Microsoft defends WGA

Under fire for reports that Windows Genuine Advantage (WGA) misidentifies some genuine copies of Windows XP as pirated, Microsoft took the unusual step this week of releasing statistics about WGA's purported effectiveness for the first time via a blog.

According to information posted Monday and Wednesday by Alex Kochis, a licensing manager on the WGA team, virtually all of the 60 million PCs worldwide that failed WGA's validation tool are indeed violating Microsoft's licensing policy in one way or another. Kochis posted his comments on his blog on the Microsoft Developers Network.

Most of the reports of "false positives" by WGA "were due to data entry errors that were quickly corrected and only occurred for a short period of time," Kochis wrote. He said only a "fraction of a percent" of those 60 million copies of Windows XP deemed illegal have turned out to be genuine.

Given the number of Windows XP users, a fraction of a percent could still mean hundreds of thousands of genuine copies of Windows may have been incorrectly deemed to be pirated. Contacted separately, a Microsoft spokeswoman declined to elaborate on that figure.

Since April, when Microsoft escalated its WGA program by having the scanning tool stealthily install itself onto many PCs, the antipiracy tool has been the subject of numerous complaints from users claiming that their legal copies of Windows failed to pass WGA.

According to Kochis, about 1 in 5 of the 300 million copies of Windows XP that have been scanned by Microsoft's WGA tool fail to pass.

"In many of those other scenarios, the user of the system or purchaser of the software has some knowledge that the software isn't genuine or isn't properly licensed and is perhaps not as surprised when the validation fails," Kochis wrote. "There are people who likely fall all along a range of awareness -- from mere suspicion, owing to the fact that they got a really good price online or for used software or some other 'too good to be true' deal -- to someone who has full knowledge that the software isn't genuine or licensed, and even further to those who manufacture and sell counterfeit software and are knowing perpetrators in significant and serious crime."

About 80 percent of those failures, or 48 million, are the result of stolen Windows volume-licensing keys, according to Kochis. For the sake of convenience, large Microsoft customers such as corporations or schools are granted a single key that they can use to install Windows XP on multiple machines. Such keys are vulnerable to being stolen and redistributed over the Internet.

"One stolen license key from a U.S. university ended up on over a million PCs in China," Kochis wrote. Microsoft plans to tighten up how it distributes volume licenses in its upcoming Windows Vista operating system.

Microsoft had previously declined to offer details about the remaining 12 million copies of Windows XP that failed to pass WGA.

According to Kochis, those 12 million failures mostly involve "a mix of other types of counterfeiting and piracy, including a variety of forms of tampering, hacking and other forms of installing unlicensed copies. Sometimes people try to hack Windows Product Activation itself (often not totally successfully, either) and other times, people try to modify files to prevent XP from needing to activate at all, he said.