Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.
This month the Bug of the Month goes to Microsoft for a series of issues concerning Windows Genuine Advantage:
There are various rumors floating around that the new Windows Genuine Advantage program includes a "kill switch" that will allow Microsoft to turn off what it thinks are pirated copies of Windows XP. This has been denied by Microsoft's PR firm, Waggener Edstrom, in Computerworld. Of course, with Microsoft's sterling reputation for security, there's no way that a kill switch could be exploited by hackers.
There is at least one worm spreading via AOL Instant Messenger (AIM) that is masquerading as the Microsoft Windows Genuine Advantage (WGA) anti-piracy tool. It's really the Cuebot-K worm, but uses the display name 'Windows Genuine Advantage Validation Notification." When it is active, it disables the Windows firewall and then opens a backdoor on computer to let in other malware. Read more.
I think I missed this while on vacation — the Microsoft Knowledge Base has an article on how to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage. They say that the easiest way is just to install the general release version. (Fit of giggling hits The Bugblog.) If you don't want to do that, they have uninstall steps available. Note that Microsoft states "Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender."
Why this bug? Maybe first of all, we should ask "Is this really a bug?" It probably isn't, but in addition to bugs, the BugBlog covers "things that go wrong with your computer." And it seems there's many different ways things can go wrong with this, notwithstanding the very high frequency that this program "calls home". Also, it's not just the Windows-bashers taking the lead in this — many people who have spent many years writing about Windows are put off with the program, too. Maybe the real bug is the fact that Microsoft didn't forsee how this would be perceived. Or maybe in the sneaky way they introduced it.