Alias~- said:
Why can't you just have your firewall block WGA before doing the
image? That said, I have WGA set to ask before going online and it
hasn't asked in over two months.
Depends on the firewall. Are you talking about the Windows firewall
which loads before TCP is enabled so firewalling is immediate? But
then outbound restrictions aren't available for the Windows firewall,
anyway. Most firewalls load late, sometime after many startup
programs have already loaded. WGA is ran as a Notify event; see the
registry at:
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\WgaLogon
It runs on Windows startup and probably long before your firewall ever
loads, so WGA is getting out before your firewall even loads.
Use something like ProcessGuard to prevent the process from ever
loading into memory. Nothing runs unless it gets into memory. I have
ProcessGuard block loading of wgatray.exe. I do NOT allow it to let
rundll.exe to load except by prompting me to allow or block, so
something like "rundll.exe wgalogon.dll ..." can't run. Of course,
its possible WGAlogon.dll gets run before ProcessGuard, but there are
lots of info found by Googling on how to kill, disable, or delete WGA,
like
http://www.ghacks.net/2006/04/27/how-to-disable-microsofts-new-anti-piracy-program-update/.
I haven't watched through subsequent updates if Microsoft steps atop
this file (delete it and create a new instance) to get back the
security permissions needed for it to execute. That's why I'm hoping
ProcessGuard will prevent wgatray.exe (whatever version Microsoft puts
on my system through "security" updates) and not allowing rundll.exe
to run without prompting (so a method cannot be called from within
wgalogon.dll) will thwart Microsoft's paranoic stupidity.
This only deters WGA from phoning home at Windows startup if you have
an always-on connection. You still end up having to install and run
their ActiveX control for many of their downloads (i.e., they want to
authenticate your instance of Windows before they'll let you have the
download). So while you don't authenticate on startup anymore, there
are many downloads that still require authentication to get them. I
don't mind *elective* authentication, like when doing the downloads.
It's the covert intrusiveness of WGA that I dislike.
