Share via

When a 'False Positive' isn't a false positive

  • Article

Recently I've been hearing questions from journalists, other bloggers and customers about what exactly makes systems fail validation. Specifically, I have been asked for two things. First, a breakdown of the kinds of piracy that are detected by WGA and which are the most common.  And second, what is the rate of “false positives” with WGA (falsely identifying a copy of Windows as counterfeit)?

First on the question of what makes up the WGA failures. About 1 in 5 of the 300 million PCs that have run WGA validation fail.  That is pretty much in line with industry numbers for software piracy.  By volume most of the validation failures detected by WGA are a result of installs that use a stolen volume licensing key. Using stolen volume license keys has been a well known method of counterfeiting Windows XP for a while.  This accounts for around 80% of the failures today. As an example, one stolen license key from a US university ended up on over a million PCs in China. The rest of the failures are caused by a mix of other types of counterfeiting and piracy, including a variety of forms of tampering, hacking and other forms of installing unlicensed copies. Sometimes people try to hack Windows Product Activation itself (often not totally successfully either) and other times people try to modify files to prevent XP from needing to activate at all. Some failures are caused by improper attempts to install or repair software on an otherwise genuine PC. All of these activities will result in WGA validation failures and they should.

I think it's super important to be clear about the idea of 'false positives' so I'd like to take this opportunity to explain a bit about how WGA works and why when some people believe they have a legit license for Windows but WGA fails to validate their installed copy.

To be precise, an actual 'false positive' would occur if WGA identifed a specific copy of windows installed on a system as non-genuine or unlicensed when in fact it was genuine and licensed. Of the hundreds of millions of WGA validations to date, only a handful of actual false positives have been seen. Most of these were due to data entry errors that were quickly corrected and only occurred for a short period of time.

Given the extremely small number of technical failures of WGA why else might someone think that their system was falsely identified as running counterfeit Windows? If they aren't actual 'false positives' what are they? It turns out there are a number of scenarios that could result in a WGA validation failure that a user might be surprised by or even deny including the following few scenarios:

Scenario 1: the PC user was sold counterfeit but it looks genuine to them so their first reaction is shock followed by disbelief and frustration (occasionally people seem to contact us right at this point!) but in truth these people are victims and the product is really a counterfeit made to look like genuine. When people are ripped of this way we offer to replace their product with a genuine copy if they fill out a counterfeit report and send it and the counterfeit into us. So far we've provided hundreds of free copies of Windows to users who've been ripped by high-quality counterfeit, and we plan to continue this offer.

Scenario 2: the PC user really doesn't know that they did something wrong, such as install the same copy and key to more than one PC at the same time. If a customer such as this bought their copy at a reputable outlet, a national chain or received Windows pre-installed on a PC from a major manufacturer they might believe that what they have is 'genuine' but they don't realize that they're violating the license in a way that results in a WGA failure. The solution to this is really educational, there are some requirements as to how Windows can be installed, these are of course spelled out in the EULA and for many are common knowledge.

Scenario 3: a friend or acquaintance offers to 'fix' or repair your system or offers a 'free upgrade' by installing their copy of Windows on your machine. as in the scenario above, if you didn't now that wasn't allowed under the license you have for Windows you might be surprised when WGA fails. The challenge in scenario 3 and 4 is that there is no way to tell the difference from someone unknowingly pirating the software, with good intent or not, and someone who does this for a living to rip off consumers and/or Microsoft.

Scenario 4: you take your PC to get a new video card or hard drive or to be worked on for some other reason at a repair shop, in the process of the upgrade a new [improper] copy of Windows is installed. Sometimes this happens because those doing the work will take shortcuts to install a copy of Windows that is laying around or is convenient. Often times this is done with a key and a copy of Windows that's handy for the repair person but is really the wrong version or edition or installation for your system. WGA detects some of these miss-matches and will fail systems that are installed with versions of Windows that aren't licensed properly. For customers who find themselves in this situation there's a number of solutions available none of which require that they purchase a new copy of Windows.

For all of these scenarios when validation fails the WGA website will offer a detailed explanation and an opportunity to print that detailed explanation in the form of a report explaining why a system failed. The owner of the PC can take this report to the place that sold them the their PC or performed the latest install of Windows to get help. While in the examples above the owner of the PC may not intend to do anything wrong and intentions are often innocent, these are in fact forms of software piracy. 

These scenarios are not real 'false positives' because that the WGA software did perform as designed and accurately detect an install of Windows that was not licensed for the PC it was installed on or was wrong for some other reason. Still our team takes the customer experience in these scenarios very seriously.

Many teams across the company are working really hard, particularly our marketing folks, to educate customers about the benefits of genuine Windows and encourage them to ask for genuine software when buying a PC. We also have very hard working legal and investigative teams that work to help level the playing field for honest resellers by identifying and taking legal action against resellers who sell counterfeit and pirated Windows to consumers.

Lastly, I would like to ensure everyone that we investigate all credible reports we receive of false positives (though sometimes it's hard to chase down the details we need to try to repro reported failures).  I hear in the halls sometimes of reported failures taking place but when the dev and test teams reproduce the steps reported the result is, far more often than not, that the software performed as designed and the failure was due to the software in fact being counterfeit and the customer simply not wanting to believe it.

Comments

  • Anonymous
    July 18, 2006
    PingBack from http://www.e-fuze.com/?p=776

  • Anonymous
    July 18, 2006
    Sounds right to me.

  • Anonymous
    July 18, 2006
    Since my post on Sunday, in which I talk about what a false positive is and what it isn't, I've...

  • Anonymous
    July 24, 2006
    The comment has been removed

  • Anonymous
    July 26, 2006
    ...'so I'd like to take this opportunity to explain a bit about how WGA works'...

    I'm still waiting for the "how WGA works" part.
    It is the only reason I was interested in the article.

  • Anonymous
    August 09, 2006
    PingBack from http://greatinca.net/blog/2006/08/10/paranoia-technology-news-comments-2006-08-09/

  • Anonymous
    August 25, 2006
    The comment has been removed

  • Anonymous
    September 04, 2006
    The comment has been removed

  • Anonymous
    September 19, 2006
    The comment has been removed

  • Anonymous
    September 27, 2006
    PingBack from http://linux.wordpress.com/2006/09/28/fun-microsofts-commercial-support/

  • Anonymous
    September 27, 2006
    PingBack from http://www.accelzone.com/fun-microsofts-genuine-advantage-support/

  • Anonymous
    September 28, 2006
    PingBack from http://lavluda.x10hosting.com/2006/09/29/fun-microsofts-genuine-advantage-support/

  • Anonymous
    October 25, 2006
    PingBack from http://jasonjeffrey.wordpress.com/2006/10/25/microsoft-pirates-beware-everyone-else-pray/

  • Anonymous
    November 01, 2006
    That's why I switched to Linux on ALL my computers. I've never been more satisfied with my computers' performance and stability. Two years ago, before I had ever touched Linux, I was a Microsoft loyalist. As of this writing, I still own nearly $500 in Windows licenses - an XP Home upgrade, an XP Pro full [OEM], a Win2k Pro, Windows ME, Windows 98 first ed., and a handful of Windows 95 OEMs, plus three copies of WinNT 4 (WS, Server, AND Term. Server) I downloaded from an abandonware site, it didn't come with a product ID but I just punched in all zeros and it installed OK. For example, on the laptop I shrunk my main NTFS partition and deleted the secondary one, and installed Ubuntu Linux 6.10. Now I have a Vista-like desktop running at a decent speed on an Intel i845 video chipset with 8MB of RAM, plus I have full standby and hibernate support, my wireless card works, and I can encrypt my entire hard disk, selected partitions, or even image files stored on the disk and mounted as virtual file systems. My desktop PC, which is an Athlon XP 2500+ with 1GB of RAM, and an nVidia GeForce FX5200 video card, runs the Vista 3D desktop at the SAME FRAMERATE. When the laptop had Windows on it, it took about 0.8 seconds to generate an Enano CMS page. After I installed Ubuntu, that time dropped to 0.25sec. Ubuntu also flawlessly recognized my CPU throttling feature, which didn't even show up every time I tried to access it from Windows. (and I also found out that my laptop routinely throttles things down by 50% when things get too toasty for comfort.) Folks, why pay $450 for Vista Ultimate when you can get the same functionality for free and without the licensing hassles? Yep, I'm also behind the Why Not Vista site, http://whynotvista.no-ip.org (WiP at this time) -dandaman32

  • Anonymous
    December 23, 2006
    PingBack from http://blog.kicker-1.com/?p=65

  • Anonymous
    December 23, 2006
    PingBack from http://blog.kicker-1.com/?p=65

  • Anonymous
    March 09, 2007
    How about another scenario, this one involving Office? You have a brand new laptop from Dell, with Vista Ultimate on it.  It comes pre-loaded with a trial version of Office 2003 Small Business Edition.  You decide to be a good Microsoft customer, and without ever using or activating Office 2003, you download and activate Office 2007.  Now, you want to get an add-in for Office 2007, and guess what? Lo and behold, WGA tells you that while Office 2007 is genuine, that copy of Office 2003 you never used or intend to use does not have a legitimate key and may be counterfeit.  Of course it doesn't have a legitimate key, it was never really installed in the first place. So, basically I have to do one of 2 things

  1. Un-install Office 2003, which I am afraid will remove files that might damage Office 2007
  2. Activate Office 2003, which again, might cause something to be overwritten that will cause problems for Office 2007 Both of these are unacceptable alternatives for what is an obvious error in WGA.  It should be able to detect that the software was never fully installed in the first place.