On Mon, 18 Sep 2006 15:51:02 -0700, el-chema
Even if it's "just" the WGA notification tool, it could be termed
malware. Malware is user-hostile code that is stealthed into the
system under false pretences; this one poses as a security update
there to address the user's interests, but it's really there to
address the vendor's interests
OTOH, you may see fake "WGA" malware that uses the familiar WGA alert
as SE to lure the user into clicking itont something completely
different. I haven't heard of such as yet, but it could happen.
Are you running warez XP, using a stolen Volume License Key?
If so, then it's most likely to be MS's WGA doing exactly what it is
supposed to do - alert the user that they are detectable as improperly
licensed, and thus liable to be blocked from the Windows Update site,
as well as offline installation of Service Packs.
If not, then it's either MS's WGA messing up (false positive alert -
but I think that was fixed a while ago) or it's a malware fake.
It can be argued that running a Windows that is detectable as not
being properly licensed is in itself a security/safety risk to the
user, because without patching, the code base will become increasingly
exploitable as time goes by. If you swallow that argument, then the
WGA notification tool cannot be considered malware on any basis.
OTOH, right now the same Automatic Update that rams WGA Notification
Tool into the system will also ram in the patches you need. Contrast
this with being a legally-licensed user of the original "fit to
release" XP (i.e. "Service Pack 0"), which WGA will not highlight as a
risk, even though MS no longer tests this version of XP for
exploitability, nor does it issue new patched for it.
So we have XP SP0 that cannot be patched via any methodology, because
no patches will ever be made for it again. WGA-OK; no alert.
And we have XP SP1 (briefly) and SP2 that are already being
automatically patched via the same conduit that brings in the WGA
Notification Tool, which alerts because a warez VLK is detected.
On the basis of the above, I conclude that the WGA Notification Tool
is purely there for MS's benefit, and is not geared to alerting the
user about increased risk to future exploits. This is at odds with
the logic behind Auto Update's pushing of "security updates", and this
variance is some grounds to label it as commercial malware.
Is not a virus, using Windows Update you installed "Windows Genuine Advantage
Notifications" that validates if you have a genuine copy of windows, check
out his link:
:
------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)