Also, Windows Genuine Advantage Notifications is different than Windows Genuine Advantage Validation. RemoveWGA only removes the notification part, phoning home, and does not touch the Validation part. As the time I’m writting this, the Validation part is mandatory for some not critical downloads from Microsoft, but the Notification part is not mandatory at all, and you are able to install all of the security updates without installing this one. This may change in the future thought, I don’t know what are the Microsoft plans.
WGA Notifications is a component of Windows Genuine Advantage, an anti-piracy program implemented to detect counterfeit copies of Windows XP. The first piece of this initiative, WGA Validation, was launched in July 2005.
The new sparked an outcry from privacy advocates who noted that Microsoft would know the user’s IP address and the time they connected. Microsoft responded quickly, explaining that the feature was designed as a “safety switch” that would let the company disable WGA Notifications during the pilot phase if need be.
Now that testing is completed, Microsoft is delivering a new version of the tool to customers. The update no longer checks a configuration file located on Microsoft’s servers, but the program will still communicate with the company periodically.
When asked how often customers’ computers will connect to Microsoft, the company told BetaNews, ” The frequency varies depending upon license type, but typically takes place every 90 days or so. This enables Microsoft to update our list of bad keys, and ensure that newly discovered counterfeits are not proliferating.”
Microsoft has also changed the End-User Licensing Agreement (EULA) to more clearly specify the purpose of WGA Notifications. Although users rarely read such agreements, the company says it provides details on what customers should consider before installing the tool, along with an updated privacy statement covering its behavior.
Users can choose not to install the new version of WGA Notifications, Microsoft says. The company is providing instructions on how to remove the previous version of the software for those who do not want to upgrade. However, it’s not clear whether WGA Notifications will install automatically through Automatic Updates in Windows.
In addition, Customers who do not install WGA Notifications will have the same restrictions as those with a non-genuine copy of Windows. Critical security updates can still be obtained through Automatic Updates, but no other downloads can be made through the Microsoft download center or Windows Update.
All English, Spanish, French, German, Italian, Dutch and Brazilian Portuguese users of Windows XP running Automatic Updates will soon be offered an updated package with a new version of WGA Notifications, Microsoft said.
Users who may have unknowingly purchased counterfeit software are eligible for a free genuine copy at no cost as long as they fill out a piracy report as well as provide proof of purchase and surrender the counterfeit CDs. Microsoft says about 60% of users promoted to install WGA do so.
RemoveWGA – http://www.firewallleaktester.com/removewga.htm
A security analyst has released a tool that lets users remove Windows Genuine Advantage Notification, part of Microsoft’s controversial campaign against software counterfeiting
“That, along the fact that Microsoft used deceptive ways to make you install this tool… makes me call (WGA Notification) spyware,” Kaddouch said in a note accompanying the release of RemoveWGA.
Windows Genuine Advantage includes two main parts: WGA Validation and WGA Notification. Validation checks that an instance of Windows XP is properly licensed, and is required for some Windows updates. If the copy doesn’t check out, Notification repeatedly reminds the user to upgrade to a properly licensed version of Windows.
Microsoft maintains that users only install the programs by choice, but once installed, neither is designed to be removable.
As Microsoft admitted this month, Notification also checks back with Microsoft once a day even if the licensing check is successful, something the company hadn’t previously made public. Microsoft said the procedure is necessary in case something goes wrong with the program and it needs to be disabled, but has said it will modify Notification to check back only once every two weeks. It said the failure to make public the phone-home behavior was an “oversight.”
“Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot,” Kaddouch wrote.
Kaddouch told Techworld he developed the tool based on proof-of-concept workarounds that have recently been released by security researchers. “All of the necessary information was already available in some security forums on the net, I’ve just had to compile them in one automatic program,” he said. “You can easily disable the WGA notification manually, there are different ways.”
He noted that the procedure poses a risk for corporate networks, and that Microsoft slipped it onto many users’ computers without their knowledge – the company classified it as a “critical” update, causing many to install it without knowing what it was.
For the even more paranoid, RemoveWGA can also be set to run a periodic check in the background, notifying the user if it finds WGA Notification has been silently installed, Kaddouch said.
Microsoft did not respond to requests for comment.
Users have been industrious about picking holes in WGA, beginning a day after the system went into effect last August.
WGA will be embedded within Windows Vista, Microsoft has said.
The software maker has been delivering a prerelease version of Windows Genuine Advantage Notifications software to PCs as a “high priority” item in the built-in update feature in Windows. The tool, also known as WGA Notifications, is used to validate the authenticity of Windows software installed on a PC.
The move is a first for the software maker. Microsoft normally asks people to join test programs before it initiates the download of any such trial software.
“I don’t think that we have done it before,” David Lazar, director of the Windows Genuine program at Microsoft, told CNET News.com on Monday. “WGA Notifications is a unique program.”
Microsoft has been expanding its effort to distinguish pirated copies of Windows from legitimately acquired ones. The original WGA program, launched in September 2004, calls for people to validate their Windows installation when they download additional Microsoft software from a Microsoft Web site. In November, it introduced the separate WGA Notifications program. It now sends prerelease WGA Notifications software to people in a number of countries, including the United States.
But some security experts are troubled by Microsoft’s decision to deliver prerelease software to millions of Windows users without clearly notifying them. People may not realize they are participating in a trial and have in essence become unsuspecting guinea pigs, they said.
“It shouldn’t be offered to such a wide audience without more notification of the fact it is beta,” said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. “Even with more notification, I think it should not be offered in the way it is.”
Microsoft notes that this is “prerelease software” in the user license, which is displayed when WGA Notifications is about to be installed. People can decline the download at that point, but experts believe that most won’t understand the license and that many don’t read user license details.
No immediate benefit
Some suggest that pushing the antipiracy tool out as a “high priority” update in the same way as security fixes is a ploy to get people to install it.
“I don’t see any way for Microsoft to get the software run by a large fraction of the user base except by calling it ‘high priority,'” said David Walker, an IT professional in Las Cruces, N.M.
Running the tool doesn’t offer any immediate benefit for users, Walker noted.
“You could argue that this is mislabeling,” he said. “I suppose it is a high priority for Microsoft to get rid of counterfeit software…It’s not critical for the continued operation of the user’s computer.”
Michael Cherry, an analyst at Directions on Microsoft, agreed.
“While I have been supportive of Microsoft’s Genuine Windows Program, there are no circumstances that I can think of where it makes sense to use Windows Update or Automatic Updates to distribute beta or nonfinal code,” he said. Automatic Updates is the update feature in Windows.
Microsoft needs to find a better way to distribute noncritical or test software, Cherry said. The company should consider coming up with better labels for updates so that customers can understand when an update is needed to resolve a security problem or when it is needed to improve reliability, he said.
No warning label
Indeed, most consumers won’t know what to do when Automatic Updates offers them the piracy tool and thus will simply accept it, said Michael Silver, a Gartner analyst.
“There’s not a lot of benefit for consumers to allow this to be installed, but most won’t know what it is and will probably just allow it,” he said.
Although the WGA Notifications tool isn’t finished yet, the software doesn’t come with the same caveats as other Microsoft beta software, such as warnings that it could cause system crashes or otherwise affect PC performance, Microsoft’s Lazar acknowledged.
“It is prerelease software. We’re still testing it end-to-end, including the delivery mechanism,” he said.
But, he added, “I want to assure everyone that WGA Notifications has been rigorously tested, and we’re confident that the software can be installed and used safely.”
Microsoft does understand the distribution concerns, Lazar said.
“We can see that people are very concerned about this particular feature or this particular aspect of the rollout, and it is something that we will consider in our future plans,” Lazar said, indicating that Microsoft is not about to change the way it is testing WGA Notifications.
WGA Notifications is an exception to Microsoft policy, Lazar noted. Microsoft has not changed its approach on trial software, under which it does not send out unfinished code without an enrollment stage, he said.
“It is not a change in policy,” he said.
The WGA Notifications program is a precursor to the antipiracy features Microsoft is building into Windows Vista, the new version of the operating system set for release in January 2007. In Vista, certain operating system features will only work as long as it is a properly licensed copy.
Following download and installation of the WGA Notifications tool, people who use a pirated copy of Windows will see alerts at start-up, login and during their use of the operating system. The alert reads: “This copy of Windows is not genuine; you may be a victim of software counterfeiting.” Those who use a legitimate copy of the software won’t see any messages, Microsoft has said.
Microsoft has said that there is a real benefit to its users in validating a copy of Windows. Only “Genuine Windows” users can download additional Microsoft software, such as Windows Defender, for example. Also, if a Windows copy is deemed pirated, it will only download “critical” updates, not less urgent fixes. Hackers, however, have repeatedly found ways around the checks .
“Our experience is that customers–as long as the process is understandable, unobtrusive, quick and painless–appreciate not only their copy of Windows more, but also appreciate Microsoft more. Now they have something that is more valuable than before,” Lazar said. “They appreciate …the confidence that they got what they paid for.”
Declining is an option
When Microsoft launched the original WGA program in September 2004, it asked for validation only if people were downloading from Windows Update and the Microsoft Download Center Web site. Validation was optional and 56 percent of people opted in, Lazar said.
People can also decline the more recent WGA Notifications download, but 60 percent have chosen to install it, he said.
Although people can decline the WGA Notifications install, they can’t remove the program once it is running. Also, those who decline the installation may receive reminders to run the tool. That’s especially true for Windows Live OneCare security subscribers , who will see an alert that their system might be at risk because of the missing Microsoft update.
Microsoft is looking into the OneCare issue, Lazar said, particularly at “whether or not OneCare should be urging you to install WGA Notifications.”
The installation concerns are only the latest criticism for the WGA program. Last week, Microsoft provided a public mea culpa for not disclosing that the WGA Notifications tool pings a Microsoft server every time its starts up. One critic had likened the tool to spyware for its undisclosed behavior.
In response to the earlier criticism, Microsoft plans to release an update to WGA Notifications this month that phones home only once every two weeks. A final release with worldwide introduction and no more calls to Microsoft is slated by year’s end.
Microsoft has not yet decided whether running the application will remain optional or whether it will become mandatory.
“We’re considering opt-in versus making it a requirement,” Lazar said.
As a disclaimer: I run a legitimate copy of Windows XP. It came pre-installed on my
IBM Lenovo ThinkPad T42p. I am not advocating piracy or anything else that may or may not be illegal. All I am doing is showing you how to save yourself a few precious spaces in your RAM as well as stop your machine from calling home into Microsoft every 14 days.
All this said… here goes:
I ran my weekly Windows Update and it wanted to install the ‘Windows Genuine Advantage Validation Tool (KB892130)’ hotfix. I HAD to install it, otherwise I wouldn’t get any updates to my machine.
So, I accept it, go through the install, but once it was done, I didn’t reboot. Instead, I went into:
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\ and located a folder (mine was:
CD6812FEF1FD3E79D9350B24A76108F1; yours may vary) and that folder contained the following files:
the update directory contained:
All you have to do now is move (my preferred method, in case I have to put it back) or delete the
CD6812FEF1FD3E79D9350B24A76108F1 directory, and restart.
WGA doesn’t finish its install, but from Windows Update’s point of view, it’s all good.
There you go… have fun, and be safe!
This copy of Microsoft Windows XP is not genuine – Want to bypass and remove this warning by disabling WGATray.exe ?
Windows XP Pirates have again found workaround methods to bypass the new Microsoft Anti-Piracy effort – Windows Genuine Advantage Notifications that notifies you through annonying pop-up messages if your copy of Windows is not genuine.
The WGA Notifications patch is installed if the user has opted to automatically update Windows via the Windows Update Website or if a XP users manually downloads the latest Windows updates.
A workaround posted on internet WGA install workaround (KB905474) suggests the following:
End the process wgatray.exe in Windows TaskManager and restart Windows XP in safe mode. Now delete the following files:
Delete WgaTray.exe from c:\windowss\ystem32
Delete WgaTray.exe from c:\windows\system32\dllcache
Start Windows Registry editor and delete the folder “WGALOGON” located in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\WinlogonNotify. Delete all references in your registry to WgaTray.exe
Another alternative suggest that three files are installed Windows XP System Folder:
The wgatray.exe process makes the check for genuine windows software. You can disable WGA by removing the execute bit on WgaLogon.dll. That way, winlogon can’t call it as a notification package at boot, and since WgaLogon is responsible for running and maintaining WgaTray.exe, no more tray popups either.
To change the execute bit of WgaLogon.dll, first turn off Simple File Sharing. Now right click the file in Windows Explorer and open the Security Tab. Hit the Advanced button, uncheck the Inherit box at the bottom, hit the Copy button, then hit OK. Go through each listed user/group and remove the “Read & Execute” permission for that file, leaving the “Read” permission as-is.
Hit OK to apply the permission changes and close the file properties dialog. Restart the machine. You can now turn “Use simple file sharing” back on, if you want.
A third alternative posted on the internet suggest that users clear the content of file data.dat located in the following directory:
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data
Save the data.dat empty file and change the attributes to “Read Only” – Restart you computer. Or start your PC in Safe Mode and delete the following files from Windows system32 folder –
wgalogon.dll spmgs.dll wgatray.exe The WGA setup file is in
If you don’t use “Fast User Switching”, you can disable the Windows XP Welcome Screen if you are logged in as an Administrator. This will remove the initial WGA Warning Screen:
1. Click on Start -> Control Panel ->User Accounts
2. Click on “Change the way users log on or off”
3. Uncheck “Use the Welcome Screen” – Choose Apply
4. Close the User Accounts window and the Control Panel
5. The next time you reboot your computer, the classic login prompt will be used
To enable Fast User Switching, you must also enable the Use the Welcome screen option. Also, Fast User Switching cannot be used when Offline Files are enabled.
Disable wgatray.exe – Some users are claiming that removing the WGATray.exe (or killing the WGATray.exe process) are working for them. Here’s how to search for WGATray.exe file – Screenshot
None of these methods are guaranteed to work and people are just experimenting. Meanwhile Microsoft is not willing to relent to crackers this time and are planning to release an update of WGADiag2.exe utility in the next few days.
WGADiag2 will also fix the problem with registry key permissions may cause the installation of Windows Genuine Advantage Notifications KB905474 to fail from Windows Update:
Here’s a manual fix provided by Microsoft. These permissions can be repaired using Registry Editor as follows:
1. Click Start, and then click Run
2. In the Open box, type regedit, and then click OK
3. Expand HKEY_CLASSES_ROOT
4. Locate the subkey HKEY_CLASSES_ROOT\LegitCheckControl.LegitCheck
5. Right-click the subkey and select Permissions….
6. Ensure that Administrators allowed Full Control permission
7. Repeat steps 3-6 for the subkey
Microsoft has also published a kB article if the Windows Genuine Advantage (WGA) validation check process does not validate successfully on a Microsoft Windows XP-based computer, and you receive one or both of the following error messages:
Product Key Inaccessible 0x80080212
This problem occurs when you do not have the appropriate permissions for the Windows Genuine Advantage\Data folder. In the Permissions for Users section, make sure that Read & Execute, List Folder Contents and Read permissions are given. If the previous steps fail, start the computer in Safe Mode and rename the %allusersprofile%\Application Data\Windows Genuine Advantage directory.
The Windows Genuine Advantage Notifications tool repeatedly nags computers that use pirated copies Windows XP. Windows Validation is required for all genuine Windows downloads on Microsoft Download Center.
The anti-piracy tool attempts to contact Microsoft over the internet each time the computer boots. The connections occur even if you do not have Windows Automatic Update enabled.
I fail to see where Microsoft has a “need to know” for this data after a system’s validity has already been established, and there may clearly be organizations with security concerns regarding the communication of boot-time information.
» Microsoft receives user IP address and date/timestamp data relating to systems’ booting and continued operations, which MS would not necessarily otherwise be receiving.
» Even after a copy of XP has been validated, MS may choose to “revoke” that validation (via communications with their Windows Update site) at a later date if activation codes are found to be pirated in the future.
» Why is the new version of the validity tool trying to communicate with MS at every boot? At this time the connections are to provide an emergency “escape” mechanism to allow MS to disable the validation tool if it were to malfunction. Apparently these transactions will also occur once a day if systems are kept booted.
The validation checks can be disabled by either blocking the WGA tool from communicating with Microsoft using ZoneAlarm or disable the WGATray.exe process.
If you try to validate Windows with an invalid Windows Key, it will say “Validation Failure: Invalid Product Key” – The product key associated with your copy of Windows was never issued by Microsoft. [ Why it did not validate 0x80080222]
Once you suppress the WGA notifications, it is possible that the notifications will be re-activated when a new update for WGA Notifications is installed.