WGA Verification Bypassed in 24 Hours
On Tuesday, Microsoft made it mandatory for all users of its operating system to undergo a check for pirated software, called Windows Genuine Advantage. By Thursday, reports surfaced on the Web that a method had been discovered to disable the program.
Bypassing WGA is as simple as pasting a piece of JavaScript code into the Internet Explorer address bar. The ease with which Microsoft's latest attempt at anti-piracy has been foiled is surprising, but it's not clear if Microsoft will even be concerned with the news.
WGA was previously reported cracked in May when a researcher in India found a way to fool the program into thinking software was genuine by generating key codes that WGA would accept. At the time, Microsoft said it wasn't worried, and expected users to find ways around the validation process.
"It is important to note that this issue is not a security vulnerability or a hack that puts customers at risk," a Microsoft spokesperson told BetaNews. "We're investigating the claims now and will take action in response as appropriate. As the validation system is updated from time to time, we will address this and other issues that may arise."
WGA now makes it mandatory for a user to verify the authenticity of Microsoft software before downloading updates through Windows Update, Microsoft Update for Windows content, and the Microsoft Download Center. Critical security updates will still be made available to users with or without WGA validation.
To entice users to take advantage of WGA, Microsoft is offering $450 in software offers to those who participate. This includes discounts on MSN Games, SharePoint Web hosting and a 6-month trial of Office OneNote among other offers.
Users who may have unknowingly purchased counterfeit software would be eligible for a free genuine copy at no cost, as long as they fill out a piracy report as well as provide proof of purchase and surrender the counterfeit CDs.
"Because of the high value we are providing to genuine users, we are not surprised hackers would try a number of methods to circumvent the safeguards provided by WGA," the Microsoft spokesperson said.