I seem to have that sort of relationship with Microsoft.
While there's a strong degree of acknowledged and acquiesced co-dependence, there are moments when I feel I am being taken advantage of. Most recently that feeling of dread returned when the Windows Genuine Advantage (WGA) software popped up in my update announcements.
For those of you who've missed it, WGA is an antipiracy campaign from Microsoft. The intention is for users to download and install a utility which checks your licenses, reports back to Microsoft, then subsequently blocks you from receiving certain types of updates if your software does not satisfy Microsoft's criteria for proper licensing. And if you're judged not-in-compliance it will then pester you with warnings that your licenses are not in order.
So, where does the "advantage" lie?
Cynics will say that Microsoft's title for this thing is an exercise in PR and perception-shaping. It's a "Genuine Advantage": surely this must be good for you, like a yoga class or multi-vitamin, surely benefits will be conferred on users.
But the nature of these benefits is somewhat nebulous. The principal advantage of installation, as stated by Microsoft: "[T]he confidence that you are using a copy of Windows that is licensed and fully supported..." Presumably, licensed-users figured this out when they removed the shrink-wrap and agreed to the EULA.
Since the program launch, it has been a magnet for criticism. While the reasons range from simple righteous indignation to a variety of technical issues, the reaction in the media has been heavily weighted towards the negative. Based on my experiences, I must add my voice to that chorus of nay-sayers. Note: while reading the trades as I researched this story, I found numerous reports of WGA users experiencing false positives and other anomalous reporting problems. I have not experienced any of those difficulties, so I will limit my criticisms to what I personally have experienced:
1) Nondisclosure of reporting
Subsequent to the release of WGA, and in response to user complaints of unexplained network activity, Microsoft admitted that the application contacts Microsoft daily. Now, while I don't have a big problem with software using the Internet to check for updates and such (a number of my programs do that), I do have a problem with this behavior not being disclosed prior to installation. This smacks of spyware. Yes, I realize the system is not doing anything malicious, but I have a problem with programs that do not disclose interactions with a remote server. Furthermore, doesn't daily seem excessive for the stated antipiracy goal? I mean, how many times do I have to prove I own it?
2) Labeling WGA a "Critical Update"
The WGA function was pushed out via the Microsoft Update system and was labeled as a "Critical Update." Call me naive, but "Critical Update" says to me "necessary security update," not a feature Microsoft wants me to install so I know I'm "using a copy of Windows that is licensed and fully supported." This is, to me, abuse of trust.
3) Persistence of the update after rejection
Like many users, I employ Microsoft's automatic update functionality. But, unlike many users, I set mine to "notify before downloading and installing." The "notify" setting forces the system to tell me what it wants to download, rather than blithely swallowing anything Microsoft spoons out in blissful acceptance of their benign intentions.
Courtesy of the notification, I'm able to filter out unwanted things like the Microsoft Malicious Software Removal tool (I am quite happy with my existing antivirus setup, thank you!) and able to spot things like the WGA. On my laptop (which by the way runs an OEM Windows package) I've rejected the WGA update and selected the option "Don't notify me about this update again." The system ignores my selection and presents WGA again and again, hoping (I guess) that on one occasion I won't scroll down the list of updates and see that WGA is yet again included despite my do-not-notify instruction. Again, a breach of trust.
4) Inability to uninstall
The WGA update does not show up in the list of software which can be uninstalled. While those who are motivated can easily find ways to circumvent the program with a quick trip to Google, les technically-savvy users are stuck.
5) Use of ActiveX
WGA relies on ActiveX technology, which has been associated with major security problems in the past and is now disabled by default on many systems. If you made the mistake of installing WGA, you are forced to enable ActiveX for WGA to work properly.
So let me get this straight: In order to enable their program to verify my software so I can run my software without their warnings and with full updates, I must expose my system to more security vulnerabilities inherent in their software?
Well, I guess I can always turn Active X on and off-every day when WGA wants to phone home!
So, if you want my opinion, the advantage lies with Microsoft.
Ric Shreves is a partner in Water&Stone, a firm specializing in open source content management systems. He speaks and writes frequently on the subject of Internet technologies in general and on open source in particular. Contact him at ric@waterandstone.com