Feeds

Windows genuine disadvantage

A step too far?

SANS - Survey on application security programs

Comment A recent lawsuit filed against Microsoft should have all companies reexamining their privacy policies to determine what information they are actually collecting about customers and what they can possibly do with it.

What would you call a computer program that surreptitiously installed itself onto your computer, collected personal information about you without your knowledge or effective consent, was difficult or impossible to remove, installed pop-up banners that constantly harassed you, and presented significant security vulnerabilities?

If you were Los Angeles resident Brian Johnson, the answer would be simple. You'd call it Windows. Or more specifically, it's the anti-piracy software download known as Windows Genuine Advantage.

His class action lawsuit (PDF court documents available in linked article), filed in US federal District Court in Seattle, Washington on June 26, 2006, alleges that the Microsoft software violates California and Washington State privacy laws, consumer protection laws, and anti-spyware laws.

The outcome of the case may well dictate how companies package software, and more particularly how they promise privacy. This will apply not only to software companies, but also to any company that, either knowingly or not, collects certain "personal information" about visitors to its websites.

Genuine advantage?

In April 2004, with much fanfare, Microsoft announced a new program to protect the consumer from...well, from themselves. Ostensibly an anti-fraud program, the Windows Genuine Advantage (WGA) program was marketed as a means for individuals to determine whether the software on their system (that is, only the Microsoft OS software) was properly licensed.

In theory, the target for this program was people who bought computers with OEM Microsoft software which, unbeknownst to them, was not appropriately licensed. In theory, people who downloaded or obtained software off the web kinda knew or suspected that their free copy of Windows XP Professional might not be legitimate.

The WGA program was not really a consumer protection program. It was actually designed to protect Microsoft itself from people obtaining unlicensed copies of its Windows (tm) operating system, and forcing them to obtain actual licensed copies of the OS.

If you were the victim of fraud, and had unknowingly obtained a copy of the OS without a license, Microsoft's software did not help you obtain redress against the seller of the computer or OS. It merely offered you a mechanism to repurchase the software, at full price, from Microsoft itself.

Presumably, the consumer who obtained a perfectly functional computer from an OEM manufacturer at a fair market price (well, lets assume a slight bargain) was now given the opportunity to give Microsoft more money to prevent piracy.

I must admit some aversion to the term "piracy" - as it evokes images of peg-legged men with parrots swinging from riggings of Galleons with knives between their teeth demanding ransom - not someone who has obtained software without adhering to the terms of the End User License Agreement.

Captain Jack Sparrow with a modem? Software "piracy" is at worst theft, and more generally a breach of contract - not an armed gunmen taking hostages off the Somali coast. Congress' authority to regulate software piracy rests in Article I Section 8 of the Constitution, which gives them the ability, "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries". This is not the portion two clauses down which gives them the ability "to define and punish Piracies and Felonies committed on the high Seas, and Offences against the Law of Nations". Unless of course, you had a broadband connection on your Brigantine.

Indeed, those who were the "victims" of software piracy and who presumably wanted to "get legal" were the ones who purchased OEM products that were unlicensed - and they were the ones being forced by Microsoft to "walk the plank." Arrrrrrrrrrrrgh.

It's not like Microsoft was going after the OEM manufacturers and distributors of unlicensed product, obtaining monetary judgments and then giving that money to the purchasers of the products. No, the enforcement actions were aimed at obtaining license fees and civil and criminal sanctions for the company, all the while the company was claiming that the unwitting purchasers were the victims.

In fact, even if the Redmond giant successfully squeezed license fees or other sanctions from the OEM selling the unlicensed software, they still retained the right, through the WGA program, to go after the individual (and possibly unwitting) purchasers for the license fees again. Well, life 'aint fair. Deal with it.

The progression of security updates and unlicensed software

Now, make no mistake. The sale and transfer of unlicensed software presents serious economic costs to software manufacturers. The Business Software Alliance (PDF) estimated in its March 2006 report that for the previous year about 35 per cent of software on PCs was improperly licensed, and that worldwide the median piracy rate was about 64 per cent. In fact, the BSA estimated that, in 2005, for every $2 of software purchased legally, $1 was obtained illegally. This amounts to billions of dollars of losses - a sizeable portion of which must be for Microsoft itself. No wonder it instituted a program to protect itself. But did it go too far?

3 Big data security analytics techniques

Next page: Broken promises?

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.