V
Vanguard
I didn't track at which point Microsoft dumped this on my host. I have
a genuine version (OEM) of Windows XP Pro when I bought the hardware and
software components for my system. As part of Microsoft discontinuance
of supporting pirated versions of Windows so they cannot get updates or
service packs (an understandable stance on their part), they have
decided to install spyware on all their customers' hosts. It is the
wgatray.exe process. See http://www.theinquirer.net/?article=31281.
I don't want processes consuming resources that are not germane to *MY*
use of *MY* hardware and the licensed software. I disable or set to
Manual any NT services that I don't need. I disable apps that want to
run at startup that I don't need or need so rarely that starting them
manually is not great loss of ease-of-use for them, or I disable or
remove their startup entries from the registry, Start group, or Task
Manager if they don't provide the option to *not* load them on Windows
startup. I don't want all that crap running on my host.
Microsoft got a bit more tricky with the WGA program. It won't appear
in msconfig as a startup item. Some utilities that let you check the
startup items won't show it. I used AutoRuns from SysInternals and
found it hiding (as some malware does also) under:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
under a data item named "WgaLogon". The executable file is at:
c:\windows\system32\wgalogon.[exe|dll]
Like rootkits, Microsoft will hide the WGA processes in the hopes that
users won't wonder what the hell it is. They also have the kernel hide
it when using Explorer when looking in the System32 folder (but other
file search tools, like Agent Ransack, the free version of FileLocator,
will find it). I noticed it because I use DiamondCS' ProcessGuard which
won't let a process load into memory unless authorized by the user.
I can understand the need to stop supporting pirated copies of Windows
but that should be performed during the session with Windows Update, not
by running some client-side utility that always performs the check when
it doesn't apply. It is not Microsoft's place to interfere with the
operation of the OS during its use, only when the pirating user attempts
to get updates. Since the Windows Update site already requires the use
of an ActiveX control, let Microsoft use that mechanism for qualifying
the connected user as to whether or not they can get updates (and make
damn sure there is a free support line just for problems that arise from
false triggers).
Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows startup)?
Microsoft needs to learn that it cannot resort to spyware to regulate
who uses their operating systems. I won't be annoyed by the popups (but
supposedly pirates will although it has yet to be seen how accurate is
their detection) but I really don't want anymore extra crap, er, fluff
running on my system since it is *MY* hardware, not Microsoft's. I
don't want anything stealing CPU cycles and memory that I don't know
about and which I cannot control; otherwise, it is considered malware.
It wouldn't be as much of an insult if Microsoft had not chose to hide
what they are doing to their customers. Guess they liked what Sony did
with their rootkit and have followed suit. Microsoft produces the
Windows Defender anti-spyware product yet Microsoft also introduces
spyware.
a genuine version (OEM) of Windows XP Pro when I bought the hardware and
software components for my system. As part of Microsoft discontinuance
of supporting pirated versions of Windows so they cannot get updates or
service packs (an understandable stance on their part), they have
decided to install spyware on all their customers' hosts. It is the
wgatray.exe process. See http://www.theinquirer.net/?article=31281.
I don't want processes consuming resources that are not germane to *MY*
use of *MY* hardware and the licensed software. I disable or set to
Manual any NT services that I don't need. I disable apps that want to
run at startup that I don't need or need so rarely that starting them
manually is not great loss of ease-of-use for them, or I disable or
remove their startup entries from the registry, Start group, or Task
Manager if they don't provide the option to *not* load them on Windows
startup. I don't want all that crap running on my host.
Microsoft got a bit more tricky with the WGA program. It won't appear
in msconfig as a startup item. Some utilities that let you check the
startup items won't show it. I used AutoRuns from SysInternals and
found it hiding (as some malware does also) under:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
under a data item named "WgaLogon". The executable file is at:
c:\windows\system32\wgalogon.[exe|dll]
Like rootkits, Microsoft will hide the WGA processes in the hopes that
users won't wonder what the hell it is. They also have the kernel hide
it when using Explorer when looking in the System32 folder (but other
file search tools, like Agent Ransack, the free version of FileLocator,
will find it). I noticed it because I use DiamondCS' ProcessGuard which
won't let a process load into memory unless authorized by the user.
I can understand the need to stop supporting pirated copies of Windows
but that should be performed during the session with Windows Update, not
by running some client-side utility that always performs the check when
it doesn't apply. It is not Microsoft's place to interfere with the
operation of the OS during its use, only when the pirating user attempts
to get updates. Since the Windows Update site already requires the use
of an ActiveX control, let Microsoft use that mechanism for qualifying
the connected user as to whether or not they can get updates (and make
damn sure there is a free support line just for problems that arise from
false triggers).
Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows startup)?
Microsoft needs to learn that it cannot resort to spyware to regulate
who uses their operating systems. I won't be annoyed by the popups (but
supposedly pirates will although it has yet to be seen how accurate is
their detection) but I really don't want anymore extra crap, er, fluff
running on my system since it is *MY* hardware, not Microsoft's. I
don't want anything stealing CPU cycles and memory that I don't know
about and which I cannot control; otherwise, it is considered malware.
It wouldn't be as much of an insult if Microsoft had not chose to hide
what they are doing to their customers. Guess they liked what Sony did
with their rootkit and have followed suit. Microsoft produces the
Windows Defender anti-spyware product yet Microsoft also introduces
spyware.