Windows XP: Genuine Disadvantage

Windows Genuine Advantage (WGA), Microsoft’s latest anti-piracy measure, is causing headaches for Windows XP users who’ve been good about loading the latest security patches for Windows and Internet Explorer (IE). Why? Two reasons:

(1) Initial attempts to download and use WGA may give you an erroneous error message stating that valid product keys for your genuine version of Windows XP are invalid. Unsurprisingly, an earlier version of WGA was hacked within 24 hours. Computer technicians everywhere faced another change to Windows software requiring them to either troubleshoot the problem or find a way to bypass it. Thus, another hack was born. Why does WGA initially report that valid product keys are invalid? Because it’s encountering a problem, it doesn’t know how to interpret it differently. The problem is:

WGA can’t run without ActiveX. ActiveX is a purely Microsoft technology that integrates interactive content on web pages, like Java applets. Unfortunately, ActiveX has been exploited by hackers who discovered technology vulnerabilities and used them to run malicious software on your computer. As a result, one of the Windows updates you ran in the not-so-distant past turned off ActiveX to block this vulnerability. There’s the catch: You can’t run Windows Update until you validate your license with WGA, which won’t run until you re-enable ActiveX and lower your browser’s security so you can load new security patches! (2) You need to re-enable ActiveX for WGA to run. Good thinking!

Windows XP

Microsoft’s support page (in typical “Microspeak”) does warn you that you are potentially exposing your system and that you will want to re-enable your browser’s security after you help Microsoft make sure you aren’t stealing Windows:

Important: These steps may increase your security risk. These steps may also make your computer or network more vulnerable to attack by malicious users or malicious software such as viruses. We recommend the process this article describes to enable programs to operate as they are designed to or implement specific program capabilities. Before making these changes, we recommend evaluating the risks associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend using this process only if you require this process.



CYA We designed WGA to run off of ActiveX technology, software components we know will make your computer vulnerable to attacks because we wrote ActiveX (that’s right, we created it) and left a lot of holes in it that could be exploited. You’ll need to re-enable ActiveX and make your system vulnerable so that WGA will work the way we designed it to work. Then and only then can you get the latest Windows updates to make your system run “safer.” But first, we recommend that you decide for yourself that you need to run WGA so that you can’t come back and sue us if a virus attacks your computer while you’re running WGA to validate your license, which we also made you validate when you bought your computer, which of course came with Windows because we own 99% of the market (tee hee).

But anyway, we like to see you jump through hoops and make you repeatedly prove you own it because Microsoft is “antitrust.” Oh, and when you’re done, don’t forget to make your system, um, “safe” again by turning on whatever you use to block ActiveX or load our cool WGA ActiveX control, which is just a toggle that turns ActiveX on and off whenever we feel like exposing your system to more security risks so you can load more security patches that will work until someone figures out they don’t.

The earlier version of WGA was compromised, and I expect the current version will be, too, if it hasn’t already. As usual, tech-savvy people get around measures designed to protect copyright, and less tech-savvy people are left pulling out their hair trying to figure out ways to undo what Windows does for programs to “operate as they are designed to.” Microsoft continues to prove it needs better designers. They can’t seem to escape ActiveX, although other programs do just fine without it. (Mozilla Firefox doesn’t use ActiveX to enable web page interactivity. That doesn’t mean it’s 100% safe, but I’ve never had to lower security to patch Firefox.)

Microsoft needs to get rid of WGA. It’s ridiculous to have lower security to run patches designed to heighten security. In this case, Microsoft wants you to do that entirely for their benefit, not yours. Microsoft argues software piracy is costly for everyone, so anti-piracy measures help you. That may or may not be true, but it’s not the point. WGA is simply a bad anti-piracy measure. It’s a backdoor approach that won’t stop or even slow piracy. Both genuine and counterfeit versions of Windows will still run without the updates, which means:

Users who know they have a counterfeit version won’t validate, won’t run the updates, and will still enjoy Windows. Users with a fake version they unknowingly purchased through a disreputable OEM vendor, online auction, or software pirate will think Windows is broken, forego further updates, forever curse Microsoft, and possibly buy a Mac. At any rate, very few will ever realize they have a counterfeit version and are unlikely to add to Microsoft’s bloated profit margin. Licensed users with genuine products and valid product keys will continue to prove ownership if they want to run needed updates. They will have to spend more time and money troubleshooting what Microsoft does to protect its interests, which will forever curse Microsoft, and eventually purchase a Mac.

Anti-piracy measures must be applied at the source, not at the user end. Microsoft may achieve better results through the more controlled production of its software products at the assembly line. However, the company has been greedy. You take shortcuts when you rush to market with a product you want to make widely available. Now, Microsoft is backpedaling in an attempt to recoup its perceived losses. It’s being shortsighted and selfish and may lose money by implementing WGA and other user-end anti-piracy measures and increasingly antagonizing its paying customers. Imagine driving down the street in your car and being pulled over every other block so you can show your car title. “Yes, I own it. Yes, I own it. Yes, I own it.” Microsoft rolls out updates on the second Tuesday of each month as needed. So, pretty much every second Tuesday of every month, you have to lower your Internet security to say, “Yes, I own it.”


Alcohol scholar. Bacon fan. Internetaholic. Beer geek. Thinker. Coffee advocate. Reader. Have a strong interest in consulting about teddy bears in Nigeria. Spent 2001-2004 promoting glue in Pensacola, FL. My current pet project is testing the market for salsa in Las Vegas, NV. In 2008 I was getting to know birdhouses worldwide. Spent 2002-2008 buying and selling easy-bake-ovens in Bethesda, MD. Spent 2002-2009 marketing country music in the financial sector.