Slashdot Log In
Download From Microsoft Without a WGA Check
Posted by
kdawson
on Tue Sep 05, 2006 07:50 PM
from the routing-around dept.
from the routing-around dept.
Anonymous Coward writes, "When you want to download a file from Microsoft, a WGA (Windows Genuine Advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks the validity of your installed Windows software. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check."
Related Stories
[+]
Linux: Linux Passes the Microsoft WGA Test 338 comments
Wil writes "Here's a good one for the Linux fans -- running Wine on Linux and attempting to download a Windows Genuine Advantage protected file from the Microsoft website works just fine. It seems that Bill Gates has a soft spot for Tux after all, or at least isn't bothered about him downloading updates."
[+]
Your Rights Online: Microsoft Misrepresenting WGA's Functionality? 458 comments
Legal Ethics writes "According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update."
[+]
IT: A Different Kind of WGA 'Problem' 348 comments
Ed Bott recently attempted to scout out the problems reported in so many horror stories floating around the net relating to Microsoft's WGA. He did experience problems, however, not the ones that you might expect. He intentionally installed a pirated copy of Windows XP to see how the process worked but was unable to get WGA to recognize his computer as pirated. From the article: "I'm reluctantly running a pirated version of Windows and can't get caught no matter how hard I try. But these same people want us to believe that the WGA software they've developed is nearly foolproof. They claim that all but "a fraction of a percent" of those 60 million people who've been denied access to Microsoft updates and downloads are guilty, guilty, guilty. Right."
[+]
WGA — Too Many False Positives 268 comments
An anonymous reader writes, "Microsoft insists that its Windows Genuine Advantage anti-piracy program is nearly flawless. But that's not the impression you get when you visit the company's WGA Validation Problems forum. Ed Bott at ZDNet went through 137 problem reports submitted there during a two-week period, each one accompanied by the output from the official Microsoft diagnostic utility, and found that 42% of the people reporting problems were actually running Genuine software. From the article: 'One large group consists of people who, for some unexplained reason, were displaying cryptographic errors related to digital signatures. The problem is so common, in fact, that Microsoft representatives have a canned response they paste into replies to forum visitors who appear to be showing false positives caused by these errors.' In a related story, the first WGA errors from Windows Vista and Office 2007 have appeared in the wild."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Correct me if I'm wrong... (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:Correct me if I'm wrong... (Score:5, Informative)
Parent
Re:Correct me if I'm wrong... (Score:5, Insightful)
If a company pro-actively pushes code to my machine and effectively forces me to run it, that's releasing a "final version", by any sensible definition of the term.
Now, after the furore when people discovered the dialling-home behaviour MS might have disabled that "feature" in a later version, but that doesn't make the preceeding one a "beta", except in very bad efforts at spin-control or post-facto apologetics.
And I think the point is that with MS pulling shit like this every other month, people are getting increasingly itchy about running any MS apps or utils they don't absolutely have to.
Parent
Re: (Score:3, Insightful)
Re:Correct me if I'm wrong... (Score:4, Insightful)
I think it's pretty much taken as read that "updates" should have been tested and approved before release. Either that, or the button should have said "Download all updates and any other shoddy half-finished beta-release crap Microsoft would like to risk fucking up your machine with and wait for my OK before installing them".
The thing is, unless you want to waste hours pissing about trying to get around it you need to have WGA installed to get Windows Updates (well, until this story was posted, anyway).
So, I gave my consent to allowing MS to install "essential updates" to my machine which, given Windows' execrable security record, is pretty much a no-brainer. I have a genuine copy of Windows XP, so although I don't like being treated like a pirate without reason, I also didn't mind running WGA too much.
YMMV, but again my time is valuable - you might have time to investigate every single Windows patch available before oking it, but frankly with the amount of crap wrong with Windows you'd have to be at it nearly full-time to keep up.
MS then used this (perfectly-reasonable) permission to turn WGA into spyware, and somehow it's my fault?
Remember: they didn't exactly shout from the rooftops before slipping this nasty little dialling-home functionality in, did they?
I mean, sure, you've got a point - I was clearly stupid not to decompile every single Windows Update patch and inspect it by hand before installing each and every one one-at-a-time, rebooting and monitoring my outbound network traffic in-between just in case I'd missed any little surprises.
Oh, what a fool I've been.
The point is, either MS were deliberately spying on me (in which case they deserve punishment) or they stupidly pushed non-production-ready software into my machine in the guise of production-ready software, and didn't own up to it until someone else very publically called them on it... in which case they should be punished. What was your point again?
Parent
Re: (Score:3, Informative)
Re: (Score:2, Informative)
Or you can take the code generated from the Windows 2000 or below (best with 98SE, which M$ doesn't care about anymore) and just type it on your Windows XP machine. This
Re:Correct me if I'm wrong... (Score:5, Informative)
Then, go to WinDiz at windowsupdate.62nds.com using a non-IE browser. It's faster, more secure, doesn't TRY to make you install the latest DRM upgrade, just the critical patches.
The Only system I have that I let go to windows update is my Media Center laptop; it has to be running all the latest DRM/Spyware to work properly, so I just go with the flow and Isolate it on my home network.
Parent
Re:Correct me if I'm wrong... (Score:5, Informative)
Microsoft wrote some sort of hack into Windows so that requests for Microsoft websites (including update.microsoft.com and microsoft.com) cannot be blocked or redirected by malware or viruses.
Try it and see for yourself: put two lines in the HOSTS file, '127.0.0.1 google.com' and '127.0.0.1 microsoft.com' (without the quotes). For the uninitiated, the HOSTS file is located in \Windows\system32\drivers\etc, and you'll need Administrator priveleges to edit it. Now open up your favourite web browser and try to open google.com. You'll find that Google is unreachable and returns an error. Now try microsoft.com and watch as the page merrily loads.
Maybe you'll need to rethink your tinfoil hat solution for avoiding Automatic Updates?
Parent
Re: (Score:3, Informative)
don't forget to modify your dnsapi.dll and dnsrslvr.dll files, as well. the sneaky bastiches hard-coded the ip's. your hosts file isn't the first place that windoze looks when resolving a DNS/ip issue; it's the last [locally].
cheers.
Re:Correct me if I'm wrong... (Score:4, Informative)
Parent
Re:Correct me if I'm wrong... (Score:5, Funny)
Even better, when you're submitting a story to slashdot as AC, it might be best to omit linking directly to your email address.
Just a thought.
Parent
Re:Correct me if I'm wrong... (Score:5, Informative)
I did the same thing, went to a test machine with an old blocked VLK and tried it, no dice. Then I realized... Hey, wait a minute. This looks like it's just a shortcut to inputting your product ID by using a hash... I wonder what would happen if I just replaced the hash with one from a valid system?
Not having a valid windows system handy I was willing to run a somewhat questionable executable on, where could I get a valid hash? Oh hey, look at that. Right there in the article it says "(example &Hash=6VJPCR9)". I appended that to the URL, and bingo. "Genuine Microsoft Software".
Parent
Re:Correct me if I'm wrong... (Score:5, Interesting)
That sentence alone is enough to get me riled up. Granted, I'm one of the people who stepped gracefully off the Microsoft Bus as soon as 'Product Validation' became a reality. (I even run Windows 2000 and the first version of Office 2000, which are the two last versions on their respective lines to not have the 'phone home' features)
It sorta chills me to think of being afraid to run particular binaries on a machine that I own and am legitimate owner of, because a 'phone home' feature will nark on me.
My copies of Windows 2000 and Office 2000 are the full retail-box versions (about the most expensive way possible to buy Microsoft's products). I used to buy a lot of their stuff. Not any longer. And I'm not alone.
Parent
Re:Correct me if I'm wrong... (Score:4, Interesting)
But you're in a very small room. Most people don't know or care about stuff like this. It measures somewhere between a traffic fine for accidentally running a red light and being late for a video rental.
And how many people do you represent? Do you buy for a corporation? Large group? Somehow, I doubt it.
I'm an OSS kinda guy (I write this on my Fedora Core system, using Mozilla) and love it, and have even made sure that our software works on Windows, Mac, and Linux - but none of our customers have *EVER* used our Linux software. A small (but meaningful) percentage of our users are on Macs.
Truth is, much as we who are interested in this stuff might like otherwise, this stuff just doesn't matter to most people - and to those whom it does, Microsoft really is cheaper.
Ever try to support desktop software? Yes, it's getting worse on Windows, but it's still not too bad, compared to supporting some XYZ linux flavor:
Q. What Operating System are you using?
A. Linux
Q. Ok, what UI are you using?
A. What?
Q. I mean, what Window Manager?
A. What's that?
Q. When you click on the start button, what do you see?
A. There is no "Start" button...
Q. Is there a button where you click on to run a program?
A. Yeah.
Q. When you click on it, what does it say?
A. Enter Command
Q. That's it, "Enter Command"?
A. Yes.
Q. So how do you do stuff?
A. What kind of stuff?
Q. You know, look at a website.
A. Oh, a website! I use Firefox!
Q. Good, how do you find FireFox?
A. It's on my desktop!
Q. So are you using Gnome or KDE?
A. I don't know what you're talking about.
Q. (deep sigh)
A. So, you're looking at a screen, right?
Q. Yes.
A. And there's a task bar on it, right?
Q. No.
See where this is going? Linux is not for end users. It probably could be - but it just isn't there now. Ubuntu just might be getting there. Macintosh OSX is there. But for end users, only through some very controlled interface, and in some limited capacity.
Now, I was talking with my father-in-law the other day, and he indicated that he would *never* use Linux. I laughed, and told me that he did, every day. And not only that, but he raved to me about it!
With a look of surprise, he asked me how/where - and I pointed to his Dish DVR. (which is Linux-based, all the way down to an ext2/3 filesystem)
Parent
Re: (Score:3, Informative)
Re: (Score:3, Informative)
What would be really nice is if someone would integrate screen into an ssh daemon, so it just worked without having to start screen before doing something long-winded.
Re:Correct me if I'm wrong... (Score:5, Informative)
So what the hell is the point of this?
Parent
Re: (Score:3, Insightful)
No
Re:Correct me if I'm wrong... (Score:5, Insightful)
Parent
One thing (Score:3, Interesting)
IT'S A TRAP (Score:3, Funny)
I got it! This was a plant by management at Microsoft to see how many of their staff come up to them saying that they read "somewhere" about a WGA hole!
Re:IT'S A TRAP (Score:4, Funny)
Parent
WTF? (Score:3, Informative)
Re: (Score:2, Redundant)
Isn't this illegal??? (Score:2, Funny)
We must get homeland security involved.
Hmm... (Score:5, Funny)
Re:Hmm... (Score:5, Funny)
I don't think you understand the momentousness of this occassion.
HE'S THE GUY The anonymous coward. How many times have we been irritated with his postings? How often has he trolled? Now we finally know who he is! I foresee the greatest email bombing to ever hit the net in final retaliation for his long years of tormenting us all.
Parent
No WGA check on... (Score:2, Funny)
basically (Score:3, Interesting)
The code changes regularly, at which time you need mgadiag.exe to find the new code.
the real patch here (Score:2, Funny)
Mirror for the lazy (Score:5, Informative)
http://mirrordot.org/stories/3627c5be2ac21048d6da
Generalized way to find the hashes (Score:5, Interesting)
The Article (Score:4, Informative)
Monday, September 4th, 2006 | Translate to: German flag Spanish flag French flag Italian flag Portuguese flag Dutch flag Greek flag Japanese flag South Korean flag Russian flag Chinese flag
When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.
All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the "Download Center Code", this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.
A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.
&Hash="download center code"
Replace the "download center code" with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.
To sum it up for the lazy ones:
1. download mgadiag.exe
2. start mgadiag.exe and look at the download center code
3. visit a download page at microsoft.com
4. append &Hash="download center code" to the url (example &Hash=6VJPCR9), no quotation marks needed
5. Hit enter
Microsoft is probably going to fix this soon, it is working nevertheless at the moment.
Update: I created two images to show you the difference that the &hash= entry makes:
this is nothing (Score:4, Informative)
it's no different than running the manual verification using the 'alternate tool' (i.e. the method, still available, that firefox users had to use before microsoft released a netscape/firefox plugin version of the activex checker). http://go.microsoft.com/fwlink/?LinkId=50344 [microsoft.com] (genuinecheck.exe at microsoft.com)
the only thing this will bypass is the installation of the verification activex (or plugin)... so you're still being subject to the 'body cavity search' -- the only difference is that you get to choose when you drop your drawers...
A couple of options (Score:4, Informative)
Don't trust somebody other than Microsoft themselves? (I can even write that with a straight face
Go to: Microsoft Downloads [microsoft.com] and Search in the Windows sub-section. Search for "iso-9660". Be amazed. Problem with this is these downloads are huge (not that I mind on a 10Mbit synchronous pipe
Me, myself, and I? I prefer to click on the Apple and choose "Software Update..." (or softwareupdate -ia from the command line). Of course on the servers a good 'ol fashioned "yum update" does the trick. But hey, that's just me. Microsoft is making this WAY TOO HARD -- and I've begrudgingly paid for each and every one of my Windows installs (personal and/or corporate).
An Alternative to Windows Update (Score:3, Informative)
muBlinder.. the best way to get around WGA (Score:3, Informative)
Car Analogy (Score:3, Interesting)
I think that the above hypothetical scenario is a simple analogy of what I like to call "The Windows Problem". Nobody likes WGA. Nobody likes the endless parade of patches and hotfixes that require a reboot as often as not. Nobody likes having to be ever vigilant against security threats. People are starting to see that Windows is very flawed. Since we as a society have spent the majority of our IT budget for the last 20 years on making this one OS the (often) only platform for our IT solutions, how do we change course now?
There are those who believe that once people hear the Good News about Linux they will throw off their Microsoft shackles and march hand-in-hand into the FOSS promised land. OK, maybe I overstated that a little, but you get the point and you know the type. Ubuntu is ridiculously easy to install, but my mother couldn't do it. She uses XP because that's what Dell installed on her computer. Even though she sees Windows as the only reasonable alternative, she still bitches about it. "Normal" people had a hard enough time getting Windows to do what they want it to do, and they'll be damned if they are going to learn it all over again.
Unless everyone else switches first.
WTF (Score:3, Interesting)
All that being said, I've written this post on my triple-booting MBP. And just for the record: after having dealt for many years with all of them, I have to admit that I hate Windows, OSX, and Linux with passion (ok, Linux less so simply due to its philosophical supremacy), despite the fact that (or should I perhaps say because?) I use all three on a more-or-less daily basis...
How responsible (Score:4, Insightful)
I'm waiting for "How to download from (pay)iTunes without paying for it" and "Circumvent Payment in Valve's Steam"
Re:That was fast! (Score:4, Funny)
Maybe they should ghack into some other servers and steal some bandwidth! Pfffft.
Parent
Re:Why the fuck.. (Score:4, Informative)
Parent
Re: (Score:2)
Re:Why the fuck.. (Score:5, Insightful)
As I mentioned in a post in a different article, I've had a painfully annoying run in with Window Activate while in the middle of a computer upgrade.
The short description, XP decided it needed to Activate (could NOT log in without activating it), but I hadn't finished installing drivers; forcing me to phone up their support instead of doing it online.
Then, because I had not yet installed the rest of the hardware (which; without the drivers installed were causing the machine to reboot, or bluescreen before windows even started). the Windows Activation bitched at me again when I was done. At least this time it gave me a 3 day window before it would deactivate; this gave me an opportunity to install the rest of the drivers, etc.
This second time it forced me to call Microsoft again, even though the network connection was now working fine, because the machine had changed too much, and been activated too many times.
Then it lead me to believe I could just use the automated method (the voice recognition is actually pretty good), but after reading a billion digits to the computer it decided I wasn't allowed to do it that way and passed me off to an operator.
And you think I want to trust WGA if I need a hot-fix to add security patches, etc?
The only people not having problems with Windows XP Activation and WGA are the damn pirates.
Parent
Re:Why the fuck.. (Score:5, Interesting)
I feel your pain. I provide all our company's in house tech support. If a machine goes down and needs a hard drive replaced, I don't fudge around calling up Microsoft when the WPA thing starts bitching. I have a utility that patches an operating system file, and bam, no more WPA or WGA bullshit. If they want to accuse me of being a pirate, they can come on in and look at the product key hologram stickers on every box I do this to. Its not that I'm pirating it, I just don't have time to jump through all their hoops. Alot of my users do all their work on the computer, and if its down for more than 2 hours or so I start to get flak.
Parent
Re:Why the fuck.. (Score:4, Insightful)
Incorrect. I, personally, have Windows machines, but I'm not foolish enough to let machines running Windows to have close connection to the Internet. So if I wanted to download updates I would want to do it from this NetBSD machine, which is what I customarily use for online things (and which is routed to the Internet).
My Windows machines are authentic, and I have all the 'paperwork' and media to prove it. I'm just not gonna hang them out on the net.
And it makes perfect sense that people who want to apply all the patches to secure a Windows system are going to want to get those updates first on an already secured system. Am I supposed to connect my machine with a freshly installed Day Zero copy of Windows 2000 (I pre-registered to pre-order Windows 2000 before it came out, so I have first release media with all the exploits, etc.) online to download security patches? Do I seem like I'm nuts?
Parent
Re: (Score:3, Insightful)
Re: (Score:3, Informative)