Cancelling WGA Installation sends a report to Microsoft - gHacks Tech News

Cancelling WGA Installation sends a report to Microsoft

The German computer magazine CT analyzed the new Windows XP WGA Notification feature that is installed during Windows Update on XP systems to find out more about it.

The team decided to cancel the installation and immediately after doing so the firewall reported that update.exe tried to connect to the Internet. This caught their attention of course, and they decided to analyze the data that was sent after the connection was established.

They used Wireshark to analyze the traffic and found out that update.exe sends data to genuine.microsoft.com. Some of the data seems to be encrypted while some was not so that they were able to identify it.

It sends registry information, namely the SusClientID as well as information about the version of the WGA tool, the Windows operating system version, and the language of the operating system. It also sets a cookie which includes a GUID which can  possibly be used to identify the computer.

Microsoft confirmed to the magazine that data is always transferred if the WGA Installation process is canceled, but that the data would only be used to optimize the service. The GUID in the cookie would only be used to count all attempts in the most thorough way possible, it would not be used to identify the host.

It is however questionable why Microsoft is not informing the user that data is transferred over the user's Internet connection, and that users can only find out about it if they have properly protected their system with a firewall or other means of security software.

One way to prevent this would be to either configure your firewall to block access to genuine.microsoft.com or add the following entry to your hosts file "127.0.0.1 genuine.microsoft.com". Note that doing so may prevent the download of certain programs that are protected by WGA or require its authentication.

Summary
Article Name
Cancelling WGA Installation sends a report to Microsoft
Description
The German computer magazine CT analyzed the new Windows XP WGA Notification feature that is installed during Windows Update on XP systems
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Brian Riley said on March 6, 2007 at 8:55 pm
    Reply

    The best way to avoid the problem is to not allow it to download the update in the first place. Then it is just another update and not WGA.

  2. Martin said on March 6, 2007 at 11:08 pm
    Reply

    Brian I agree that it is best to avoid WGA completely but this is not always possible. Inexperienced users do install it and I think they should know what is happening and how they can prevent certain “things” from happening.

    Especially when it comes to privacy.

  3. Devlin said on March 8, 2007 at 11:46 pm
    Reply

    “Microsoft confirmed to the magazine that data is send but it would only be used to optimize the service.”

    What would they be able to optomize by a user canceling the install? It was MS just giving the magazine a quick anwser hoping they wouldn’t prob deeper in to the reason for the transport of data.

    I stopped using all Microsoft products including Windows after learning of their unethical behavior, spying on customers and treating them like the enemy. I am a computer consultant, so not only have they lost my business but all clients I deal with now and in the future!

  4. kalten said on March 9, 2007 at 12:34 am
    Reply

    If you’re on Windows, don’t rely on being able to block access to any hosts in the microsoft.com domain using your hosts file. It’s been documented that Microsoft bypasses the hosts file for certain hosts. (Google for “hosts file”, “Microsoft”, and “bypass”.)

  5. nananan said on March 9, 2007 at 10:34 am
    Reply

    The only way for this to stop or to try and stop Microsoft from doing this is to take Microsoft to court. In a way Microsoft is Slandering Legal users and Slandering is a Crime..

  6. nisha said on January 23, 2008 at 9:58 am
    Reply

    cancel the genuine microsoft software installation in my pc

  7. David McClelland said on November 25, 2008 at 1:46 am
    Reply

    Please cancell, not satisfied, Thank You, David

  8. tom said on December 7, 2008 at 3:58 pm
    Reply

    please cancell my genuine software urgently

  9. carol said on May 2, 2009 at 2:31 am
    Reply

    please cancell my genuine microsoft software. because my monitor is block

  10. bhes bdr said on February 25, 2010 at 1:07 pm
    Reply

    please cancel my genuine Microsoft software because my monitor is black

  11. bhes bdr said on February 25, 2010 at 1:09 pm
    Reply

    please remove Genuine Microsoft software because my monitor is black

  12. Anonymous said on April 1, 2010 at 9:26 pm
    Reply

    #vga block or block vga write to the host file .

  13. Anonymous said on April 9, 2010 at 10:47 am
    Reply

    please remove Genuine Microsoft software because my monitor is black

  14. Ally M.a. said on April 13, 2010 at 5:22 pm
    Reply

    please remove Genuine Microsoft software because my monitor is black as soon as possible.
    I thought free installation
    Kindly cancel pls.
    Many thanks
    Ali M.A

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.