When a ‘False Positive’ isn’t a false positive

Recently I’ve been hearing questions from journalists, other bloggers and customers about what exactly makes systems fail validation. Specifically, I have been asked for two things. First, a breakdown of the kinds of piracy that are detected by WGA and which are the most common.  And second, what is the rate of “false positives” with WGA (falsely identifying a copy of Windows as counterfeit)?

First on the question of what makes up the WGA failures. About 1 in 5 of the 300 million PCs that have run WGA validation fail.  That is pretty much in line with industry numbers for software piracy.  By volume most of the validation failures detected by WGA are a result of installs that use a stolen volume licensing key. Using stolen volume license keys has been a well known method of counterfeiting Windows XP for a while.  This accounts for around 80% of the failures today. As an example, one stolen license key from a US university ended up on over a million PCs in China. The rest of the failures are caused by a mix of other types of counterfeiting and piracy, including a variety of forms of tampering, hacking and other forms of installing unlicensed copies. Sometimes people try to hack Windows Product Activation itself (often not totally successfully either) and other times people try to modify files to prevent XP from needing to activate at all. Some failures are caused by improper attempts to install or repair software on an otherwise genuine PC. All of these activities will result in WGA validation failures and they should.

I think it’s super important to be clear about the idea of ‘false positives’ so I’d like to take this opportunity to explain a bit about how WGA works and why when some people believe they have a legit license for Windows but WGA fails to validate their installed copy.

To be precise, an actual ‘false positive’ would occur if WGA identifed a specific copy of windows installed on a system as non-genuine or unlicensed when in fact it was genuine and licensed. Of the hundreds of millions of WGA validations to date, only a handful of actual false positives have been seen. Most of these were due to data entry errors that were quickly corrected and only occurred for a short period of time.

Given the extremely small number of technical failures of WGA why else might someone think that their system was falsely identified as running counterfeit Windows? If they aren’t actual ‘false positives’ what are they? It turns out there are a number of scenarios that could result in a WGA validation failure that a user might be surprised by or even deny including the following few scenarios:

Scenario 1: the PC user was sold counterfeit but it looks genuine to them so their first reaction is shock followed by disbelief and frustration (occasionally people seem to contact us right at this point!) but in truth these people are victims and the product is really a counterfeit made to look like genuine. When people are ripped of this way we offer to replace their product with a genuine copy if they fill out a counterfeit report and send it and the counterfeit into us. So far we’ve provided hundreds of free copies of Windows to users who’ve been ripped by high-quality counterfeit, and we plan to continue this offer.

Scenario 2: the PC user really doesn’t know that they did something wrong, such as install the same copy and key to more than one PC at the same time. If a customer such as this bought their copy at a reputable outlet, a national chain or received Windows pre-installed on a PC from a major manufacturer they might believe that what they have is ‘genuine’ but they don’t realize that they’re violating the license in a way that results in a WGA failure. The solution to this is really educational, there are some requirements as to how Windows can be installed, these are of course spelled out in the EULA and for many are common knowledge.

Scenario 3: a friend or acquaintance offers to ‘fix’ or repair your system or offers a ‘free upgrade’ by installing their copy of Windows on your machine. as in the scenario above, if you didn’t now that wasn’t allowed under the license you have for Windows you might be surprised when WGA fails. The challenge in scenario 3 and 4 is that there is no way to tell the difference from someone unknowingly pirating the software, with good intent or not, and someone who does this for a living to rip off consumers and/or Microsoft.

Scenario 4: you take your PC to get a new video card or hard drive or to be worked on for some other reason at a repair shop, in the process of the upgrade a new [improper] copy of Windows is installed. Sometimes this happens because those doing the work will take shortcuts to install a copy of Windows that is laying around or is convenient. Often times this is done with a key and a copy of Windows that’s handy for the repair person but is really the wrong version or edition or installation for your system. WGA detects some of these miss-matches and will fail systems that are installed with versions of Windows that aren’t licensed properly. For customers who find themselves in this situation there’s a number of solutions available none of which require that they purchase a new copy of Windows.

For all of these scenarios when validation fails the WGA website will offer a detailed explanation and an opportunity to print that detailed explanation in the form of a report explaining why a system failed. The owner of the PC can take this report to the place that sold them the their PC or performed the latest install of Windows to get help. While in the examples above the owner of the PC may not intend to do anything wrong and intentions are often innocent, these are in fact forms of software piracy. 

These scenarios are not real ‘false positives’ because that the WGA software did perform as designed and accurately detect an install of Windows that was not licensed for the PC it was installed on or was wrong for some other reason. Still our team takes the customer experience in these scenarios very seriously.

Many teams across the company are working really hard, particularly our marketing folks, to educate customers about the benefits of genuine Windows and encourage them to ask for genuine software when buying a PC. We also have very hard working legal and investigative teams that work to help level the playing field for honest resellers by identifying and taking legal action against resellers who sell counterfeit and pirated Windows to consumers.

Lastly, I would like to ensure everyone that we investigate all credible reports we receive of false positives (though sometimes it’s hard to chase down the details we need to try to repro reported failures).  I hear in the halls sometimes of reported failures taking place but when the dev and test teams reproduce the steps reported the result is, far more often than not, that the software performed as designed and the failure was due to the software in fact being counterfeit and the customer simply not wanting to believe it.

Comments (30)

  1. war59312 says:

    Sounds right to me.

  2. Since my post on Sunday, in which I talk about what a false positive is and what it isn’t, I’ve…

  3. citib0y says:

    I don’t believe that " … only a handful of actual false positives have been seen."   This doesn’t make any sense in context with another statement made:  "About 1 in 5 of the 300 million PCs that have run WGA validation fail."  This doesn’t jive with the so-called "handful."   WGA is just another bad idea from a bad company that produces bad software which  is unreliable.  Micro$oft  is a self-serving monopy that  got lucky.  What goes up must come down … eventually … and with a bang!

  4. Ajax4Hire says:

    …’so I’d like to take this opportunity to explain a bit about how WGA works’…

    I’m still waiting for the "how WGA works" part.

    It is the only reason I was interested in the article.

  5. TNPoppa says:

    I purchased a Compaq laptop for my son when he went in the Navy from Sam’s.  The unit was a display model.  All the product cds came with the laptop.  When I updated the laptop recently the WGA validation and notification tools were installed.  When he rebooted, the notification said counterfeit.  In discussions with microsoft I was informed to send all cds to them and they would verify authenticity.  I was also told I would not get the cds back, regardless of their authenticity check.  Bottom line…pay them $150.  Bulls… You would think with all the money MS has they wouldn’t try to steal another $150 when I’ve paid for it once.  Their customer service is deplorable.  No further assistance was offered unless I paid the rate.  My son’s laptop is out of warranty so neither Sam’s nor Compaq will do anything either.  Typical big business mentality.  My way or no way and it really doesn’t matter what I think.  

  6. floordog says:

    Please explain!  I bought a VALID COPY OF WINXP from MICROSOFT.  I used FEDEX.  I installed the WINXP in ONE computer.  Now, I get notices from Microsoft that I have a COUNTERFEIT WINXP.  

    What do I do?  Every time I contact Microsoft they want MORE money.  They are runnng out of excuses.  This looks like a case of MAIL FRAUD!   Due to changes in anti-terrorist legislation other carriers such as UPS and FEDEX are under FEDERAL jurisdiction.  

    How can YOUR PRODUCT BE COUNTERFEIT?  It looks like you got caught in your own fraud!  I need to make a short video for YOUTUBE, it will bring lots of laughs.  You are accusing  yourself of counterfeiting!  

    Lets see, maybe I can sue Microsoft for selling me  a counterfeit product.  When will you ever be responsible for your accusations.  You guys are living in a fairy tale.

    You sell products that work some of the time, but you take NO responsibility for your FAILURES.

    I have an idea.  Lets have a convention meeting in lets say Europe, about Microsoft Windows products.  Everyone who shows up will receive a million dollars.  Including you.  

    The only requirement is:  You must fly to the convention in a jumbo jet (your choice) run entirely by any Windows product.  All flight controls, navigation, engine controls, air conditioning, communication systems must be under the control of ONE WINDOWS computer!

    You will NEVER GET on the plane!  I would love to see all you Microsoft "shirts" at 40,000 feet trying to reboot and re-install Wndows!  Who are you going to blame?  Look in the mirror.  Oh..I forgot no parachutes allowed.

    What a panic, all of you screaming at each other blaming each other for a product that has never worked as advertised.   Oh what a sight!

  7. futopia says:

    Regarding the four scenarios – here’s a couple more:

    1) Any person who looks at your computer can see the "genuine windows" hollogram sticker with serial number and Dell service tag on your new Dell, visitors, technicians, colleagues etc. Before you know it, your serial that came preinstalled from Dell is posted on some "serialz" website or irc channel and there’s not a damn thing you can do about it. or Perhap someone writes it down, and then installs it on several machines. Everything is fine and dandy until following a crash you have to re-install your operating system. You can’t even use Dell’s included CDs, as they fail a "restore" from a crashed HD, so you have to borrow a friend’s installation CD — but low and behold – your very own serial number has been compromised and you can’t for your life get Windows to activate / validate as genuine. You bypass the active-x validation and talk to a guy on the phone – he verifies your license and gives you a code. Now things are good again, right ? Wrong ! You run windows / MS update a couple of times — and now you are bombarded with warnings that you are a victim of piracy and that your copy of windows is not genuine..

    and now even worse — there are computer viruses out there that can easily sniff out your serial number and send it back to the programmer of the virus, or automatically post those on internet web-based databases/ lists…. you original s.n. has been compromised — what will MS do to make you whole ?

    I have an original Dell, with a service tag and a Win XP Home. Original, holographic sticker. Windows says its not genuine and there’s not a damn thing I can do about it.

    I have problems with .Net v. 2 installing but not removing .net 1.1 and problems installing Windows Installer 3 (incompatible version to SP2 2 ?? ) but can’t seem to budge .net 2 as a consequence — can’t install or uninstall… yet windows update insists on wanting to install a security update to .net 1.1 sp 1…

    drives me nuts. Meanwhile the "Key Changer" from MS crashes when I try to  change the Win XP serial number to another one… one that I got with my now-defunct fujitsu laptop…

    God help us all. Because God knows MS probably won’t… they just make things more complicated and miserable, though I don’t envy them for the task handed to them — fighting software piracy is near impossible. It’s just a degree of success, and the degree of collateral damage to genuine owners.

    Sadly, this causes some PCs to run better and with less problems with hacked versions of XP and hacked windows update components… where the genuine systems that are succeptible to MS’s own tantrums and untested software malfunctions to halt or crumble – case in point — my Dell PC.

  8. dandaman32 says:

    That’s why I switched to Linux on ALL my computers. I’ve never been more satisfied with my computers’ performance and stability. Two years ago, before I had ever touched Linux, I was a Microsoft loyalist. As of this writing, I still own nearly $500 in Windows licenses – an XP Home upgrade, an XP Pro full [OEM], a Win2k Pro, Windows ME, Windows 98 first ed., and a handful of Windows 95 OEMs, plus three copies of WinNT 4 (WS, Server, AND Term. Server) I downloaded from an abandonware site, it didn’t come with a product ID but I just punched in all zeros and it installed OK.

    For example, on the laptop I shrunk my main NTFS partition and deleted the secondary one, and installed Ubuntu Linux 6.10. Now I have a Vista-like desktop running at a decent speed on an Intel i845 video chipset with 8MB of RAM, plus I have full standby and hibernate support, my wireless card works, and I can encrypt my entire hard disk, selected partitions, or even image files stored on the disk and mounted as virtual file systems. My desktop PC, which is an Athlon XP 2500+ with 1GB of RAM, and an nVidia GeForce FX5200 video card, runs the Vista 3D desktop at the SAME FRAMERATE. When the laptop had Windows on it, it took about 0.8 seconds to generate an Enano CMS page. After I installed Ubuntu, that time dropped to 0.25sec. Ubuntu also flawlessly recognized my CPU throttling feature, which didn’t even show up every time I tried to access it from Windows. (and I also found out that my laptop routinely throttles things down by 50% when things get too toasty for comfort.) Folks, why pay $450 for Vista Ultimate when you can get the same functionality for free and without the licensing hassles?

    Yep, I’m also behind the Why Not Vista site, http://whynotvista.no-ip.org (WiP at this time)


  9. BigE54 says:

    How about another scenario, this one involving Office?

    You have a brand new laptop from Dell, with Vista Ultimate on it.  It comes pre-loaded with a trial version of Office 2003 Small Business Edition.  You decide to be a good Microsoft customer, and without ever using or activating Office 2003, you download and activate Office 2007.  Now, you want to get an add-in for Office 2007, and guess what? Lo and behold, WGA tells you that while Office 2007 is genuine, that copy of Office 2003 you never used or intend to use does not have a legitimate key and may be counterfeit.  Of course it doesn’t have a legitimate key, it was never really installed in the first place.

    So, basically I have to do one of 2 things

    1) Un-install Office 2003, which I am afraid will remove files that might damage Office 2007

    2) Activate Office 2003, which again, might cause something to be overwritten that will cause problems for Office 2007

    Both of these are unacceptable alternatives for what is an obvious error in WGA.  It should be able to detect that the software was never fully installed in the first place.

  10. MSDNArchive says:

    BigE54, this type of issue is an excellent one ot post in our forums which are linked below.

    Definitely this sounds like an issue to be investigated. I’ll past this report along to our technical team.

    Thanks for letting us know.


  11. win7user says:

    After hibernating my laptop and activated i got a "not genuine label" at the bottom right of my screen. There was no further guidance on how to recover from this and what was not genuine.

    Absolutely not OK to have alerts signaled like this and no explanation on why and what to do.

    After a reboot it was genuine again with no excuse from the "genuine advantage software" for being wrong.

    This kind of error handling and no guidance for users is ignorant and opens for software vendors that do NOT abuse their customers. Companies that honor integrity and respect that what is inside the computer is private property. Making a non respectful and faulty "phone home software" mandatory to receive Windows updates feels hostile.

  12. sam domenico says:

    My situation is this

    Machine purchased from dell in 2011

    open for automatic updates and all accepted and installed

    yesterday (december 2014) system was declared invalid

    microsoft help desk informed me that dell had "blocked" my registration as the owner of the system (at the same time telling me they were having system problems and that the wga warning would take care of

    itself at that time)

    Dell help desk tells me they have no mechanism for blocking registration numbers.  They offered to reinstall windows for $250.  I told them that I could convert it to linux for $0.15 cost of a blank cd, and that that is what happened with the malperforming Vista box.  They indicated the superiority of windows and offered to provide me with installation disks free.

    I accepted that.  Machine will remain on windows until it blocks me from something I want to do.

  13. Emily Dicson says:

    I have used all OS, Beside of Microsoft Provides many Operating systems , But Windows 7 is perfect OS for hd gaming with its all versions like; Starter, Home premium, Professional and Ultimate, Which has been used both for home as well as business purpose.

    I suggest you for using only a full version of any OS to avoid lost of your backup files and precious time. Last time, I was need a license for Windows 8.1 pro, Which installed at my cousin's PC, So one of my friend recommend me to buy it from: <a href="http://products.odosta.com">ODosta Store</a>

    So I bought it, Activate online and Now its working well.

  14. Elliander Eldridge says:

    Here's the problem, and why it is still a headache: Suppose you are the University whose license key was stolen by a student and distributed around the world. That license key would get blacklisted causing it to fail validation. I am sitting on a Windows 7 computer in a state university right now that has alerted me that it failed validation. There are only 23 computers in this lab, but literally hundreds of computers on campus. All have been properly licensed by Microsoft, and many have also been licensed by Apple (those machines can boot Windows, Apple, and Linux) so there's no reason for any of them to fail validation. Obviously, this is just a cop out argument from Microsoft.

    On my own computer, I have one XP machine that still works, and has always been valid with a copy I purchased and never shared. Things were going slow so I had to install fresh on a new hard drive, and while I was at it I upgraded the RAM and graphics card. Well, this caused validation to fail. So to get around it I copied the validation keys from the old hard drive to the new hard drive and everything worked. (the license was never used on more than one machine, and although it was used again on a new hard drive, the old one was not put into a new computer. It was put in storage as a backup drive which is not piracy.) So clearly if just upgrading causes a validation failure there is a problem. Mainly that Microsoft is too strict with what it "remembers" to be a valid configuration, and if it's relying too much on hardware configurations is the measure of being valid it means that copying the hardware exactly to multiple machines could defeat it which isn't what they want.

    My newest computer is windows 10, and even though they gave me that for free as a registered developer, the FIRST thing I did was block their validation system from running. That software is garbage.