In July 2005, Microsoft began to require that all Windows XP users install "Windows Genuine Advantage" (WGA) software to help them track down software piracy by identifying pirated copies of Windows. On April 25, 2006, Microsoft distributed update KB905474 to the software via Windows Update, and the response has been almost uniformly negative, prompting even a lawsuit.
The suit was filed in Seattle last week, and alleges that the current version of WGA violates both consumer rights laws and anti-spyware legislation in Washington and California. An effort is underway to create a class-action suit. Microsoft has responded to the clearly-unanticipated backlash by changing how the WGA works, but critics are not satisfied.
The new revision of WGA was released as a "critical update" in a group of high-priority security updates, and some users have reported that it was installed without any prompting, even though the users had their Windows Update set to prompt them before installing anything. The lawsuit alleges that Microsoft was deliberately misleading users by treating WGA as a security update, when it does not provide users with any additional security.
WGA collects information about the computer on which it is running, including a Global Unique Identifier as well as product keys, regional settings, hard drive serial numbers, BIOS information, and even the make and model of the computer. As part of the April 24 update, each computer was transmitting this information to Microsoft daily, though Microsoft changed the software on June 27 to transmit an update only every 14 days, and has now changed it again to transmit only when the tool is updated. Microsoft has also reclassed WGA as "optional" and released information on how to remove the software, but users who do so will be ineligible to receive any non-security patches from Windows Update.
Critics are alleging that WGA sometimes misfires, incorrectly identifying valid licensed copies of Windows as "pirated," and making those users unable to download normal software updates. Once a license has been identified as invalid, the user is assumed to be either a software pirate or the victim of a software pirate. If a user can produce a proof of purchase showing that they purchased the license in good faith, Microsoft may send them a genuine copy of Windows at no cost. Otherwise, the user is expected to pay either $99 (for XP Home edition) or $149 (for XP Pro) to buy a valid license.
While Microsoft's reasons for collecting the information seem reasonable to many, it remains to be seen whether they can do so and avoid anti-spyware legislation and consumer privacy laws.