X

Microsoft's antipiracy tool phones home daily

Company vows to notify people better about Windows Genuine Advantage's check-in feature, as a critic likens it to spyware.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
Microsoft has vowed to better disclose the actions of its antipiracy tool once it is installed on Windows PCs.

The tool, called Windows Genuine Advantage Notifications, is designed to validate whether a copy of Windows has been legitimately acquired. However, it also checks in with Microsoft on a daily basis, the company confirmed Wednesday.

This has alarmed some people, such as Lauren Weinstein, a civil liberties activist, who likened it to spyware in a blog posting.

Microsoft disputes that notion. It said that WGA's regular call home is innocent and done for necessary maintenance purposes.

"The WGA Notifications program checks a server-side configuration setting to determine if WGA should run or not," a company representative said in an e-mailed statement. "As part of the pilot, this gives Microsoft the ability to disable the program if necessary."

No meaningful data is exchanged during the check-in with Microsoft, which happens after a computer starts up, the software maker said. Regardless, the company does receive a user's IP address and a timestamp, Weinstein said in his blog posting.

"We can argue about whether or not the tool's behavior is really spyware," Weinstein wrote on his blog Tuesday. The question is whether Microsoft has provided sufficient notice, he added.

Microsoft acknowledged that it has not been forthcoming enough about the antipiracy tool's behavior, but countered that its tool is not spyware, since it is not installed without a user's consent and has no malicious purpose. Still, Microsoft is considering several options to make its actions clear to the user, including amending the software license, the company representative said.

Microsoft launched WGA in September 2004 and has gradually expanded the antipiracy program. It now requires validation before Windows users can download additional Microsoft software, such as Windows Media Player and Windows Defender. Validation is not required for security fixes.

Originally, people had to validate their Windows installation only when downloading additional Microsoft software. Since November last year, however, Microsoft has been pushing out the WGA Notifications tool along with security updates to people in a number of countries.

The first time that a user runs WGA Validation to check if their version of Windows is genuine, the information sent to Microsoft is the Windows XP product key, PC maker, operating system version, PC bios information and the user's local setting and language. Microsoft discloses that this information is sent in the WGA tool license.