locked
WGA Malware appears RRS feed

  • Question

  • It didn't take long then for the malware writers to come up with something that attacks PC's possibly compromised by wga.

    See: http://www.theregister.co.uk/2006/07/03/wga_worm/

    MS leaving us exposed to 'exploits' seems to be becoming a regular thing.  I never used to be a Microsoft basher, but i am becoming increasingly alarmed by their performance, especially in regards to security and privacy.  Whoever authorized this abomination should be fired out of hand.

    Monday, July 3, 2006 7:35 PM

Answers

All replies

  • Windows users who install good antivirus and antispyware programs, as suggested by Microsoft, should not have an issue with malware.  Some suggestions:

    Windows Live OneCare:  http://www.windowsonecare.com/prodinfo/Default.aspx

    Windows Defender: http://www.microsoft.com/athome/security/spyware/software/default.mspx

    Here's what you can do to enhance the security on your PC: http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

    Monday, July 3, 2006 8:33 PM
    Moderator
  • So the cure for MS malware-vulnerable software is to install more MS product!? You Microsoft people need to wake up and smell the coffee. The continued arrogance and disdain for your loyal paying customers will do you in in the end. I'm ditching all MS products and so will my customers in light of this WGA debacle and the continued attitude from your company. The first class action against your corporate greed and lack of ethics was filed today in seattle! Today a corporate giant, tommorow a bad memory!
    Monday, July 3, 2006 9:01 PM
  • Any operating system must be protected from outside malicious malware.  Antivirus and antispyware are separate programs designed to protect and require periodic file definitions to thwart attacks.

    I don't believe your customers are going to have any issues with WGA since it provides them with the assurance they are using genuine, legal software.

    Windows Genuine Advantage FAQ http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

     

    P.S.  Anyone can file a lawsuit.  It will likely be promptly dismissed by any respectable court. 

    Monday, July 3, 2006 9:54 PM
    Moderator
  • The point is, microsoft's OS is insecure by design, so why would someone trust MS to effectively stop malware that should have been dead in its tracks to begin with? The original poster's mention was that MS has opened yet another security hole by introducing WGA, which is typical. You say "I don't believe your customers are going to have any issues with WGA since it provides them with the assurance they are using genuine, legal software." When my customers purchased their new machines directly from Dell, they had that evidence. Also, when I upgrade machines using boxed Windows bought in major retail outlets, I have that assurance. My customers don't like the idea that all of their computers periodically check in with microsoft to determine if they are still legal. Just because some pirate somewhere can spoof a code to look like a legal one or even because a machine of mine needs parts replaced, then the legal OS can become non-"genuine". Therefore, a genuine windows OS always runs the risk now of becoming non-genuine at Microsoft's WHIM, if something doesn't match in their database. That is a huge issue. It's alarming that because of WGA you cannot depend on your machine staying 100% ganuine now.  It's alarming that WGA randomly sends data to MS for its own purposes. It's alarming that MS installs software disguised as a security update that can damage a system and cannot be removed immediately, (until people all over the world started bitching and a class-action and lawsuit was filed.)  It's a huge waste of  time and money to be troubleshooting and jumping thru hoops to help MS catch some pirates. Those are the issues with WGA.  Anyone not concerned with that is not concerned with security, not concerned with down-time, or not concerned with costs, or not concerned with their company's image after a legal machine says it's become counterfeit.   MS has been walking a tite-rope for years now with their credibility, and should know that you don't hassle your customers if you want to keep them.  No matter what, the hackers and pirates will find a way around any scheme MS concocts. The rest of us that paid good money are the ones who suffer needlessly thru the wasted time, money, and security risks. That is a valid reason for anyone to stop buying your products and get back to work using their computers instead of troubleshooting them for you at their expense. Since your company effectively has changed the function of the customers product  at their expense for your profit and did so in a non-ethical way, the case will likely not be dismissed.

     

    Tuesday, July 4, 2006 5:28 PM
  •  Technobob wrote:

    It didn't take long then for the malware writers to come up with something that attacks PC's possibly compromised by wga.

    See: http://www.theregister.co.uk/2006/07/03/wga_worm/

    MS leaving us exposed to 'exploits' seems to be becoming a regular thing.  I never used to be a Microsoft basher, but i am becoming increasingly alarmed by their performance, especially in regards to security and privacy.  Whoever authorized this abomination should be fired out of hand.

     

    Thank you for bringing this to our attention. We have identified this issue and have been working furiously to combat the worm since day-1.

     

    -phil liu

    Tuesday, July 4, 2006 11:52 PM
  •  Technobob wrote:

    It didn't take long then for the malware writers to come up with something that attacks PC's possibly compromised by wga.

    See: http://www.theregister.co.uk/2006/07/03/wga_worm/

    And exactly what "compromise" would that be?  What security hole is created, or exploited?  Please supply facts.  But don't bother looking in the Register for them.

    And is this WGA or the Notifications Tool?  The Bashing Community seems to think that they are one and the same.

     Technobob wrote:
    MS leaving us exposed to 'exploits' seems to be becoming a regular thing.  I never used to be a Microsoft basher, but i am becoming increasingly alarmed by their performance, especially in regards to security and privacy.  Whoever authorized this abomination should be fired out of hand.

    One basher more or less won't make a difference.

    Wednesday, July 5, 2006 1:59 AM
  • http://www.sophos.com/security/analyses/w32cuebotk.html has a discussion of Cuebot-K, the virus mentioned in the Register article.  IMHO, this is a virus that presents itself as a WGA tool via AOL Instant Messenger, not through a vulnerability created by WGA.  This is a fake WGA program that is in fact a virus. 
    Wednesday, July 5, 2006 9:29 PM
  • Correct.

     

    The Virus is named "WGAVN" instead of "WGAN".

     

    WGAVN = Windows Genuine Advantage Validation Notifications

    WGAN = Windows Genuine Advantage Notifications. (As Validation and Notifications are different objects).

     

    -phil liu

    Wednesday, July 5, 2006 9:46 PM