When Microsoft shipped the first nontrial version of its Windows Genuine Advantage (WGA) antipiracy technology last Monday, the company knew that hackers would work around the clock attempting to break the scheme. What the software giant probably didn't expect, however, was that the technology would be circumvented twice within a few days of its release.
WGA is designed to keep people who use pirated versions of Windows XP from downloading all nonsecurity Microsoft software updates. The goal is to reward legitimate XP users with a vast range of free and valuable software updates, such as new versions of Windows Movie Maker (WMM), Windows Media Player (WMP), and other tools. I discussed the release of WGA last week.
Just days after Microsoft announced the product's release, reports cropped up on the Web that explained various ways users can bypass the WGA security test. The simplest method involves pasting a single string of JavaScript code into Microsoft Internet Explorer's (IE's) address bar. This method prevents the WGA security check tool from loading, letting users proceed to the download page of whatever software they're trying to install.
A second method for bypassing WGA involves disabling the WGA ActiveX control in IE's Manage Add-ons interface. This control is installed the first time you attempt to run a WGA security check.
Microsoft has acknowledged that both of these hacks work, and the company plans to fix the holes that cause them in a future WGA release. "Because of the high value we are providing to genuine \[Windows\] users, we are not surprised hackers would try a number of methods to circumvent the safeguards provided by WGA," a Microsoft representative said. "It is important to note that this issue is not a security vulnerability, nor does it put any customers at risk. Windows users are not in danger \[from these methods of WGA circumvention\]."
I feel safe. How about you?
Windows Genuine Advantage Already Hacked ... Twice
71 comments
Hide comments