Less than honest computer shops using WGA as a con-trick?

I know the digital rights and privacy advocate in me should really hate Windows Genuine Advantage, and I do generally hate it, but the software engineer in me sometimes thinks "hey, companies have a right to protect their IP don't they?" So while I might not agree with how Microsoft does things, I can at least see why.

However, what started out as an annoyance seems to have changed into something else altogether. WGA and its consequences are now part of the everyday lives of regular computer owners, which means that less than trustworthy characters can start to exploit the misunderstandings of members of the public to their own devious ends. A colleague rang me today to tell me about a somewhat shocking story that happened to a friend who took a PC to be repaired to a local computer shop in London. The PC would no longer boot and we believe said computer user had been the victim of some kind of Windows live messenger based phishing virus, which uses an infected system to prompt friends to download malware.

Taking his PC to the store and explaining that Windows would not start, the 'technician' didn't even bother to power the system on and instead explained that it was a pirated copy of Windows and that "Windows had blocked the computer". How he could tell this without even powering the machine we don't know, in the absence of a licence sticker there is still the possibility of a genuine retail copy of Windows being present. Of course, even with a pirate copy of XP on the machine, Windows is not 'blocked'. If your machine fails the Windows Genuine Advantage check, this is what happens:- (source - Wikipedia and my own research).

On Windows XP - If an instance of Windows does not seem to have a valid license, WGA displays a specific notice to the user and prevents non-Critical updates from being downloaded from Microsoft. That's it, that's all that happens, your PC is certainly not "blocked".

On Windows Vista, WGA validation failure has a greater impact. In addition to persistent notification and the disabling of non-critical updates, WGA also disables Windows Aero, Windows defender and ReadyBoost. The user is given a grace period in which to then pass validation, after which most of the operating system is disabled and Windows reverts to reduced functionality mode. Although since Service Pack 1 this no longer happens, instead you simply get prominent nag notices on systems not found to be genuine. Even in reduced functionality mode you can still boot your PC.

Even more shocking, when the victim asked the computer shop to install him a fresh copy of Windows, the 'technician' explained that this was pointless, the computer would be 'permanently blocked by Windows' and that it was now only good for scrap. Of course, he then pointed to his own range of 'fully legitimate' PC's and explained how they would never have any trouble with those. Just in case anyone isn't completely clear on this, this is complete and utter tripe. Systems which fail WGA can easily have a genuine licence applied to them, heck, Microsoft even give you the link in order to buy a genuine licence on any PC that fails WGA.

Sadly, this is yet another story of DRM gone bad. Anyone who fell for a story like this is not likely to have a positive impression of Microsoft and while WGA is designed to maximise their profits, stories like this only highlight how such draconian measures hurt the reputation of the companies they are supposed to protect.

Watch the Phone Watch!

Being a life-long fan of Night Rider, I've always wanted to look at one of those wristwatch phones that have been popping up on e-bay. Well, my wish came true recently when somebody my dad knows bought one and lent it to me to see if I could get it set up.

The little device is pretty impressive. It recognised my SIM card immediately. Choosing a victim from the numbers on my SIM I dialled them up, expecting a one way call I was pretty surprised to find that there's a tiny microphone in the device, meaning you can actually talk to people by shouting into your wrist, just like the Hoff did in Night Rider! Well, not quite, the sound from the speakers was so quiet that holding a conversation was extremely troublesome, being as I had to hold the phone to my ear to hear my contact. Still, it's a step closer to my Night Rider fantasies than the camp sounding robot voice that's supposed to be KITT on my sat-nav.

Aside from working as a fully functional phone, the little device also packs in a MP4 player, a FM radio, an MP3/Media player and even some simple games. The screen is a touch screen (though if you hated the keyboard on the iPhone, expect dialing on here without a stylus to be extremely awkward). I watched a sample video on the media player which seemed to be a clip from King Kong and mighty impressive it was too. The audio was much louder than making a call, though perhaps if I had to hold my wrist up to watch a whole movie I'd be wishing I spent my money on a portable media player instead.

The phone/watch is bulky but not too heavy and will rest on your wrist without pulling your arm off. The more fashion concious non-geeks might want to wear something long sleeved to cover it over, but bearing in mind I used to wear my Tetris wrist watch (http://www.wonderlandblog.com/wonderland/2005/05/vintage_nintend.html) I don't think that's a problem for the out of the closet geek like myself.

Sadly, this particular phone/watch has a faulty USB connector, meaning there's no way to use the headphones or to transfer media to the device. That seems to be the main problem with this model of watch, the flimsy USB connector that it uses. You can see a picture of the connector here on the left, sandwiched between my knees. The connector HAS to be small, but regretably the way it attaches onto the watch is not very secure. The headphones attached the same way and would work sometimes if the cable was given a wiggle, a sure sign of an edge connector that is on its way out. Some kind of plastic clip to hold the cable in place and prevent up-down movement weakening the edge connector is what is really needed.

So sadly I was not able to set the device up. I'm told the gentlemen who owns this particular watch is a particularly big sports-playing type of person, so I hope he doesn't think I broke it :)

A Phishing E-mail Classic

This has got to be the best phishing scam I've ever received in my in-box, needless to say I fell for it immediately and my Natwest account is now empty. Better than having an "info bandit" in it though eh? (click picture for full size version).

Security tip for Pidgin users

Pidgin is a cool IM client that supports several different protocols. It's multi-platform, fast and pretty lightweight and so is pretty popular. If you use Pidgin regularly, did you know that it stores all your user names and passwords in an unencrypted file? On Windows XP you can find the XML files at c:\documents and settings\(your username)\application data\.purple

If you are sane, you'd never save your passwords with Pidgin. The authors of the software say that no instant messaging client provides security for your passwords, so they aren't even going to try. This basically leaves password security up to you. The best approach is to simply not store passwords in Pidgin, you can use a password manager like Roboform or SplashID to store them instead.

Aside from passwords, however, there's quite a bit of potentially private information stored in this .purple folder. Not only are all your user names stored in there, along with the protocols they use, but so are your entire contact lists. If anyone wanted the lowdown on who you consider to be a buddy, all they would need to do is open up one of these .xml files.

If you must store passwords within Pidgin, or you don't like the idea of your user name and other data being left unencrypted on your machine, you might like this little hint. You can move the .purple directory to a more secure location (perhaps a Truecrypt container - http://www.truecrypt.org/ ) by setting the environment variable "purplehome" to point to somewhere else on your machine. To set an environment variable in XP:-

Right-click on My Computer
Go to Properties -> Advanced tab
Click the "Environment Variables" button
In System Variables (the lower box), set a variable called purplehome with its value being the path to the new location (Example: I:\pidgin\Purple).

You then simply need to copy the .purple directory to the new location. Now, so long as you remember to un-mount your Truecrypt container when you are done yakking, your usernames/passwords and other sensitive data are fully encrypted. Moving the .purple directory might help protect against Pidgin password snooping malware too, so long as the malware doesn't know to check your "purplehome" environment variable.

A couple of caveats with this of course. When you are using Pidgin, your passwords are, of course, still unencrypted for all to see. Ideally, Pidgin would encrypt your passwords again as soon as you authenticated with MSN/Yahoo etc, but don't hold your breath for this kind of functionality happening any time soon. You can't dismount the Truecrypt container either, as Pidgin constantly writes to the xml files in the .purple folder.

Nevertheless, this approach certainly improves security a great deal over what is available by default. Yes, you could just encrypt your user data using Windows/NTFS own Encrypting File System (EFS), but a Truecrypt container generally offers better security than EFS. If you're really concerned about your privacy, Truecrypt 6 now offers a hidden operating system. Now you can not only encrypt your operating system, but hide it too. As ever, it's all about finding the right balance between convenience and security for you.

Xbox 360 number 2

Oh joy, look what just happened to my second Xbox 360.

Microsoft, this is pathetic! Maybe it's time I stopped being so hard on Sony for its lacklustre PS3 performance so far, at least you don't have to keep sending that back.

Sir Dewie, this is a "Red Ring of Death". Remember it, for you will see it one day too.

Back to Metroid on the Wii I think :)

Very cool things Microsoft could do with the Xbox 360 and Xbox live

Yes, we all know that the Xbox 360 offers the best overall experience for core gamers. While Sony promise that their new home service will give Xbox live a run for its money, presently, neither Sony nor Nintendo can offer a service with anywhere near the functionality of Xbox live. That's not to say Xbox Live is perfect, far from it in fact, and as paying customers we have more right to moan than those who opted for a free alternative. Microsoft can and should do better, here are just a few ways they could improve the service.

Make Xbox live free

Of course, this is the most obvious option and something that many users have been hoping for. There can be little doubt that the yearly cost of Xbox live makes some potential customers purchase the Playstation 3 instead. While the service offers reasonable value for those that play regularly, for the casual gamer who wants to dip his or her toes into the on-line worlds of Bomberman Live or Guitar Hero 3 once in a blue moon, £40 a year seems unreasonable. Furthermore, if the service was free, many of us wouldn't feel quite so angry that Microsoft sees fit to charge us money for such things as themes and gamer pictures that are about the size of a large postage stamp.

How likely is this to happen?

It's debatable really. Many people speculate that Microsoft make enough revenue through content and advertising that they could make the service free. However, if Sony or even Nintendo were to offer a free gaming service comparable to Xbox Live, Microsoft may be forced to make Xbox Live free or risk losing a significant chunk of its Xbox 360 user base.

Better custom soundtracks with full/partial game control options

Anyone who uses the 360's admittedly excellent custom soundtrack option will have noticed this. Play a game with its regular soundtrack and complete a race or finish a level and invariably the music will change to something more befitting of your victory. Sit revving your engine on the starting grid and most games will stop the music altogether, until the green light comes on. Turn on your custom soundtracks however and this effect is lost, as the same tune warbles away no matter what the context of the game. Wouldn't it be cool if the game could be given partial control? You could even choose different play-lists for different events in the game (such as during a race, during the menus, or during a loading sequence).

How likely is this to happen?

This is the kind of functionality that should have been thought about from the beginning. It's unlikely to be added in now and its unlikely that existing games could be updated to take advantage of it. Maybe this is something we'll see in Microsoft's next game console.

Centralised stats-tracking and social networking with other live users

It's fun to track your Halo 3 stats on-line at Bungies website, or your Lewis Hamilton style racing exploits at Forza.com. Wouldn't it be nice if there was some sort of centralised page where all this information could be accessed though? I'm a fan of the profile page in the PC gaming utility Xfire, which allows you to take screen shots of your games and instantly upload and display them. Social networking tailored for gamers can't be far away, especially considering the lofty promises Microsoft had for user created content when the console was first released.

How likely is this to happen?

We saw a move toward this with the last dashboard update, where Microsoft added the bio section to your gamer card. Microsoft need to work on improving this service and also protecting privacy before we can expect to see an on-line service with the same features as Facebook or similar social networking sites.

Improve the friends system, allowing for notes to be taken for each friend

IF you're anything like me then your friends list on Xbox Live is probably full of people you played with once or twice, but now you can't remember for the life of you who they actually are. Unfortunately, remembering that Zacky123A was the person who you beat at Halo last month, and RedDawg34 was the person who shattered your Ridge Racer winning streak isn't particularly easy. The friends system in World of Warcraft allows players to add a one-line note to each player on their friends list. This is great for jogging your memory and reminding you that Mia32A wasn't actually the cute gnome you met in Westfall, but the rather butch looking warrior woman you met in Duskwood.

How likely is this to happen?

It's a simple idea and one that could be implemented easily, surely someone at Microsoft must play World Of Warcraft and see what a great idea this is. Let's hope to see this functionality in a dashboard update soon!

amBX support

the amBX system, invented by Philips, is a way of attaching lights, rumble packs and fans to your computer and then having the software on your computer control these devices to create a more emersive experience. In practise, the lights work the best, making for some truly cool ambient effects as you trudge down the corridors of the latest generic sci-fi first person shooter on the PC. Ever since the system came out, PC owners have been asking if there is a chance of seeing the hardware in action on the popular games consoles. The system even hooks up to a spare USB port, which the Xbox 360 has in abundance.

How likely is this to happen?

The official word from Philips is “not if, but when” but it largely depends on the technology proving itself as a viable mass-market accessory and not just a toy for PC gamer geeks.

Xfire Integration

Xfire is a free service on the PC that brings in-game IM and matchmaking to most popular PC game software. Microsoft is looking for ways to expand gaming on both Windows Vista and the 360. Its early efforts with games like Shadowrun, which offered cross-platform play and some of the Xbox live functionality on the PC haven't proven to be overly successful. What if Microsoft merged some or all of Xfires functionality into the live service? Ok, stop laughing, it could happen. It would mean that gamers could chat easily to their friends and see what games they were playing, even if one was playing on the PC and the other was on the 360. “Hey, you playing World of Warcraft again? Here's an invite to come play Burnout, so switch your PC off!”.

How likely is this to happen?

Pretty damn unlikely, if Microsoft bought Xfire and tried to charge for it, PC gamers would simply move to another free service, like Gamespy Comrade. Meanwhile, going to the trouble of allowing cross-platform/protocol chat would be unlikely to gain Microsoft any significant number of new customers.