Windows copy protection defeated(1 line of JavaScript allows systems to ignore authentication check)

vnunet.com ^ | 01 Aug 2005 | Tom Sanders

[nickcarraway]

Single line of JavaScript allows systems to simply ignore authentication check

Hackers have found a way to circumvent a check in Windows that aimed to prevent users of pirated copies from accessing software updates.

By pasting a special JavaScript command in the address bar of the browser, users can disable the Windows Genuine Advantage 1.0 check that Microsoft took live last week.

The Microsoft technology uses an ActiveX tool to force the user to go through an authentication check before he is allowed to access certain download sections on the Microsoft.com website. The JavaScript command simply instructs the computer to disable the WGA check and take the user straight to the downloads.

Users of pirated Windows copies still get access to security updates without passing the WGA check.

In addition to blocking users of pirated copies, the WGA check also unlocks access to a set of free software applications that Microsoft values at $450. Another part of the programme gives qualifying users of pirated copies the chance to buy a legal licence and swap in their software CD for a genuine one.

A spokesman for Microsoft acknowledged the hack to vnunet.com.

"Because of the high value that we provide to Windows Genuine Advantage users, we're not surprised that hackers try to circumvent the safeguards," he said.

Microsoft is investigating the hack and will take action to disable it.

The spokesman further pointed out that this isn't a security vulnerability and that users aren't put at risk.

Last May an Indian security consultant published another workaround that allows users to circumvent the WGA check by entering the validation key that the software provides on multiple machines.

[Jason_b]

I get the feeling this script is just about downloading software. What about the activation itself?

[fireforeffect]

odd.

Auto CAD was originally written for UNIX.

[Wonder Warthog]

"Auto CAD was originally written for UNIX.

There are any number of high-end CAD products for "UNIX" workstations, but not for "LINUX". Why that is so, I have no idea.

[zeugma]

Do you have any experience with LinuxCAD? I don't use CAD software, so it may well suck :-)

[Lost Highway]

Can you say what company?

[zeugma]

After digging through that Linuxcad site, I have not much hope for the product. It seems like whoever is running the "company" is somewhat lacking in tact, and it would not appear as though English is his/her primary language.

I've found some really cool stuff from some whacked sites before so that doesn't necessarily mean much. The lack of demoware would tend to argue against them as demoware in some form is pretty much standard these days.

[null and void]

The spokesman further pointed out that this isn't a security vulnerability and that users aren't put at risk.

So this one they'll fix promptly...

[savedbygrace]

In addition to blocking users of pirated copies, the WGA check also unlocks access to a set of free software applications that Microsoft values at $450.

Which free apps are these?

[opticoax]

Microsoft "Genuine Advantage" cracked in 24h: window.g_sDisableWGACheck='all'

AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours." Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter: javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

[konaice]

CAD (as in AutoCAD compatible). I've yet to find a decent Linux CAD package.

True, but a friend of mine runs his AutoCad under VmWare on Linux.

[konaice]

I was hoping to be able to rid myself of the desktop and once again have a desk I could use. Nope. I continually run into problems with the automatic “protections” built into XP. I have never had a virus – other malware yes, but nothing really destructive.

Well, while you still have the all the Restoration CDs Nuke it all and install SuSE 9.3. (In fact you can install SuSE WITH windows still on the box and it will shirnk the windows partition for you).

SuSE comes with at least 3 office suites, and the will read and write Office Documents just fine.

[savedbygrace]

No, I wanted to know about the $450 of free software.

[R. Scott]

No problem putting Linux with Windows?

[ShadowAce]

I havre a box that dual boots Linux and Windows--no issues.

I also run Windows inside a windows in Linux. No issues there either.

[Wonder Warthog]

"True, but a friend of mine runs his AutoCad under VmWare on Linux."

Which may be the route I ultimately take.

[R. Scott]

I might give it a try. Thanks.

[ExDemSince92]

Can you say what company?

Nope. Non-disclosure agreement.

[konaice]

No problem putting Linux with Windows?

Not with the right Linux distro... The How-To is here

Usual disclaimers apply.

[konaice]

The big sticking point are the apps they download and install. (These are small businesses where people can get away with that sort of thing) Little photo albums and such. They no longer have the ability to amble over to OfficeMax or Staples to buy software. This is anther concern.

I would say thats a GOOD THING(tm).

The crap-creap that happens when you allow just anyone to decide what to put on a company machine is one of the major problems.

I actually had someone try to install Norton Antivirus on their Linux box. (They got nowhere of course, but they did get an education). Its so nice to get back all the performance you lost to the anti-virus crapware.

[R. Scott]

Good! It even has the free evaluation version to check out. I’ll give it a try for free. I hate spending bucks on things that fail to work for me.