Windows XP: Genuine Disadvantage

Posted on May 17 2019 - 2:26am by Rohit Shetty

Windows Genuine Advantage (WGA), Microsoft’s latest anti-piracy measure, is causing headaches for Windows XP users who’ve been good about loading the latest security patches for Windows and Internet Explorer (IE). Why? Two reasons:

(1) Initial attempts to download and use WGA may give you an erroneous error message stating that valid product keys for your genuine version of Windows XP are invalid. It’s not surprising that an earlier version of WGA was hacked within 24 hours. Computer technicians everywhere were faced with another change to Windows software requiring they either troubleshoot the problem or find a way to bypass it. Thus, another hack was born. Why does WGA initially report that valid product keys are invalid? Basically, because it’s encountering a problem it doesn’t know how to interpret differently. The problem is:

(2) You need to re-enable ActiveX for WGA to run. ActiveX is a purely Microsoft technology that integrates interactive content on web pages, like Java applets. WGA can’t run without ActiveX. Unfortunately, ActiveX has been exploited by hackers who discovered vulnerabilities in the technology and use them to run their own malicious software on your computer. As a result, one of the Windows updates you ran in the not so distant past turned off ActiveX to block this vulnerability. There’s the catch: You can’t run Windows Update until you validate your license with WGA which won’t run until you re-enable ActiveX and lower your browser’s security so you can load new security patches! Good thinking!

Microsoft’s support page (in typical “Microspeak”) does warn you that you are potentially exposing your system and that you will want to re-enable your browser’s security after you help Microsoft make sure you aren’t stealing Windows:

 

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

 

READ MORE :

Translation:

 

CYA We designed WGA to run off of ActiveX technology, software components we know will make your computer vulnerable to attacks because we wrote ActiveX (that’s right, we created it) and left a lot of holes in it that could be exploited. Basically, you’ll need to re-enable ActiveX and make your system vulnerable so that WGA will work the way we designed it to work. Then and only then can you get the latest Windows updates to make your system run, um, “safer.” But first we recommend that you decide for yourself that you really need to run WGA, so that you can’t come back and sue us if your computer is attacked by a virus while you’re running WGA to validate your license which we also made you validate when you bought your computer, which of course came with Windows because we own 99% of the market (tee hee). But anyway, we like to see you jump through hoops and make you repeatedly prove you own it because Microsoft is “antitrust.” Oh, and when you’re done, don’t forget to make your system, um, “safe” again by turning on whatever you use to block ActiveX or load our cool WGA ActiveX control, which is basically just a toggle that turns ActiveX on and off whenever we feel like exposing your system to more security risks so you can load more security patches that will work until someone figures out they don’t.
The earlier version of WGA was compromised and I expect that the current version will be too if it hasn’t already. As usual, tech savvy people get around measures designed to protect copyright, and less tech savvy people are left pulling out their hair trying to figure out ways to undo what Windows does for programs to “operate as they are designed to.” Microsoft continues to prove it needs better designers. They can’t seem to get away from ActiveX although other programs do just fine without it. (Mozilla Firefox doesn’t use ActiveX to enable web page interactivity. That doesn’t mean it’s 100% safe, but I’ve never had to lower security to patch Firefox.)

Microsoft needs to get rid of WGA. It’s completely ridiculous to have to lower security to run patches designed to heighten security; and in this case, Microsoft wants you to do that entirely for their benefit, not yours. Microsoft argues software piracy is costly for everyone and so anti-piracy measures help you. That may or may not be true, but it’s not the point. WGA is simply a bad anti piracy measure. It’s a backdoor approach that won’t stop or even slow down piracy. Both genuine and counterfeit versions of Windows will still run without the updates, which means:

Users who know they have a counterfeit version won’t validate, won’t run the updates and will still enjoy the use of Windows;
Users with a counterfeit version they unknowingly purchased through a disreputable OEM vendor, online auction or software pirate will simply think Windows is broken, will forego further updates, forever curse Microsoft, and possibly purchase a Mac. At any rate, very few will ever realize they have a counterfeit version and are unlikely to add to Microsoft’s bloated profit margin; and
Licensed users with the genuine product and valid product keys will continue to have to prove ownership if they want to run needed updates and will have to expend more time and money troubleshooting what Microsoft does to protect its own interests, will forever curse Microsoft, and eventually purchase a Mac.
Anti-piracy measures have to be applied at the source, not at the user end. Microsoft may achieve better results through the more controlled production of its software products at the assembly line. However, the company has been greedy. When you rush to market with a product you want to make as widely available as possible, you take shortcuts. Now Microsoft is backpedaling in an attempt to recoup its perceived losses. It’s being shortsighted and selfish and may well lose money in the process. By implementing WGA and other user-end anti piracy measures, Microsoft does little to affect software piracy — and increasingly antagonizes its paying customers.

Imagine driving down the street in your car and being pulled over every other block so you can show your car title. “Yes, I own it. Yes, I own it. Yes, I own it.” Microsoft rolls out updates on the second Tuesday of each month as needed. So, pretty much every second Tuesday of every month you have to lower your Internet security just so you can say, “yes, I own it.”

About the Author