Executive Summary:
Windows Genuine Advantage (WGA) is an antipiracy technology that Microsoft first implemented with XP in 2001. For several reasons, hackers have been racing to circumvent Vista's WGA in various ways. Microsoft has implemented code in WGA for SP1 that disables two of the most common exploits that bypassed activation in the initial shipping version of Vista. But Vista doesn't remove any functionality if WGA determines that your system has become non-activated or non-validated.
|
While Windows Vista SP1 has been a known quantity since September
2007, Microsoft made a final change to this service pack
at the last moment that will affect many customers. Responding
to complaints about the way Windows Genuine Advantage (WGA) works in
Vista, the company has changed how the antipiracy technology works, beginning
with SP1. Now, WGA in Vista will function in a similar fashion to WGA in
XP. Here’s what you need to know about the WGA changes in Vista SP1.
What is WGA?
WGA is an antipiracy technology that Microsoft first implemented with XP in
2001. Similar in motive to Windows Product Activation (WPA), which ensures
that each copy of Windows is installed only once, WGA raises its ugly head in
other situations. You’ll encounter it if you allow an unactivated copy of Windows
to reach the activation timeout limit, or, after activation, when connecting
to Microsoft’s Web site to download software updates. In this second case,
WGA determines whether the copy of Windows is legitimate or illegitimate by
examining your system’s product key, hard drive serial number, PC BIOS, and
other information. In some cases, legitimate copies of Windows have been
flagged as illegitimate by WGA, causing headaches for users, who have been
forced to manually try to re-validate their systems or contact Microsoft support. For this and
other reasons, hackers have been racing to circumvent Vista’s WGA in various ways.
How WGA Used to Work in Vista
In the original shipping version of Vista, WGA is very aggressive. In instances where the product
activation period has expired, Vista switches into something called Reduced Functionality
Mode (RFM), where the user can access only Microsoft Internet Explorer (IE) and then
only for 60 minutes at a time; at the 60-minute mark, the user is automatically logged out. In
RFM, users can also boot into Safe Mode to access documents, perform certain housekeeping
tasks, and retrieve important data from a system that will need to be reinstalled. Or, they
can use IE to navigate to Microsoft’s Web site to obtain a legal copy of Vista.
If an activated version of Vista fails a validation check while attempting to download a
software update of some kind, Vista will switch into a second special functional mode called
Non-Genuine State (NGS). NGS can occur if a user makes an unusual number of hardware
changes to a system in a short time, causing Windows to believe it has been installed on
an entirely different PC. While in this state, certain Vista features—Windows Aero and
Windows ReadyBoost—are completely disabled, while other, security-oriented features—
Windows Update and Windows Defender—work in limited ways only. Windows Update,
for example, will let you download only critical security fixes, while Windows Defender will
remove only the most dangerous spyware from your system.
How WGA Works in SP1
After SP1 is installed on a Vista system, RFM and NGS are disabled. Instead, WGA triggers a
notifications-based UI that’s very similar to how WGA worked in XP. Users will immediately
notice several changes while running a non-activated or non-validated version of Vista SP1.
First, a pop-up dialog box appears over the logon screen which can’t be dismissed for 15
seconds; this dialog box warns about the non-activated or non-validated state and provides
a button the user can click to rectify the problem.
Second, after the user logs on, several interruptions will occur every hour: The system
wallpaper or background will revert to a plain black color, an activation dialog box will flash
in the center of the screen, and a yellow Help balloon will appear by the system tray. Each of
these notifications can be dismissed and the wallpaper or background changed back. But
the same thing will happen again every hour.
Under the covers, there’s another change: Microsoft has implemented code in WGA for
SP1 that disables two of the most common exploits that bypassed activation in the initial
shipping version of Vista. The first is a grace timer hack that resets the activation grace period
out a number of years (in one version of the hack, all the way to 2099). The second is an OEM
BIOS hack that intercepts WGA calls to the system BIOS, preventing WGA from accurately
determining which hardware changes have been made to the system. Users who are utilizing
either of these hacks and install Vista SP1 will have an interesting experience: Their PCs will
suddenly enter a grace period countdown after SP1 is up and running and work as Microsoft
intended. After the grace period expires, they will be presented with the new WGA behavior
unless they successfully activate the system. The big change is that Vista doesn’t remove
any functionality if WGA determines that your system has become non-activated or nonvalidated—
other than the hourly interruption of a black screen, which is surprisingly subtle
and not as annoying as it sounds. Vista SP1 otherwise works normally and to full capacity.
Recommendations
Microsoft’s changes to WGA are a huge improvement over the initial shipping version of
Vista and should make Vista more attractive to businesses of all sizes. The issue here isn’t
so much piracy. There have been too many instances over the past year where WGA incorrectly
flagged legitimate Vista systems as illegitimate. The only solution to this problem is for
Microsoft to drop WGA entirely. But since that’s not going to happen, this change is welcome,
if overdue. Vista SP1, overall, remains highly recommended: This is an update that all Vista
users should install as soon as possible.
End of Article
Register
