Utility Nukes Windows Genuine Advantage Callbacks

 
 
By Ryan Naraine  |  Posted 2006-06-21 Email Print this article Print
 
 
 
 
 
 
 

A private firewall testing company has found a way to disable the controversial notifications component in Microsoft's WGA anti-piracy tool.

A private security company has found a way to nuke the controversial callback component in Microsofts Windows Genuine Advantage anti-piracy tool.

Firewall Leak Tester, a company that provides tools to test the quality of personal firewall software, has released a utility called RemoveWGA that blocks Microsoft from "phoning home" from Windows PCs on a daily basis.

"Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot," the company said in a note explaining its motive for releasing the tool.

The WGA tool, which is a mandatory part of the Redmond, Wash., software makers battle to curb Windows piracy, includes two separate components: WGA validation and WGA notifications. Validation determines whether the copy of Windows installed is pirated or not, and Notifications is set up to nag users whom Microsoft believes are not running "genuine Windows" and "suggest" where they can "learn more about the benefits of using genuine Windows software."

However, Notifications has been "phoning home" to Microsofts servers on a daily basis, and Windows users are up in arms over potential privacy and security risks. Microsoft insists the callbacks are a "safety check" to ensure that WGA can be terminated quickly if things went amok, but this was never communicated to users until the week of June 4.

On June 8, Microsoft announced plans to tweak the WGA to only check for a new settings file every 14 days.

However, Firewall Leak Tester warned that connecting to Microsoft is a legitimate security issue for corporate networks and privacy issues for Windows users worldwide. "It is also unclear which information [is being] transmitted," the company said, arguing that that Microsoft has used "deceptive ways" to get users to install the tool.

Microsoft ships the WGA tool as part of its monthly batch of security patches.

Firewall Leak Tester said the RemoveWGA utility will only remove the Notification part of Microsofts tool. "The Validation part is mandatory for some, not critical downloads from Microsoft, but the Notification part is not mandatory at all, and you are able to install all of the security updates without installing this one," the company explained.

The utility works on Windows XP (SP1 and SP2) and is set up to alert the user if the WGA notification tool is active on the system and remove that component from activating at start-up.

Its not the first time Microsofts WGA program has been cracked by hackers and third parties. Back in May 2005, a security researcher in India discovered an uncomplicated and easy-to-exploit weakness in the tool, which is used to check whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel