WGAtray.exe (Windows Genuine Authentication) spyware. Can this be disabled?

[Vanguard]

I didn't track at which point Microsoft dumped this on my host. I have
a genuine version (OEM) of Windows XP Pro when I bought the hardware and
software components for my system. As part of Microsoft discontinuance
of supporting pirated versions of Windows so they cannot get updates or
service packs (an understandable stance on their part), they have
decided to install spyware on all their customers' hosts. It is the
wgatray.exe process. See http://www.theinquirer.net/?article=31281.

I don't want processes consuming resources that are not germane to *MY*
use of *MY* hardware and the licensed software. I disable or set to
Manual any NT services that I don't need. I disable apps that want to
run at startup that I don't need or need so rarely that starting them
manually is not great loss of ease-of-use for them, or I disable or
remove their startup entries from the registry, Start group, or Task
Manager if they don't provide the option to *not* load them on Windows
startup. I don't want all that crap running on my host.

Microsoft got a bit more tricky with the WGA program. It won't appear
in msconfig as a startup item. Some utilities that let you check the
startup items won't show it. I used AutoRuns from SysInternals and
found it hiding (as some malware does also) under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

under a data item named "WgaLogon". The executable file is at:

c:\windows\system32\wgalogon.[exe|dll]

Like rootkits, Microsoft will hide the WGA processes in the hopes that
users won't wonder what the hell it is. They also have the kernel hide
it when using Explorer when looking in the System32 folder (but other
file search tools, like Agent Ransack, the free version of FileLocator,
will find it). I noticed it because I use DiamondCS' ProcessGuard which
won't let a process load into memory unless authorized by the user.

I can understand the need to stop supporting pirated copies of Windows
but that should be performed during the session with Windows Update, not
by running some client-side utility that always performs the check when
it doesn't apply. It is not Microsoft's place to interfere with the
operation of the OS during its use, only when the pirating user attempts
to get updates. Since the Windows Update site already requires the use
of an ActiveX control, let Microsoft use that mechanism for qualifying
the connected user as to whether or not they can get updates (and make
damn sure there is a free support line just for problems that arise from
false triggers).

Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows startup)?
Microsoft needs to learn that it cannot resort to spyware to regulate
who uses their operating systems. I won't be annoyed by the popups (but
supposedly pirates will although it has yet to be seen how accurate is
their detection) but I really don't want anymore extra crap, er, fluff
running on my system since it is *MY* hardware, not Microsoft's. I
don't want anything stealing CPU cycles and memory that I don't know
about and which I cannot control; otherwise, it is considered malware.
It wouldn't be as much of an insult if Microsoft had not chose to hide
what they are doing to their customers. Guess they liked what Sony did
with their rootkit and have followed suit. Microsoft produces the
Windows Defender anti-spyware product yet Microsoft also introduces
spyware.

 

[paulmd]

I didn't track at which point Microsoft dumped this on my host. I have
a genuine version (OEM) of Windows XP Pro when I bought the hardware and
software components for my system. As part of Microsoft discontinuance
of supporting pirated versions of Windows so they cannot get updates or
service packs (an understandable stance on their part), they have
decided to install spyware on all their customers' hosts. It is the
wgatray.exe process. See http://www.theinquirer.net/?article=31281.

<much snippage>

You will have to google for WGA hacks. I doubt there will be much help
from the forum.

 

[Carey Frisch [MVP]]

Windows Genuine Advantage (WGA) program - FAQ
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------­----------------

"Vanguard" wrote:

| I didn't track at which point Microsoft dumped this on my host. I have
| a genuine version (OEM) of Windows XP Pro when I bought the hardware and
| software components for my system. As part of Microsoft discontinuance
| of supporting pirated versions of Windows so they cannot get updates or
| service packs (an understandable stance on their part), they have
| decided to install spyware on all their customers' hosts. It is the
| wgatray.exe process. See http://www.theinquirer.net/?article=31281.
|
| I don't want processes consuming resources that are not germane to *MY*
| use of *MY* hardware and the licensed software. I disable or set to
| Manual any NT services that I don't need. I disable apps that want to
| run at startup that I don't need or need so rarely that starting them
| manually is not great loss of ease-of-use for them, or I disable or
| remove their startup entries from the registry, Start group, or Task
| Manager if they don't provide the option to *not* load them on Windows
| startup. I don't want all that crap running on my host.
|
| Microsoft got a bit more tricky with the WGA program. It won't appear
| in msconfig as a startup item. Some utilities that let you check the
| startup items won't show it. I used AutoRuns from SysInternals and
| found it hiding (as some malware does also) under:
|
| HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|
| under a data item named "WgaLogon". The executable file is at:
|
| c:\windows\system32\wgalogon.[exe|dll]
|
| Like rootkits, Microsoft will hide the WGA processes in the hopes that
| users won't wonder what the hell it is. They also have the kernel hide
| it when using Explorer when looking in the System32 folder (but other
| file search tools, like Agent Ransack, the free version of FileLocator,
| will find it). I noticed it because I use DiamondCS' ProcessGuard which
| won't let a process load into memory unless authorized by the user.
|
| I can understand the need to stop supporting pirated copies of Windows
| but that should be performed during the session with Windows Update, not
| by running some client-side utility that always performs the check when
| it doesn't apply. It is not Microsoft's place to interfere with the
| operation of the OS during its use, only when the pirating user attempts
| to get updates. Since the Windows Update site already requires the use
| of an ActiveX control, let Microsoft use that mechanism for qualifying
| the connected user as to whether or not they can get updates (and make
| damn sure there is a free support line just for problems that arise from
| false triggers).
|
| Anyone know how to keep wgatray.exe from running? Would deleting its
| registry entry as a WinLogon event eliminate it? What if I configure
| ProcessGuard to *not* allow that process to load into memory (if
| Microsoft has decided to play the role of a virus and circumvent any
| standard means of preventing a process from loading on Windows startup)?
| Microsoft needs to learn that it cannot resort to spyware to regulate
| who uses their operating systems. I won't be annoyed by the popups (but
| supposedly pirates will although it has yet to be seen how accurate is
| their detection) but I really don't want anymore extra crap, er, fluff
| running on my system since it is *MY* hardware, not Microsoft's. I
| don't want anything stealing CPU cycles and memory that I don't know
| about and which I cannot control; otherwise, it is considered malware.
| It wouldn't be as much of an insult if Microsoft had not chose to hide
| what they are doing to their customers. Guess they liked what Sony did
| with their rootkit and have followed suit. Microsoft produces the
| Windows Defender anti-spyware product yet Microsoft also introduces
| spyware.
|
| --

 

[Vanguard]

<much snippage>

You will have to google for WGA hacks. I doubt there will be much help
from the forum.

Since the microsoft.public.* groups are carried on servers OTHER than
just Microsoft's, any replies to my post cannot be cancelled by
Microsoft (because many, if not most, NNTP server won't honor cancels to
eliminate the abuse they engender from malcontents). I will, however,
have to reconsider whether I visit the microsoft.public.* groups using
Microsoft's NNTP server (since they could cancel posts with info that
they want to keep secret) or switch to using my ISP-contracted Giganews
server for those groups (over which Microsoft doesn't control and
Giganews doesn't honor cancels). Of course, the post and replies would
still show up in Google Groups.

I'm not really looking for a "hack". I'm looking for a reasonable
method of maintaining control over *my* hardware and its use and using
the standard methods known by knowledgeable users. For startup
programs, often they are found in the Run keys in the registry, the
Start group, and a few times may even be in Task Scheduler (as a
load-on-Windows-startup event). Even the WinLogon registry key isn't
that much of a mystery to experienced users (or those at the admin
level). I would prefer to disable it rather than delete it. When I'm
using my system, it would be disabled. When I want to visit the Windows
Update site (and presuming Microsoft can't figure out how to perform
validation at that time only which is unlikely) then I would enable it
to show, yes, I have a valid license. Just like a driver's license, I
don't mind showing it to the security folk at the airport when requested
but I'm not going to superglue it to my forehead to present it all the
time. I am not objecting to presenting my credentials when requested,
but there is no such request except when I am using Windows Update. I
don't run the Windows Update service, either, but that doesn't stop me
from starting it when I want to use it and then stopping when when I
don't.

Like Windows Update service, I'd like a user-friendly and easily usable
mechanism for enabling or disabling the WGA function. If it was
disabled when I went the WU site then Microsoft could easily just refuse
to provide the updates or service packs. I'd still have to use their
WGA when visiting the WU site but obviously I nor any other legally
licensed user needs it when they are *not* using the WU site.

Guess I'll treat it as malware since Microsoft wants to behave in
similar manner to that type of software. I'll see if blocking it
loading using ProcessGuard is effective. I can then reboot without
ProcessGuard blocking it when I want to get updates. I'm not the stupid
user appreciated by Microsoft that configures Windows Update to
automatically download and install updates. I only let Microsoft tell
me when there are new updates, and only then do I decide on *my*
schedule when to download them and when to install them but only after
reviewing their details.

 

[PA Bear]

Also see:

How to configure and use Automatic Updates in Windows XP
(choose Notify Only or Download But Do Not Install options)
http://support.microsoft.com/?kbid=306525
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

Windows Genuine Advantage (WGA) program - FAQ
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

I didn't track at which point Microsoft dumped this on my host. I have
a genuine version (OEM) of Windows XP Pro when I bought the hardware and
software components for my system. As part of Microsoft discontinuance
of supporting pirated versions of Windows so they cannot get updates or
service packs (an understandable stance on their part), they have
decided to install spyware on all their customers' hosts. It is the
wgatray.exe process. See http://www.theinquirer.net/?article=31281.

I don't want processes consuming resources that are not germane to *MY*
use of *MY* hardware and the licensed software. I disable or set to
Manual any NT services that I don't need. I disable apps that want to
run at startup that I don't need or need so rarely that starting them
manually is not great loss of ease-of-use for them, or I disable or
remove their startup entries from the registry, Start group, or Task
Manager if they don't provide the option to *not* load them on Windows
startup. I don't want all that crap running on my host.

Microsoft got a bit more tricky with the WGA program. It won't appear
in msconfig as a startup item. Some utilities that let you check the
startup items won't show it. I used AutoRuns from SysInternals and
found it hiding (as some malware does also) under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

under a data item named "WgaLogon". The executable file is at:

c:\windows\system32\wgalogon.[exe|dll]

Like rootkits, Microsoft will hide the WGA processes in the hopes that
users won't wonder what the hell it is. They also have the kernel hide
it when using Explorer when looking in the System32 folder (but other
file search tools, like Agent Ransack, the free version of FileLocator,
will find it). I noticed it because I use DiamondCS' ProcessGuard which
won't let a process load into memory unless authorized by the user.

I can understand the need to stop supporting pirated copies of Windows
but that should be performed during the session with Windows Update, not
by running some client-side utility that always performs the check when
it doesn't apply. It is not Microsoft's place to interfere with the
operation of the OS during its use, only when the pirating user attempts
to get updates. Since the Windows Update site already requires the use
of an ActiveX control, let Microsoft use that mechanism for qualifying
the connected user as to whether or not they can get updates (and make
damn sure there is a free support line just for problems that arise from
false triggers).

Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows startup)?
Microsoft needs to learn that it cannot resort to spyware to regulate
who uses their operating systems. I won't be annoyed by the popups (but
supposedly pirates will although it has yet to be seen how accurate is
their detection) but I really don't want anymore extra crap, er, fluff
running on my system since it is *MY* hardware, not Microsoft's. I
don't want anything stealing CPU cycles and memory that I don't know
about and which I cannot control; otherwise, it is considered malware.
It wouldn't be as much of an insult if Microsoft had not chose to hide
what they are doing to their customers. Guess they liked what Sony did
with their rootkit and have followed suit. Microsoft produces the
Windows Defender anti-spyware product yet Microsoft also introduces
spyware.

--

 

[steam3801]

<snip>

Yes. Google is your friend.

 

[kurttrail]

I didn't track at which point Microsoft dumped this on my host. I
have a genuine version (OEM) of Windows XP Pro when I bought the
hardware and software components for my system. As part of Microsoft
discontinuance of supporting pirated versions of Windows so they
cannot get updates or service packs (an understandable stance on
their part), they have decided to install spyware on all their
customers' hosts. It is the wgatray.exe process. See
http://www.theinquirer.net/?article=31281.
I don't want processes consuming resources that are not germane to
*MY* use of *MY* hardware and the licensed software. I disable or
set to Manual any NT services that I don't need. I disable apps that
want to run at startup that I don't need or need so rarely that
starting them manually is not great loss of ease-of-use for them, or
I disable or remove their startup entries from the registry, Start
group, or Task Manager if they don't provide the option to *not* load
them on Windows startup. I don't want all that crap running on my
host.
Microsoft got a bit more tricky with the WGA program. It won't appear
in msconfig as a startup item. Some utilities that let you check the
startup items won't show it. I used AutoRuns from SysInternals and
found it hiding (as some malware does also) under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

under a data item named "WgaLogon". The executable file is at:

c:\windows\system32\wgalogon.[exe|dll]

Like rootkits, Microsoft will hide the WGA processes in the hopes that
users won't wonder what the hell it is. They also have the kernel
hide it when using Explorer when looking in the System32 folder (but
other file search tools, like Agent Ransack, the free version of
FileLocator, will find it). I noticed it because I use DiamondCS'
ProcessGuard which won't let a process load into memory unless
authorized by the user.
I can understand the need to stop supporting pirated copies of Windows
but that should be performed during the session with Windows Update,
not by running some client-side utility that always performs the
check when it doesn't apply. It is not Microsoft's place to
interfere with the operation of the OS during its use, only when the
pirating user attempts to get updates. Since the Windows Update site
already requires the use of an ActiveX control, let Microsoft use
that mechanism for qualifying the connected user as to whether or not
they can get updates (and make damn sure there is a free support line
just for problems that arise from false triggers).

Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows
startup)? Microsoft needs to learn that it cannot resort to spyware
to regulate who uses their operating systems. I won't be annoyed by
the popups (but supposedly pirates will although it has yet to be
seen how accurate is their detection) but I really don't want anymore
extra crap, er, fluff running on my system since it is *MY* hardware,
not Microsoft's. I don't want anything stealing CPU cycles and
memory that I don't know about and which I cannot control; otherwise,
it is considered malware. It wouldn't be as much of an insult if
Microsoft had not chose to hide what they are doing to their
customers. Guess they liked what Sony did with their rootkit and
have followed suit. Microsoft produces the Windows Defender
anti-spyware product yet Microsoft also introduces spyware.

If you understand the need, then you should have no problem with MS's
spyware.

If you don't like it, no one is forcing you to run Windows!

BWAHAHAHAHAHAHA!

--
Peace!
Kurt Kirsch
Self-anointed Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."

 

[MAP]

I'll see if blocking it
loading using ProcessGuard is effective. I can then reboot without
ProcessGuard blocking it when I want to get updates.

Vanguard,
I also use Process Guard and would be very interested on your results.
I have yet to install the new WGA.
Thanks

 

[Vanguard]

Windows Genuine Advantage (WGA) program - FAQ
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

Thanks for the link. It's a nice read but I'm not really interested in
excuses or marketing hype. One statement was "Validation is required
for all genuine Windows downloads on Microsoft Download Center." That
is exactly what I mentioned, that the WGA is *only* needed when getting
updates. It is NOT NEEDED at any other time. WGA should only be active
during a Windows Update session and non-active all other times. The WU
session already enforces the use of an ActiveX control, so have that
control either do the WGA functionality or temporarily enable it. It
should also not be a process that is hidden from the user (or, at least,
not from an admin-level user). They have lots of articles about their
IIS web server, too, but they still provide a standard mechanism for
disabling or enabling the service.

 

[Vanguard]

Also see:

How to configure and use Automatic Updates in Windows XP
(choose Notify Only or Download But Do Not Install options)
http://support.microsoft.com/?kbid=306525

Thanks for the link. Already knew about that. In fact, users *do* get
to configure Automatic Updates to either enable or disable the NT
service plus they can configure if they simply want to be told about
newly available updates, download them but don't install them, or
download and install them (with the last choice being hazardous to the
stability of your host and loss of control over managing its state).
That's great that they provided that nice and easy control for Automatic
Updates - but none of which apply to WGA. WGA runs as *hidden* process,
Windows Explorer will hides its files, and it behaves very similar to a
virus or malware in attempting to restart itself if stopped. Microsoft
is treading down the same road as Sony but users riled against that
rootkit.

There is NO configurability by the user regarding WGA. They hide the
process and treat their legal customers as children. I don't want WGA
hacked or eliminated. I just don't want it running all the time when it
obviously has no function and I don't like Microsoft hiding from us (the
admin users) the processes and files involved, especially for
non-functional (when not in a WU session) and obviously non-critical
processes.

 

[Vanguard]

If you understand the need, then you should have no problem with MS's
spyware.

If you don't like it, no one is forcing you to run Windows!

Obviously you are self-employed and don't have to answer to anyone as to
what tools you get to use to perform your job and you don't provide
documents, programs, or any other output to anyone else. You also
produce all your programs for those that are not available on any other
OS platform. You are a world unto yourself. Gee, how nice. The same
foolish argument is spewed when telling users they should switch to
another broadband provider if theirs is too spammy without regard that
cable companies are monopolies and that DSL is unavailable for many
because they are too far from the trunk station (that is, "go switch if
you want something else" without regard that this is NOTHING else).
Users that choose an OS and then figure out what applications they can
use are doing their platform selection ass backwards. You decide on the
critical tasks, what applications can perform those tasks, which
hardware and OS platforms are supported by those applications, and you
use that platform. I don't pick an OS because it has a simple and
pretty UI. I pick the one that lets me get my job done. That may limit
me to using Windows. I have also used several other platforms. I'm not
slavishly loyal to any particular OS. It's just a tool.

If the anti-piracy need were really that great to deter severe losses
from piracy, Microsoft would've done a far better job of incorporating
the protection into Windows. It is an afterthought and can be easily
thwarted. It is as secure as the stupid Content Advisor password in IE.
From analysis of how WGA works and how it was employed, it seems more of
a markekting gimmick than to provide any real security.

Apparently you didn't bother to read my post(s). I'm not interested in
thwarting the purpose of WGA. I'm interested in controlling WHEN it
wastes resources on *my* hardware. If I want updates from WU then,
yeah, make it so WGA is mandatory to validate the license so only those
with legitimate licenses can get updates. Do you continually update
your host every second of every minute of every hour of every day that
it is powered up? No, so why waste the resources for an update process
when its function is irrelevant? Do you actually waste resources
running the SMTP service when you don't want to operate your own mail
server? Would you want Microsoft to force you to run their IIS web
server and hide those process and provide no configurability although
you don't want to run a web server and don't want to use web sharing
functions?

I'm sure Sony thought they had valid excuses for hiding their "security"
in their rootkit, too. You do know how that went, don't you?

 

[Vanguard]

Yes. Google is your friend.

Already done that. Just saying "go use Google" is a lazy ass answer.
You don't even bother providing a URL for the search that provides the
parameters which would narrow the search results to a reasonable number
of *relevant* articles to the question posed (general results from a
generic topic search do not target the topic and result in irrelevant
matches). Your "help" was no help.

What articles there are are similar to hacks that destroy the function
of WGA. I'm not against the purpose of WGA. I'm against that it wastes
resources and the user has no control over how it behaves and WHEN it is
active. Do you run the IIS web server, SMTP, or other non-essential
services for those that you don't use ever or when you aren't using
them? You don't disable the Windows Firewall service when you choose to
use a better 3rd party solution (and set the ALG service to Manual)?
You do realize that you don't need to have the Automatic Updates service
even running when you are actually *using* your host and may only need
it during a deliberate Windows Update session? You have configurability
of the Automatic Updates service and also how the Windows Update control
will behave (notify, download only, download & install) but you get none
of that with WGA.

Amazing how so many replies assume that I must be trying to steal a
license of Windows or somehow perform "illegal" (defined only by
Microsoft) updates. Did I say that I wanted to thwart WGA? No. In
fact, I like the idea but it should be active ONLY when appropriate. If
the user doesn't have WGA active when they visit Windows Update (or
stupidly have Automatic Updates configured to download AND install) then
they don't get updates. Obviously this "protection" is NOT needed when
I am not trying to retrieve updates.

 

[kurttrail]

Obviously you are self-employed and don't have to answer to anyone as
to what tools you get to use to perform your job and you don't provide
documents, programs, or any other output to anyone else. You also
produce all your programs for those that are not available on any
other OS platform. You are a world unto yourself. Gee, how nice. The
same foolish argument is spewed when telling users they should
switch to another broadband provider if theirs is too spammy without
regard that cable companies are monopolies and that DSL is
unavailable for many because they are too far from the trunk station
(that is, "go switch if you want something else" without regard that
this is NOTHING else). Users that choose an OS and then figure out
what applications they can use are doing their platform selection ass
backwards. You decide on the critical tasks, what applications can
perform those tasks, which hardware and OS platforms are supported by
those applications, and you use that platform. I don't pick an OS
because it has a simple and pretty UI. I pick the one that lets me
get my job done. That may limit me to using Windows. I have also
used several other platforms. I'm not slavishly loyal to any
particular OS. It's just a tool.
If the anti-piracy need were really that great to deter severe losses
from piracy, Microsoft would've done a far better job of incorporating
the protection into Windows. It is an afterthought and can be easily
thwarted. It is as secure as the stupid Content Advisor password in
IE. From analysis of how WGA works and how it was employed, it seems
more of a markekting gimmick than to provide any real security.

Apparently you didn't bother to read my post(s). I'm not interested
in thwarting the purpose of WGA. I'm interested in controlling WHEN
it wastes resources on *my* hardware. If I want updates from WU then,
yeah, make it so WGA is mandatory to validate the license so only
those with legitimate licenses can get updates. Do you continually
update your host every second of every minute of every hour of every
day that it is powered up? No, so why waste the resources for an
update process when its function is irrelevant? Do you actually
waste resources running the SMTP service when you don't want to
operate your own mail server? Would you want Microsoft to force you
to run their IIS web server and hide those process and provide no
configurability although you don't want to run a web server and don't
want to use web sharing functions?

I'm sure Sony thought they had valid excuses for hiding their
"security" in their rootkit, too. You do know how that went, don't
you?

Karma is great. And those that support copy-protection deserve whatever
hassles it gives them.

But I told ya'll that MS's copy-protection would get more & more
invasive, so don't blame me for not crying about your present
predicament. You deserve it.

--
Peace!
Kurt Kirsch
Self-anointed Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."

 

[steam3801]

Already done that. Just saying "go use Google" is a lazy ass answer.

And asking others to do your Google searching for you is even lazier.

You don't even bother providing a URL for the search that provides the
parameters which would narrow the search results to a reasonable number
of *relevant* articles to the question posed (general results from a
generic topic search do not target the topic and result in irrelevant
matches).
<snip>

Please take your long-winded, diatribe editorials - albeit well
founded, and in some aspects justified - elsewhere, you're getting
boring.

 

[Vanguard]

Please take your long-winded, diatribe editorials - albeit well
founded, and in some aspects justified - elsewhere, you're getting
boring.

So what's your excuse to circumvent your own commandment?

 

[steam3801]

So what's your excuse to circumvent your own commandment?

Easy ... it's called ... <PLONK>

 

[Vanguard]

Easy ... it's called ... <PLONK>

Thanks. No more replies from you. That'll work just fine to reduce the
noise in the thread. Hopefully you're not like Alan Connor
(http://www.pearlgates.net/nanae/kooks/ac/) that always threatens to
killfile but never does.

 

[John]

Very well written post. I agree with most of your points.
I was surprised to have the WGA warning window "pop-Up" after the last
update session, I have a Dell PC and my upgrade to XPpro was purchased
a year ago from a reliable vendor (I thought). Since I have no
intension of contacting MS and arguing with them about this problem, I
just blew WGA away and stopped the Update pgrm. Its time to switch to
Linux anyway.
I think its funny that Bill Gates, the richest man in the world, goes
to this length to harass his customers. This jerk thinks he deserves to
be even richer than he is, and the reason he isn't is that everyone is
f***ing him. Pathetic.

I didn't track at which point Microsoft dumped this on my host. I have
a genuine version (OEM) of Windows XP Pro when I bought the hardware and
software components for my system. As part of Microsoft discontinuance
of supporting pirated versions of Windows so they cannot get updates or
service packs (an understandable stance on their part), they have
decided to install spyware on all their customers' hosts. It is the
wgatray.exe process. See http://www.theinquirer.net/?article=31281.

I don't want processes consuming resources that are not germane to *MY*
use of *MY* hardware and the licensed software. I disable or set to
Manual any NT services that I don't need. I disable apps that want to
run at startup that I don't need or need so rarely that starting them
manually is not great loss of ease-of-use for them, or I disable or
remove their startup entries from the registry, Start group, or Task
Manager if they don't provide the option to *not* load them on Windows
startup. I don't want all that crap running on my host.

Microsoft got a bit more tricky with the WGA program. It won't appear
in msconfig as a startup item. Some utilities that let you check the
startup items won't show it. I used AutoRuns from SysInternals and
found it hiding (as some malware does also) under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

under a data item named "WgaLogon". The executable file is at:

c:\windows\system32\wgalogon.[exe|dll]

Like rootkits, Microsoft will hide the WGA processes in the hopes that
users won't wonder what the hell it is. They also have the kernel hide
it when using Explorer when looking in the System32 folder (but other
file search tools, like Agent Ransack, the free version of FileLocator,
will find it). I noticed it because I use DiamondCS' ProcessGuard which
won't let a process load into memory unless authorized by the user.

I can understand the need to stop supporting pirated copies of Windows
but that should be performed during the session with Windows Update, not
by running some client-side utility that always performs the check when
it doesn't apply. It is not Microsoft's place to interfere with the
operation of the OS during its use, only when the pirating user attempts
to get updates. Since the Windows Update site already requires the use
of an ActiveX control, let Microsoft use that mechanism for qualifying
the connected user as to whether or not they can get updates (and make
damn sure there is a free support line just for problems that arise from
false triggers).

Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows startup)?
Microsoft needs to learn that it cannot resort to spyware to regulate
who uses their operating systems. I won't be annoyed by the popups (but
supposedly pirates will although it has yet to be seen how accurate is
their detection) but I really don't want anymore extra crap, er, fluff
running on my system since it is *MY* hardware, not Microsoft's. I
don't want anything stealing CPU cycles and memory that I don't know
about and which I cannot control; otherwise, it is considered malware.
It wouldn't be as much of an insult if Microsoft had not chose to hide
what they are doing to their customers. Guess they liked what Sony did
with their rootkit and have followed suit. Microsoft produces the
Windows Defender anti-spyware product yet Microsoft also introduces
spyware.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________

 

[null]

I don't have the original post, so I'll reply to this one.

To disable WGA Notify, with minimal risk, download Sysinternals
Autoruns, run it, and click the Winlogon tab. Under the list for
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify", you
will find a check box for wganotify.dll. Disable it. Reboot. Done.

http://www.sysinternals.com/utilities/autoruns.html

Very well written post. I agree with most of your points.
I was surprised to have the WGA warning window "pop-Up" after the last
update session, I have a Dell PC and my upgrade to XPpro was
purchased a year ago from a reliable vendor (I thought). Since I have
no intension of contacting MS and arguing with them about this
problem, I just blew WGA away and stopped the Update pgrm. Its time
to switch to Linux anyway.
I think its funny that Bill Gates, the richest man in the world, goes
to this length to harass his customers. This jerk thinks he deserves
to be even richer than he is, and the reason he isn't is that
everyone is f***ing him. Pathetic.

I didn't track at which point Microsoft dumped this on my host. I
have a genuine version (OEM) of Windows XP Pro when I bought the
hardware and software components for my system. As part of
Microsoft discontinuance of supporting pirated versions of Windows
so they cannot get updates or service packs (an understandable
stance on their part), they have decided to install spyware on all
their customers' hosts. It is the wgatray.exe process. See
http://www.theinquirer.net/?article=31281.

I don't want processes consuming resources that are not germane to
*MY* use of *MY* hardware and the licensed software. I disable or
set to Manual any NT services that I don't need. I disable apps
that want to run at startup that I don't need or need so rarely that
starting them manually is not great loss of ease-of-use for them, or
I disable or remove their startup entries from the registry, Start
group, or Task Manager if they don't provide the option to *not*
load them on Windows startup. I don't want all that crap running on
my host.

Microsoft got a bit more tricky with the WGA program. It won't
appear in msconfig as a startup item. Some utilities that let you
check the startup items won't show it. I used AutoRuns from
SysInternals and found it hiding (as some malware does also) under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

under a data item named "WgaLogon". The executable file is at:

c:\windows\system32\wgalogon.[exe|dll]

Like rootkits, Microsoft will hide the WGA processes in the hopes
that users won't wonder what the hell it is. They also have the
kernel hide it when using Explorer when looking in the System32
folder (but other file search tools, like Agent Ransack, the free
version of FileLocator, will find it). I noticed it because I use
DiamondCS' ProcessGuard which won't let a process load into memory
unless authorized by the user.

I can understand the need to stop supporting pirated copies of
Windows but that should be performed during the session with Windows
Update, not by running some client-side utility that always performs
the check when it doesn't apply. It is not Microsoft's place to
interfere with the operation of the OS during its use, only when the
pirating user attempts to get updates. Since the Windows Update
site already requires the use of an ActiveX control, let Microsoft
use that mechanism for qualifying the connected user as to whether
or not they can get updates (and make damn sure there is a free
support line just for problems that arise from false triggers).

Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows
startup)? Microsoft needs to learn that it cannot resort to spyware
to regulate who uses their operating systems. I won't be annoyed by
the popups (but supposedly pirates will although it has yet to be
seen how accurate is their detection) but I really don't want
anymore extra crap, er, fluff running on my system since it is *MY*
hardware, not Microsoft's. I don't want anything stealing CPU
cycles and memory that I don't know about and which I cannot
control; otherwise, it is considered malware. It wouldn't be as much
of an insult if Microsoft had not chose to hide what they are doing
to their customers. Guess they liked what Sony did with their
rootkit and have followed suit. Microsoft produces the Windows
Defender anti-spyware product yet Microsoft also introduces spyware.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________