WGA Verification Bypassed in 24 hours

Discussion in 'Windows Desktop Systems' started by kcnychief, Jul 29, 2005.

  1. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I guess that didn't take too long... :speechless:

    "On Tuesday, Microsoft made it mandatory for all users of its operating system to undergo a check for pirated software, called Windows Genuine Advantage. By Thursday, reports surfaced on the Web that a method had been discovered to disable the program.Bypassing WGA is as simple as pasting a piece of JavaScript code into the Internet Explorer address bar. The ease with which Microsoft's latest attempt at anti-piracy has been foiled is surprising, but it's not clear if Microsoft will even be concerned with the news."

    Full Article
     
  2. sean.ferguson

    sean.ferguson Moderator Folding Team

    Messages:
    1,693
    Location:
    Fife; Scotland
    yep, saw this over on digg.com earlier.
     
  3. napalmnthemorning

    napalmnthemorning Moderator

    Messages:
    721
    Location:
    OREGON
    If I read correctly there is also a .exe that does this automatically as well. Amazing, less then 24 hours.
     
  4. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    It was going to happen either way, time is all that's needed to bypass protection these days. Apparently Microsoft were stupid enough to allow this to be a very small portion of time.

    They secretly love piracy anyway :p, it boosts their market share a hell of a lot, they just need to be seen to be doing something about it.
     
  5. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I've actually seen this in action. A computer I was fixing, I tried to update through windowsupdate.com and I received the error that my copy of Windows was invalid! It said that I can't use the website, but as long as I have Automatic Updates configured through settings on my computer, I will still receive Critical Updates through that service. That's so lame....

    Block all the way, or not at all
     
  6. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Not really surprising now, is it? :)
     
  7. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    I've seen it in action too ;)
     
  8. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    No, it's not. But at the same time what will this accomplish? WOW, I have WMP9 and can't upgrade to WMP10. (Based on the fact that only critical updates will be allowed, not optional ones).

    Wow, I got my WinXP for free and now, since they caught me, I can buy it cheapter than Blue Collar Joe next door who shelled out $299 bucks for it.

    It just makes me sick...
     
  9. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I would really like to see something similar to WSUS pushed here. By this I mean how WSUS handles updates for all MS Products, where it be Office, Windows, SQL, etc.

    IMO, I think Office has a higher piracy rate than Windows, and if it doesn't it's close.
     
  10. zeke_mo

    zeke_mo (value not set) Staff Member Political User Folding Team

    Messages:
    1,984
    Location:
    Placerville, CA
    Dont get to bent over it :p. I used a bad copy of xp pro till I could get enough money together and buy a legit copy, this sort of thing works for ppl like me back when I was short on cash. If you have to money and you need it that bad you have to pay, but if you are like I was and used a bad copy they might figure that you are some teenager that cant afford that much(or want to pay at all). At least they are giving some people a chance?
     
  11. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I don't really think I'm getting "bent" lol...

    I just don't see why they are doing this on the level they are, do it 100% or not at all. :mad:
     
  12. melon

    melon MS-DOS 2.0 Political User

    Messages:
    854
    Location:
    Ásgarðr
    You have to look at the subtext behind any anti-piracy schemes. Microsoft or any company could make the most uncrackable scheme of all time--but, historically, they tend to piss off too many customers and they actually lose more money that way than through piracy. On the other hand, they cannot merely do nothing about piracy; they must look like they are making a stand. As such, they must do a balancing act to weed out the vast majority of software pirates, who are idiots, while not being so restrictive as to piss off the hardcore computer geeks, who will then spread bad press throughout the internet.

    It's mostly a game of psychology.

    Melon
     
    rushm001 and Petros like this.
  13. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Exactly. That's exactly what it is. :)
     
  14. rushm001

    rushm001 In the beginning...... Political User

    Messages:
    3,480
    Location:
    Norfolk, UK
    I agree with you there melon! :)
     
  15. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Hmm, good point indeed. However I feel that Microsoft has such a SOLID market share, that even if people got peeved, I really don't think that Open Office (for example) would stand a chance to take over the market. I really don't think "hardcore computer geeks" would get "pissed off" if Microsoft actually made a product that needed to be legit in order to be supported for updates. What type of bad press would be "oh, since I didn't but my product legally, I can't update it. They stink!"

    Good point, I wasn't trying to attack your opinion, but I just feel they should be more aggressive. In the movie for Vista Beta 1, they were talking about making the car for the "driver, not the mechanic." Which goes to show, IMO, they are gearing towards aggresively satisfying consumers. You don't really hear about a lot of piracy on the MAC side, and the users and consumers are happy as clams for the most part :)
     
  16. melon

    melon MS-DOS 2.0 Political User

    Messages:
    854
    Location:
    Ásgarðr
    Well, then you've got to ask yourself why Windows has had such a large market share versus Apple, who has actually declined in share since the G3+ era. Indeed, the biggest irony about Apple is that with all the iMacs and fancy advertising, their percentage of the market has declined.

    I can't exactly explain the phenomenon, but the more "open" a computing technology is, the more popular it will be. It's held true too, back in the dawn of PC computing, when all of our current CEOs were back hacking Altair machines in the 1970s. And then back in the 1980s, the software industry had to remove copy protection from all their diskettes, because no one was buying them anymore with it enabled. And now Linux. If it weren't hackable, it would be as obscure as Solaris currently is--and now Sun has made Solaris open with the hope that it will become as popular as Linux.

    If Microsoft became air-tight, what would more likely happen than not is that all the computer geeks would flee Microsoft entirely to move to an OS that they could hack. Then, since the media is generally populated with geeks, the only OS they will talk about is the one that they are currently playing with. Windows loses media attention and then suffers a drop in market share.

    It's funny, but that's seemingly how it works.

    Melon
     
  17. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Good argument, I really didn't think of it that way.

    It makes sense too, something people can get ahold of easily does influence creativity and exploration.
     
  18. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Wonder how long this will stay in place... :D
    http://microsoft.weblogsinc.com/entry/1234000533052770/

    "Microsoft has updated the Windows Genuine Validation tool to circumvent the hack exposed last week that allowed the system to be bypassed with a snippet of JavaScript code. The Validation is now a two-step process that first generates a code and then has you copy and paste that code to complete the process."
     
  19. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Too many steps involved to download something.
     
  20. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I've seen this actually, I thought it was quite odd. A few things to note:

    • The code is copy-and-pastable. I think this exploit can further be accomplished in code. MS should make it a password field that is not succeptable to such formatting.
    • Once validated, if you emtpy temp internet files you have to validate again. Can't they just put a flag in the registry that you have been validated and not have to jump through these hoops so much?
    Step in the right direction, but still buggy :)

    I guess I'm just never satisfied :eek: