According to privacy campaigners, Windows Genuine Advantage is spyware. Microsoft, however, says it’s doing a good job. Who's right?

This article appears in the October 06 issue of PC Advisor, which is available now in all good newsagents.

Under fire for reports that WGA (Windows Genuine Advantage) misidentifies some genuine copies of XP as pirated, Microsoft has taken the step of releasing statistics about WGA’s effectiveness for the first time.

According to information posted by Alex Kochis, a licensing manager on the WGA team, virtually all of the 60 million PCs worldwide that failed WGA’s validation tool are indeed violating Microsoft’s licensing policy in one way or another. Kochis posted his comments on his blog on the Microsoft Developers Network.

Needle in a haystack?

Most of the reports of ‘false positives’ by WGA “were due to data entry errors that were quickly corrected and only occurred for a short period of time”, Kochis wrote.

Only a “fraction of a percent” of those 60 million copies of XP deemed illegal have turned out to be genuine. Given the number of XP users, a fraction of a percent could still mean hundreds of thousands of genuine copies may have been incorrectly deemed pirated. A Microsoft spokeswoman declined to elaborate on that figure.

Since April 06, when Microsoft escalated its WGA program by having the scanning tool stealthily install itself on to many PCs, the antipiracy tool has been the subject of numerous complaints from users claiming their legal copies of Windows failed to pass WGA. According to Kochis, about one in five of the 300 million copies of XP that have been scanned by Microsoft’s WGA tool fail to pass.

“In many of those other scenarios, the user of the system, or purchaser of the software, has some knowledge that the software isn’t genuine or isn’t properly licensed and is perhaps not as surprised when the validation fails,” Kochis wrote. “There are people who likely fall all along a range of awareness, from mere suspicion – owing to the fact that they got a ‘too good to be true’ deal – to someone who has full knowledge that the software isn’t genuine or licensed and even further, to those who manufacture and sell counterfeit software and are knowing perpetrators in significant and serious crime.”

Stealing from children

About 80 percent of those failures, 48 million, are the result of stolen Windows volume-licensing keys, according to Kochis. For the sake of convenience, large Microsoft customers such as corporations or schools are granted a single key that they can use to install Windows XP on multiple machines. Such keys are vulnerable to being stolen and redistributed over the internet.

“One stolen licence key from a US university ended up on over a million PCs in China,” Kochis wrote.

Microsoft plans to tighten licence distribution with Vista. Microsoft has previously declined to offer details about the 12 million further copies of Windows XP that failed to pass WGA. According to Kochis, those 12 million failures mostly involve a mix of other types of counterfeiting and piracy, including a variety of forms of tampering and other forms of installing unlicensed copies. Sometimes people try to hack Windows Product Activation itself, other times, they try to modify files to prevent XP needing to activate.

Kochis acknowledged that some failures are caused by users with genuine copies of XP who improperly install or repair software on their PC. Such activities “will result in WGA validation failures”, he wrote.

But Kochis said that there are a number of other scenarios “that could result in a WGA validation failure, that a user might be surprised by or even deny”.

These include users unknowingly being sold copies of XP by stores that illegally reuse the same licence key with multiple customers, users who take their PCs for repair into shops who similarly reuse the same licence key, users that share copies of XP with their friends and people who reuse the same key on more than one PC at a time.

Under Microsoft’s strict licensing policy, users who bought a PC from a hardware vendor such as HP or Dell with XP preinstalled, typically own a reseller licence that forbids them from installing XP on another PC – even if the first PC is no longer functional.

Kochis said Microsoft investigates all credible reports of genuine copies of XP failing to validate under WGA.

“[But] far more often than not, the software performed as designed and the failure was due to the software, in fact, being counterfeit and the customer simply not wanting to believe it,” he wrote.

While installing WGA is optional, it was automatically installed as a critical update. Microsoft has abandoned those features, but users must pass WGA to be eligible to download certain free software, such as the upcoming Internet Explorer 7.0 and Windows Defender. The company faces two class-action lawsuits related to WGA.