Windows Genuine Advantage Kicks in for Real

Microsoft has gone live with Windows Genuine Advantage 1.0, and has made it mandatory for all users wanting to use its popular "Update" sites.

WGA, as it's called, is a program aimed at validating that each user who connects to and downloads files from Windows Update, Microsoft Update and the Microsoft Download Center has a valid, bought-and-paid-for copy of Windows.

As of now, when a user first visits one of the update sites, Microsoft will download an ActiveX control that will perform the validation functions automatically by examining the computer's registry. If Windows is validated, it will store a special download key on the PC for future verification.
That should help make WGA more palatable for users. And it's a step up from the beta when users were required to input their 25-digit key license or certificate of authenticity number to validate.

The move is part of Microsoft's efforts to lower piracy rates for its software. Microsoft claimed, in a statement, that as many as 40 million users participated in WGA's 10-month beta test.

The intent behind WGA is that if a user doesn't have a lawfully-obtained copy of Windows, he or she shouldn't be eligible for free updates. There is an exception, however. All users, even those who have not authenticated their copies of Windows, will still have free access to company-issued security patches via the Download Center or Automatic Updates.

Additionally, Microsoft is offering what might be seen as a cross between an employee discount sales promotion coupled with a bounty on pirates for users who unknowingly purchased pirated software and who turn in the pirate they got it from.

"Qualifying customers who submit a piracy report may receive a genuine copy of Windows XP Home Edition for $99 or Windows XP Professional for $149," Microsoft's announcement states.

"Microsoft is taking a carrot and stick approach by offering customers freebees and other incentives to validate their software," said JupiterResearch operating system analyst Joe Wilcox on his Weblog. But he admitted to being troubled by what he says is Microsoft's intent to revalidate users' computers every few months.

"Unless Microsoft modified its plans since briefing [me], essentially a revalidation would take place every 90 days," Wilcox said. That could conceivably result in previously valid installations being invalidated, which he said is a concern. "While sympathizing with Microsoft's legitimate right to go after pirates, I would caution that invalidation of previously valid systems could cause some customer problems," he added.

Additionally, while Microsoft insists that the validation process does not collect any information that can be used by Microsoft to identify or contact individual users, that is unlikely to quell criticism from privacy advocates.

About the Author

Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services, and .NET magazines.


  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.