"Microsoft's WGA meets the definition of spyware in that it is installed surreptitiously on the end user's PC," said Richard Stiennon, now a security analyst with IT-Harvest, but previously the director of research at anti-spyware vendor Webroot. "It did not warn what it was going to do and even masqueraded as a 'critical update,'" Stiennon went on. "Lack of un-install is another criterion match."
Ben Edelman, a lawyer and long-time anti-spyware advocate and researcher, went down somewhat the same path. "By all accounts and even Microsoft's own admission, Microsoft's recent WGA practices left a lot to be desired. WGA claimed to be a "security" update, but it wasn't. WGA didn't disclosure properly, or in some instances, at all, what it would do, how, or why.
"[But] I don't think it much matters whether WGA is 'spyware.' What matters is whether it's improper behavior, improper in a way that's legally cognizable.
"If a company makes materially false statements to consumers about what a program will do and why they should install it, and if consumers suffer harm as a result of that misstatement, can consumers sue to be made whole? As a general matter, the answer is yes."
Microsoft's Desler defended WGA as a necessary tool to battle software pirates, and said that counterfeit Windows harm end-users. "Anytime you have someone putting resources into legitimate software and there are users of counterfeit software, they're getting a free ride. That hurts users who are paying for legitimate software."
Johnson's lawsuit took that argument to task, and said Microsoft wasn't really looking after customers by rolling out WGA.
"In truth and in fact, Microsoft, in its efforts to maximize revenue through anti-piracy measures, mislead consumers and the public as to the true nature, functionality, and operation of its WGA," the suit read.