A busy month for Microsoft’s legal team: not only has the European Commission redoubled its efforts to force the software titan to comply with its 2004 antitrust ruling, but it is also being sued by a group of users over its controversial anti-piracy scheme.
Microsoft is undoubtedly the victim of software piracy on a massive scale; bootleg copies of its operating system are widely available. According to IT advisory group Gartner, 16% of PCs are sold without a Microsoft operating system already installed – but 95% of those end up running a version of Windows, most likely a pirated version.
But now Microsoft’s anti-piracy programme is under attack. A group of US users – including businesses – are suing Microsoft because they believe that the anti-piracy measures the software giant has put in place breach spyware laws.
A lawsuit filed in Seattle alleges that the current version of WGA violates both US consumer rights laws and anti-spyware legislation.
The Microsoft Windows Genuine Advantage (WGA) programme was intended to allow the company to verify the legitimacy of any copy of its XP operating system installed on a computer. The programme was launched in July 2005, but it is the changes introduced in April 2006, allowing a daily check, that has caused the fuss.
Users on machines that failed the validation test would be alerted every time they logged on.
Microsoft has reacted quickly, providing the option to turn off the daily check feature. But it remains caught up in a maelstrom of criticism over the practice of installing software on users’ machines that effectively spies on PCs.
For the corporate user however, the issue is far more practical than political: most businesses do not knowingly install counterfeit software. The risk comes from either partners that sell them counterfeit packages, or when the details of volume licensing keys, which allow multiple versions of Windows to be installed with a single key, are leaked onto the Internet. Potentially, seemingly valid keys could be black listed.
There are also fears that WGA is not 100% accurate, with genuine copies of the operating system flagged up as illegitimate. This is a real problem for organisations that have decided, for security purposes, that Windows is able to automatically download security patches.
The experts' response…
Michala Alexander, head of anti-piracy at Microsoft UK, says that WGA fights piracy while leaving users in control.
Piracy is a concern for all: customers want reliable software, but a lot of the reported problems arise because users have pirated software. For large organisations the decision to opt in or out to WGA is left to the systems administrator. We are not going to stop those that opt out, nor those with counterfeit software from receiving critical updates – that would create too much of a security risk. Instead we will encourage people to opt in through granting access to downloads of Internet Explorer 7, Windows Defender: expect to see more of that coming down the line.
Microsoft needs to make auditing licences easier before they consider WGA, says Annette Jump, principal research analyst at IT advisory group Gartner.
Companies that use volume licensing keys should ensure that they always use only a proper key. There is currently no process or specific software tool in place for IT managers to validate all corporate PCs at one time. Such a tool would allow organisations to find out where invalid licences are used before they start encountering problems.
It would also significantly simplify the task of validation and will allow organisations to save considerable time for users and IT staff, as well as avoid confusion and unhappiness among their users.