Removing WGA's Calling Home Ability

[Sharkman]

found this:

Prevent Windows from calling home

There have been many complaints about Microsoft's Windows Genuine Advantage
(WGA) anti-piracy feature, especially the aspect that regularly sends
information to Microsoft on a daily basis (this is being changed to only
check for new settings every 14 days). The WGA tool is part of the monthly
security updates, and it has two parts: the validation part that determines
whether the copy of Windows running is legal and the Notifications part.
It's the latter that sends info every day even after the copy of Windows has
been validated. Now a company called Firewall Leak Tester has come out with
a program called RemoveWGA that removes the Notification portion of WGA only
and works on XP SP1 and SP2. Read more about it here:
http://www.wxpnews.com/3JEH0Y/060627-RemoveWGA

 

[Alias]

found this:

Prevent Windows from calling home

There have been many complaints about Microsoft's Windows Genuine Advantage
(WGA) anti-piracy feature, especially the aspect that regularly sends
information to Microsoft on a daily basis (this is being changed to only
check for new settings every 14 days). The WGA tool is part of the monthly
security updates, and it has two parts: the validation part that determines
whether the copy of Windows running is legal and the Notifications part.
It's the latter that sends info every day even after the copy of Windows has
been validated. Now a company called Firewall Leak Tester has come out with
a program called RemoveWGA that removes the Notification portion of WGA only
and works on XP SP1 and SP2. Read more about it here:
http://www.wxpnews.com/3JEH0Y/060627-RemoveWGA

Blocking it with a firewall is easier.

Alias

 

[Larry Gardner]

It depends on how the Firewall is implemented.

If the firewall is implemented as a service/driver, then that will block it
(unless it is Windows Firewall ... which seems to allow it to go through).
The WGA is implemented in the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\WgaLogon key.

This key is executed prior to anything starting up for the user. So if the
Firewall is started within the HKLM Run, HKCU Run or Startup folder, the WGA
will execute and try to connect, since the firewall hasn't kicked in yet.

ZoneAlarm seems to start prior to anything since it is based on a driver, so
it will catch attempts for WGA to connect out.

 

[kurttrail]

found this:

Prevent Windows from calling home

There have been many complaints about Microsoft's Windows Genuine
Advantage (WGA) anti-piracy feature, especially the aspect that
regularly sends information to Microsoft on a daily basis (this is
being changed to only check for new settings every 14 days). The WGA
tool is part of the monthly security updates, and it has two parts:
the validation part that determines whether the copy of Windows
running is legal and the Notifications part. It's the latter that
sends info every day even after the copy of Windows has been
validated. Now a company called Firewall Leak Tester has come out
with a program called RemoveWGA that removes the Notification portion
of WGA only and works on XP SP1 and SP2. Read more about it here:
http://www.wxpnews.com/3JEH0Y/060627-RemoveWGA

http://www.firewallleaktester.com/removewga.htm

--
Peace!
Kurt Kirsch
Self-anointed Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."

 

[Alias]

It depends on how the Firewall is implemented.

If the firewall is implemented as a service/driver, then that will block it
(unless it is Windows Firewall ... which seems to allow it to go through).
The WGA is implemented in the

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\WgaLogon key.

This key is executed prior to anything starting up for the user. So if the
Firewall is started within the HKLM Run, HKCU Run or Startup folder, the WGA
will execute and try to connect, since the firewall hasn't kicked in yet.

ZoneAlarm seems to start prior to anything since it is based on a driver, so
it will catch attempts for WGA to connect out.

I use Sygate and, before I blocked it, WGA would ask permission to go on
the Net on every reboot. I had my firewall tell it, "no way, Jose".

Alias

 

[HeyBub]

found this:

Prevent Windows from calling home

There have been many complaints about Microsoft's Windows Genuine
Advantage (WGA) anti-piracy feature, especially the aspect that
regularly sends information to Microsoft on a daily basis (this is
being changed to only check for new settings every 14 days). The WGA
tool is part of the monthly security updates, and it has two parts:
the validation part that determines whether the copy of Windows
running is legal and the Notifications part. It's the latter that
sends info every day even after the copy of Windows has been
validated. Now a company called Firewall Leak Tester has come out
with a program called RemoveWGA that removes the Notification portion
of WGA only and works on XP SP1 and SP2. Read more about it here:
http://www.wxpnews.com/3JEH0Y/060627-RemoveWGA

Wonder if that -- and firewall blocking -- violates the DMCA as egregious
and flagrant interference with copy protection?

 

[NoStop]

It depends on how the Firewall is implemented.

If the firewall is implemented as a service/driver, then that will block
it (unless it is Windows Firewall ... which seems to allow it to go
through).

Keeping with the half-baked applications MickeyMouse provides with this toy
operating system, the Windoze "Firewall" is only capable of blocking
incoming requests not outgoing connections from your computer. To get a
fully-functional firewall that can control traffic both ways, the poor
Windoze user needs to look for a third-party alternative and then learn to
use it. This is way beyond the capabilities of the vaste majority of
Windoze users and hence the Net is subjected to all the spam and crapware
pouring out hourly from compromised Windoze boxes. There outta be a law
against this toy operating system and the multinational corporation that
has foisted it on the world.


--
The ULTIMATE Windoze Fanboy:

http://video.google.com/videoplay?docid=-2370205018226686613

A 3D Linux Desktop (video) ...

View Some Common Linux Desktops ...
http://shots.osdir.com/

 

[Carey Frisch [MVP]]

Of course it does....that WGA hack page is no longer available.

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------­----------------

:
| Wonder if that -- and firewall blocking -- violates the DMCA as egregious
| and flagrant interference with copy protection?

 

[kurttrail]

Of course it does....that WGA hack page is no longer available.

Do you need a copy of it, Carey?

http://download.softpedia.ro/software/TWEACK/removewga.exe

--
Peace!
Kurt Kirsch
Self-anointed Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."

 

[Alias]

Of course it does....that WGA hack page is no longer available.

:
| Wonder if that -- and firewall blocking -- violates the DMCA as egregious
| and flagrant interference with copy protection?

I'm blocking the mal/spyware with my firewall. If you or MS don't like
it, sue me. When I reinstall Windows, I will NOT put that mal/spyware on
my machine.

Alias

 

[Gordon]

Do you need a copy of it, Carey?

http://download.softpedia.ro/software/TWEACK/removewga.exe

Thanks!

 

[Rhonda Lea Kirk]

It depends on how the Firewall is implemented.

ZoneAlarm seems to start prior to anything since it is based on a
driver, so it will catch attempts for WGA to connect out.

<laughing> In one of life's great ironies, Windows Live OneCare stops
it.

rl
--
Rhonda Lea Kirk

Insisting on perfect safety is for people
without the balls to live in the real world.
Mary Shafer Iliff

 

[Larry Gardner]

Rhonda:

I have Windows OneCare Live ... and it does not block the attempt to connect
at startup. It does after Windows OneCare starts and is operational ... but
not until you have logged in.

The way to prove this is to turn on 'verbosestatus' in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
and watch what happens when the system starts up after you login.

WGALogon.dll is started way before anything else is started ... including
Windows OneCare.
I have also sent that information to the Windows OneCare Support team ...
and they concurred with my findings.

 

[Alias]

Rhonda:

I have Windows OneCare Live ... and it does not block the attempt to connect
at startup. It does after Windows OneCare starts and is operational ... but
not until you have logged in.

The way to prove this is to turn on 'verbosestatus' in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
and watch what happens when the system starts up after you login.

WGALogon.dll is started way before anything else is started ... including
Windows OneCare.
I have also sent that information to the Windows OneCare Support team ...
and they concurred with my findings.

So, you're saying it calls home before your firewall loads and then
again after your firewall loads? What if you're behind a NAT router as well?

Alias

 

[Rhonda Lea Kirk]

Rhonda:

I have Windows OneCare Live ... and it does not block the attempt to
connect at startup. It does after Windows OneCare starts and is
operational ... but not until you have logged in.

The way to prove this is to turn on 'verbosestatus' in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
and watch what happens when the system starts up after you login.

I used TCPView and ProcessExplorer to watch it, and I did watch it load
and log on.

Then I disabled it with HijackThis, and now I don't see it do anything
anymore.

WGALogon.dll is started way before anything else is started ...
including Windows OneCare.
I have also sent that information to the Windows OneCare Support team
... and they concurred with my findings.

I believe you, Larry, but on May 31, it was doing something different.

I've been WGA free since then.

rl
--
Rhonda Lea Kirk

Insisting on perfect safety is for people
without the balls to live in the real world.
Mary Shafer Iliff