WGA meltdown raises doubts about MS reliability

The 19-hour blackout of the Microsoft Corp. servers that identify copies of Windows XP and Vista as legitimate or counterfeit shows that serious flaws exist in the process and raises questions about the reliability of Microsoft’s services, analysts said Monday.

From about 8 p.m. EDT Friday to 3 p.m. Saturday, a still-unspecified “server-side issue” with the system that validates Windows XP and Vista erroneously fingered users as pirates, preventing them from downloading most software from the Microsoft Web site, and in the case of Vista, disabling several features, including the operating system’s Aero graphical user interface. Windows users lit up the company’s support forums with more than 450 messages, some of which were collected in threads have been viewed by as many as 45,000 people.

As of midday Monday, Microsoft had not explained the problem with the Windows Genuine Advantage (WGA) servers, although on Saturday program manager Phil Liu promised that after the team had generated a fix, “[I will] get you all what you are looking for, an explanation and cause.” Michael Cherry, an analyst at Kirkland, Wash.-based Directions on Microsoft, took the company to task over the snafu. “Despite the fact that Microsoft has rolled out WGA slowly and methodically to ensure they have the capacity, availability and reliability to handle customer validation requests, it appears that any plans they had to handle a service problem are not adequate.

“Why don’t they have a workable fail-over strategy for this service? What does this say about the resiliency of Microsoft’s services? After all, there will be failures,” he added.

Gartner Inc. analyst Michael Silver also dinged Microsoft on the reliability issue. “A system that’s not totally reliable really should not be so punitive,” he said. “This issue is not really how long it take for Microsoft to fix the problem, but also how when the user can get back on the network to revalidate. What happens when someone’s about to get on a plane and won’t be able to revalidate for three days?”

On Saturday, users raged that the outage prevented them from doing work — at least one said he was a developer and couldn’t access the update to DirectX because his machine had been falsely flagged — or playing games. Others asked why they had effectively been tagged as pirates.

“It’s really hard to say if the system is fragile,” said Cherry, in response to a question. “Let’s say that the system runs without problems for six months — how many successful validations occur? But if you are the one person who fails for no fault of your own during that six month period, then the system is too fragile.”

It’s not yet known how many users were affected by the server blackout. Microsoft has not officially put a number to the problem, although a Vista program manager claimed late Saturday that it wasn’t significant. “We’ve since learned that very few customers were affected,” said Nick White on the Vista blog.

Cherry, however, said the numbers were immaterial, and compared the WGA affair to problems some users continue to have finding drivers for Windows Vista. “Microsoft can tell us how many drivers there are, and there are lots, but if the one driver you need is missing, the number available just doesn’t impress you,” he said. “Likewise, if you have a legitimate copy and yet cannot get validated, do you care how many customers were validated?”

WGA has faced criticism almost since its inception, but until this latest episode, the most vocal complaints dated back to June 2006, when users discovered that the Windows XP version of WGA was “phoning home” to Microsoft every time the PC was booted. Criticism ramped up again when Microsoft announced it was instituting a new policy for Windows Vista that engaged something it called reduced functionality mode (RFM) to cripple machines deemed to be running fake copies.

Because RFM only allows a grace period of three days to those who previously activated Windows but are subsequently pegged as pirates, any problems must be fixed quickly to prevent customers’ PCs from going dark. Microsoft managed to beat the deadline this time, but Gartner’s Silver said three days was too short. “At least 30 days is more reasonable,” he said. (In fact, Microsoft does offer a 30-day grace period, but only to users when first installing Vista.)

Will the outage — the second in the past 11 months — give Microsoft pause, and make it rethink WGA? Cherry doesn’t think so.

“I think that Microsoft will be totally unwilling to change its position, and the operation of WGA, based on any feedback or recommendations from customers. After all, what customer would ask for the operation of his or her computer to be more complex? What customer wants to continually have to prove they are not using unlicensed software and they are not a thief or pirate?

“Until customers think WGA is so egregious that they stop purchasing Windows, there will be no change.”

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now