A Programmer said:
I find it all the time, in fact for a while I couldn't make one step
in any Windows oriented forum without running into a "Microsoft
screwed me over." post involving WGA/N.
Ultimately, though, this was a completely poorly thought out thing
(perhaps the dumbest thing Microsoft has ever done), especially when
it comes to social engineering and simple common sense - why?
Given the cases I've seen like this, most of them are legit copies
that WGA/N has flagged. Ultimately what likely happened is that the
computer was on a shelf somewhere in a store being shown. The handy
little sticker was out there waiting to be copied down, or to go to a
more technologically advanced thing, snapped with a picture phone.
Person that does this goes home, registers a copy of XP. The legit
person then installs theirs, and attempts to register and gets bonked
out by either WPA (another horrid idea) or WGA.
Now, this person with the legit copy has a legitimate beef now with
the vendor. Also given the attack dogs Microsoft has in their legal
department, vendor now has a reason to be scared to complete death
over something like this. Their customer has a legitimate legal
complaint against them due to no fault of the vendor (non-provision of
purchased services), and Microsoft is going to think that the vendor
is a counterfeit/pirate.
There are, of course, other vectors for people to harvest legitimate
XP S/Ns in a similar manner, but what I described is by and far the
easiest. Most of this is such simple common sense, that it's almost
stupid that no one at Microsoft thought of this before they released
WGA/N. In fact, with Microsoft's OEM sticker policy, the scenario
above got made frighteningly easy.
Really the only way to solve this in the right way is to discontinue
it. WGA/N was irrevocably broken in the conception stage. Bad idea
from the get-go.
Whilst I disagree a bit with the last statement thank you for presenting a
realistic and sensible view of potential problems. I certainly can agree
that there are cases where the legit user can lose out. If you ever played
Half Life or similar which is now distributed online using a system called
"Steam" you will know that this is a problem but the one thing it does do is
make you protect your "Key" because if you lose it and someone else
commandeers it you are without recourse really.
I don;t give copies of my car keys to anyone and nor would I give software
keys, this is not a matter of protecting some big software giant but a
common sense measure to cover my own ass.
However the one thing that people are forgetting is that spammers, spyware
merchants, back door designers and such are getting smarter all the time. At
this time they have to contrive some method of "Planting" a malware on your
machine or persuading you to plant it. If a large number of pirate copies of
Vista got out with something already planted than reformat reinstall is no
answer, and the internet could suffer badly - all users not just the Vista
community. This could happen just as well with any OS including Linux but in
general Linux users are smart enough to protect themselves, many Windows
users are just users not technically savvy. This is what makes Vista a more
serious concern than any other OS at this time.
Then, internet users in general will be in a fix and many will demand some
"Intervention", that "Somebody do something" and this gives the Federal
Government an excuse to bring in Homeland Security to police the internet.
This will be paid for by taxes that will cost us all (Naturally it has to be
paid for even though we know they will be worthless).
I prefer to see MS use their resources to at least "Try" and protect their
OS than have to pay some Federal Agency to close the door after the horse is
already over the horizon. This has nothing really to do with Microsoft as
far as my opinion is concerned, which is why I cannot respect the views of
the rabid Microsoft bashers. It really has nothing to do with any sort of
self righteous "Piracy is wrong or illegal" standpoint. I see it as being
something that has become a security issue for all of us, Windows, Linux,
Solaris the whole lot of us.
For once I think Microsoft have foreseen a security issue, quite a change of
attitude from the early days, because security concerns have impacted their
business, and that is quite proper. What they cannot do is educate millions
of users to the same standard that Linux users mostly have, all Microsoft
can do is try a software solution.
I don't personally feel that Microsoft distrust me at all, but then as an
MSDN member I have more reason to believe that than the average user would
have, rather I feel that Microsoft are actually trying to be responsible on
behalf of the wider community and of course to protect their own reputation.
Obviously agreements have to be signed, but there's nothing in there to
prevent me criticizing Microsoft where I feel they are in error, not even in
their own newsgroups. I certainly have done so in the past and still do so
on some issues, but I do feel that with WGA despite the false positives they
have to try and develop a solution that cannot be purely based on some
programmatic or hardware development. It is regrettable that some innocent
folks are affected, but if WGA slips "Under the radar" for many users then
so will all manner of other things - on occasions one has to fight fire with
fire perhaps.
Charlie