BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Amazon.comOrder books and more at Amazon.com

Win 2K Secrets
Order Windows 2000 Secrets from Amazon.com



BugBlog Bug of the Month

Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.

This month the Bug of the Month goes to Microsoft for a series of issues concerning Windows Genuine Advantage:

There are various rumors floating around that the new Windows Genuine Advantage program includes a "kill switch" that will allow Microsoft to turn off what it thinks are pirated copies of Windows XP. This has been denied by Microsoft's PR firm, Waggener Edstrom, in Computerworld at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001559. Of course, with Microsoft's sterling reputation for security, there's no way that a kill switch could be exploited by hackers.

There is at least one worm spreading via AOL Instant Messenger (AIM) that is masquerading as the Microsoft Windows Genuine Advantage (WGA) anti-piracy tool. It's really the Cuebot-K worm, but uses the display name 'Windows Genuine Advantage Validation Notification." When it is active, it disables the Windows firewall and then opens a backdoor on computer to let in other malware. Read more at http://www.vnunet.com/2159630.

I think I missed this while on vacation -- the Microsoft Knowledge Base has an article on how to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage. They say that the easiest way is just to install the general release version. (Fit of giggling hits The Bugblog.) If you don't want to do that, they have uninstall steps at http://support.microsoft.com/kb/921914. Note that Microsoft states "Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender."

Why this bug? Maybe first of all, we should ask "Is this really a bug?" It probably isn't, but in addition to bugs, the BugBlog covers "things that go wrong with your computer." And it seems there's many different ways things can go wrong with this, not withstanding the very high frequency that this program "calls home". Also, it's not just the Windows-bashers taking the lead in this -- many people who have spent many years writing about Windows are put off with the program, too. Maybe the real bug is the fact that Microsoft didn't forsee how this would be perceived. Or maybe in the sneaky way they introduced it.

Here's some additional media coverage on WGA. Note that in some cases, the stories will be pulled off-line after awhile.

Microsoft's piracy check draws complaints, lawsuits (Seattle Post-Intelligencer, 8/6/06)

Does Microsoft's Windows Genuine Advantage Program Qualify as Spyware? (PC World 7/11/06)

Microsoft Defends WGA (PC World Canada 7/26/06)

When a 'False Positive' isn't a false positive (MSDN, 7/16/2006)

Genuine Advantage is Windows Spyware (Windows Secrets, 6/15/2006)



Previous Bugs of the Month

July 2006: Yahoo! Mail

June 2006: Symantec Enterprise AV

May 2006: Microsoft Wins Special Lifetime Achievement Bug Award

April 2006: Adobe Macromedia Flash Player

March 2006: Microsoft Windows Media Player

Feb 2006: Apple QuickTime

Jan 2006: Microsoft WMF Bug

Dec 2005: Sony's Secret DRM Scheme Leaves Users Exposed

November 2005: Four Separate Bugs Leave Windows Open to Takeover

October 2005: Acrobat Screws Up MS Word

September 2005: Apple Security Update Breaks 64-bit Apps

August 2005: Cisco IOS Vulnerable to IPv6 bug

July 2005: RealNetworks Fixes Four Bugs in Their Media Player

June 2005: Flawed Rollout for Netscape 8

May 2005: TCP/IP Fix for Windows

April 2005: Denial of Service against Symantec Norton AntiVirus

March 2005: IDN Spoofing Bug

February 2005: Windows Animated Cursor Bug

January 2005: Windows Firewall Problems with Dial-up connections

The Bug of the Month is also posted at Blogcritics.org