Microsoft, accused of tricking users into installing spyware on their Win XP boxes in the name of fighting piracy, is now defending itself against a sizable legal and PR offensive.
The embattled program, Windows Genuine Advantage (WGA), logs on to the internet and connects to the Microsoft databases, without the user’s permission, in order to verify the authenticity and uniqueness of the Windows XP serial number.
If a customer’s serial number is flagged as inauthentic, she can no longer download any Windows XP updates except for security patches.
As I’ve detailed elsewhere, Microsoft placed WGA in its list of critical updates, meaning most users have installed it automatically just like any other security patch. MS did this when the program was still in beta mode; they were still testing it and knew it needed refinement.
As of today, the company is the defendant in two class-action lawsuits. Both accuse the company of deploying spyware on users’ computers without their permission. Similar behavior has been pursued by the Federal Trade Commission and by various state Attorneys General, not to mention the subject of civil suits. (For a great summary, see this spyware report (pdf) by the CDT.)
These claims have some merit and, in this non-lawyer’s estimation, the company will not likely succeed in attempts to dismiss them at early stages. Microsoft flagged the program as a critical security patch, did not fully disclose its functions to consumers, and has not released a program for uninstalling the software.
The beta version of WGA attempted to connect to the Microsoft database every day; a recent update changed the window to two weeks. That change followed on the heels of the first lawsuit, which lead Scott Kamber, an attorney representing the first plaintiff, to express vindication.
“Microsoft knew it was wrong and that is why they changed it within 24 hours of us filing our complaint,” Kamber said.
Even if the company wins or quietly settles all lawsuits, the software has been such a public relations nightmare that it may cost them more customers than it brings in. By many accounts, WGA has failed to live up to customer expectations on several counts.
The program identifies a high number of false positives. Many users have complained that their Win XP installations on brand new computers bought at brand-name stores are being flagged as illegal, holographic Windows sticker notwithstanding. Additionally, users who upgrade or replace certain hardware components (e.g. motherboards, hard drives) are very likely to be told that their copy of XP is illegitimate.
Additionally, many users bemoan what they see as an inconvenience. For dialup users, the frequent attempts to communicate to Microsoft are quite frustrating. Many users on all types of internet connections are also upset with the frequency of pop-up windows, which are especially high when a user has been flagged with a false positive.
Privacy-conscious users are concerned about the potential misuse of data, and many more users are simply angry at being treated with what they describe as a presumption of guilt.
Finally, a new worm, Cuebot, is pretending to be WGA, a tangential problem that may nonetheless add to customer frustration with the real WGA.
In response, the Windows spin doctors are out in full force. Thus far, their front line response is that WGA is intended primarily to protect consumers. Michala Alexander, Microsoft’s UK head of anti-piracy for Microsoft, told the BBC, “Customers have been crying out for a tool which could tell them if they have been duped.”
In an interview, MS chief privacy officer Peter Cullen argued:
It’s important to go back to the fundamental goal of Windows Genuine Advantage and the risk of pirated software. A lot of people believe that it might be about the revenue. … but in actual fact, it is about the security and privacy of the users. Some research that we’ve done finds that the incidence of malware (malicious software) is a lot higher on pirated software, so we really are trying to make sure that users really have the opportunity to protect themselves. (ellipsis in original)
Reader feedback from the BBC story cited above suggests that there may be millions of Windows users worldwide who feel accused and betrayed rather than protected. Here are a few choice quotes:
If Microsoft are adament “key codes blocked…are illegal” why did a brand new Packard Bell purchased from PC World not pass? A total shambles me thinks….and they don’t appear to want to do anything about it. An attempt to exaggerate the problem so they can legally insist we all have Microsoft spyware on our PC perhaps?
This system is designed to confuse unsuspecting and often naive users and scare them into repurchasing Windows.
This is another example of Microsoft treating all of its users as if they were criminals.
“Customers have been crying out for a tool which could tell them if they have been duped” – Why can’t Microsoft be honest? I don’t know anyone whos is crying out to know if their copy of Windows is genuine. Microsoft just want to crack down on piracy. I think that piracy is a problem, but I believe that if Microsoft were to reduce the price of their software, more people would buy it in the first place.
I purchased my PC from Dell but it still failed the WGA test at the start of June. The Microsoft website and the on-line help were no-help. I had to pay to telephone the Microsoft helpline who gave me very hard to follow technical advice that resolved the situation – advice that I suspect many non-technical people would have difficulty in understanding.
Piracy can be stamped out at source, or at end user level. However if MS are not careful about how they stamp out piracy, many more people will migrate to Linux, which is free to copy and offers equivalent functionality for the majority of users.
Readers provided dozens of similar quotes, and very few stepped up to defend the company. To the extent that they understand what happened, the public is not happy with Microsoft. If the Sony Rootkit saga is any indicator, when the dust settles, Microsoft may also be unhappy with their decision to deploy WGA.