Text 11615, 122 rader
Skriven 2006-06-13 20:44:50 av /m (1:379/45)
Ärende: Microsoft presses the Stupid button
===========================================
From: /m <mike@barkto.com>


http://blogs.zdnet.com/Bott/?p=76

Aside from the apology, "Microsoft gets bad-mouthed a hundred times a week for
things that would be perfectly acceptable coming from anyone else.", Mr. Bott
has a reasonable commentary here.

(I consider it an apology because Microsoft needs to act differently due to its
monopoly position. Mr. Bott conveniently overlooks that aspect of Microsoft's
responsibilites.)

But on to the article...


===
When you’re the Evil Empire, it’s only natural to get a bad rap for everything
you do. Microsoft gets bad-mouthed a hundred times a week for things that would
be perfectly acceptable coming from anyone else. Given that level of criticism,
it’s easy to ignore the times when they’re just completely, egregiously wrong.

The uproar over Microsoft’s new Windows Genuine Advantage authentication
software, which is now being pushed onto Windows users’ machines via Windows
Update, is one of those occasions. Someone at Microsoft just pushed the Stupid
button. And things aren’t going to get better until they stop pushing it.

In a nutshell, here’s what’s happening. Two months ago, Microsoft released an
update to its Windows Genuine Advantage authentication system via Windows
Update. The WGA code checks your system to see if it’s been properly activated.
If the activation is messed up – as it would be if you were using a pirated
copy of Windows – you see a message telling you your copy of Windows is “not
genuineö and your access to some Microsoft resources is cut off. WGA was
originally intended to be part of Microsoft’s carrot-and-stick strategy for
reducing piracy. Lawsuits against software pirates are the stick; WGA is the
carrot. In theory, after you run the WGA code and prove that your copy of
Windows is legit, you get access to cool downloads that aren’t available to
Windows users who haven't jumped through the WGA hoop.

Fellow ZDNet blogger David Berlind has done an excellent job of unpacking the
spin from Microsoft’s multiple statements about this situation. For details,
see Does Microsoft's new WGA disclosure fall short? and With WGA, is Microsoft
forcing Windows users to install and test pre-release software? Read both those
posts and follow the links for the full details of this story.

I’m not all that concerned with the hysteria over the revelation that this app
“phones homeö to Microsoft. These days, I fully expect that any program I
install will have a mechanism for updating itself or accessing help content
online. As long as those mechanisms for online access are disclosed during
installation and the actual update process isn’t malicious, careless, or
deceptive, I have no problem.

No, the problem with Microsoft’s whole WGA program boils down to a simple rule:
Do not mess with security. This episode violates that rule in three incredibly
stupid ways.

Stupid mistake #1: This update should never have been included with Critical
Updates. The Automatic Updates mechanism in Windows XP (and in the upcoming
Windows Vista) is supposed to be a delivery vehicle for Critical Updates that
fix security flaws in Windows. (From the Microsoft Update FAQ: “Automatic
Updates is the easiest, most reliable way to help protect your computer from
the latest Internet threats by delivering security updates right to your
computer automatically.ö [emphasis added]) There is no way, short of the most
outrageous spin, that the WGA update can be considered a security update. By
delivering a non-security-related update through this mechanism, Microsoft is
breaking that promise.

Stupid mistake #2: The new WGA tool is wrong too often. If you’re going to
punish your users, you had better be 100% right about identifying the
offenders. Sadly, the new WGA code doesn’t come close to reaching this level of
performance. A commenter on my blog reports that he’s now getting incessant
notifications that his copy of Windows is not genuine. A close business
associate of mine reports the same problem. What do they have in common? Both
are using notebooks that had to be returned to their manufacturer for service.
The repaired notebooks fail the validation process. A quick scan of recent
posts at Microsoft’s WGA forum suggets this problem is unfortunately common.

Stupid mistake #3: The user is left high and dry. If you get a notification
that WGA failed, what are you supposed to do? I haven’t seen the failure
message myself, but my correspondents tell me it doesn’t offer any helpful
steps for resolution. Neither does the Genuine Microsoft Software FAQ, which
says:

   What if my copy of Windows or Office fails the validation
   process?

   See your reseller and ask for genuine Microsoft software,
   using the report provided during the validation session for
   support. The report explains why your system was unable to
   validate and provides instructions for further follow-up.

Oh, great. Have you ever phoned Dell’s support line? The apparently defective
WGA tool is about to plunge an unknown number of users into a support nightmare
for no good reason.

So what should Microsoft do now? Simple:

They should send a new update that disables and/or removes the WGA tool
immediately, until it’s fixed.

They should set up a toll-free hotline that any Windows user can call if
they’re experiencing problems with Windows Genuine Activation. (Microsoft
already offers toll-free support for anyone who suspects they may be infected
with a virus or a worm, so this doesn’t require a new infrastructure.) The
agents on this line should have the authority to help a user override WGA
problems.

They should apologize, publicly and profusely, for mixing an anti-piracy tool
in with security updates and take steps to make sure that it never happens
again.

And they should find whoever pushed the Stupid button in this case and put them
on telephone support duty for the next six months. That might be an appropriate
punishment.
===

I could think of other appropriate punishments....

 /m

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)