Evolving WGA...

Tonight we're announcing some new developments with WGA. The full story is here on our PressPass site where an interview with Mike Sievert, our VP of Windows Marketing, was posted earlier this evening.

Building on the success we've had over the last year, as evidenced by the recent strong earnings announcement, we're making some changes to the customer experience of a system that isn't activated or that has failed a validation. This change will take place starting with Windows Vista Service Pack 1. We're also going to disable, again in the service pack, two types of popular activation exploits that are in wide use today. They are the Grace Timer and OEM BIOS exploits. More details about these exploits and how they work are in the same PressPass interview, along with more on our future goals for the program.

I'm very excited about these changes and am looking forward to feedback from you so please check out the PressPass interview and share your thoughts in the comments.

 Thanks!

 -Alex

Comments

  • Anonymous
    December 03, 2007
    PingBack from http://www.absolutely-people-search.info/?p=2770

  • Anonymous
    December 03, 2007
    Um, with the best will in the world, how could anybody other than an accountant actually find WGA exciting?

  • Anonymous
    December 04, 2007
    That's cute coming from someone who blogs at 'dotnetjunkies.com'. But seriously, I do think we're doing great work and I'm looking forward to what these developments are going to enable us to do in Windows Vista. I have been working on WGA since the beginning of the program and this is definitely one of the most important developments for us since the start of the program for Windows XP.

  • Anonymous
    December 04, 2007
    Here's the problem: you give us a physical token (the COA sticker) but now that it is in our hands, you have no tangible way to verify that we have one, and that it is genuine. You've invested a lot of effort into capturing that sticker product key into the software indelibly, and still there are cases where you cannot be sure whether the software representation of the COA is valid or not. Now fast forward to the end of an activation or validation phone call. Your rep insists the copy is not legit, and the customer insists he paid for it. Who wins the argument? This latest change makes clear: the customer wins. Even if he isn't really a paying customer. Consider an alternative: the COA comes in two peices. The sticker and a USB key with the same product key indelibly engraved in ROM. The USB key is clearly labelled "DO NOT LOSE. THIS IS YOUR PROOF OF PURCHASE." It might resemble the TPM module put forth by the TCPA folks. At that argumentative point in the phone call, the CSR asks the customer to plug in the USB key and initiate the 'tell MS I am a real COA dongle' mode. Now MS has a way to check veracity of the customer statement. Just as importantly, the customer has a physical and unique token of ownership. It's tangible. He can equate this little dongle (still locked to one physical install of the OS) to the money he spent. Important: the software should not require that COA dongle to be continuously hooked to the computer. But it could require it to be plugged in for WGA checks at intervals corresponding to time, hardware changes, or some other trigger. I'm sure I have left holes in this strategy. I'm equally sure your smart people at MS can find and fill those holes. The point is to have a physical representation of ownership that both MS and the customer can point to and comfortably say that's the ownership token.

  • Anonymous
    December 04, 2007
    quux, thanks for your comment. We have discussed many different options in the past, including ideas similar to the one you suggest, however as you also point out there would likely be challenges with that approach. I would like to see more secure methods developed over time (hardware based would be good) but of course that needs to be balanced with the cost, complexity and expectations and experience of our customers. Thanks again. Alex

  • Anonymous
    December 04, 2007
    The comment has been removed

  • Anonymous
    December 04, 2007
    The comment has been removed

  • Anonymous
    December 04, 2007
    WGA is an important capability built into Windows Vista. Today, we announced changes to this capability

  • Anonymous
    December 10, 2007
    quux: Dongles have a host of potential problems associated with them. Driver issues, cost, tracking, incompatibilities, ect. As bad as WGA is, tieing it to a physical device would make it many times worse.

  • Anonymous
    December 12, 2007
    rdamiani: Certainly I reember the days of parallel-port dongles, and the many hassles involved with that. I'm not advocating a pure return to that! Instead I'm suggesting that a cheap USB dongle (or maybe something like the SIM card you find in cellphones) could be kept handy, but not always connected to the PC (optionally the user could do so, but it shouldn't be required). The dongle would only be used during original install and SPA check, then later when/if WGA fails. Insertion of the dongle would tell Windows unmistakeably that yes, it's a genuine copy. The important concept of such an 'intermittent dongle' is that it serves the individual and small-biz owner as a physical token of ownership which is verifiable both by the user and by MS. In this way, home and smallbiz users would gain a very simple mental model of what they 'own':

  • have a dongle? - you have a legit Windows.
  • no dongle? - no legit Windows. This idea of having some physical token that's uniquely yours is, I think, more important than many of us realize. Software is so mutable, so abstract, that a huge majority of home and smallbiz customers - the folks who plunked down some of their own money on a counter for something - are having a tough time grasping it. Check out the WGA forums sometime to see the bellows of rage emitted by people who have discovered how elsuive their 'ownership' of the product really was. I'm fully aware of the logistical issues this would create for large businesses, and I would NOT recommend that such entities be forced to use this 'intermittent dongle' scheme. Instead they could keep the KMS scheme already rolled out with Vista. Perhaps that KMS would also need a dongle, I dunno.
  • Anonymous
    December 20, 2007
    The comment has been removed
  • Anonymous
    January 11, 2008
    quux: I work with lots of software packages that use USB dongles. Although they are a bit more reliable than the old paralell-port dongles, they still have driver issues, they still get lost, and they still fail from time to time. Making the dongle intermittent pretty much gaurentees that it will get lost, misplaced at a critical time, or misused (i.e. if I only need it once every four months, what keeps me from moving it from one system to another system?) People loose things all the time - ask at any airport how many really expensive items get lost at the checkpoint by people who had the item in thier hands 30 seconds ago. Change that from 30 seconds to 6 months and you've got a support nightmare. Alex: WGA sucussful? I'm seeing a lot less Vista in the wild one year after launch than I saw of XP at this point. I've personally given up on trying to make my Vista machine at home be useful.