WGA vs AutoPatcher.

[akaladis Veteran]

Okay, as most of you probably know, WGA (Windows Genuine Advantage) now requires users to validate their copy of Windows before updates can be available to them. That means AutoPatcher could be used as a way to bypass validation. I do wish I could add the same validation features in AutoPatcher, but I cannot.

Microsoft no longer checks the product key based on an algorithm, as in Service Pack 2 days. Instead a database of product keys is used to determine if the system in question is using a real, purchased product key, issued by Microsoft. This of course requires an Internet connection (something which would go against the idea of offline patching) but it also means only Microsoft can validate. We cannot replicate WGA to comply.

Although the concept is smart, there is a flaw. And in our opinion, a big one too. Redistribution of hotfixes becomes virtually illegal, as it can be easily used to circumvent the validation process. Of course, it is still unknown if Microsoft sees this as a problem.

If we do agree that hotfix redistibution is in fact a way to circumvent validation, there are two interesting points:

1. Offline Windows users are being left outside: Since WGA requires an Internet connection, the validation process takes place on the computer the file is downloaded. Not the one it's applied on.

2. Many hardware vendors need to redistribute hotfixes to make their devices work with not-up-to-date Windows system. For instance my HP scanner came with a bunch of hotfixes for Windows XP. Needless to say, the scanner didn't work until I applied the patches.

So this pretty much brings us to our question: What should we do with AutoPatcher? Option #3 is something I would rather not do. We could go with Option #4 but as mentioned above, we cannot come close to WGA 'success-rate'.

[Corteoz]

#4 from me.

I wish there was some way of getting an agreement with MS, but I have no idea what kind of relation they have to a project like this.

I just thought of one thing... Till this point AP has had some updates that needed the old WGA to download. I personally downloaded them and included them in my release, as the other AP-clan members did. I dunno how MS reacted to this, or if they noticed, or even cared.

If AP was to go for #3, could AP be sued, and on what terms? Are there any loopholes we can use? Lawyers and people with leagal education, a little help?

Oh!... What if someone "cracked" AP? :whistle: The software would be leagal, but the users who were applying the patch would be doing something illeagal.

[Mx]

I voted #4.

[42n81]

MikroSofft trying to unfairly monopolize the patches and updates market !!

It should be free and open for anyone to make OS enhancements.

Security is for everyone.

MikroSofft got $enough$ now.

Give it back to the people who made you rich Billiam.

Then go away and have a life.

You're putting too many walls around Windows and Gates.

You've got it sewn up, every PC got to be sold with your OS.

Not our fault you sold it to us full of holes.

We don't want to get our updates & patches from you too.

We want the right to get them from someone reliable.

Someone like Raptor.

Someone like AutoPatcher.

[blueshirt]

Does MS officially said distribution of hotfixes is illegal?

[ShaneSparky_YYZ]

4 is what will most likely happen, however 3 is what I voted for ;)

WGA is such BS and there's more than 4 ways around it now.. lol

[Hurmoth]

#4 :yes:

[uniacidz]

Option 4

[The_Decryptor Veteran]

Option 4 from me.

The best idea, imo, is to interface with the WGA libraries, so that AutoPatchers uses WGA to see if it can apply patches.

But, most probably, you would have to work that out with MS, but, that limits the ability to do offline patches.

so, as a fallback measure, just continue as if it never existed, if MS send you legal letters, then stop.

[DudeBro]

4 is what will most likely happen, however 3 is what I voted for ;)

WGA is such BS and there's more than 4 ways around it now.. lol

586307056[/snapback]

That's so true man. :yes:

#4 is the way to go, but i vote #3 cuz WGA is a piece of poo.

[OPaul]

You can download hotfixes through Microsoft without having to go through WGA and WU can't you?

[FlishFun Veteran]

You can download hotfixes through Microsoft without having to go through WGA and WU can't you?

586307283[/snapback]

Actually most (if not all) downloads for Windows XP have become locked if you don't go through WGA (example). Windows Update (and even new Betas) are locked until you validate, now. While there are workarounds, they're considered warez and I assume Microsoft will begin to treat those that try to get around WGA the same as those who try to get around activation.

@42n81 - Anyone who bought a copy of Windows XP, will go through WGA just fine... so saying "Give it back to the people who made you rich Billiam." makes no sense, as those who need to bypass it, didn't give him any money.

As for what should be done, I think Raptor should talk to someone at Microsoft (or I could ask one that I know) about what their thoughts are. As far as safety goes, the first two options are the safest, as there is nothing Microsoft could do... but they are also the worst of the options for those who use AP. Another option could be to just drop Microsoft patches and continue as an add-on/tweak program, but still allow users to add their own Microsoft patches. That way it becomes the user's responsibility as to what they use the tool for. I notice the "Pay no attention" choice is the favorite here, but I'd hate to see Raptor stomped by Microsoft if they get a wild hair, you know?

[akaladis Veteran]

Option 4 from me.

The best idea, imo, is to interface with the WGA libraries, so that AutoPatchers uses WGA to see if it can apply patches.

But, most probably, you would have to work that out with MS, but, that limits the ability to do offline patches.

so, as a fallback measure, just continue as if it never existed, if MS send you legal letters, then stop.

586307247[/snapback]

We can't do that. Remember, WGA requires an Internet connection.

Edited August 1, 2005 by nw_raptor

[Radio Free Mars]

You can download hotfixes through Microsoft without having to go through WGA and WU can't you?

586307283[/snapback]

You certianly can. I have seen so far several workarounds... disabling the dll, using javascript, changing 3 bytes in the dll, changing the product key in a certain way... using Autopatcher really isn't something I think will call attention to pirates / hackers, and it certainly wouldn't be their first choice as a "workaround."

Keep in mind, Microsoft is currently supporting updates to pirated copies of Windows via the "Auto Update" feature in the OS.

I say #3, but I wouldn't say "ignore," I would say just take it easy and don't worry about it and continue as before. If Microsoft says anything, then deal with it, but I doubt they will.

[Colin-uk Veteran]

#3 until microsoft says something...

[jaxius]

#4 for moi

[matt74441]

Until they show up at your door, keep on going.

[OPaul]

You certianly can. I have seen so far several workarounds... disabling the dll, using javascript, changing 3 bytes in the dll, changing the product key in a certain way... using Autopatcher really isn't something I think will call attention to pirates / hackers, and it certainly wouldn't be their first choice as a "workaround."

586307390[/snapback]

Well I meant legally.

[+M2Ys4U Subscriber¹]

Number 3.

MS hasn't stopped you from distrobuting patches before, why should any tighter restrictions apply now?

Just keep going raptor, I'm sure MS will tell you if they want you to stop, and which point they'll leave contact details for you to negotiate an agreement. ;)

This project is too good to stop. please don't.

[gandolas]

For me, the best is #4...

We don't want troubles with Microsoft.

[protoss_chaos]

Sadly, i think MS has you by the ba||s on this one...

Autopatcher is indeed a circumvention of WGA on updates. I don't think MS would say anything about it, but if they did, they would be 100% right....

[theresiststance2003]

#3 unless they get in touch with you and ask you to do something else.

[GhostShell]

I voted #4.

586306991[/snapback]

Same here.:yes::

[spmccord]

Number 3...

[+vlsi0n Subscriber¹]

MikroSofft trying to unfairly monopolize the patches and updates market !!

It should be free and open for anyone to make OS enhancements.

Security is for everyone.

MikroSofft got $enough$ now.

Give it back to the people who made you rich Billiam.

Then go away and have a life.

You're putting too many walls around Windows and Gates.

You've got it sewn up, every PC got to be sold with your OS.

Not our fault you sold it to us full of holes.

We don't want to get our updates & patches from you too.

We want the right to get them from someone reliable.

Someone like Raptor.

Someone like AutoPatcher.

586307045[/snapback]

no kidding, why would MS want to try and stop people with illegal copies from d/ling new patches so they continue to use it illegally. What were they thinking?