Microsoft plans better disclosures for piracy monitoring tool

Jack Writes: Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker.

The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down.

"It's kind of a safety switch," said David Lazar, who directs the Windows Genuine Advantage program.

Lazar said the company decided to add the safety measure because the piracy check, despite widespread distribution, is still a pilot program. He said the company was worried that it might have an unforeseen emergency that would require the program to terminate quickly.

But he acknowledged that Microsoft should have given users more information about the daily interactions.

"We're looking at ways to communicate that in a more forward manner," he said.

Lazar also said the company plans to tweak the program soon so that it will only check in with Microsoft every two weeks, rather than daily.

The tool, part of the Redmond company's bid to thwart widespread piracy, is being distributed gradually to people who have signed up to receive Windows security updates. The company expects to have offered it to all users worldwide by the end of the year.

Lazar said that so far, about 60 percent of users who were offered the piracy check decided to install it. Once installed, the program checks to make sure the version of Windows a user is running is legitimate, and gathers information such as the computer's manufacturer and the language and locale it is set for.

That information-gathering is disclosed in a licensing agreement. But the agreement does not make clear that the program also is designed to "call home" to Microsoft's servers, to make sure that it should keep running.

At least every 90 days, the tool also checks again to see if the copy of Windows is legitimate. Lazar said that's because the company sometimes discovers that a copy of Windows that it thought was legitimate is actually pirated.

When Microsoft believes a copy of Windows is pirated, the user begins to get a series of reminders that the copy isn't genuine. Such users also are barred from downloading non-critical updates, such as the new version of its Internet Explorer browser. But anyone who has signed up to automatically received security updates, which repair flaws to prevent Internet attacks, will still get those fixes.

Lauren Weinstein, who is co-founder of People for Internet Responsibility and was one of the first people to notice the daily communications to Microsoft, said he understands and sympathizes with Microsoft's desire to control widespread piracy of its flagship product. But he said it's problematic that Microsoft did not disclose all the tools' communications with the company.

Weinstein said he also was surprised that Microsoft decided to release so widely a tool that it says is in a "pilot" mode and might need to suddenly be shut down.

"Really what you're talking about is someone saying, 'Look we've put something on your computer and it might go screwy, so we're going to kind of check in every day,'" he said.

Such a concession raises concerns about the quality of the tool itself, he added.

"They sure should've notified better, and it makes me wonder if it should have been deployed better."