Re: WGAtray.exe (Windows Genuine Authentication) spyware. Can this be disabled?

I don't have the original post, so I'll reply to this one.

To disable WGA Notify, with minimal risk, download Sysinternals
Autoruns, run it, and click the Winlogon tab. Under the list for
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify", you
will find a check box for wganotify.dll. Disable it. Reboot. Done.

http://www.sysinternals.com/utilities/autoruns.html

John wrote:

Very well written post. I agree with most of your points.
I was surprised to have the WGA warning window "pop-Up" after the last
update session, I have a Dell PC and my upgrade to XPpro was
purchased a year ago from a reliable vendor (I thought). Since I have
no intension of contacting MS and arguing with them about this
problem, I just blew WGA away and stopped the Update pgrm. Its time
to switch to Linux anyway.
I think its funny that Bill Gates, the richest man in the world, goes
to this length to harass his customers. This jerk thinks he deserves
to be even richer than he is, and the reason he isn't is that
everyone is f***ing him. Pathetic.

Vanguard wrote:
I didn't track at which point Microsoft dumped this on my host. I
have a genuine version (OEM) of Windows XP Pro when I bought the
hardware and software components for my system. As part of
Microsoft discontinuance of supporting pirated versions of Windows
so they cannot get updates or service packs (an understandable
stance on their part), they have decided to install spyware on all
their customers' hosts. It is the wgatray.exe process. See
http://www.theinquirer.net/?article=31281.

I don't want processes consuming resources that are not germane to
*MY* use of *MY* hardware and the licensed software. I disable or
set to Manual any NT services that I don't need. I disable apps
that want to run at startup that I don't need or need so rarely that
starting them manually is not great loss of ease-of-use for them, or
I disable or remove their startup entries from the registry, Start
group, or Task Manager if they don't provide the option to *not*
load them on Windows startup. I don't want all that crap running on
my host.

Microsoft got a bit more tricky with the WGA program. It won't
appear in msconfig as a startup item. Some utilities that let you
check the startup items won't show it. I used AutoRuns from
SysInternals and found it hiding (as some malware does also) under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

under a data item named "WgaLogon". The executable file is at:

c:\windows\system32\wgalogon.[exe|dll]

Like rootkits, Microsoft will hide the WGA processes in the hopes
that users won't wonder what the hell it is. They also have the
kernel hide it when using Explorer when looking in the System32
folder (but other file search tools, like Agent Ransack, the free
version of FileLocator, will find it). I noticed it because I use
DiamondCS' ProcessGuard which won't let a process load into memory
unless authorized by the user.

I can understand the need to stop supporting pirated copies of
Windows but that should be performed during the session with Windows
Update, not by running some client-side utility that always performs
the check when it doesn't apply. It is not Microsoft's place to
interfere with the operation of the OS during its use, only when the
pirating user attempts to get updates. Since the Windows Update
site already requires the use of an ActiveX control, let Microsoft
use that mechanism for qualifying the connected user as to whether
or not they can get updates (and make damn sure there is a free
support line just for problems that arise from false triggers).

Anyone know how to keep wgatray.exe from running? Would deleting its
registry entry as a WinLogon event eliminate it? What if I configure
ProcessGuard to *not* allow that process to load into memory (if
Microsoft has decided to play the role of a virus and circumvent any
standard means of preventing a process from loading on Windows
startup)? Microsoft needs to learn that it cannot resort to spyware
to regulate who uses their operating systems. I won't be annoyed by
the popups (but supposedly pirates will although it has yet to be
seen how accurate is their detection) but I really don't want
anymore extra crap, er, fluff running on my system since it is *MY*
hardware, not Microsoft's. I don't want anything stealing CPU
cycles and memory that I don't know about and which I cannot
control; otherwise, it is considered malware. It wouldn't be as much
of an insult if Microsoft had not chose to hide what they are doing
to their customers. Guess they liked what Sony did with their
rootkit and have followed suit. Microsoft produces the Windows
Defender anti-spyware product yet Microsoft also introduces spyware.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________



.

Relevant Pages

  • WARNING LONG - Brian Livingstons take on Windows Genuine Advantage
    ... Genuine Advantage is Microsoft spyware ... Some tech writers have said categorizing WGA as spyware is arguable. ... It causes serious problems for some legitimate Windows users and was sprung on customers with no notice other than a press release the day before. ... If an instance of Windows doesn't seem to have a valid license, display notices to the user and prevent any updates being downloaded from Microsoft.com except security upgrades that are rated "Critical." ...
    (alt.sys.pc-clone.dell)
  • Re: Windows Genuine Advantage - Big Brother is watching you
    ... Microsoft Provides Additional Clarity About Windows Genuine Advantage Notifications ... Some tech writers have said categorizing WGA as spyware is arguable. ...
    (microsoft.public.windowsupdate)
  • WGA - the most recent phase
    ... Microsoft has bowed to public pressure, releasing a version of WGA that no longer validates Windows using a server-side configuration ... Responding to pressure from irked Windows users, Microsoft released an updated version of its antipiracy program on Tuesday that changes the frequency with which the program checks for pirated or counterfeit copies of its client operating system. ... "Our customers have told us that they were disappointed with their WGA Notifications experience, and we have made an effort to improve that with this update," a company representative said in a statement. ...
    (alt.sys.pc-clone.dell)
  • Re: Is WGA used to violate your privacy or not?
    ... If WGA is touted to protect and respect the privacy of thos who use ... Windows, how could it do this without violating privacy?!? ... How does Microsoft use this information? ... the WGA to validate their copy - can they report it and possibly get a free ...
    (microsoft.public.windowsupdate)
  • Re: WGAtray.exe (Windows Genuine Authentication) spyware. Can this be disabled?
    ... I was surprised to have the WGA warning window "pop-Up" after the last ... a genuine version of Windows XP Pro when I bought the hardware and ... remove their startup entries from the registry, Start group, or Task ... Microsoft got a bit more tricky with the WGA program. ...
    (microsoft.public.windowsxp.general)