|
|
|
Utility Nukes Windows Genuine Advantage Callbacks
By: Ryan Naraine
2006-06-21
Article Rating: / 10
There are 0 user comments on this Network Security & Hardware story.
A private firewall testing company has found a way to disable the controversial notifications component in Microsoft's WGA anti-piracy tool.A private security company has found a way to nuke the controversial callback component in Microsofts Windows Genuine Advantage anti-piracy tool.
Firewall Leak Tester, a company that provides tools to test the quality of personal firewall software, has released a utility called RemoveWGA that blocks Microsoft from "phoning home" from Windows PCs on a daily basis.
"Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot," the company said in a note explaining its motive for releasing the tool.
The WGA tool, which is a mandatory part of the Redmond, Wash., software makers battle to curb Windows piracy, includes two separate components: WGA validation and WGA notifications. Validation determines whether the copy of Windows installed is pirated or not, and Notifications is set up to nag users whom Microsoft believes are not running "genuine Windows" and "suggest" where they can "learn more about the benefits of using genuine Windows software."
However, Notifications has been "phoning home" to Microsofts servers on a daily basis, and Windows users are up in arms over potential privacy and security risks. Microsoft insists the callbacks are a "safety check" to ensure that WGA can be terminated quickly if things went amok, but this was never communicated to users until the week of June 4.
On June 8, Microsoft announced plans to tweak the WGA to only check for a new settings file every 14 days.
However, Firewall Leak Tester warned that connecting to Microsoft is a legitimate security issue for corporate networks and privacy issues for Windows users worldwide. "It is also unclear which information [is being] transmitted," the company said, arguing that that Microsoft has used "deceptive ways" to get users to install the tool.
Microsoft ships the WGA tool as part of its monthly batch of security patches.
Firewall Leak Tester said the RemoveWGA utility will only remove the Notification part of Microsofts tool. "The Validation part is mandatory for some, not critical downloads from Microsoft, but the Notification part is not mandatory at all, and you are able to install all of the security updates without installing this one," the company explained.
The utility works on Windows XP (SP1 and SP2) and is set up to alert the user if the WGA notification tool is active on the system and remove that component from activating at start-up.
Its not the first time Microsofts WGA program has been cracked by hackers and third parties. Back in May 2005, a security researcher in India discovered an uncomplicated and easy-to-exploit weakness in the tool, which is used to check whether consumer and small-business customers are running legitimately licensed copies of Windows XP.
Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.
 Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������xv㶲0V�Q�;xVKd[nkǶ�KNgf�ER�c&)9yY�S�7](ɗ��.�PU(�
7�^�ȥ=&W>�:74x0G?O�@�B�FNtk��]U�HwWjc�;0\��> \>g=ȿ�^���:;D�PL�s< �J9���yќc�oW�|¥0�(.ڶNQ6*֠��O��U7��-��1qL$s.�{L~$(g;IX2Fac�o~1 �g�76m4�T%h�!�F�㎰ces�ߊ0w{/<��Pcu-̪�R7}Rdh9=rT(9nAsFzREV�I:]w.nr$� �CK�5-'�JQ9v{>~l_^�;�r ����n%&�_@Dr�,W*b}$"����ĆI^:'WH5=(G~ZJGEERJQBrյ$PL@�4E#$N&>Zm&m}X&�\*
C�A)AtV?#�S3բs}ֽ-9k윶{H
GuP\68kU?_[�~�['^<�$}Z|`kh�`�[s�LwZ|$ȹwH�ߟuOnd�@�'S�Dx*g3E��T7QZ(s$dbbVd?
AfA��m���7u�oK'SE@[-�u��q7VtB>::bmӖ&�"D��F�.��)P3Z$`�9�"�3Q=X� M����61t9mN;g3R˼p_J `I*�2T3�$�mQt3r.KR)""x䁓3�qE�KH�@!=J!8�F��#8U%Ky}7�p@W-}rNTW꒬RSb{�HK�n�ϱv}Fz7^�?]{6,qH,0U`Ap)K.qƸĵ:*n:*Q:�6V)CR^ґ,�8)-~aSB4l�4��1,THYAAftB�
4ةSQuL�96m'RCGs��TD�AE6V^l�5�$�
47P}HOQI�$�p|g��.5e/ZuO'ܑ-Ӿ"�2;Vs)�vC�LD2yMX� 4�|ʓ\ҍ73&3OH sz@nehI*�#3�T��
?y`OEҏa5=�%��U0
O�&@))I�:S-�h�E/4-Ň'زJd-Yވյ�7z9(�Ҵ.�\.�e�i
--ًVX4�ujWt0:���ڴ��sqŴ,B�/Pm C�,[aH�z{�&�RɉZ*�aA1��苆|�{;ڈy��SQ_)KEYQ?O~�2��;"nE PÝ6mJ�r��'æ+jIr]iereڳ�Px�PSXsshxI8����'�o��+��GaA7�.# ��{��o`"12t�3u&/�ztwe��D%hTJ&�S4A[㦙л@
&W)턇F@0Rq�_ؠHE�y�[kpp��R��Y,JT,�:Z�1�-�[�Hg�
[^j�oSC�z�+AaQI�*lX"�Bf�O{G}S�2�Y���YV�j
o36,\Vq}*xϘo�F�M]C1��h_��܉_j�So/O3Ak�>5@�Q|�G>O�&,'Ќ^ːvX��OʌGRC4B~A
i@qw%]pk �
�ZP4�r}�DIM\CNƏ+p�@嘌QL_x]XS(�)�,��Γe�O�#c�H�t���x!$Em�~T
zf����@L��tH�qh�!��G3�e)
=mQJk�8g�Z�\t
ӲʧZ�ӁQ~ϙ6u2|Xܘ� QF|F0*P$a5h[�,UjE~f�+��{�.8F�2QA="C#@+#q8h
��Nųut�8*�ڳ"jJ5~v3Ttx9k�Z�~�+Fy>jzzsF!YX�3i3}*0%ZL/s\w!J��IJ\,[5V�0��3NH]g~4Nd_::&F}Y@
�ϓG.+J91/��NID�E�7�|ւ�u7n@aMɖ玾vT±FG�p��a��NdDgx *�[7>s3ѺEMk�t�s�
k�g@5scK�:�ZNL�t�I9:R*\7X���["�+ۃ:W�,s0/$
,3G fS*KJ�T�H)UT�WqM�ՙﴩ8i
Co`3߲,
GEz� RfT,I@�jn>,Pt�]15%&jWXO���r�;TYf)܊58i1 SeS*
~��^`�.�RMԵ TADDn
GV�:=U7chEa�i*hkc�ȕO�?�FTݵ(j*1�����r�hOkԣ����o<~�7i ތn�c�r�{��Q�VCR.q)3nb/t~Egt���~��ziK�5
u5UxLMYsҌh;}�X^�5eH�$JE^ڑ,Z�X+
rYxf:P�ɘُG[� {2LʼJJv}E<
�Riw{̜9P���z4HΝ
JIQJ �`jZտ�I\�cĽ��) J\>$gP�ɒX�'�
C*�Z<^QOSA��Jg� �r�;!c8.g�&tڿ�r�gBͮ.0�oR�G�v�B��,�H
�u�bwuHɾW2zQ:[V6LlC��;�)$��V9+�usͿ}ڽzurٹn�^�^\:
uy}LcU8B+Deu�^|ly\3amG�'E��L>Z=8�A\�C�W�f@ toڷXЯzѱB3ZKU |
EEk:C?VT�+lk%ZX�÷?zCCj֙͘/� Iu��{ v
Pɱ%
�geStc;-3�^v[}�hh����:Y2"�(\R.IHO�V4v>�Q��l7 FGWE'[;{-$�2}m�Q.`
eڃ�͟I.WVr['u>!!��+�+�ۗ�4tfcYNuppZ PXc�ps�A\~l���QJ"g�8NE;6�?m[Ė{�/<�=�; SJ�'QH[vibzk%m�r�2)!M�p�)lL*k'IZ�6Xc(U(8�%!�TNԔObCYF*='�һi]opZ�Pt.*Ps~綱��yxsӭ2i8(5�~u�.�H�>a')�
O�wJRZz-*$�?z�Ƈ%h&��y~@0�H�v\�B}v#U>:
t;`�ck�vaѴGNx�ā+�BC,B�q;�Y��.�/�v�HmoIMRC�ZɘZT A�0��g�h;[�R!&x"�64@/t�Oq/ kr;�JL2ʛ
(
aXF8yY<�'T5m�b�9n.[ҺԿ�1LNڰ�ܣ$H'Z0�#l&�~!?} j��S>O�4d�X
�GF��ZU�4�bOf0���O�?Oy![ ?-�-8t�砑3,j�,>f$cc:撄�,+�[G{CȘS�{ۋnW'Sv`~y-?��&m_�%R�
՛�3D/MZm`��ܭWΫ�(� 0H`;Fɉ�R5>y,Y�D dNJ]y,�/p�}^ۃH>�S�:MT>:C0kz)]/w^HPlܲ�XNH43��t,��9E2``��\{�<,WF*\R4J91Jȼ>{v�GK�c��{�蚟
�@C|T~w�FSFRKSKj>���v�2P��Ŧ|L�ie.8ic>v R*nT?�
P+>�TF
׳{�8Ƅ=CO�G8U-�%�r"N�ѓ_�xL8DB!Fs!�" .KDa�4�)R&�H ;WY~ q8��"�$eЙt:8xf
�k�2ǰ2b�V5C�4 pL
ᜟ-- ��:X��'�"0O�*Ay�]Ola_^�=!fv@s�OV|:~�0*4o%QxLA3Mb&Zz"1rH�d=A�53�hXۗ}M)bx>33�`�dXY_;ǻ�C�0�]�E�'!&S0|B'PѶ�W~E1�u�(�BM��P?��[,d� � �d�-
0˯U|톔eQ��O+U�-U^6VY8SMkN9[qt
_3c(hUB�«��Kv�nB'9�2RYCp-Be�/%�pcpQ�9&����4��V
`J釰b5wg�v-�Ն^�J�}|QG��X!L:nנ*{DuI\o�7K02oBE/Dmyf�)L�
=8^ƴ.|X#7SǸY�Ssm_m� G�agB�nt(@wF۲!1*ھiaU��VjXIÎL�XKkdQ�6^rYB��(f(1TK1�2��â
|l�$R5לD�$|2zB�Ѱ؛
QWCnQ״~b��GG1f
aj�;f�xÑo56.��ߩ}9DXXpW#ܞ
gv� C:^A:%WC�OFE�q7wT�Ƅ�of]
�gkm�kȓ�~y7c�n��d�-�z76����qU[^��+.��_|�y=u:-
k��wm m_J�QHӽ6۴?0�X�tYi*n�9wp�m+(:��ߦ�Qm_e�� =,+
Ԉ+?z�"Jvm�YU�dMY_ɮgbr4�ę5n�c�~��2� ʴ�k�$QR
ƹL�.a��5s+X�șY0E�@=LiQ1b>8^BOU=�赣��:��;�4ؒ�YM�yHw�N?�a\�tq"o�~�GҡR;�,]�AB U+
R�Y?͠Cto�|I{d"��?CLn/zG|oN]�T;�NE04![<:;%8ȸ�?|H8�j
؋�=;�48��߾]GvzL�n;>hݵf�C>>�GL.U6Z��o�c?�2D.?�=$!+X51�
=79�&�5R�]�
���Te���w{ѳ8D�N��m&PZL䖜24B?HCZBZ��(tM�<�Ir>�ɣڊbI|8k�@`j
{{%"lRK1�8�NXRrܘEPa�
��ye���lSxQҼ��#[ZKC�m.95�"E��F
tM��s85|�cXʫ9�>%�Rky�KN�t�e��#�˹5&L|5ZP:qQ&��3��*BMvE���WChR��f�ke76ty^ST�-��Bk&N�ڡ�}tiS;Xhfwyb+'-f3x"(MNDt`h*K|d
�m2LcDuQn�NaÂDh�PfO$� ��[K㠋mj|e�Mp;�HV
3,4���`u��WWRYTjuwAO
5E*
q�GxN�hqd�Zy#qK
#/RVIz֜tŀUX:}7��,xxX �b�k?JOzog�]�|}��.�>V%�V]K5r ^(]g��&px�п���{wn/1�~ߊ۫k6G&<�93+v"6\)�ppogl{\��3b�h~9~K:hO�vE4.^a�h˲\M,�0)(k�Q(Vpx�~Q&Y?
liu���!��φ;xH�@!�*1f%L[ftELNE�}�Z8$��/P5�Y�
�GΎ(Ss3B@�>O�
P"B�]�α"�@�[� g
o��
C�!L�b�Ē�v7U)I�F�oͬ�0S#8��R���z�1"tU�{8ԭ� 6<��0�Y
kyС-NG$�Gv61T=�`S'?zT&n��sKM ᅊRyN��ƒ�$�Bѽ�o62A_3=m?݉"
.1��2�K1c�~EWo&Wr�5 S�R�wE
&z,]z�,veu"E�{o �H@+^@���;�*�`���_�7<2GJ?��3O!t}9<�?3�X5/:;gf,#��g:�NF?2?A�2�>vͫ_e
_e�^e
s+�U>2
*>G3�?f_@EF _�W�{1?�s
w1]7]?��͐/7@�7�q�o2�fO�����诟A_!�>dG�1�|�2ڿ�ˠZ'���2u�S.�ryA/
ȋU৬|B]g�A~}-xC/ڏx��
z>O?vhj5@�i^.�7mhϦ"d!ӏiͩ(�F(ᴾ(x�FZ���g[�
;wkX{�!~58]pƘ�84@�e�IP�$W\\=䖾~�!ឡD��`FdE%QIPJE:*���QP�ٌB�4L۰W)Y7T])0k,z�0�аQ-}o�=a�@�+�#3&>�l
�^�Vf,D���2T/�/��{_A1�B��$�M݁R>��>@ͽm^q+f69?83`7:V>�E:Aņ��4%uv[Z0��S|w�a�3���)��8V�"Z�7�.@c��d{@�!/mSH2.` .W�+5x��83.�Uŭ{�߶`Tx,x ܋e.sMΰ
j=N1"�QV騿`�rف:9�0�c̓] >5_@�r=ŇgT{aw�9�..
]C?ߵ�<:=�p,ӹ�V���w����v'�Vݍ�^8ta�#��/ �vM@Pcz�m&�D��ǖƤA֣�hD#�[#wXXNƄ_��Y݈0;�_q6�sx2&^��_ �ɝZL�b)O�֔/`Md(�|)'~#�0Iic��ɟ�I��q/>i"r]6M�b�ه%ޯϘKӞ}UUG��lNzs�Ԅ�Q��a�Ի� }+,RD[KPsCIoX;ql>:���Iz�}�|EBUu�C��1̅��|.9��
!+��6p�p523J�&/L\?oy^D�,
-ي>#93��q1^�B��_s]q�Kum�zDhcEc~`� ;�I,_�JAz�|O�lsx��o
���QQ)ւ�_�˧wcx&%�խmY d�z.yckhE*6\v|�$4|
��K@c�q@>a�v�E#`C��y��H
6�I�c_��LS|aBd ���A{Բqˎ2)�
um'%8�4C�>غQֺ%�b�L�k,>�iP70K�=ug .Ѫ�r!l�x@N)ohMwE-C���>$(+U`'+�~"�3v[��ś4!�Mp8C3 �ܐ~�hI��CO�w��ʍt�/�An�st��
6�[� '"(��ۂt�J-ic,#qEt�%�(Xp^'A֮v&�0lB��* '<;BU(];�x[9�ċoLa]||0V2z��fOFalhd%�GM`Wp�ۂ{BːXhW�"
.)�tfO˞勰��ANxAE�J,^��rX�ջco0�F_)ZuA��1�U��VB
(a��4AL?Q`ɟ>zTqޮ�75Pںi#WUT-_��ʢ��M��ߵ�q�,�ۿvy��FX瘿۩B�ZaQ g'YY6W%B�6r��y�Tm~X6g0y�aiѼ:ƙ"?j.��UM#%ӪrX5lQ�_z|>ݳz��q_jPpP�9/ ha�0�+)>�:-�hs�&�ǂ)0ЕMDM1�=fS��C�],@�=�P�&=B�4<1@Tz�E@�G7qV�̣kI������R"t$�:�R3 Gyh aF.�R��0G��,;r.Y;XpŔT�/$qoַ"%�����Ȋ�=D3ܛ>|��éoh�c9"7��'
W?A�20�t�/c'VΫ�@-fZ�4r?:�0n"���bY�L�;�)��~ax8�"�:+pF*1:��1UO ��x3g�U�ScDou0�|q@XlHu��vYnS<���� ��`l̳SY�� � gE�Pf(j@r0�Gcte�mrH�:� ο\P`X@__>��j>�}GM9ڧ2\0#�7oϦC�V�Qvlf�_YoDiB$taŞDP*M~-K(�_�$iOY�tYؠCMa�Tm_�nӗoձu(;�xOd�q���w�[X?8R 3G�x(2�LL��R:�_B�[n+<ʸ<\d�ɼ1~X+|aW�i.Qx�7�k�R)RS�`f0�IT�,.V(L�$qꄁE9�oQ>g�ZF�Wk�Jm}���Ǧc'=&>hH�;~eBD<*5N�
06-��W&ǖ3T
[�64R9l's�{$C�-�qԬO;rX%uKR}�VH�JH~�l(W+��pB�up18p\�B,ZoVPVh2ڎ�#q%lS){&w,xŕ>�`r�v���[�CIm鲽4d�?8^U1Дbq.¸^F[8RJ+Ll4寜we8pS�~3W8@;�*RMD�!}
���Q1C'GRVĸ�k=Dv¸�.���%r[)CYf";~�#�M
|
Network Security & Hardware 
