Posted on 06/21/2005 4:48:45 AM PDT by CarrotAndStick
NEW DELHI: Breaching the much touted "impenetrable" Window Genuine Advantage (WGA) of Microsoft, an Indian researcher has shown the global software leader how fragile its claims were.
With a potential to hurt Microsoft's business across the world, Debasis Mohanty has broke open WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of Window XP programme.
Microsoft confirmed the claims of the Bangalore-based rsearcher Debasis Mohanty but sought to downplay it saying "it represents very little threat."
A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.
WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.
Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.
Using a secondary Microsoft validation tool called 'GenuineCheck.exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's Download Center on a PC, he said.
"But the present case is more of an individual method of pirating. The company does not see this as too different from people who take legitimate software, burn it to a CD and distribute it to their friends," the Microsoft official said.
The threat is mitigated because the keys generated by the genuineCheck tool expire "rapidly". So they will be very difficult to share, the MS representative said.
"A pirate with a genuine copy of Windows XP could simply run the GenuineCheck.exe file used during the WGA validation program to generate a key code," Mohanty said.
"This key code can be used to circumvent the WGA check on the machine running a pirated copy of Windows XP," he said.
The GenuineCheck.exe tool used to bypass the check is meant to provide an alternative way for users to prove that their copy of Windows is genuine, he said.
'GenuineCheck' generates a code that can subsequently be used to validate a pirated copy of Windows. However, a PC running a legitimate version of Windows is required to run the GenuineCheck tool, the researcher said.
He provided step-by-step instructions on how the system can be cheated and noted that his tests showed that the updates to the machine using the pirated copy were up and running for almost two months.
All I know is this: While I was using MS Internet Explorer, my machine bogged down unbelievably, and every time I got on the 'net, I'd run my Ad-Aware freebie and catch anywhere from 6 to 20 spyware cookies.
Then I downloaded and installed Mozilla Foxfire, which has solved practically all of the problems. The machine is running normally, and I rarely see any spyware anymore.
Another curious thing: I like to keep Free Republic as a home page, but when I changed the startup URL in MSIE, my DSL would automagically change it back to Yahoo. That no longer happens with Mozilla.
My experience is that many Microsoft programs are sloppily written. There are exceptions, although even Excel has been infested with a plague of "features". The games I have seen look OK.
Microsoft refuses to structure their operating system programs, probably to keep folks from making unauthorized plug ins or even make (horror or horrors) application programs that work properly. Folks might "copy the code".
Human beings cannot keep track of what is going on in unstructured programs. Even very bright human beings.
In the long run Microsoft cannot survive doing what they are doing, nor survive changing, either. House of cards. And boy, do they know it.
Not to me. I have my Win2K Pro and a couple of OEM issues of NT 4.0 WS, and I just don't want or need XP. The NT 4.0 runs faster on my old 350 MHz than XP runs on a 2.0 GHz, and about the same speed that the Win2K runs on my 1.0 GHz. I just don't see - at this point, anyway - wasting time and money on anything else.
Everything's running fine; if it ain't broke, don't fix it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.