Does Microsoft’s Windows Genuine Advantage Program Qualify as Spyware?

March 8, 2008 – 6:33 PM

If it looks like spyware, acts like spyware, and transmits information like spyware–it’s practically spyware, say some antispyware makers of the antipiracy features in Microsoft’s controversial Windows Genuine Advantage (WGA) program.

Other antispyware firms aren’t so concerned. “Microsoft has every right to protect itself from piracy,” says J.J. Schoch, director of marketing at Panda Software.

Generally, spyware is defined as unwanted software that collects information about a computer user and/or the PC itself and transmits it back to the software publisher without informed consent by the computer user.

The WGA antipiracy program works in conjunction with Windows Update to check whether the Windows operating system on a machine has a valid license. Two class-action lawsuits have been filed against Microsoft in recent weeks alleging that WGA is spyware.

Background

When introduced last year, WGA, which checks a user’s copy of Windows XP to ensure it is not counterfeit or pirated, ran only on Windows-based PCs when a user installed the company’s Automatic Updates feature.

In April, Microsoft updated WGA, which is still a pilot program, with a Notifications tool that checked the legitimacy of Windows on a system, regardless of whether the Update services were being used. Microsoft agreed to revise Notifications in late June. The company now says the software will check only periodically (not daily) as to whether a version of Windows is genuine.

For more background on WGA, WGA Notifications, Microsoft updates to the program, information on the wording of the software’s EULA agreement, and several ways to remove the WGA Notifications tool, read PC World Staff Editor Erik Larkin’s take on these topics.

Firewall Leak Tester also offers a download that should remove the WGA Notifications tool from your PC.

Pros and Cons

Some antispyware vendors say controversial features of the WGA service are prompting them to consider putting it on their companies’ spyware blacklists, while other firms in the same business say recent hysteria over the program and lawsuits like the one filed in Seattle are without merit.

“WGA was indistinguishable from other seedy spyware firms in the Caribbean that steal data off your PC without proper permissions,” says Eric Howes, director of malware research at antispyware software maker Sunbelt Software. The firm does not currently classify WGA as spyware, but Howes says a change in status for WGA is under consideration. He acknowledges that Microsoft has since responded to the public outcry and done a better job of informing consumers about what WGA is and what information it collects.

Panda’s Schoch, on the other hand, says that the consumer uproar over WGA is somewhat confusing to him. He points out that the same people who don’t trust Microsoft’s WGA features are willing to entrust large amounts of Microsoft programs with personal data. “After they’ve trusted Windows with their personal e-mail and tax information, now they are worried about an innocent file check over the Internet?” he asks.

Microsoft acknowledges that WGA collects hardware and software data but maintains that the data is used only to verify that one copy of an OS has been registered on one computer.

Bad Guys Getting Involved

Schoch points out some cybercrooks are now distributing a worm masked as Microsoft’s WGA through America Online’s popular AIM instant messaging service. These are the threats that currently top his list of WGA concerns.

Panda and other security firms also are warning the public of the worm that is disguising itself as WGA features in Windows. The worm is capable of disabling a PC’s firewall and leaving the system vulnerable to outside control.

Other Concerns About WGA

Other WGA-focused security concerns come from antispyware firm Webroot Software, which says that systems that do not pass WGA validation are not eligible for important Windows security updates and Microsoft security features like Windows’ firewall.

“Pirated or not, a computer that is blocked from security updates and features makes the entire Internet more dangerous for all,” says Vinay Goel, vice president of worldwide marketing. That’s because cybercrooks can more easily exploit nonsecure PCs to distribute spam, viruses, and worms and also to carry out cyberattacks.

In an informal test running an unvalidated version of Windows XP Pro, PC World could not update a test PC while using Windows Update to download the Windows security update Service Pack 2.

An antispyware expert for SurfControl says that the practice of having programs make stealthy communications back to software publishers is here to stay and will only grow more prevalent as software continues to be sold as a service rather than a shrink-wrap software product.

“Programs need to communicate back home, whether it’s for a software update, patch, upgrade, or to check to make sure that the version being used is bought and paid for,” says Jim Murphy, SurfControl’s vice president of product marketing.

Better Communication Helpful

The one area in which antispyware firms are in agreement is that Microsoft implemented WGA poorly, and has not done a good job of obtaining the clear consent of its users.

Sunbelt’s Howes gives Microsoft a grade of D- when it comes to obtaining users’ consent for WGA. He contends that by Microsoft’s own spyware definitions in its antispyware software Windows Defender, WGA would be considered spyware. “Microsoft needs to realize the rules also apply to Microsoft,” Howes says.

A spokesperson for antispyware vendor Seriniti agrees. Lawrence Phipps says Seriniti doesn’t consider WGA spyware, but says that “if it walks like a duck, and talks like a duck, you might as well call it a duck.”

http://www.pcworld.com/news/article/0,aid,126387,tk,nl_dnxnws,00.asp

PayPal Security Flaw allows Identity Theft

March 8, 2008 – 6:32 PM

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar. The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).

When the victim visits the page, they are presented with a message that has been ‘injected’ onto the genuine PayPal site that says, “Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.” After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-In page. At this crucial point, the victim may be off guard, as the paypal.com domain name and SSL certificate he saw previously are likely to make him realise he has visited the genuine PayPal web site ? and why would he expect PayPal to redirect him to a fraudulent web site?

If the victim logs in via the fake login page, their PayPal username and password is transmitted to the fraudsters and they are subsequently presented with another page which requests them to enter further details to remove limits on the access of their account. Information requested includes social security number, credit card number, expiration date, card verification number and ATM PIN. The server currently running the scam is hosted in Korea and is accessed via a hex-encoded IP address. The Netcraft Toolbar already protects PayPal users by blocking access to this site.

UPDATE: Paypal has now addressed this vulnerability. A company spokesman said Paypal is working with the Internet service provider that hosts the malicious site to get it shut down, and does not yet know how many people may have fallen victim to the scam.

http://news.netcraft.com/archives/2006/06/16/paypal_security_flaw_allows_identity_theft.html

XP’s No-Reformat, Nondestructive Total-Rebuild Option

March 8, 2008 – 6:31 PM

It’s one of those software design decisions that makes you scratch your head and wonder, “What were they thinking?” The “it” in this case is XP’s most powerful rebuild/repair option, and yet Microsoft chose to hide it behind seeming dead ends, red herrings, and a recycled interface that makes it hard to find and (at first) somewhat confusing to use.

But it’s worth exploring because this option lets you completely and nondestructively rebuild, repair, or refresh an existing XP installation while leaving already-installed software alone (no reinstallation needed!). It also leaves user accounts, names, and passwords untouched and takes only a fraction of the time a full, from-scratch reinstall does. And unlike a traditional full reinstall, this option doesn’t leave you with two copies of XP on your hard drive. Instead, you end up with just the original installation, but repaired, refreshed, and ready to go.

We’ve saved this technique for last in our discussion of the various XP repair/rebuild options because the fixes we’ve previously discussed are like first aid–the things you try first. For instance, see this discussion on removing limitations on XP’s Recovery Console, turning it into a more complete repair tool; or this discussion on the Recovery Console’s little-known “Rebuild” command that can cure many boot-related problems. (There’s also lots more on the Recovery Console here.

But when the Recovery Console techniques don’t work, and you’re facing the prospects of a total reformat/reinstall, stop! Try the no-reformat reinstall technique we’re about to illustrate, and you just may get your XP setup running again in a fraction of the time and with a fraction of the hassle of a grand mal wipe-and-restore.

Read the rest of the story along with screenshots…

Users of Aged Windows Face Risk

March 8, 2008 – 6:30 PM

Microsoft warned Friday that customers face security risks if they use some of its aging operating systems after it ends support for them in July.

The systems affected are Windows 98, Windows 98 Second Edition, and Windows Millennium Edition. Support will end on July 11, the next date for Microsoft’s monthly security patches and software updates.

Security updates will also end, a posting on the Microsoft Security Response Center said.

Tough Fix

Microsoft said it wasn’t feasible to make extensive changes to Windows Explorer to eliminate a security vulnerability since the underlying architecture of Windows 2000 is much less robust, wrote Christopher Budd, a program manager with Microsoft’s security response center.

“Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system,” Budd said.

As a result, applications may not run on the updated system, he said.

Microsoft advised those still using the operating systems put them behind a perimeter firewall that filters traffic on TCP port 139, which will block attempts to exploit the problem, Budd said.

Further, support for Windows XP Service Pack 1 will end on October 10.

http://www.pcworld.com/news/article/0,aid,126041,tk,nl_dnxnws,00.asp

Take Back 20% Of Your Bandwidth From Windows XP Pro and 2000

March 8, 2008 – 6:29 PM

Microsoft reserves 20% of your available bandwidth for its own purposes (suspect for updates and interrogating your machine etc..) Here’s how to get it back:Click Start > Run and type gpedit.msc

This opens the group policy editor. Then go to:

Local Computer Policy > Computer Configuration > Administrative Templates > Network > QOS Packet Scheduler > Limit Reservable Bandwidth

Double click on Limit reservable bandwidth. It will say it is not configured, but the truth is under the “Explain” tab:

By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default.

So the trick is to ENABLE reservable bandwidth, then set it to ZERO. This will allow the system to reserve nothing, rather than the default 20%.

Works on XP Pro and 2000.

http://www.googlecommunity.com/about6457.html