Executive Summary:

Windows Genuine Advantage (WGA) is an antipiracy technology that Microsoft first implemented with XP in 2001. For several reasons, hackers have been racing to circumvent Vista's WGA in various ways. Microsoft has implemented code in WGA for SP1 that disables two of the most common exploits that bypassed activation in the initial shipping version of Vista. But Vista doesn't remove any functionality if WGA determines that your system has become non-activated or non-validated.


While Windows Vista SP1 has been a known quantity since September 2007, Microsoft made a final change to this service pack at the last moment that will affect many customers. Responding to complaints about the way Windows Genuine Advantage (WGA) works in Vista, the company has changed how the antipiracy technology works, beginning with SP1. Now, WGA in Vista will function in a similar fashion to WGA in XP. Here’s what you need to know about the WGA changes in Vista SP1.

What is WGA?
WGA is an antipiracy technology that Microsoft first implemented with XP in 2001. Similar in motive to Windows Product Activation (WPA), which ensures that each copy of Windows is installed only once, WGA raises its ugly head in other situations. You’ll encounter it if you allow an unactivated copy of Windows to reach the activation timeout limit, or, after activation, when connecting to Microsoft’s Web site to download software updates. In this second case, WGA determines whether the copy of Windows is legitimate or illegitimate by examining your system’s product key, hard drive serial number, PC BIOS, and other information. In some cases, legitimate copies of Windows have been flagged as illegitimate by WGA, causing headaches for users, who have been forced to manually try to re-validate their systems or contact Microsoft support. For this and other reasons, hackers have been racing to circumvent Vista’s WGA in various ways.

How WGA Used to Work in Vista
In the original shipping version of Vista, WGA is very aggressive. In instances where the product activation period has expired, Vista switches into something called Reduced Functionality Mode (RFM), where the user can access only Microsoft Internet Explorer (IE) and then only for 60 minutes at a time; at the 60-minute mark, the user is automatically logged out. In RFM, users can also boot into Safe Mode to access documents, perform certain housekeeping tasks, and retrieve important data from a system that will need to be reinstalled. Or, they can use IE to navigate to Microsoft’s Web site to obtain a legal copy of Vista.

If an activated version of Vista fails a validation check while attempting to download a software update of some kind, Vista will switch into a second special functional mode called Non-Genuine State (NGS). NGS can occur if a user makes an unusual number of hardware changes to a system in a short time, causing Windows to believe it has been installed on an entirely different PC. While in this state, certain Vista features—Windows Aero and Windows ReadyBoost—are completely disabled, while other, security-oriented features— Windows Update and Windows Defender—work in limited ways only. Windows Update, for example, will let you download only critical security fixes, while Windows Defender will remove only the most dangerous spyware from your system.

How WGA Works in SP1
After SP1 is installed on a Vista system, RFM and NGS are disabled. Instead, WGA triggers a notifications-based UI that’s very similar to how WGA worked in XP. Users will immediately notice several changes while running a non-activated or non-validated version of Vista SP1. First, a pop-up dialog box appears over the logon screen which can’t be dismissed for 15 seconds; this dialog box warns about the non-activated or non-validated state and provides a button the user can click to rectify the problem.

Second, after the user logs on, several interruptions will occur every hour: The system wallpaper or background will revert to a plain black color, an activation dialog box will flash in the center of the screen, and a yellow Help balloon will appear by the system tray. Each of these notifications can be dismissed and the wallpaper or background changed back. But the same thing will happen again every hour.

Under the covers, there’s another change: Microsoft has implemented code in WGA for SP1 that disables two of the most common exploits that bypassed activation in the initial shipping version of Vista. The first is a grace timer hack that resets the activation grace period out a number of years (in one version of the hack, all the way to 2099). The second is an OEM BIOS hack that intercepts WGA calls to the system BIOS, preventing WGA from accurately determining which hardware changes have been made to the system. Users who are utilizing either of these hacks and install Vista SP1 will have an interesting experience: Their PCs will suddenly enter a grace period countdown after SP1 is up and running and work as Microsoft intended. After the grace period expires, they will be presented with the new WGA behavior unless they successfully activate the system. The big change is that Vista doesn’t remove any functionality if WGA determines that your system has become non-activated or nonvalidated— other than the hourly interruption of a black screen, which is surprisingly subtle and not as annoying as it sounds. Vista SP1 otherwise works normally and to full capacity.

Recommendations
Microsoft’s changes to WGA are a huge improvement over the initial shipping version of Vista and should make Vista more attractive to businesses of all sizes. The issue here isn’t so much piracy. There have been too many instances over the past year where WGA incorrectly flagged legitimate Vista systems as illegitimate. The only solution to this problem is for Microsoft to drop WGA entirely. But since that’s not going to happen, this change is welcome, if overdue. Vista SP1, overall, remains highly recommended: This is an update that all Vista users should install as soon as possible.