2 min read

Newsgroup Chatter: Windows Anti-Counterfeit Tool Requires Loosening PC Security

One university administrator found that complying with Windows' new anti-counterfeit measures meant he had to open up the security reins on PCs in public places like campus computer labs.
Some system administrators are finding that Microsoft's new anti-piracy software is incorrectly labeling PCs used in public places, such as university computer labs, as counterfeits, and that the solution sidestep a basic security practice for out-in-the-open machines, according to a newsgroup discussion of the issue.

After Microsoft unveiled its Windows Genuine Advantage Notifications tool last week, a university system administrator -- who preferred to remain anonymous but took the name "GodOfLions" on the Microsoft "WGA Validation Problems" newsgroup -- said that lab PCs came back as running fake copies.

"I work at a University where we have a bunch of Windows XP SP2 machines setup in lab areas," said GodOfLions in a message on the newsgroup. "In these areas students are allowed to log on to the systems, but their accounts are restricted to what they can do. The problem with the WGA installation is that it works perfectly fine as long as you are using an account with administrative rights on the system. As soon as one of the students, or other non-administrative level account, logs on to the system it screams that it is not a valid copy of windows and it is counterfeit."

A Microsoft staffer monitoring the newsgroup intervened, eventually diagnosed the problem, and offered a fix: give everyone, including the student systems running under rights-restrictive accounts, write access to a file called "data.dat."

"Validation tool writes data to data.dat file during validation process," wrote a Microsoft staffer identified as "Satish." So 'User account' needs to have Write access to file."

The system administrator eventually gave in to Microsoft's solution, but blasted it as violating the security concept behind limited-rights accounts.

"It does not make sense to have to reduce security in order to validate the system," wrote GodOfLions. "Yes it is only allowing write to one file, but still that is another small area you can have users or viruses now write to on a system that it didn't have before."

He also pointed out that the Microsoft tech support document outlining the rights needed by data.dat were still incorrect, and needed to be updated. As of Wednesday, the document had not been modified.

"Our lead architect has been informed and we are noting the changes necessary," was the response from Philip Liu, another Microsoft staffer. "I apologize sincerely upon the WGA team for causing this inconvenience for you," wrote Liu.