Experts to Microsoft: set your Windows patches free!

WGA (Windows Genuine Activation) should become DOA – Dead On Arrival. That’s the opinion of Brian Livingston, longtime Windows specialist and creator of the best-selling and deep-diving Windows Secrets book series.

Writing for the Windows Secrets Web site, Livingston has slammed Microsoft’s claims that all Windows users can download security updates without the intervention of WGA, which determines if the Windows installation is legit or a cracked or pirated copy.

“It’s ridiculous to say that Microsoft provides all security updates to Windows users, whether or not they pass Windows Genuine Advantage (WGA) validation” Livingston rails.

“A system that fails WGA is restricted in using Microsoft’s update and download sites. WGA has a reputation for rating some PCs as unlicensed when in fact they’re completely legitimate. For this reason, many people exit Windows Update at this point and turn off Automatic Updates (if it was enabled) rather than risk disabling their expensive computers.”

Turning off Automatic Updates, of course, leaves the user’s PC vulnerable to the latest round of worms, hacks and exploits.



Livingstone cites an Ars Technica analysis carried out in January 2007 which reported that “a minimum of five million users worldwide, and probably millions more, have received false ‘nongenuine’ ratings from WGA. As a result, Microsoft has lost many consumers' faith in the auto-update process, because people hear tales that using Windows Update can cripple a PC.”

“I urge Microsoft to immediately start delivering all updates of every kind to users who are running any copy of Windows, whether or not it validates. Pirate profiteers should be thrown in jail, and Microsoft has a right to prosecute them. But our legitimate computers are the ones that unpatched users' computers attack. Microsoft has no excuse for not updating every system.”

Adrian Kingsley-Hughes, writing on ZDNet’s Hardware 2.0 blog, has taken up the cause.

Kingsley-Hughes points out that while Microsoft offers all security updates, service packs and other critical reliability updates for Windows XP and Windows Vista without WGA authentification, by virtue of putting them into the ‘Critical’, ‘Important’ and ‘High Priority’ categories that are WGA-free, you still need to ‘validate’ your copy of Windows and thus get a tick of approval from the WGA process on your first visit to the Windows Update and Microsoft Update sites.

Another issue is the stringent policy applied by Microsoft’s free Windows Defender tool. Kingsley-Hughes cites that according to the Windows Defender Web page, ‘only genuine Windows customers can receive product downloads... Windows Defender will validate that your copy of Windows is genuine before installation. Furthermore, Windows Defender will only remove Severe threats for machines that are not genuine. Low, Medium and High threats will be detected, but not removed unless your copy of Windows is genuine.’

Take into account the many times that WGA seems to kick in unexpectedly and require re-activation, sometimes turning a legitimate Windows installation into one of questionable origin, and Kingsley-Hughes says that “enough is enough.”

“It’s now time for Microsoft to disconnect WGA from all Windows-related updates. The same goes from Office Genuine Advantage and updates for Microsoft Office. The current situation doesn’t make good sense. I don’t have a problem with Microsoft demanding that users wanting additional content have to go through a validation process, but ALL updates should be available to ALL users, irrespective of whether users are running a genuine copy of Windows or not.“

“Users who have unwittingly been sold a counterfeit copy of Windows shouldn’t be penalised and have their security compromised. In fact, when it comes to security updates, even those who know they are running a pirated copy of Windows should get access to all updates. It’s in everyone’s best interests that as many machines as possible are patched.”