News
News
5/3/2006
06:59 PM
50%
50%

Newsgroup Chatter: Windows Anti-Counterfeit Tool Requires Loosening PC Security

One university administrator found that complying with Windows' new anti-counterfeit measures meant he had to open up the security reins on PCs in public places like campus computer labs.

Some system administrators are finding that Microsoft's new anti-piracy software is incorrectly labeling PCs used in public places, such as university computer labs, as counterfeits, and that the solution sidestep a basic security practice for out-in-the-open machines, according to a newsgroup discussion of the issue.

After Microsoft unveiled its Windows Genuine Advantage Notifications tool last week, a university system administrator -- who preferred to remain anonymous but took the name "GodOfLions" on the Microsoft "WGA Validation Problems" newsgroup -- said that lab PCs came back as running fake copies.

"I work at a University where we have a bunch of Windows XP SP2 machines setup in lab areas," said GodOfLions in a message on the newsgroup. "In these areas students are allowed to log on to the systems, but their accounts are restricted to what they can do. The problem with the WGA installation is that it works perfectly fine as long as you are using an account with administrative rights on the system. As soon as one of the students, or other non-administrative level account, logs on to the system it screams that it is not a valid copy of windows and it is counterfeit."

A Microsoft staffer monitoring the newsgroup intervened, eventually diagnosed the problem, and offered a fix: give everyone, including the student systems running under rights-restrictive accounts, write access to a file called "data.dat."

"Validation tool writes data to data.dat file during validation process," wrote a Microsoft staffer identified as "Satish." So 'User account' needs to have Write access to file."

The system administrator eventually gave in to Microsoft's solution, but blasted it as violating the security concept behind limited-rights accounts.

"It does not make sense to have to reduce security in order to validate the system," wrote GodOfLions. "Yes it is only allowing write to one file, but still that is another small area you can have users or viruses now write to on a system that it didn't have before."

He also pointed out that the Microsoft tech support document outlining the rights needed by data.dat were still incorrect, and needed to be updated. As of Wednesday, the document had not been modified.

"Our lead architect has been informed and we are noting the changes necessary," was the response from Philip Liu, another Microsoft staffer. "I apologize sincerely upon the WGA team for causing this inconvenience for you," wrote Liu.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.