, called the suit "baseless" and disputed the characterization of the tool as spyware.

"Spyware is deceptive software that is installed on a user's computer without the user's consent and has some malicious purpose," Desler said.

Windows Genuine Advantage "is installed with the consent of the user and seeks only to notify the user if a proper license is not in place."

Microsoft issued a software update this week to address some of the concerns computer users had raised about the Windows Genuine Advantage tool.

The suit deals with one of the software industry's most controversial issues -- the circumstances under which companies should be able to deliver programs to computers, and what they must disclose to PC users when they do.

The lead lawyer representing Johnson in the suit against Microsoft, Scott Kamber of Kamber & Associates LLC in New York, was co-lead counsel for consumers in the lawsuit over Sony Corp.'s surreptitious placement of copy-protection "rootkit" software on PCs, through music CDs. That software, designed to prevent music from being copied illegally, disabled protections against viruses and spyware, potentially leaving unaware computer users vulnerable. Sony settled the suit.

But even those who have questioned the behind-the-scenes activities of Windows Genuine Advantage say the Microsoft tool doesn't appear to do anything damaging.

"It doesn't seem to me that this particular incident rises anywhere near the kind of damage that is normally associated with spyware," said Lauren Weinstein, co-founder of People for Internet Responsibility. "That's not to say that Microsoft should have done it the way they did. ... But that doesn't necessarily make it illegal."

Kamber acknowledged key differences between the Microsoft and Sony cases. But he said some of the same underlying principles are at work.

"The statute says that people have a right to know what's on their computer," Kamber said. "We're at a point in time right now where people's rights on their own computers and technology are really at issue."

Kamber declined to say how the suit began or to describe his client, Johnson, beyond calling him "a typical user of Microsoft operating systems."

Microsoft has said that the purpose of the daily check-in was to allow for changes in the tool's settings, because Windows Genuine Advantage was still in test mode. The company says those who installed the tool via the company's Automatic Update system have always seen a license agreement that gave information about the tool.

At the same time, a previous version of the WGA license agreement didn't explicitly state that it was making the daily check-ins.

"The disclosure was slim to none, and it certainly isn't what we're looking for as a matter of public policy from a distinguished company like Microsoft," said Ben Edelman, a Harvard University doctoral candidate and anti-spyware researcher.

Earlier this week, Microsoft released a finished version of Windows Genuine Advantage tool that it says no longer checks in daily with its servers.

The company also issued a revised license agreement that spells out in greater detail what Windows Genuine Advantage does, including the fact that it sends the PC user's Windows product key and Internet Protocol address to the company.

But the suit goes beyond that issue to challenge the company's practice of using the automatic updating system as one method of delivering the tool. Although Microsoft has delivered a variety of programs through Automatic Updates, it's most commonly used for security updates, and the suit alleges Microsoft effectively hid delivery of the tool under that guise.

Microsoft's Desler disputed that assertion and said the suit shouldn't obscure what he called the "real issue," software piracy. "The WGA program was carefully developed to focus on what is really an industrywide problem in a manner that is lawful, and provides customers with the confidence and assurance that they're running legitimate software," he said.

The suit, which seeks unspecified damages, makes claims under statutes including the Washington Consumer Protection Act and California Unfair Competition Law, in addition to anti-spyware statutes in both states.
-----------------------

Heh, I see that the hate for WGA has now spread.

I don't know about his copy, but Win Update told me it would install a verification tool and asked me to OK it.

Maybe he didn't use the advanced button and just accepted it without looking to see what it would do. Looks to me, he don't have much of a case.

The issue is that WGA's explanation of what it does didn't disclose everything that it does. It seems more likely that this was an administrative error than a genuine attempt to decieve to me (I mean, what did MS have to gain, really?), but I think that Microsoft were technically in the wrong here, from what I've read.

The issue isn't that WGA is malware (or, if it is, this will get tossed right out of court), it's that WGA doesn't fully disclose the information it sends back.

Maybe is malware to those that have pirated OSes.. =\
Nothing like the ol' Win2k ^^

OK, usually i'm pretty much a MS fanboy, but this time, i'd like to go on the record and say one thing.

my point : windows needs a REAL competitor... apple DOES NOT COUNT! mainly because apple's are non user upgradeable and therefore not something a computer "geek" would ever touch.
Linux/Unix also does not count because of one IMPORTANT factor this being, that is so hard to setup and install/configure, that it will never become mainstream, OR viable competition.
so, in closing i'd just like to say :

WINDOWS NEEDS A BIGGER COMPETITOR

I wouldn't say that. Linux has come a long way from being a niche software. Hardcore users of *nix would try their hardest to keep it archaic but popular distros say otherwise.

But I do agree that Microsoft NEEDS a real competitor. OSX would have fit the bill BUT Apple is too set in its ways and not to mention that ol' Billy Boy has much stock in Apple too.

Yeah. SuSE and Ubuntu come to mind as distributions which are relatively simple to sort out (there's a "thrill factor" of being able to use a functional desktop while Ubuntu installs too, which is neat), but there's a lot of licencing problems which mean that it's hard to justify anything but a pre-install with the extra components, which in some cases I'm not even sure if it's legal.

I mean, telling someone that they can't play MP3s or DVDs, or play 3D games, without working out some weird and complex options in advanced system settings, or installing and running an unsupported third-party piece of software is kinda annoying.

Worth noting that Windows, not Microsoft, needs a real competitor. And there are various things getting that way, although I expect that Vista will once again set more ground between Linux and Windows, at least for a while. OSX doesn't really count because they sell a system/software combo, yeah. Which is a pity, because it's a pretty great OS.

Even if the Windows Genuine Advantage isn't illegal, it sucks. I have a year old copy of XP and would like to change the motherboard in the computer that it's in. That will cost me $150.

Considering that the license is $100 more for adding this to a home built computer, this shouldn't happen.

This phone home operating system really sucks and is at least consumer unfriendly. Significant hardware changes (like installing a SATA card, if you can call that significant) make the thing phone home.

We all know you're an MS lover, zoot, but geez, this is rotten and getting worst.

You wouldn't buy a car that needed an access code from an 800 number to start, when you changed the starter. This is the same thing.

Operating systems should last for the lifetime of the chassis. And "phoning home" as a prerequisite for installing is a serious invasion of privacy.

Microsoft has not made a clear disclosure as to exactly what all this does. That makes it spyware. Yet another thing that has no damned business being in an operating system. Microsoft is spying and who knows exactly what security problems that may or has introduced. This at least discloses detailed system hardware information to MS. That in itself is a security breach. Who knows what else it reports or how that information could be used.

uhm, hippie, all ya gotta do after you change the MOBO is call MS to activate, they'll ask you if you changed your hardware significantly, you say yes, they say ok.
believe me i've done it, this computer has been rebuilt many a times, and about 3-4 were with the exact same copy of windows, you don't need to repurchase it at all.
:D

And give them more private information?. Under current licensing, to be technical, you can't sell the computer with the MS license you bought.

Non transferable, spies.... Wheres the good part?.

they didn't ask for anything that i consider to be private.
those things are, and are not limited to :
phone number
email addy
land address
zipcode
city
state
age
D.O.B.
S.S.N.
drivers license, or number of which.
hell i don't even think they asked my name, doubtfull but i don't think they did, it really was a painless thing to do.

[EDIT] btw don't quote me on them not asking for any of those things, it's been one hell of a fucking long time since i activated XP [EDIT]

So, let me get this straight. It will cost you $150 because you refuse to give them personal information now that you will have to give them to activate your product after spending the $150?

You know, most of the time, I just ignore this anti-microsoft-fanboy bullshit, but this just really gets under my skin. Let me try and make this clear:

YOU ARE IGNORING REALITY.

You can say that Microsoft is a big, evil corporation all you want. You can say that the state of computing is behind 15 years, if you'd like. You can give whatever lousy theories about an industry you probably don't understand all day long, and it won't bother me.

But stop spewing factually and obviously incorrect garbage just because you dislike a company (for probably the wrong reasons). And don't expect that you're going to be treated with anything but quiet snickers or possibly open hostility when you talk to someone who can put their personal dislikes after their ability to rationally comprehend reality.

The last time I called up Microsoft because I'd changed my hardware, they asked for literally two pieces of information: my "authentication code" (or whatever it's called), and why I needed to activate windows again ("is this for a reinstall?"). Admittedly it could've changed since then, but since you need to activate a new copy of windows anyway (as zootm indirectly pointed out), you're either incapable of acting rationally, simply not doing so, or trying, for some reason, to lie to us (maybe you think it makes you cool to hate Microsoft?).

As a final point, don't you fucking make snide remarks about people like zootm who, in zootm's particular case, is probably the most objective person I have ever met about Microsoft's products. It makes you look like an asshole.

I'm not, but thank you for playing. :) I just have a low tolerance for anti-MS (and "anti-anyone because they have more money than me" in general) bullshit.
You don't buy the software, you buy a licence. The licence restricts you to using it one machine. When you buy a car, you buy the machine.

The situation is closer to having to renew your car insurance if you double your engine capacity. Which you do.
That's the problem.
No it doesn't.
How? If it's anything, it's a privacy breach.
Groklaw has an article about it, if you care. But it's becoming increasingly apparent that you do not, preferring to troll cluelessly instead.

I think MS have done wrong here, incidentally. They install the Validation tool without notification - they should not. I think you're blowing it out of proportion to the max though.

Another example is this: did you know that, in the US at least, you can not legally replace your taillights with red pieces of glass or plastic? Real taillights have an SAE number on them that identifies the lens and certifies that it meets government regulations. So yeah, you can change it to something not certified (licensed?), but if the 'spyware' (police) reports you, you have to pay a fine.

There's a difference, though. How often do people get issued tickets for non-spec (but still working) brake lights? Not often, because the situation isn't common/checkable enough to warrant regular enforcing.

Also, will an insurance agent ever come to your house and inspect your car's engine to check for modifications? No. Absolutely not. In the case of property underwriting, they'll send someone out to inspect the property (outside only) and document the place with Polaroids or digital photography ro check for open pools with no fencing, external stairways without rails, or other obvious hazards that the insurance company could be held liable for in a claim. But do they have a network of spies constantly roaming neighborhoods looking for violations? No. And they give you warning before they come, if you're renewing.

However, Microsoft's software DOES enforce its regulations absolutely. No honor system or any of that societal buffering. It just commands reactivation. But does the computer know when it's been sold for $200 at a flea market, with OS intact? No, thankfully.

I hold that the consumer DOES NOT BUY LICENSES. Legally they can word it that way, but it's sophistry. Consumers buy products and services. Every purchase is not and should not be some kind of ongoing contract concerning use and proliferation. The idea of purchases (let us consider this exclusive of such things as firearms, explosives, or potentially fatal carcinogens such as pesticides) as chronic contractual agreements in some ways breaks the capitalist model, and therefore is erroneous in such an environment.

I was not trying to say anything about their looking for piracy... I was trying to show the starter replacement example was not really applicable in this case.

I do somewhat agree with you, however I feel the sale of software may imply an ongoing (never ending) contract. We sell the software I write to the Nuclear Industry. They will not buy without support. They will not buy without a physical license to use the software. They do not care whether they own the software or not. There are many govermental organizations and business that feel the same way.

Selling a license protects the seller. You can not simply sell software, because selling implies the right to do as you please with the product (within legal bounds of course). Hence you can sell your car when you are done with it. But, when you sell your car, you can not sell your driver's license nor your insurance for that car. They are non-transferrable.

Quite frankly, I don't actually know about car laws in the UK, because I'm not a driver, but that does make sense.
Comparing material goods to licences doesn't work. It's the same reason that copyright infringment is not theft. It's annoying because it really kills the number of meaningful analogies you can make (and I realise mine was pretty bad too).

Well, that's what I meant. :)

Yeah, I just think it's worth noting that Microsoft do make products other than Windows, and because that one product is so big it occasionally detracts from the points people make.

It's worth noting, too, that while other OSs gain popularity, Microsoft have been phasing in more and more support for them. The best outcome for everyone is that competition makes Microsoft change, rather than killing them. As cathartic as it might be, the collapse of Microsoft would benefit noone.

Big time. The last thing we need is a quick mass migration to Linux based systems, as nice as it would be to have people using operating systems with a Linux kernel.

I dislike the Linux kernel. I prefer the NT one, technically (although obviously Linux has seen a lot of code review, so there's a good chance its actual code is cleaner - I just don't like the architecture so much).

One of the things I dislike about open source is that a lot of times, things just seem hacked together. This is probably because they actually are just hacked togehter a lot of the time. :D

It all works just fine and for many purposes it works better than the alternative, but that whole feeling of "we just kind of threw this together and made it work" bugs me. If that's the case, perhaps some things need to be rewritten from the ground up the "right way" TM`or, at least actually follow worse is better.

I wouldn't be so sure closed source apps/systems are different.

Old ones in particular, with tons of added features and fixes for things nobody thought about when making the original design (even if at the time it was clean and elegant).

You are right. But what I noticed is that they actually do realize that too. Once they get to a point in the product's lifespan, they rewrite(most of) the program from the ground up.

Though, it only "seems" to be thrown together is because of marketing, branding and presentation. Something that most of them never thought about until recently.

I think Linux (which is a kernel, no more) proves this wrong somewhat. My biggest problem with it though is that because it was a reasonably successful implementation of a modern design, it became popular.

The design is, these days, well out of date. But without funding, OSS will do no more. Because they have a system that is "good enough". And as much as it will enrage Linus Torvalds, that's not "good enough" for me.

Not at all. You've been buying licenses for a long time. Every book which you buy comes with an implied license. If you were really buying the book, then you could do whatever you wanted with it, including make copies of it.

When you buy software from Microsoft, the largest part of that purchase is in a license. You own the CD — you can do whatever you'd like with it, but as far as the actual use of the software, you've bought an implied license for one computer (the "license" bullshit that comes with it holds little to no legal weight).

Books don't come with a license, they fall under copyright.

There is no license that rules when or where you're allowed to read a book.

and somewhat related:
And these bounds include copyright.
A program without a license can't be copied (whole or in part) by anyone except the copyright holder.

[/digression]

Yes, this doesn't change the fact that what you buy is the licence to the software, however. This is made clear on the product packaging and so on.

In further news about this, Ars Technica generally have high-quality commentary on techy stuff, and the recent article on this very subject is no different. :)

I'm possibly the only one still interested in this issue, but there's an interesting interview with Microsoft's head guy on privacy where he admits that they screwed up with WGA, and will apparently fix it.

The man obviously has a lot of nice things to say about Microsoft, but the fact he admits their processes failed in WGA is quite interesting.

http://news.zdnet.com/2100-3513_22-6090651.html
-------------------------

Microsoft faces second WGA lawsuit
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: July 5, 2006, 7:56 AM PT

Microsoft has been named in a second lawsuit over its antipiracy Windows Genuine Advantage program, which plaintiffs allege acts as "spyware" on their systems.

Engineered Process Controls, Univex and several other parties filed a class action lawsuit Friday in U.S. District Court in Seattle, alleging Microsoft installed "spyware" on their computers as a "critical security update." The suit comes days after another complaint containing similar allegations was filed in U.S. District Court in Los Angeles.

In this most recent lawsuit, the parties allege Microsoft violated the Computer Fraud and Abuse Act, the Consumer Protection Act, the Computer Spyware Act, and also engaged in intentional misrepresentation of the software program.

Microsoft, however, contends the two lawsuits do not present a fair picture of WGA.

"The two lawsuits appear to be similar in the claims and both are without merit," said Jim Desler, a Microsoft spokesman. "They distort our antipiracy program…and the harm piracy brings to Microsoft and to customers."

Although the WGA feature is designed to validate the authenticity of Windows software installed on a user's PC, it recently raised the ire of some users when Microsoft began delivering the WGA prerelease as a "high priority" item automatically built into Windows updates.

The software, which scans users' hardware and software for information such as their Internet Protocol address, was initially designed to transmit information back to Microsoft every time users booted up their computers. But the software giant has since scaled back the frequency of the transmissions to twice a month and informed users about ways to disable the WGA alerts.
------------------------------------

Another one. They might as well kill WGA for now.

Intentional misrepresentation? I don't think there's a chance in hell of that one getting through.

WGA is too damn easy to hack and disable anyway - just like everything else MS does. Another feeble attempt that ends up making them look like pricks.

The industry as a whole needs to just realize you're not going to stop piracy no matter how hard you try. In the end the piracy continues pretty much unabated while legitimate customers are burdened by privacy invasions, rootkits, malware and all the other shit the companies try to use to stop piracy.

Fruitless.

See now, it's not at all that Microsoft couldn't make something which is not at all easy to hack and disable — it just isn't in their interest. No piracy == less copies of windows == losing semi-monopolistic power. People are so blind to that, it's astonishing.

Microsoft is perfectly capable of making WGA extremely difficult to disable.

Then why do it anyway? It was just a waste of time and money.

Well, they do benefit from encouraging users with pirated copies (many of which do not know their copy is pirated) to buy proper licences. And they do benefit from tracking down people who are selling pirate copies of Windows (those giving it away for free are more the sort that will pirate it regardless, dodgy sellers selling bootleg copies will generally sell them to people who are willing to pay but wish to save money), which is why if you can prove that someone sold you your pirate copy of Windows, they give you a copy of Windows for free.

My microwave doesn't tell me how it cooks my popcorn, but I don't get all bent out of shape about it.

Yes, but if you're microwave was to transmit its unique ID and your home IP address to the internet in order to determine how long to cook the popcorn for, you'd probably like to at least be told.

Because it picks the low-hanging fruit. They get more money and don't prevent anyone from using the software anyway, and look generous for giving out licenses to legitimate "victims", and are more easily able to prosecute the one type of pirate that doesn't help Microsoft: the computer reseller.

A win-win-win-win situation for Microsoft.