More MS EULA Fun 602
gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
And if they didn't? (Score:2, Insightful)
I believe the fact that this is disablable makes it moot. Such functionality, I think, is almost required for any OS that will play the role of desktop OS. I personally haven't seen the behaviors that take place with Windows 2000 SP3, but Windows XP did alert me the first time it started and before it checked for any updates, permitting me to disable the feature entirely or select from a couple of notification options.
I'm not sure it is acceptable to assume that an end user will actively participate in the maintenance of the software on their system to ensure, above all else, security. Windows had the Windows Update icon sitting in the Start Menu since Windows 98, and it went ignored. As mentioned before, Automatic Updates was released as a part of Windows XP last October. It was also released as an individual update to Windows 2000 over a month ago.
And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.
In any case, justification is pointless. I know people don't like the idea. But, it can be disabled, and if you don't like it, I suggest doing so and updating manually.
Im waiting for Windows to be like some Cars.. (Score:3, Insightful)
Come home after a long day of work and sit down at your computer.. Turn your monitor on ( because no real geek turns off his computer ) and get a screen that says
"Your computer is trash" then in small fine print "Microcrap was so nice as to try to upgrade me for you however the patch they installed had a fatal flaw and I am now toast, I am sorry you where not around to approve this stupidness"
You're assuming too much (Score:1, Insightful)
It's really only the people who are afraid of having their warez/MP3 collection deleted or who are pirating Windows itself that are afraid of these remarks in the EULA. Most users are not worried about those things because they have nothing to hide.
Re:And if they didn't? (Score:5, Insightful)
Re:You're assuming too much (Score:2, Insightful)
I don't think they are out to destory a persons personal files.
Why don't you have a look at the EULA itself, then make your judgements.
Knowledge talks, Wisdom listens
Install without permission yea ok (Score:2, Insightful)
You want to risk your Quicken database with all your bank info being stolen because Microsoft installed some software with defaults on that allow anyone access to your computer?
They have released software/patches in the past with this issue, How do you know they wont do the same with some Forced update?
If so Im for hire, I will change the tranmission in your car for a one time fee of only $500 and I promise you "wink wink" that There will be no problems with my work.
Somewhat somplistic, aren't you? (Score:4, Insightful)
I have no "warez" on my machine or MP3's for that matter, and I do use my Windows machine to "make money" but I don't think I want to allow Microsoft access to my computer for other reasons. The reasons include Microsoft changing the OS to a subscription model without my consent, Microsoft having access to company and private information which would constitue a breach of my and my company's privacy (small company, no corporate versions) and Microsoft modifying the OS to exclude me using competitor's software without warning me in advance.
I think this is a case for the EU commission on privacy and legality of contracts here in Europe. I don't know about the USA though (OI assume that obviously such contracts are legal in the USA).
Re:And if they didn't? (Score:1, Insightful)
posting as AC because I just modded parent up
Re:Read the msft docs...then make your call (Score:1, Insightful)
You either allow M$ the right to OwN your computer in order to "protect" it, or you forego security patches. To argue that it means "nothing" to accept the eula, accept the patches, and the firewall off
microsoft from access to your machine simply
demonstrates that you do NOT understand the legal
system of the U.S. You are advocating breaking the law. You are the reason why people like Jack Valenti, the RIAA, the MPAA, and others have so much bowel control problems --- : you break the law all the time.
Linux users prefer to abide by the law, BECAUSE only the law can ENFORCE the GPL and open source licenses. Linux users are NOT the lawbreakers. It's the windows users who would rather sleep with their devil and try to cheat him that ARE the lawbreakers. Think on that.
Re:You're assuming too much (Score:2, Insightful)
Re:You're assuming too much (Score:1, Insightful)
The users just go about their buiness making money with Windows? Hmmm, for most all of the money making parts of an operation there are OS replacements that work just as well. M$ rules the desktop because they support more GAMES than anyone else.
It's really only the people who are afraid of having their warez/MP3 collection deleted or who are pirating Windows itself that are afraid of these remarks in the EULA? Well, you are right that the Warez/MP3 collectin' copyright violators don't want M$ poking around on their computers. You forgot that there are some other folks who don't want M$ poking around too --- anybody who could be working on any product that could compete with any component of the M$ fiefdom for example.
Most users are not worried about those things because they have nothing to hide? Cool, can I come over and look at your checking account statements -- why would you want to hide them -- I promise I won't access your accounts. Can I have someone come on over an catalog your CD collection and then sell the list under the table to Columbia House record scammers?
Each and everytime someone claims that people who have nothing the hide also have nothing to fear, I flash back to the 30's, see the Nazi flag rising, hang my head and realize that the purpose of many people's lives is to plumb the depths of (repeat) stupidity.
Re:Way to fast, way to perfect (Score:4, Insightful)
I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates."
Hmmmmm, so you're experienced at running servers, are you? And you'd love to see some organisation you know little about randomly updating your servers with whatever code they like, whenever they feel like it?
Are security and reliability really your top priorities?
Re:And if they didn't? (Score:2, Insightful)
Mac OS checks for updates automatically, then allows you to decide whether you want to update.
Did you see the .NET clause? (Score:2, Insightful)
You may not disclose the results of any benchmark test of the .NET framework component of the OS Components to any thirdparty without Microsoft's prior written approval.
How about that, wonder what they are trying to hide? SP3 must contain some of theRe:You're assuming too much (Score:5, Insightful)
Besides, complacency isn't the answer. MS isn't currently collecting people's first-born; but reserving the right to would (and should!) raise a few eyebrows. It's not that I think they have sinister intentions right now, it's just that I don't trust them to come up with a way to profit at my expense... something not exactly foreign to them, according the to DOJ...
I don't think that they need that clause in the EULA to do what they want to do; all they need to say is that by using their updating software, you grant them the right to make certain changes to the system for the purpose of installing that software & that if you don't like that, you can just turn it off and prevent it from connecting to MS for updates, but that this may not be a good idea.
BTW, yes it really does bother some people to know that MS has a backdoor on their system, just as much as it would bother them to have sub7, netbus, or BO installed. While we may (think) we know exactly what it's doing, given MS' track record on security, it might as well be BO -- at least you can password protect an installation of that...
Just remember an old legal proverb: only a fool signs a contract because he thinks it's unenforcable.
Script kiddies' wet dream (Score:3, Insightful)
I don't think the mainstream public really cares about what's in a EULA. Hell, I generally don't either. But just think of the implications of people refusing to install patches and security updates because they're accompanied by EULAs with bizarre "big brother" clauses.
Now, with that said did any of you bother to read the article? Here is the offending text:
"You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer,"
A little sensationalistic to call this "remote admin rights" isn't it? Basically, this just gives them the legal legroom required to make their automatic updates feature work, which is a good thing. It means more patched machines out there - less of that Nimda shit.
Nobody's spying on your MP3 collection. There's nothing to see here, folks.
Re:Forcing a contract is illegal. (Score:1, Insightful)
Re:Script kiddies' wet dream (Score:5, Insightful)
It gives legal legroom for full admin rights since vague words like "upgrades or fixes" are a lawyer's wet dream. DRM is an upgrade in MS's view, deleting unauthorised mpegs is a fix to the MPAA. Are you going to argue?
TWW
Re:And if they didn't? (Score:2, Insightful)
This must be another M$ person...
Re:And if they didn't? (Score:2, Insightful)
> Microsoft is required to make this revision in
> their EULA in order for Automatic Updates to
> work.
Sorry, but Automatic Update has been around for a while without such a requirement needed in the EULA.
> Control Panel > Automatic Updates > uncheck Keep
> My Computer Up to Date. (In Windows XP, the same
> thing can be found in the System configuration
> applet of the Control Panel.)
Where is the panel to disable upgrading when you download a secured mp3? Where is the panel to disable automatically upgrading when on MSN? If you don't know what I am talking about, read some EULAs.
> I'm not sure it is acceptable to assume that an
> end user will actively participate in the
> maintenance of the software on their system to
> ensure, above all else, security.
Allowing someone else to muck up your computer without your permission is surely a new definition of "security"!
> And before we crucify Microsoft alone for
> including this "heinous" behavior, check Apple.
> Mac OS has performed automatic updating since Mac
> OS 9.
What, you mean this wonderful little utility that does nothing unless and until I tell it to, that lets me download only what I choose, and lets me turn off what I have no interest in (like Internet Exploder)? You are comparing *that* to Microsoft saying they can rearrange my computer however they please? And if I don't like it, or it destroys my files, destroys equipment, or costs lives, tough?!?
Talk about comparing Apples to fresh cow pies! Yuck!
> Some software already scan, like Adobe Acrobat
> Reader, Macromedia ShockWave, and I think
> QuickTime.
I don't know about ShockWave, but QuickTime can be turned off. Acrobat Reader can too, but it is a pain and usually takes multiple attempts. McAffee VirusScan can not be turned off, only set to a ridiculous time.
> If there were one place, maybe things could be
> more organized and more user friendly.
You want them user friendly? Then ship product with feature turned off, and let people who want it turn it back on (even Apple could improve in that regard). And take the "we own your computer" crap out of the EULAs!
> But, it can be disabled, and if you don't like
> it, I suggest doing so and updating manually.
The only way to disable Microsoft's EULAs is not to buy the products. Otherwise, they (the ones mentioned in the subject, as well as the ones for the Media Player service pack and for MSN) require you to allow Microsoft to upgrade any time they wish. Regardless of the settings of the Control Panel.
Worse, if a user has a program (say Windows Media Player) that didn't originally have such a requirement in its EULA, one of those simple automatic upgrades to fix security problems can patch that EULA into something that does require automatic upgrades at Microsoft's discretion. And if the upgrade disables (due to a bug) a person's secure mp3s that they bought legally, tough!
Please understand: Microsoft does not have your best interests at heart here.
It'll soak up every last bit of data." Miyasaka, Godzilla 2000
Re:And if they didn't? (Score:3, Insightful)
The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them.."
Who's to say that the next version of `Doze won't make IMPOSSIBLE to turn off "auto update", just as they have made it impossible in XP to (without a hack) to turn off or uninstall MS Messenger (which will bug you to get a Passport until you either DO, get rid of it by a hack, or throw a brick into your monitor).
I can see them doing just the same with AutoUpdate. Why not? The new EULA gives them the right.
Microsoft doesn't give a rats ass about patching defects. Indeed, history shows that they generally do so only when dragged into it kicking and screaming, as they have recently by the mounting embarassment and BAD PUBLICITY over their OS's many security holes.
They want everyone running AutoUpdate in the background for these reasons:
1. So they can slip in upgrades to fix embarassing holes without scruitiny (ie, the public knowing about the defect). This will reduce media attention.
2. So that they can slip in updated "activation" and key crap at will.
3. So that they can slip in DRMware whenever they feel like it. That is exactly what the recent Media Player EULA was changed to allow them to do.
Re:And if they didn't? (Score:2, Insightful)
You can stop it from coming on and being VISIBLE in the system tray, or from bugging you about a Passport. But you can't stop it from loading without a hack.
You can't go into Add/Remove programs and uninstall MS Messenger.
Future EULAs (Score:3, Insightful)
Re:Clear as mud (Score:5, Insightful)
That's clearly covered by their EULA. Read the part that says they have the right to disable any software that is capable of copying DRM-protected files. The linux "cp" command satisfies this. The linux kernel is capable of running the cp command. And note that linux is capable of mounting Windows partitions and reading Windows files.
The legal argument is left as an exercise for the reader.
Re:And if they didn't? (Score:2, Insightful)
No, it's about who controls the updates (Score:2, Insightful)
Mac OS 9 and X will check for new updates, but never automatically install anything. There's a very big difference. Ultimately I can say, "no, I don't want this update, and ignore it forever." With the Microsoft scheme, Microsoft will decide whether I want my update or not; there's absolutely no notification before installation of the update.
The point isn't whether it can be disabled or not, it's whether you actually have the right to control your computer. It's about Microsoft changing the ground-rules ten-years into the game. It's about the fact that someone you don't know and don't trust has the power to destroy your investments of time and capital, and that you have absolutely no recourse.
As an investment of capital, of time and effort, an individual's computer is more than simply a medium upon which to run programs--it is a valuble and unique resource. It can't simply be replaced by another one without time and effort. In many cases, an individual's computer is a unique resource that may never be replaced by similar computer. It serves not only as a typewriter, but as a file-cabinet, a photo-albulm, a diary, a library, a checkbook register... things that make it irreplaceable.
If this were your TV, no one would care (no one cares when DirectTV updates the software in their reciever). But since it is a place where you store valuable private information, there's a deep and definite problem.
If Microsoft wants to innovate a Mac OS updater of their own, that would be great--no one would be complaining. Using the Mac OS updater, I am responsible for choosing whether I would like my computer updated. But don't try comparing Microsoft's auto-updater and the Mac OS software update program. They're from two completely different mindsets about end-user rights.
Mac OS updater is for the benefit of the user--who controls the updates--Microsoft auto-update is for the benefit of Microsoft--who controls the updates.
Here's the real problem - updates without Update (Score:4, Insightful)
-
The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based
services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its
components that you are utilizing and may provide upgrades
or fixes to the OS Product that will be automatically
downloaded to your computer.
Could this be construed to allow Microsoft to access your machine even with Windows Update off? Corporate users, especially sysadmins, should bring that clause to the attention of their attorneys. It's probably unwise for corporate users to install this update without obtaining legal advice.Re:And if they didn't? (Score:2, Insightful)
They can still put EULA's in the updates.
Say you have Windows Media player installed, and they release an update to your machine while you're not looking. The next time you run the program, it can pop up the EULA. You then have the ability to either agree to the new license, or still using Media player.
You'd be losing the ability to stick with the older version with a more acceptable EULA.
Re:And if they didn't? (Score:3, Insightful)
> prepared.
I think it would be incredibly naive of us not to think that Microsoft doesn't have paid shills here on Slahsdot, ready at a moment's notice to spout corporate spin in response to anti-microsoft articles. God knows they've done it before. (I remember reading articles about how MS paid people to post negative messages about OS/2 on the support board on CompuServe)
MS probably doesn't care too much about the die-hard Linux/Unix/Apple folks on these boards, but I'm sure they realize that a lot of tech media tend to....shall we say "borrow" story ideas from here? And they definitely want to start putting their own spin on some of these issues right away. I'd say this is partly why we've been seeing so many rebuttals against the standard "MS sux" line we see so much of on here. (Some of those responses are actually valid - but it's easy to spot the shills: they're the ones who rely on misdirection to obscure the true issues, much like the first poster here has.)
Personally, I can think of few things lower than people who do this kind of thing. This is lying writ large, and selling yourself out in the most public of ways. But then, it's never too hard to finhd people with no self-respect to do your dirty work for you for a few bucks. Witness some of our fine elected representatives.
Re:And if they didn't? (Score:3, Insightful)
Let's assume this is correct.
a.k.a. Automatic Windows Update (or some other memory resident application)
Some other memory resident "application" like the operating system itself, perhaps? Just tie the "call home and check for update" code to something that happens periodically but not too often -- booting, loading an app, opening a file, making a network connection, -- take your choice. Hardly a new concept, Microsoft apps already do this (IE, for example, on startup), but not very stealthily.
Re:But it makes the firewall illegal, no? (Score:3, Insightful)
Microsoft claims the right. There is a difference between them claiming it and them actually having it.
Trying to stop them is not only futile but also illegal.
They can put any provision they want into a EULA, and it doesn't mean squat until it's been challenged and upheld in court. Even if some dumb EULA provision is upheld after a court challenge, if you go against it, it's still just a violation of a User Agreement, not a violation of the law. It would be up to Microsoft to go after every single violator that they want punished. They can't get the gummint to enforce their contract except one case at a time.
Serious question about your consumer rights vs. M$ (Score:2, Insightful)
Re:Remote Admin Rights? (Score:3, Insightful)
"It's no big deal, everybody is doing it"
"No, Microsoft is the only who does [nasty things]"
"Then don't use it, geeez."
First of all, even if you only "go with manual updates" Microsoft still has the right to ignore all settings you made and install one update or another (DRM) anyway.
What will you do? Sue them?
Re:And if they didn't? (Score:4, Insightful)
Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.
Following is an excerpt from the Win2ksp3 supplemental EULA: (text bolded by post author)
I don't know what "automatic" means to you, but according to my understanding of English, it seems to preclude consent.
Yes, it DOES have to do with the Windows Automatic Updates.
Then why is it not a supplemental EULA for auto-update, rather than the operating system patch? That this EULA change was made to the operating system service pack suggests that your interpretation of M$'s intentions are incorrect.
Further interesting is that the excerpt quoted above does NOT appear in the EULA to which you must agree to begin the download, but only in the EULA click box that comes up when you begin installing sp3. The preambles of both statements are identical, clearly demonstrating the intent to deceive the user.
Re:But it makes the firewall illegal, no? (Score:4, Insightful)
It would be up to Microsoft to go after every single violator that they want punished
Nope, it would be the other way around. MS can do anything it wants to your computer, just by piggybacking it within some security update. Then it will be up to you to seek justice in court and to prove that EULA is illegal.Re:But it makes the firewall illegal, no? (Score:4, Insightful)
Sure you are.
The law says you have the right to do certain things with the copyrighted works you own, such as make backups for personal use, etc. But the copyright owners don't have an obligation by law to make that possible, and that's exactly the "loophole" they're using against us right now.
Well, we're just applying exactly the same principle to Microsoft: they may have the right to remotely perform installs and upgrades to your system, but you don't have an obligation to make that possible. By putting the appropriate firewalls in place, you're simply not giving them the technological means to do what they have a "right" to do.
Now, I agree that in practice it'll work out such that the big corps like Microsoft will have the right to do whatever they please and you won't have the right to do jack shit, but that's a different discussion...
Re:Slashdot being astroturfed? (offtopic) (Score:1, Insightful)