antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
| reply to ZOverLord
Re: Microsoft Piracy Check Comes Calling
... it would be reasonable to surmise, after reading this thread and the results some legit users have documented, that this 'update' may be part of some larger agenda ... the lack of removability (after it was expressly stated as removable), the constant re-validation, the incessant nagging, all should be enough to make a thinking person wonder what's really behind this ...
... this new trend towards 'criminalizing' your customer base is, ummm ... interesting, shall we say ...
... it would appear the 'Advantage' in Windows Genuine Advantage is all Microsoft's ...
--
... "that good old-fashioned Medicated Goo" ... |
|
amungus
Premium
join:2004-11-26
America
clubs:
| reply to ZOverLord
Yes, I checked "show updates" and it does not appear in the list. KB900485 does, the other update about "echo cancelling" or some such nonsense...
Is there another way to check that it even installed right??? files/folders, hijack this logs??? if so, I could check it out and post back after lunch.
I think it's a (legit) corp/site licensed install. It was an imaged install, so I am guessing it was simply from the site license.
At least MS isn't suing people (yet).
I would like to see a poll, somehow, of users who have purchased XP (home or pro) yet have used, or do use a copied version of the software.
I would bet that a LOT of those have bought the real thing may also have used a "copy" anyway and just don't want the bother of all the annoying "features" present in the "real" version. |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | You could run Windows Update and look at the update history to see if it's there.
You can also see this post concerning the files installed:
»Microsoft Piracy Check Comes Calling
And this one :
»Microsoft Piracy Check Comes Calling
The new WgaLogon is evident in the registry, and the Hijackthis log .dll as shown.
From the sound of it, I don't think it's installed on your machine....yet.
(Edited for proper links) |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
| reply to ZOverLord
I'm guessing the results of this poll might look a little different if taken now.
»How do you like your updates served to your Mother's System?
--
A silver bullet without a gun is just a fancy rock. |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
4 edits | reply to ZOverLord
Just a heads up on some questions I have seen.
There are as was stated before in the thread:
»Microsoft Piracy Check Comes Calling
3 files installed for this:
\WINDOWS\system32\WgaLogon.dll
\WINDOWS\system32\WgaTray.exe
\WINDOWS\system32\LegitCheckControl.dll
The Install Log for this, which seems to be the only trace of installation output is in:
\WINDOWS\WgaNotify.log
A check is done on each startup and at each logon.
WgaTray.exe seems to have the ability to force a purchase of Windows at some point.
Not only NAG pop-ups will appear but also Balloons as well.
If any of the files are changed, looks like based on MD5 and/or Last Modified date, the Notify Update will re-install via Updates.
Personally, I have no gripe about the check, I am however very concerned about the "Legal Precedence" being set with the inability to remove this, and here is why:
Practically speaking, even with a legit license you still only have a "License" to run this software. So what will stop others doing the same to protect their "Licensed Products"?
If other software vendors decide to use similar methods "Inability to remove checking software" ("Including Microsoft") and any of their files or methods used can be modified or exploited we are in big trouble.
So this concept of the owner of a system NOT being able to remove things will define "What is ownership?".
I am sure Microsoft could have come up with methods that if this was removed it could be force installed again, however making it un-removable is setting a precedence that others will follow, and soon, and that hackers will abuse by finding methods using the basic nature of this.
Also, it should just be a small window of time before someone decides to create an exploit to make your "GENUINE" copy of windows appear to be "Non-Genuine" and flood you with NAG information as a sick joke.--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| reply to ZOverLord
Wow they never stop.
I'm Curious if this is what happen the other day on my ligit copy I have updates disabled!!! Unluss i want to go get them. Anyhow somthing shutdown MY ZoneAlarm So i went looking in my Command prompt via netstat etc.... and found »https:// connections to microsoft. my bet is that they can check whether their is user intervention or not.
Good thing I have the Email from microsoft for the New key that they sent me.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!! |
|
amungus
Premium
join:2004-11-26
America
clubs:
| reply to ZOverLord
3rd time's the charm... ran a windows update, and it said it installed... showed in the add/remove programs update list, but none of those files listed were in win\sys32 folder... ran another update, it wanted a reboot, and now it's fully loaded.
what a waste of about 5 minutes.
Sorry for having to have you folks re-post those files, I should've read the whole thread a little more carefully.. thank you for bearing with me on that and helping to verify if the thing was installed right!
Yeah, I bet that poll would be a little different now salzan.
All I'm saying is that while there will always be the polar opposite sides of people who see illegitimate copies as all bad, and legit only as good, there is a middle ground where there simply must be some "honest" people who have resorted to a copy. It's these people I think who are misrepresented, and who I think should rightfully stand up and say enough is enough. On that note, if MS would offer a reasonable compromise in the next OS versions, I bet people would buy it up and the 'multi-machine' (home/soho site license idea I mentioned earlier..) version would outsell all others, and even break sales records of previous versions of Windows.
Look at the avg. household with a computer, might have 2+ PC's these days on avg...
Look at ANY router/switch sold for the home/soho user, 4 ports on the back... Coincidence?
Would this resemble the 8-pack of hot dogs and 6-pack of buns kind of thing? I just can't fathom why MS wouldn't consider such an option...
What is it now, you can get 1 solitary license, or a "site" or "corporate" license for 100's+++??? Why can't there be a middle ground on that? I know most people buy prepackaged systems that come with the OS, but what about upgraders, experimental/builder types, soho folks, families, small labs of 4-8 computers, repair shop types, and maybe even the "casual pirate" types who just don't want to be bugged? Even if they sold this to a fraction of a fraction of those markets, they would take up more business, bring back customers, and maybe even gain a little in the PR dept. |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  reply to ZOverLord
GAN means...
Ha!
Genuine Advantage Notification = GAN = NAG spelled backwards. --»it.slashdot.org/comments.pl?sid=···15205453
I installed GAN thing on my office machine. I noticed the Symantec Client Firewall said: An instance of "C:\WINDOWS\system32\wgatray.exe" is preparing to access the Internet.
I blocked it even if this Windows XP is legit. MS doesn't need to know about my computer.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
OZO
Premium
join:2003-01-17
| reply to ZOverLord
Re: Microsoft Piracy Check Comes Calling
First it was Activation check. It was working once at activation time and it got my understanding and support. Every one went through that when he/she installed OS.
Then we've got "Windows Genuine Advantage" that begun to check computer every time one downloads a bug fix for that OS from WU. WGA may be uninstalled, but then it's required to be installed again.
Now they want to check computers with this brand new "Genuine Advantage Notification" tool. This check is done every time one starts computer or logon into it. Tool can't be uninstalled, but still be visible.
The main question is - what's the next - installing root kit that will check if OS is legit every 5 min, or when you save a file on HD, or press any key? And what it will sent about my computer every time? It becomes a manufacturer's paranoia  and should be stopped ASAP.
--
Keep it simple, it'll become complex by itself... |
|
drwiii
join:2006-04-26
Baltimore, MD
| reply to ZOverLord
If you think Windows starts up slowly enough as it is, you can disable WGA by removing the execute bit on WgaLogon.dll. That way, winlogon can't call it as a notification package at boot, and since WgaLogon is responsible for running and maintaining WgaTray.exe, no more tray popups either.
And since the read bit is still there, you won't trip Windows Update to force you to reinstall it; the DLL still matches with the WU catalog and all the WGA registry keys are still in place. |
|
trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs: | Has anyone noticed slower boots after installing this? |
|
wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| reply to drwiii
said by drwiii  :If you think Windows starts up slowly enough as it is, you can disable WGA by removing the execute bit on WgaLogon.dll. That way, winlogon can't call it as a notification package at boot, and since WgaLogon is responsible for running and maintaining WgaTray.exe, no more tray popups either. Out of curiousity, how does one remove the execute bit??
TIA |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | reply to drwiii
would unregistering the dll be similar to removing execute bit?
Cudni |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
1 edit | I tried that and it didn't work. One can try setting Read & Execute to deny. Or renaming the dll, I tried that and no fits and WU worked fine but of course it will detect that it isn't installed and display it again.
I am guessing this is no more than an extension of WGA. If WGA says you're fine then I don't think this new thing will change anything. If it detects that WGA failed then that might be where it comes into play. |
|
wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH | reply to ZOverLord
Anyone try to use goback and not install again?
puritan |
|
Cheese
Premium
join:2003-10-26
Naples, FL
clubs:
| reply to antiserious
said by antiserious :said by nil : What else do they have the right to do on your pc? ... I think that's going to be the next big concern, as vendors and 'regulators' become ever more intrusive ... it's already not your O/S, and with DRM lurking, one has to wonder - will they actually be your files, your folders, your programs ? ... will it really be your computer ? ... ... I just wonder about MS's real motives in all this, I really do ... China bootlegs thousands and thousands of O/S's a day, and we make nice with them (they have whole cities devoted to copying goods, half their country's a knock-off) ... choosing to go after the individual would seem an inefficient way to truly stop piracy when compared to the flood of bogus product flowing from overseas ... admittedly MS has less legal leverage in other countries, but will antagonizing legit users to stop a trickle really make a difference when there are rivers of bootlegs flowing elsewhere ? ... ... I've long ago shut down auto-update (I prefer to manually install their fubar's), so this isn't an issue for me, but I suspect there's more here than simply verifying legitimacy ... stay tuned ... Thousands of OS's? |
|
drwiii
join:2006-04-26
Baltimore, MD
| reply to wentlanc
said by wentlanc :Out of curiousity, how does one remove the execute bit?? NT ACLs can sometimes be a pain to work with. First of all, let's make sure Windows will let you access the ACL dialog from the GUI:
•In explorer, go to Tools > Folder Options. Then, go to View > Advanced Settings and uncheck "Use simple file sharing". Hit OK.
Now, let's change the permissions for WgaLogon:
•In the Address bar, type (without quotes) "%WinDir%\system32" and hit enter.
•Scroll down to WgaLogon.dll, right click on it, pick Properties. Go to Security.
•Hit the Advanced button, uncheck the Inherit box at the bottom, hit the Copy button, then hit OK.
Now we have a local copy of the ACL which we can modify.
•Go through each listed user/group and remove the "Read & Execute" permission for that file, leaving the "Read" permission as-is.
•Hit OK to apply the permission changes and close the file properties dialog. Restart the machine.
You can now turn "Use simple file sharing" back on, if you want. |
|
wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Thank you. I actually figured it out, and am almost ashamed of my ignorance. BTW, I tried it and it works. You have to uncheck the Inherit from Master to remove the inherited rights from the system32 folder. Then modify the rights and remove execute rights. No longger running at startup, and no longer running in the taskbar.
puritan |
|
suvbuyer
@dslextreme.com | reply to jabarnut
microsoft is sneaky, didn't stall this update and never will. Do microsoft think that people that are running pirated version of windows don't know it already |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | somehow i'm sure there a lot of people who don't know, for whatever reason, that they use an unlicensed copy.
Cudni |
|
