Hackers foil Windows security check

Microsoft's efforts to curtail counterfeiting hit a snag when hackers discovered a new way to bypass its Windows Genuine Advantage (WGA), only days after the anti-piracy software's official debut.

The software giant announced WGA 1.0 on Monday. WGA requires users to verify that they have a legitimate copy of the operating system before they can download add-ons for Windows XP.

But within days of the software's release, a number of websites, including the popular Boing Boing blog, were posting details about how to bypass WGA.

According to several websites, a bypass is easily accomplished through any of several means, including pasting a JavaScript command string into the Internet Explorer browser.

For Microsoft, this marks another embarrassing episode of its WGA software failing to identify pirated copies of the OS. In the spring, during WGA's pilot phase, a security researcher outlined a method for bypassing the software using another Microsoft tool called GenuineCheck.exe.

Microsoft is investigating the new claims and will take appropriate actions, a company representative said.

The representative said: "Because of the high value we are providing to genuine users, we are not surprised hackers would try a number of methods to circumvent the safeguards provided by WGA. It is important to note that this issue is not a security vulnerability, nor does it put any customers at risk. Windows users are not in danger."

Johannes Ullrich, the chief research officer at Internet Storm Center, said the JavaScript bypass method does not pose a security threat.

"It prevents the Windows WGA tool from being installed," he said, noting that he conducted tests on the workaround and found it could be easily applied.

For users who purchase computers with Windows preinstalled, Ullrich noted, some may be surprised to find that they have a pirated copy on their computer.

"Sometimes it's hard for users to determine if they have a pirated version. Some buy computers from less reputable resellers or buy a CD off the street and may have trouble determining if they have a pirated version," he said.

Microsoft has estimated that roughly a third of the Windows copies installed worldwide are pirated.

Dawn Kawamoto writes for CNET News.com