Windows Genuine Advantage: Safety Switch or Spyware?

Editor's Note: Few in the anti-spyware industry would disagree that software which surreptitiously calls home qualifies as "spyware". However Microsoft, makers of Windows Defender, has has just been caught red-handed distributing software which does exactly this.

One of the major objections raised about Microsoft's foray into PC security is that competing interests within the company will compromise the level of security they are willing to provide. This is a particularly good example of how the company continues to trample over itself, simultaneously acting as anti-spyware provider as well as a spyware company.

It is because of this conflict-of-interest that I no longer run Microsoft's security products. No matter how good their products may seem, it is just a matter of time before some internal directive results in a massive security hole on my PC. My data is just too important to expose to the corporate whims of a company too big to act in a coordinated manner.

Rumors have been flowing around the Internet for quite a while and Microsoft was finally forced to admit on Wednesday that they were true: the latest update to Windows Genuine Advantage (WGA) phones home to the Redmond company on a daily basis.

Windows Genuine Advantage is an anti-piracy program implemented to detect illegal copies of Windows XP.

According to privacy advocate Lauren Weinstein, the WGA made a connection to Microsoft's servers even after it had validated a Windows system as genuine.

"We can argue about whether or not the tool's behavior is really spyware -- there are various definitions for spyware, and the question of whether or not you feel that the notice provided at upgrade installation time was sufficient is also directly relevant I believe that the MS officials I spoke to agree with my assertion that additional clarity and a more "in your face" aspect to these notifications in such cases would be highly desirable."

In response, Microsoft said that the feature was a "safety switch", designed to enable the company to shut down the program in case of a problem. The company added that it would provide an update for the WGA so the computers would only call home every 90 days.

Up till now the anti-piracy tool has been a success form Microsoft's point of view, as the company claims that 60% of users promoted to install WGA did so.

However, users have become concerned, as the situation brought up the an uneasy question: What else is Microsoft not telling us?

Lauren Weinstein wrote on his blog:

"I do not know what data is being sent to MS or is being received during these connections. I cannot locate any information in the MS descriptions to indicate that the tool would notify MS each time I booted a valid system. I fail to see where Microsoft has a "need to know" for this data after a system's validity has already been established, and there may clearly be organizations with security concerns regarding the communication of boot-time information."

Many fear Microsoft's idea would be embraced by other software vendors, leading to more and more restrictions the customers would have to accept in order to be able to use the product. Also, the matter of invasion of privacy arose, as such tools would eventually be allowed to send all kind of info to the developer of the software.