Microsoft defends WGA

Under fire for reports that Windows Genuine Advantage (WGA) misidentifies some genuine copies of Windows XP as pirated, Microsoft took the unusual step this week of releasing statistics about WGA's purported effectiveness for the first time via a blog.

According to information posted Monday and Wednesday by Alex Kochis, a licensing manager on the WGA team, virtually all of the 60 million PCs worldwide that failed WGA's validation tool are indeed violating Microsoft's licensing policy in one way or another. Kochis posted his comments on his blog on the Microsoft Developers Network.

Most of the reports of "false positives" by WGA "were due to data entry errors that were quickly corrected and only occurred for a short period of time," Kochis wrote. He said only a "fraction of a percent" of those 60 million copies of Windows XP deemed illegal have turned out to be genuine.

Given the number of Windows XP users, a fraction of a percent could still mean hundreds of thousands of genuine copies of Windows may have been incorrectly deemed to be pirated. Contacted separately, a Microsoft spokeswoman declined to elaborate on that figure.

Since April, when Microsoft escalated its WGA program by having the scanning tool stealthily install itself onto many PCs, the antipiracy tool has been the subject of numerous complaints from users claiming that their legal copies of Windows failed to pass WGA.

According to Kochis, about 1 in 5 of the 300 million copies of Windows XP that have been scanned by Microsoft's WGA tool fail to pass.

"In many of those other scenarios, the user of the system or purchaser of the software has some knowledge that the software isn't genuine or isn't properly licensed and is perhaps not as surprised when the validation fails," Kochis wrote. "There are people who likely fall all along a range of awareness -- from mere suspicion, owing to the fact that they got a really good price online or for used software or some other 'too good to be true' deal -- to someone who has full knowledge that the software isn't genuine or licensed, and even further to those who manufacture and sell counterfeit software and are knowing perpetrators in significant and serious crime."

About 80 percent of those failures, or 48 million, are the result of stolen Windows volume-licensing keys, according to Kochis. For the sake of convenience, large Microsoft customers such as corporations or schools are granted a single key that they can use to install Windows XP on multiple machines. Such keys are vulnerable to being stolen and redistributed over the Internet.

"One stolen license key from a U.S. university ended up on over a million PCs in China," Kochis wrote. Microsoft plans to tighten up how it distributes volume licenses in its upcoming Windows Vista operating system.

Microsoft had previously declined to offer details about the remaining 12 million copies of Windows XP that failed to pass WGA.

According to Kochis, those 12 million failures mostly involve "a mix of other types of counterfeiting and piracy, including a variety of forms of tampering, hacking and other forms of installing unlicensed copies. Sometimes people try to hack Windows Product Activation itself (often not totally successfully, either) and other times, people try to modify files to prevent XP from needing to activate at all, he said.

Kochis acknowledged that "some failures" are caused by users with genuine copies of Windows XP who improperly install or repair software on their PC. Such activities "will result in WGA validation failures, and they should," he wrote.

But Kochis also said that there are a number of other scenarios "that could result in a WGA validation failure that a user might be surprised by or even deny."

They include users unknowingly being sold copies of Windows XP by stores that illegally reuse the same license key with multiple customers, users who take their PCs for repair into shops who similarly reuse the same license key, users that share copies of Windows XP with their friends or acquaintances, and users who reuse the same key on more than one PC at a time.

Under Microsoft's strict licensing policy, users who bought a PC from a hardware vendor such as Hewlett-Packard Co. or Dell Inc. with Windows XP preinstalled typically own a reseller license that forbids them from installing XP on another computer -- even if the first PC is no longer functional. Microsoft wants users to go buy a full-priced retail copy of Windows XP for new PCs. Windows XP Professional currently costs $299 at CompUSA.com and goes for similar prices at other stores.

Kochis said Microsoft investigates all "credible" reports of genuine copies of Windows XP failing to validate under WGA.

But "far more often than not, the software performed as designed and the failure was due to the software, in fact, being counterfeit and the customer simply not wanting to believe it," he wrote.

While installing and running the WGA is technically optional to Windows users, users complained about the way it was automatically installed as a "critical" update. Those who declined to install WGA were reminded about WGA every time they rebooted their PCs.

Microsoft abandoned those features in late June. But users must still install and pass WGA in order to be eligible to download certain free software, such as the company's upcoming Internet Explorer 7.0 Web browser and its antispyware program, Windows Defender.

The company also faces two class-action lawsuits related to WGA.