So Microsoft has stirred things up again, this time with a little program called WGA Notifications that they’ve been distributing via Automatic Updates.

By way of background, the point of Notifications is to display a pop-up at regular intervals if WGA thinks you’re running an unlicensed version of Windows. Nagware, basically. Microsoft began quietly distributing it in April as a critical update, along with the WGA part that runs the license check. You’d get a license agreement pop-up with an opportunity to decline the install, but once installed you couldn’t uninstall (via regular means, read on).

Then the news came out that Notifications was regularly sending info from your computer back to Microsoft. According to the now-updated EULA, that info consists of: “your Windows XP product key, hard drive serial number, PC manufacturer, operating system version, Windows XP product ID, PC BIOS information, user locale setting, language version of Windows XP, validation result and whether the installation of this supplement was successful. Certain information derived from your IP address, which cannot be used to identify you, is retained in association with this computer information.”

So Microsoft was surreptitiously using a program it misleadingly distributed that couldn’t be removed to send information from your computer to itself. Not surprisingly, plenty of people had a bit of a problem with this behavior. There are now two lawsuits filed against Microsoft as a result.

This is the age of citizen journalism. Even if every tech media worker was asleep at the wheel (which we weren’t), did Microsoft really think that they could completely slip Notifications past an army of savvy bloggers? With its misleading install (critical security patch my patootsky) and phone-home behavior that were sure to rile people?

I do understand Microsoft’s need to protect their business. Aside from dinging MS’s bottom line, pirated copies of Windows are also a security risk. They’re more likely to get infected by bots and other malware, and once part of a botnet they can wreak serious havoc (Blue Security, anyone?). My guess is that’s because people with a pirated copy are afraid to get updates, even though MS says pirated versions can still get security patches.

Microsoft had a fine line to walk here. To catch pirates, they didn’t want to strongly advertise Notifications with a great big balloon that said “Don’t install this if you’re a pirate.” I get it. But unfortuately, they went far over to the other side of the line with a tactic that is seriously aggravating a large number of honest, paying customers. And the ironic result is that Notifications is now probably getting a lot more attention than it would have if Microsoft had just been up front about it to begin with. Honesty, meet best policy. How d’ya do.

Microsoft has backtracked somewhat as a result of the backlash. They’ve posted instructions on how to manually disable or remove Notifications. They updated their EULA, and they’ve said they will pull the phone-home behavior from the final version. But Notifications is still coming out as a critical security update, and Microsoft has said it will become a mandatory install.

And to top it off, there are rumors over at ZDNet about Microsoft adding a “kill-switch” so that if WGA thinks your copy is bogus, it shuts you down. Just rumors, but so far undenied.

If you’ve already installed Notifications, you can follow the instructions above to get rid of it. If you haven’t yet installed it, you can decline the installation for the time being (see the image above). I recommend setting Automatic Updates to download updates, but to not install until you say so. At which time you can look at just what it wants to install and say yes or no for each one. Here are more detailed instructions.