Microsoft Changes WGA Following Spyware Allegations
"Privacy is about transparency and choice -- telling the consumer what data you collect, how you collect it, what you do with that data, and whether the consumer can opt out of some of those activities," said Jonathan Penn, an analyst at Forrester. "Microsoft needs to embrace these as guiding principles for all its software and services."
Microsoft has changed a feature found in its Windows Genuine Advantage (WGA) software after receiving complaints about the program's daily check-ins with the company's servers. Now, the tool will dial home in 14-day intervals instead of after every system boot.
The frequency of the tool's contact with Microsoft was initially reported by Lauren Weinstein, cofounder of People for Internet Responsibility, who posted his findings on a blog and compared the tool to spyware. Weinstein noticed that even on Windows XP systems that WGA already had verified as legitimate, the tool will attempt to contact Microsoft every time the PC is booted.
"I fail to see where Microsoft has a 'need to know' for this data after a system's validity has already been established," Weinstein wrote on his blog. "I'll leave it to the spyware experts to make a formal determination as to whether this behavior actually qualifies the tool as spyware."
WGA Phone Home
Microsoft launched a test version of the WGA tool on April 24 as part of its Genuine Software Initiative intended to fight rampant piracy of the company's software. The program consists of two major components: WGA Validation and WGA Notifications. Once installed, the former checks whether a copy of Windows XP is licensed.
If the tool determines that the software is pirated, WGA Notifications will direct users to a Microsoft site to "learn more about the benefits of using genuine Windows software." The program will continue to display "reminders" following each system start, presumably until the user purchases new software.
According to Microsoft, unlike the validation component, which sends system information to Microsoft, information forwarded by WGA Notifications is limited to the download of a new settings file. The settings file enables Microsoft to update how often reminders are displayed and to disable the WGA program, if necessary.
"No additional information is sent to Microsoft," said a company spokesperson. "Other than standard server log information, no information is collected."
Full Disclosure
Once Microsoft learned of Weinstein's blog post, two executives contacted him on Wednesday for what he described as "a lengthy and friendly chat."
"We can argue about whether or not the tool's behavior is really spyware," Weinstein wrote. "I believe that the [Microsoft] officials I spoke to agree with my assertion that additional clarity and a more 'in your face' aspect to these notifications in such cases would be highly desirable."
Peter Firstbrook, a research analyst at Gartner, does not think WGA Notifications stoops to the level of spyware. "Spyware, like pornography, is difficult to define," Firstbrook explained. "A pretty big component in determining if it is spyware is the level of harm done to PC owners."
Regardless of the information the WGA tool sends or does not send to Microsoft, each instance of undisclosed communication between such software and its vendor, serves to reinforce negative perceptions, said Jonathan Penn, an analyst at Forrester.
"Privacy is about transparency and choice -- telling the consumer what data you collect, how you collect it, what you do with that data, and whether the consumer can opt out of some of those activities," said Penn. "Microsoft needs to embrace these as guiding principles for all its software and services."
Reproduced from an article published by Sci-Tech Today
© Sci-Tech Today
The original article can be viewed here:
http://www.sci-tech-today.com/story.xhtml?story_id=021002CEQQ6C
Permalink Bookmark Digg this story
