Microsoft's WGA Sued As 'Spyware'

The lawsuit asks for class-action status on claims that Microsoft's WGA software misled users as to its true purpose, failed to obtain consent before installing, and transmitted data to the company's servers.



Microsoft was hit this week with a lawsuit claiming that its anti-piracy software is, in fact, spyware, but called the action "baseless" and defended how it installs Windows Genuine Advantage validation and notification tools.

The lawsuit, which was filed Wednesday by Brian Johnson of Los Angeles in a Seattle federal court, asked for class-action status on claims that Microsoft's WGA software mislead users as to its true purpose, failed to obtain consent before installing, and transmitted data to the Redmond, Wash. company's servers.

"Microsoft's actions violated state consumer protection and anti-spyware statues," read the complaint. The papers cite California and Washington state laws that Microsoft has allegedly broken, including ones on the books in both states which define and ban spyware.

WGA, which just moved out of a pilot program in the U.S. and several other countries to take a permanent role in combating piracy, consists of two tools downloaded to users' machines: one, dubbed Validation, checks for a legitimate copy of Windows XP, while the second, called Notification, displays on-screen warnings until the user ditches the counterfeit copy.

Last week, Microsoft bowed to customer pressure and released a modified Notification tool that dropped a heavily-criticized "phone home" feature; Microsoft also relabeled it as a "high priority" rather than "critical" update when it's fed to users via Automatic Updates.

Johnson's lawsuit spelled out a long list of WGA behaviors that supposedly meet the California and Washington state definitions of spyware.

"Microsoft effectively installed the WGA software on consumers' systems without providing consumers any opportunity to make an informed choice about that software," the suit alleged.

"[It] hid, misrepresented, and/or failed to disclose the true nature, features, and functionality of the WGA software to consumers."

"The allegations are without merit," retorted Microsoft spokesman Jim Desler. "It's distorting the objectives of WGA and the filing obscures the harm of software piracy. WGA is distributed in a manner that is lawful."

Nor can the WGA tools, by any stretch of the imagination, be considered spyware, said Desler. "WGA is not spyware. When you consider the accepted definition of spyware, that it's installed without the user's consent and has some malicious purpose, it's clear WGA is not spyware."

Anti-spyware researchers were not nearly so sure as Desler.

"Microsoft's WGA meets the definition of spyware in that it is installed surreptitiously on the end user's PC," said Richard Stiennon, now a security analyst with IT-Harvest, but previously the director of research at anti-spyware vendor Webroot. "It did not warn what it was going to do and even masqueraded as a 'critical update,'" Stiennon went on. "Lack of un-install is another criterion match."

Ben Edelman, a lawyer and long-time anti-spyware advocate and researcher, went down somewhat the same path. "By all accounts and even Microsoft's own admission, Microsoft's recent WGA practices left a lot to be desired. WGA claimed to be a "security" update, but it wasn't. WGA didn't disclosure properly, or in some instances, at all, what it would do, how, or why.

"[But] I don't think it much matters whether WGA is 'spyware.' What matters is whether it's improper behavior, improper in a way that's legally cognizable.

"If a company makes materially false statements to consumers about what a program will do and why they should install it, and if consumers suffer harm as a result of that misstatement, can consumers sue to be made whole? As a general matter, the answer is yes."

Microsoft's Desler defended WGA as a necessary tool to battle software pirates, and said that counterfeit Windows harm end-users. "Anytime you have someone putting resources into legitimate software and there are users of counterfeit software, they're getting a free ride. That hurts users who are paying for legitimate software."

Johnson's lawsuit took that argument to task, and said Microsoft wasn't really looking after customers by rolling out WGA.

"In truth and in fact, Microsoft, in its efforts to maximize revenue through anti-piracy measures, mislead consumers and the public as to the true nature, functionality, and operation of its WGA," the suit read.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service