Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft Your Rights Online

More MS EULA Fun 602

gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
This discussion has been archived. No new comments can be posted.

More MS EULA Fun

Comments Filter:
  • by Anonymous Coward
    Microsoft is required to make this revision in their EULA in order for Automatic Updates to work. If it makes you wary (as if you actually use the OSes) then disable it. Control Panel > Automatic Updates > uncheck Keep My Computer Up to Date. (In Windows XP, the same thing can be found in the System configuration applet of the Control Panel.) Feel free to read the links on that property page to discover what Automatic Updates does, and in newer incarnations, Scheduled Updates.

    I believe the fact that this is disablable makes it moot. Such functionality, I think, is almost required for any OS that will play the role of desktop OS. I personally haven't seen the behaviors that take place with Windows 2000 SP3, but Windows XP did alert me the first time it started and before it checked for any updates, permitting me to disable the feature entirely or select from a couple of notification options.

    I'm not sure it is acceptable to assume that an end user will actively participate in the maintenance of the software on their system to ensure, above all else, security. Windows had the Windows Update icon sitting in the Start Menu since Windows 98, and it went ignored. As mentioned before, Automatic Updates was released as a part of Windows XP last October. It was also released as an individual update to Windows 2000 over a month ago.

    And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.

    In any case, justification is pointless. I know people don't like the idea. But, it can be disabled, and if you don't like it, I suggest doing so and updating manually.
    • by Anonymous Coward on Sunday August 04, 2002 @08:32AM (#4007612)
      Gee that was fast, almost seems like u had it prepared.
      • > Gee that was fast, almost seems like u had it
        > prepared.

        I think it would be incredibly naive of us not to think that Microsoft doesn't have paid shills here on Slahsdot, ready at a moment's notice to spout corporate spin in response to anti-microsoft articles. God knows they've done it before. (I remember reading articles about how MS paid people to post negative messages about OS/2 on the support board on CompuServe)

        MS probably doesn't care too much about the die-hard Linux/Unix/Apple folks on these boards, but I'm sure they realize that a lot of tech media tend to....shall we say "borrow" story ideas from here? And they definitely want to start putting their own spin on some of these issues right away. I'd say this is partly why we've been seeing so many rebuttals against the standard "MS sux" line we see so much of on here. (Some of those responses are actually valid - but it's easy to spot the shills: they're the ones who rely on misdirection to obscure the true issues, much like the first poster here has.)

        Personally, I can think of few things lower than people who do this kind of thing. This is lying writ large, and selling yourself out in the most public of ways. But then, it's never too hard to finhd people with no self-respect to do your dirty work for you for a few bucks. Witness some of our fine elected representatives.
    • by cyberlotnet ( 182742 ) on Sunday August 04, 2002 @08:36AM (#4007625) Homepage Journal
      The issue you microsoft loving moron is the EULA does not say that by turning off the Auto updates they wont do anything to your system..

      The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them..

      This means its within there power to say, Hey look hes got a pirated version of "Austin Powers The Spy Who couldnt come up with a second Orginal Movie and had to use the same old jokes over and over" and WIPE your system TOTALLY.

      Its not the Ability to Auto Update.. ITS THE BROAD power there poorly worded EULA gives them.
      • by WCMI92 ( 592436 )
        "The issue you microsoft loving moron is the EULA does not say that by turning off the Auto updates they wont do anything to your system..

        The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them.."

        Who's to say that the next version of `Doze won't make IMPOSSIBLE to turn off "auto update", just as they have made it impossible in XP to (without a hack) to turn off or uninstall MS Messenger (which will bug you to get a Passport until you either DO, get rid of it by a hack, or throw a brick into your monitor).

        I can see them doing just the same with AutoUpdate. Why not? The new EULA gives them the right.

        Microsoft doesn't give a rats ass about patching defects. Indeed, history shows that they generally do so only when dragged into it kicking and screaming, as they have recently by the mounting embarassment and BAD PUBLICITY over their OS's many security holes.

        They want everyone running AutoUpdate in the background for these reasons:

        1. So they can slip in upgrades to fix embarassing holes without scruitiny (ie, the public knowing about the defect). This will reduce media attention.

        2. So that they can slip in updated "activation" and key crap at will.

        3. So that they can slip in DRMware whenever they feel like it. That is exactly what the recent Media Player EULA was changed to allow them to do.
    • by Pius II. ( 525191 ) <lees_biology_0p&icloud,com> on Sunday August 04, 2002 @08:40AM (#4007643)
      Bzzzt, wrong. The passage (as quoted from the article) is: "You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." With the automatic update functionality both in Windows 2000 and in Mac OS, you actively check if there are updates available for your system. This may happen through a cron job (whatever that's called in Windows), but it is your computer that checks. The new passage of the EULA says that _Microsoft_ may check _your_ computer, without your notice, and then "upload" their "fixes". This is, if you haven't noticed, the other way around. The automatic update can be disabled (it is on my working machine), but this? Since you gave _them_ the right to mess around with your computer, I doubt that you can disable this "push update". Furthermore, this may constitute a serious security problem: if MS can upload what they want on your system, some other people could do, too.
    • by Anonymous Coward
      If you actually read the article or the EULA you would realize that THIS HAS NOTHING TO DO WITH AUTOMATIC UPDATE. The line in there "WITH OUR WITHOUT YOUR CONSENT" should make that pretty fuckin obvious. This is probably for DIGITAL RIGHTS MANAGEMENT updates. Or for the update that will supposedly render all of us XP pirates offline. When you click the OK button you agree to EVERYTHING in the EULA. Including that MS can install and update programs WITHOUT YOUR CONSENT.
      • by 19Buck ( 517176 ) on Sunday August 04, 2002 @09:19AM (#4007763) Homepage
        Yes, it DOES have to do with the Windows Automatic Updates.

        I checked the Automatic Updates Control Panel Applet, It was clearly unchecked, as in "Don't check for updates".

        Yes, when I checked my system services, there was Automatic updates set to Start automatically and currently started and running even though It was clearly disabled in Control Panel.

        Set to manual, stop the service, that should do it.

        Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.

        • by ostiguy ( 63618 )
          set to disable, not manual. manual doesn't really mean manual. trust me, I am a mcse ;-)

          ostiguy
        • by stinky wizzleteats ( 552063 ) on Sunday August 04, 2002 @01:51PM (#4008705) Homepage Journal

          Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.

          Following is an excerpt from the Win2ksp3 supplemental EULA: (text bolded by post author)

          The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may
          automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer.

          I don't know what "automatic" means to you, but according to my understanding of English, it seems to preclude consent.

          Yes, it DOES have to do with the Windows Automatic Updates.

          Then why is it not a supplemental EULA for auto-update, rather than the operating system patch? That this EULA change was made to the operating system service pack suggests that your interpretation of M$'s intentions are incorrect.

          Further interesting is that the excerpt quoted above does NOT appear in the EULA to which you must agree to begin the download, but only in the EULA click box that comes up when you begin installing sp3. The preambles of both statements are identical, clearly demonstrating the intent to deceive the user.

    • And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9.

      Mac OS checks for updates automatically, then allows you to decide whether you want to update.

    • Clear as mud (Score:4, Interesting)

      by xigxag ( 167441 ) on Sunday August 04, 2002 @09:55AM (#4007872)
      The real question that I have is if "download" can be LEGALLY interpreted as "download and install". After all, I download OS patches all the time, but I can decide to install them (or not) at my leisure. Does this EULA change give MS the legal right to install their "upgrades" without my knowledge or consent?

      Also, what happens if one of their "fixes" happens to wipe out a Linux partition? Are we supposed to accept that this agreement absolves them of any liability? If you rent an apartment, your lease may allow your landlord to go into your house for necessary repairs ("fixes"? "upgrades"?) without your consent. But that doesn't mean if he breaks something else while he's there that he is absolved of any liability. I'd think that MS ought to be very cautious of performing these updates without any warning whatsoever. I believe they've already had faulty [pcworld.com] patches in the past.
      • Re:Clear as mud (Score:5, Insightful)

        by jc42 ( 318812 ) on Sunday August 04, 2002 @11:52AM (#4008261) Homepage Journal
        > what happens if one of their "fixes" happens to wipe out a Linux partition?

        That's clearly covered by their EULA. Read the part that says they have the right to disable any software that is capable of copying DRM-protected files. The linux "cp" command satisfies this. The linux kernel is capable of running the cp command. And note that linux is capable of mounting Windows partitions and reading Windows files.

        The legal argument is left as an exercise for the reader.

    • by AJWM ( 19027 )
      Correction -- you can click something in a GUI that appears to disable it, but there's no way of knowing (absent a packet sniffer on the network) that it actually disables anything, since the source is unavailable.

      Furthermore, even if clicking that does disable Automatic Updates, it doesn't guarantee that all of Microsoft's access to your computer is disabled. That EULA clause effectively authorizes them to leave a back door open even with Automatic Update turned off. That EULA doesn't say anything about "unless you turn off Automatic Update".

      Paranoid? Perhaps, but show me in the source that it doesn't do that.
  • by cyberlotnet ( 182742 ) on Sunday August 04, 2002 @08:32AM (#4007611) Homepage Journal
    The old "Your door is a jar" bit..

    Come home after a long day of work and sit down at your computer.. Turn your monitor on ( because no real geek turns off his computer ) and get a screen that says

    "Your computer is trash" then in small fine print "Microcrap was so nice as to try to upgrade me for you however the patch they installed had a fatal flaw and I am now toast, I am sorry you where not around to approve this stupidness"
  • Just block them (Microsoft) with your firewall. No more worries :)
  • Was playing with SP3 last night. Its reports at least 10 different modules in DirectX as "untrustworthy".

    I just sat and laughed.

    How get this effect?

    Load W2K, Load SP3, Load DirectX
    • I've win2k with sp3 and directx 8.1 (4.08.01.0881) and 0.0 files being untrustworthy.

      MS can't help it when you load a crappy Soundblaster driver which has untested/beta modules or a non-tested, leaked nvidia driver.
      • Re:Odd (Score:5, Interesting)

        by Malcontent ( 40834 ) on Sunday August 04, 2002 @01:49PM (#4008698)
        "VisualStudio.NET bombs the Linux developer right back to the stone age."

        Did you know that Visual Studio limits your ability to release your code under license you want? If you use visual studio you are not allowed to write GPLed software.

        I don't care how nice it is, I value my freedom too much to use it.
  • Perception (Score:5, Interesting)

    by Raven-sama ( 527194 ) on Sunday August 04, 2002 @08:54AM (#4007693)
    I think that the main problem people have with this whole idea of the change in the EULA is that it's not exactly well publisised by Microsoft. Every time they bring out a point release or a service pack, there is always some subtle difference in wording, or a little thing added.

    Windows has a reputation for being insecure, and thing's like this aren't going to help. If Microsoft can upload and install things on your PC at will, who's to say that someone else couldn't do the same thing? The reason Windows Update was a manual process was so you can keep track of what you install.
    • Re:Perception (Score:3, Interesting)

      by Hrunting ( 2191 )
      This is by no means a defense of the EULA change. I think the motivation behind the change is fine; it's just worded too loosely and indiscriminately.

      You can see the bind Microsoft's in. They produce buggy code. Everyone produces buggy code. If every programmer was perfect, we'd live in a much different computer-based society. One of Microsoft's big problems is that when they release bugfixes, they don't get applied. Many of the worms and trojans plaguing Microsoft web and mail servers have had patches released for quite some time. Poor Windows sysadmins and end-users just don't apply them. With 90% of the OS market, not having end-users apply bugfixes opens a significant number of systems to exposure.

      So what can they do? Well, they can step up notification and education programs to get end-users to patch their systems, but you can't outfox stupidity or ignorance. So rather than depending on the user to patch their system, why not throw out the patches to the systems who need it? That's not such a bad idea. You take the responsibility out of the hands of the people who have failed to fulfill their duties and put them in the hands of yourself, who you trust just slightly more (and really, I do trust Microsoft just slightly more than your average end-user). That is not a bad idea from a computer security standpoint. You'd just better make damn sure your implementation is safe (a concern you noted)

      But the EULA is worded badly. It does give Microsoft the authority to do much more, and furthermore, it doesn't notify the end-user of their options to turn this ability off. It gives no choice, so the people who don't trust Microsoft can't easily discover their options.

      Don't fault Microsoft for being insecure and then chastise them when they take a relatively reasonable step to fix it. You're assumptions about whether auto-push-updates are a good thing (even with security considerations weighed in) come from a background where end-users are responsible enough to patch their systems. That's not the group of people Microsoft is dealing with. I agree that they should be chastised, though, for sneaking in a EULA clause, and go further to offer alternatives (we call this constructive criticism) about a way to make their solution be more palatable to the techie community.
  • Also got to think about whos doing this.. Microsoft has a long history of putting out products with bugs and security issues...

    You want to risk your Quicken database with all your bank info being stolen because Microsoft installed some software with defaults on that allow anyone access to your computer?

    They have released software/patches in the past with this issue, How do you know they wont do the same with some Forced update?

    If so Im for hire, I will change the tranmission in your car for a one time fee of only $500 and I promise you "wink wink" that There will be no problems with my work.
    • You want to risk your Quicken database with all your bank info being stolen because Microsoft installed some software with defaults on that allow anyone access to your computer?

      Quicken's a really bad example actually. I use that, and to run it you have to have admin rights. That's right - the daft installer doesn't grant enough permissions over its DLLs or whatever to allow normal users to access them.

      There's a script floating around on the net somewhere to fix this - but it's ridiculous that a fix is even needed. Quicken were told about this problem when NT4 came out. It's still there in XP.

      Daft.

      Cheers,
      Ian

  • by rochlin ( 248444 ) on Sunday August 04, 2002 @08:58AM (#4007707) Homepage
    The good and real question is: Should I go to SP3 from SP2. An important point -- MSFT's automatic updates can be disabled Read the docs [microsoft.com]. That means that you may give away the right to MSFT to abuse your computer, but from a practical point of view, you can disable the means for them to do it.

    A lot of time on Slashdot is spend carping about bugs in MSFT software. SP3 fixes hundreds above and beyond previous hotfixes. Check them out for yourself [microsoft.com] and decided whether you would rather have a better functioning Windows or stand up for civil liberties.

    Both are legitimate practical considerations. One might be more pressing depending on your current state of employment...

    • by kubla2000 ( 218039 ) on Sunday August 04, 2002 @09:05AM (#4007729) Homepage

      SP3 fixes hundreds above and beyond previous hotfixes. Check them out for yourself [microsoft.com] and decided whether you would rather have a better functioning Windows or stand up for civil liberties.

      That makes no sense at all!

      Wtf should I have to make that choice?

      Apple pie is much better than a grenade up your arse. Read the recipes for both and decide whether you would rather have apple pie or blow yourself up.

      It's a bloody operating system for christ's sake! It's supposed to work *for* the consumer, not force him/her into a "Hobson's Choice".

    • Absolutely right. The reason so many /.ers hate windows they complain about it being unstable, or insecure. I never have windows crash. Software chrashes within win2k, but win2k itself wont go down. And there is no security problem I'm aware of, I don't use outlook and I don't download e-mail attachments from weird people. Windows only works properly if configured properly. Part of configuring it properly is updating it. You are entirely too paranoid if you think Microsoft is actually going to go around to every computer running windows and delete everybody's mp3s. Even if they had the technology to do it. There's somethign called a firewall.

      (notice incoming connection to port XXXXX from mp3delete.microsoft.com application NT Kernel, accept? ALWAYS BLOCK)

      There are so many windows users that somethign like that just isn't possible. Besides the EULA says that they can upload FIXES to you. First of all just don't install the automatic updater. There's a good chance that whatever they need to give you new "fixes" is in there. second, if they do indeed upload a fix to you, and you find out, what are you going to say? they fixed a bug in my computer? The EULA specifically says they can upload fixes or updates. If something they upload is not a FIX but is a BREAK you can sue and win easily.

      Use linux to develop software, it has superior free compilers and superior code editing tools, text editors.
      Use Windows 2000 for everything else. It never crashes, it runs everything, it's secure enough for me, its easy, its fast, its pretty, all my hardware works with it. What more do I need?
  • You have no choice (Score:5, Interesting)

    by rehabdoll ( 221029 ) on Sunday August 04, 2002 @09:04AM (#4007726) Homepage
    There is no point in not updating to SP3. You could either run Win2k with known security issues or patch/install sp3 with the new EULA. This is not unique to SP3/SP1, since all new patches contains the same EULA as SP3/1.. give or take.

    I find it interesting that this is legal, to change the conditions in PATCHES.

    Why dont they just add the line "..and every microsoft employee may get to have sex with your partner"
    • by Anonymous Coward
      Why would they need to screw your partner when they're already fucking you in the ass?
  • by theolein ( 316044 ) on Sunday August 04, 2002 @09:18AM (#4007759) Journal
    I posted this further down as a reply to someone else's post, but I'd like to reiterate that I will be emailing the EU commision investigating MS's business practices about the legality of this EULA. I don't know about the USA (the laws semm to be more relaxed towards privacy there) but I have an idea that this contravenes privacy laws ere in the Europe. As was staed in the EULA, it has beeen changed to specifically state that one allows Microsoft access to your machine and nowhere states what the definition of an upgrade or fix is. On top of this it nowhere states that Microsoft will *NOT* damage, access or delete private data (is this part of an upgrade or fix?). In short there are, AGAIN, no guarantees that Microsoft will NOT compromise my company's or my data.

    I think that at the very least, Microsoft should be required by law to provide an EXACT definition of what constitutes an upgrade or fix and what Liability Microsoft has. It really is time that software companies were made 100% as liable for their shoddy, devious and deceptive practices as car manufacturer's are for example.
  • The wrong Focus... (Score:2, Interesting)

    by vofka ( 572268 )
    <PARANOIA MODE="ON">

    IMHO, most people are focusing on the wrong aspect of this change. Sure, this change in the EULA gives MS the power to connect to, scan, and update the OS Software on your PC - and with their past record with releasing buggy, security-flaw ridden software, one should think that having the most recent patches installed ASAP would be a good thing (though MS Have been known to go from bad to worse with some of their patches!)

    However, you all seem to be missing a more obvious implication - if MS can connect to your machine to load Legitemate updates, How long do you think it will be before your local 3v1l Hax0r d00d works out how to spoof the mechanism to his/her own ends?

    It's not necessarily what you are allowing MS to do that you should be worring about - it's what you will be allowing the rest of the world to do that should worry you!

    <PARANOIA MODE="OFF">
  • by perfects ( 598301 ) on Sunday August 04, 2002 @09:40AM (#4007836)
    "You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." That's two separate things. Unless I'm reading it wrong, even if you can disable the automatic updates there's no provision for disabling Microsoft's snooping. Now, if the agreement said something like... "You acknowledge and agree that Microsoft may automatically provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer, and for the purposes of doing so may check the version of the OS Product and/or its components that you are utilizing" ...I would be less suspicious of their intentions.
  • Interesting if you saw if:

    You may not disclose the results of any benchmark test of the .NET framework component of the OS Components to any thirdparty without Microsoft's prior written approval.

    How about that, wonder what they are trying to hide? SP3 must contain some of the .NET framework stuff. I thought it was a seperate download, as it was BETA for W2k. No I know for sure I am not gona install this SP.
    • This is in the EULA? What on earth are they scared of? The only comparisons are with J2EE and nobody runs J2EE stuff on Windows machines anyway. Is the performance of .Net stuff so bad they they need to hide it?
  • There must be ways around this (not legal ofcourse) for example, you could set your firewall not to make or accept connections to microsoft's servers, thus blocking new patches that might contain drm code. There can't be anything in Windows that would disable the OS if it did not receive a patch regularly since they would have to account for the fact that some people simply dont have internet/network connections.

    Microsoft isnt playing nice. neither am i (i've never paid for a copy of windows) - win2k is the last microsoft OS i will ever use.
  • by Futurepower(R) ( 558542 ) on Sunday August 04, 2002 @09:44AM (#4007842) Homepage

    Forcing someone into a new agreement is illegal. Governments should give this some attention. The updates are necessary, partly because the software is sloppily written. The user does not have a good option; the only option is to get a new operating system and re-train everyone, and accept that some programs on which a business is dependent don't work. That's force.

    You can remove the Microsoft EULA: Windows VBScript for automatically removing the click-through End-User License Agreements found in most installers [google.com].

    It's no fun to work at an abusive company. We are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.

    As companies become more abusive, it becomes more miserable to work there. If you are good at what you do, quit and get a job somewhere where people are treated like people.

    This is where it is all leading:

    EULA:
    1. I can do anything I like.
    2. You have no power.
    3. You can't say anything bad about me.
    4. Everything belongs to me.
    I knew a 3-year-old who said this.

    Slashdot has a sneaky EULA, too. At the top of every Slashdot article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."

    This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service [osdn.com] says at section "4. CONTENT", paragraph 6,

    "In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."

    The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.

    This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, Slashdot's The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.
    • but under the condition that someone else can *reproduce* it at any time.

      The difference is that in your analogy you could be denied the *use* of your car.

      In mine you can't.

      It's *copy*right people, *copy*right. Not *use*right.

      KFG
    • This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you.
      No, it is not at all like owning a car. If someone decides to use your car without notifying you, you cannot use it at the same time. Thus, they are taking away your freedom to use the car.

      Words, thoughts and ideas are completely different. If someone uses an idea you thought of, it does not prevent you from using the same idea. The whole idea of "intellectual property" seems so ludicrous to me in theory. How can you "own" an idea when anyone else can think of it? It's not like a car that has some physical existence and can only be in one place at a certain time.

      "... it is the nature of idea to be communicated; written, spoken, done. The idea is like grass. It craves light, likes crowds, thrives on crossbreeding, grows better for being stepped on." - Ursula K. Le Guin, The Dispossessed

      Now this is an interesting example. Although I am using an idea that someone else thought of, I note that it is not "my" idea (whatever that means) by placing a persons name after the idea, signifying that that person thought of it before me. Does this mean that she is the first person to ever think of it? Not necessarily, she is probably just a person with enough popularity to spread ideas (to me, at least). Would she be offended if I had included the idea without giving her credit? Considering the idea in question, probably not. Why do I do this, then? Probably to give respect to someone for putting a thought into words so eloquently.
    • The big question that arises, in my mind, is how this affects the use of Windows at hospitals and physicians offices in the United States. Darek J. Balling said the following on RISKS on July 15:
      Something which occurred to me, working in the healthcare industry these days, is that I'm not sure - given HIPAA compliancy regulations and the like - that I *can* agree to allow companies permission "to install random software on random machines without any notice or confirmation".
      Derek was referring to the Windows XP media player EULA update, but his point his point applies to any piece of software that asks for remote control or update capabilities. At what point will the use of Windows in many settings (healthcare, banking, etc) actually become illegal, due to conflicts between the law, and the EULA?
  • If I want Windows to update itself everytime there's a new update, shouldn't I give it remote admin rights? How else will it auto-install?

    When I use up2date in RedHat, I need to be looged on as the admin and also be registered with them.

    It's funny that people make such a big deal out of licenses. Licenses are written by lawyers for lawyers. Not even the developers had an idea of what it is except for those who like to waste valuable time reading the pages and pages of the licenses.
    • Yada Yada Yada. I don't think that redhat is going to use up2date to reinstall a program I uninstalled. MSN Messanger?

      The point is that MS will and has.

  • Additional Rights and Limitations.

    * With respect to the OS Components only, if the licensor of the
    applicable OS Product was an entity other than Microsoft,
    then for the purposes of this Supplemental EULA Microsoft
    will be the licensor with respect to such OS Components in
    lieu of the "Manufacturer" or other entity and support, if
    any, for such OS Components shall not be provided by
    Manufacturer. With respect to the existing functionality
    contained in the applicable OS Product which is not updated,
    supplemented, or replaced by the OS Components, the EULA
    for the OS Product shall remain in full force and effect as to
    that OS Product.

    * If you choose to utilize the update features within the OS
    Product or OS Components, it is necessary to use certain
    computer system, hardware, and software information to
    implement the features. By using these features, you
    explicitly authorize Microsoft or its designated agent to
    access and utilize the necessary information for updating
    purposes. Microsoft may use this information solely to
    improve our products or to provide customized services or
    technologies to you. Microsoft may disclose this
    information to others, but not in a form that personally
    identifies you.

    * The OS Product or OS Components contain components that
    enable and facilitate the use of certain Internet-based
    services. You acknowledge and agree that Microsoft may
    automatically check the version of the OS Product and/or its
    components that you are utilizing and may provide upgrades
    or fixes to the OS Product that will be automatically
    downloaded to your computer.

    * If you have multiple validly licensed copies of the applicable
    OS Product(s), you may reproduce, install and use one copy
    of the OS Components as part of such applicable OS Product
    (s) on all of your computers running validly licensed copies
    of the OS Product(s) provided that you use such additional
    copies of the OS Components in accordance with the terms
    and conditions above. Microsoft, its subsidiaries and/or
    suppliers retain all right, title and interest in and to the
    OS Components. All rights not expressly granted are
    reserved by Microsoft, its subsidiaries and/or suppliers.
    • If you choose to utilize the update features within the OS
      Product or OS Components, it is necessary to use certain
      computer system, hardware, and software information to
      implement the features. By using these features, you
      explicitly authorize Microsoft or its designated agent to
      access and utilize the necessary information for updating
      purposes. Microsoft may use this information solely to
      improve our products or to provide customized services or
      technologies to you. Microsoft may disclose this
      information to others, but not in a form that personally
      identifies you.


      And you actually want to allow them to do this? If you agree to this it seems as if you are agreeing to them doing what they want on your computer, since they don't define what "improvements", "upgrades" or "services" mean.
  • I find it interesting that as of this post, the offending statements are not in the EULA I got from clicking on Windows Update, selecting SP3 only, and clicking "review and install". I couldn't find anything out of the oridinary, in fact. Where was the original EULA found? Do you have to get it off their web page to see this?

    Well, either way, I'm gonna install it. I personally feel that there is a lot of paranoia running around, as for Microsoft to initiate an upload of some software updates to a random windows user X, there would be a HUGE GAPING HOLE in the security of the software (if M$ can do it, 1337 h4x0rz can do it...), plus they would have to know your IP (which seems to change on a regular basis for many home users I've met). So that leaves two avenues: auto-updates (for those who leave that enabled), and manual updates. For those who've used the Window Update feature to manually update, You get a fair amount of information on each update, and although they could sneak something by, I think someone out there would figure it out, and I don't think microsoft is blind to the fact that the public outcry would be substantial.

    At least that's my opinion.
  • by ryanvm ( 247662 ) on Sunday August 04, 2002 @10:18AM (#4007935)
    I think I'll be leaving my Win2k box at SP2, thank you very much.

    I don't think the mainstream public really cares about what's in a EULA. Hell, I generally don't either. But just think of the implications of people refusing to install patches and security updates because they're accompanied by EULAs with bizarre "big brother" clauses.

    Now, with that said did any of you bother to read the article? Here is the offending text:

    "You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer,"

    A little sensationalistic to call this "remote admin rights" isn't it? Basically, this just gives them the legal legroom required to make their automatic updates feature work, which is a good thing. It means more patched machines out there - less of that Nimda shit.

    Nobody's spying on your MP3 collection. There's nothing to see here, folks.
    • by nagora ( 177841 ) on Sunday August 04, 2002 @10:26AM (#4007964)
      Basically, this just gives them the legal legroom required to make their automatic updates feature work

      It gives legal legroom for full admin rights since vague words like "upgrades or fixes" are a lawyer's wet dream. DRM is an upgrade in MS's view, deleting unauthorised mpegs is a fix to the MPAA. Are you going to argue?

      TWW

    • by Guppy06 ( 410832 ) on Sunday August 04, 2002 @12:03PM (#4008299)
      "A little sensationalistic to call this "remote admin rights" isn't it?"

      Step 1: Log into Windows 2000 (any flavor) with a non-administrator user account.

      Step 2: Go to windowsupdate.microsoft.com

      Step 3: Note the following message
      Administrators Only


      To install items from Windows Update, you must be logged on as an administrator or a member of the Administrators group.
      Step 4: Explain to me your insinuation that manual updates somehow require administrator rights but automatic ones don't.

      Also, considering that the updates are installed automatically, imagine all the new and interesting EULAs that will spring up now that I no longer have the option of not agreeing to them.
  • Just find a nearby minor to press the "I Accept" button for you. Done and done!
  • by ericman31 ( 596268 ) on Sunday August 04, 2002 @11:26AM (#4008161) Journal

    My work provided laptop is Win2K. I don't have any choice in the matter, that is the company required OS. I installed SP3 last night. It changed my auto-update setting to automatic without telling me. At work and at home I am behind firewalls. In the work environment all updating of Windows is handled internally, not by windowsupdate.microsoft.com. At home I patch manually. I don't want auto-update turned on. Since I always turn it off, I didn't realize it had been turned on until I checked, after reading this story on slashdot.

    I have submitted a formal request for exception to be allowed to install Solaris or Linux on my laptop since I all of my work is primarily done on Solaris platforms. As of right now I have no intention of any of my own PC's having Windows ever again (my personal workstation is RedHat 7.1) and if I get this exception same rule goes at work. My wife uses Mac, and so does my son.

    I have never seen RedHat or Solaris updates change settings on my PC/server/etc without asking if it was okay to do so. Solaris packages ask if it's okay to install with root permissions or modify permissions. When is the last time a Windows package asked you that? I've been using computers since about 1979, I'm tired of being treated like I'm stupid. I suspect a major part of the reason users are stupid is because software companies taught them to be stupid.

  • Future EULAs (Score:3, Insightful)

    by GreyyGuy ( 91753 ) on Sunday August 04, 2002 @11:42AM (#4008219)
    If this automatically downloads and installs future patches, does this mean that you do not have to agree to any new EULAs? Since you won't be clicking "I agree" on them, do they count?
  • by Animats ( 122034 ) on Sunday August 04, 2002 @12:17PM (#4008362) Homepage
    The real question is whether this license allows Microsoft to do things to your machine even if Windows Update is off. (Obviously, you don't want to run Windows Update on any machine doing anything important. Microsoft has slipped up in the past and broken working systems.) One clause of the EULA applies only if Windows Update is on. But the next clause presents a problem:
    • The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer.
    Could this be construed to allow Microsoft to access your machine even with Windows Update off? Corporate users, especially sysadmins, should bring that clause to the attention of their attorneys. It's probably unwise for corporate users to install this update without obtaining legal advice.
  • by wrinkledshirt ( 228541 ) on Sunday August 04, 2002 @01:12PM (#4008570) Homepage
    At 6:28 am an article is posted about the negative aspects of the new Microsoft EULA. At 6:31 am an Anonymous Coward posts a well-written, generally grammatically-correct response that explains the need for it.

    The response is 383 words. That's over 127 words per minute.

    Furthermore, this paragraph smacks of being mandate-driven...

    And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.

    Am I the only one getting the feeling that ./ is being actively astroturfed?
  • by ameoba ( 173803 ) on Sunday August 04, 2002 @02:24PM (#4008830)
    I just love slashdot's faithfulness to the cause. Right below a blatantly anti-MSFT article was a big Visual Studio.NET advertisement. I'm saving a screenshot of this.

The finest eloquence is that which gets things done.

Working...