More MS EULA Fun 602
gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
Re:And if they didn't? (Score:5, Interesting)
Re:And if they didn't? (Score:4, Interesting)
The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them..
This means its within there power to say, Hey look hes got a pirated version of "Austin Powers The Spy Who couldnt come up with a second Orginal Movie and had to use the same old jokes over and over" and WIPE your system TOTALLY.
Its not the Ability to Auto Update.. ITS THE BROAD power there poorly worded EULA gives them.
Re:And if they didn't? (Score:2, Interesting)
SP3 and DirectX 8.1 (Score:2, Interesting)
I just sat and laughed.
How get this effect?
Load W2K, Load SP3, Load DirectX
Perception (Score:5, Interesting)
Windows has a reputation for being insecure, and thing's like this aren't going to help. If Microsoft can upload and install things on your PC at will, who's to say that someone else couldn't do the same thing? The reason Windows Update was a manual process was so you can keep track of what you install.
Read the msft docs...then make your call (Score:4, Interesting)
A lot of time on Slashdot is spend carping about bugs in MSFT software. SP3 fixes hundreds above and beyond previous hotfixes. Check them out for yourself [microsoft.com] and decided whether you would rather have a better functioning Windows or stand up for civil liberties.
Both are legitimate practical considerations. One might be more pressing depending on your current state of employment...
You have no choice (Score:5, Interesting)
I find it interesting that this is legal, to change the conditions in PATCHES.
Why dont they just add the line "..and every microsoft employee may get to have sex with your partner"
Re:Read the msft docs...then make your call (Score:5, Interesting)
SP3 fixes hundreds above and beyond previous hotfixes. Check them out for yourself [microsoft.com] and decided whether you would rather have a better functioning Windows or stand up for civil liberties.
That makes no sense at all!
Wtf should I have to make that choice?
Apple pie is much better than a grenade up your arse. Read the recipes for both and decide whether you would rather have apple pie or blow yourself up.
It's a bloody operating system for christ's sake! It's supposed to work *for* the consumer, not force him/her into a "Hobson's Choice".
A case for the EU commission (Score:5, Interesting)
I think that at the very least, Microsoft should be required by law to provide an EXACT definition of what constitutes an upgrade or fix and what Liability Microsoft has. It really is time that software companies were made 100% as liable for their shoddy, devious and deceptive practices as car manufacturer's are for example.
The wrong Focus... (Score:2, Interesting)
IMHO, most people are focusing on the wrong aspect of this change. Sure, this change in the EULA gives MS the power to connect to, scan, and update the OS Software on your PC - and with their past record with releasing buggy, security-flaw ridden software, one should think that having the most recent patches installed ASAP would be a good thing (though MS Have been known to go from bad to worse with some of their patches!)
However, you all seem to be missing a more obvious implication - if MS can connect to your machine to load Legitemate updates, How long do you think it will be before your local 3v1l Hax0r d00d works out how to spoof the mechanism to his/her own ends?
It's not necessarily what you are allowing MS to do that you should be worring about - it's what you will be allowing the rest of the world to do that should worry you!
<PARANOIA MODE="OFF">
Re:You're assuming too much (Score:2, Interesting)
> Once Linux satisfies my video editing needs, all
> Windows partitions are gone. Hmmm, maybe it's time
> for me to start researching that a bit better.
The best (and now probably the cheapest) digital video editing system I ever used was iMovie 2 on a Snow iMac. You can pick a 500mhz (the same one I have) one up on EBay these days for a bit over $200. Use that for video editing, and blow away those Windows partitions. That way you can have the little iMac's hard drive dedicated to video editing, and still have your entire PC hard drive for Linux. If the iMac has OS 9 on it, and you want to use as much open source as possible, later versions of iMovie will work with OS X.
Just a suggestion.
"What I'm thinking is different from what you are."
Belabera, "Mothra 3" 1998
THEY DO DELETE THOSE FILES (Score:1, Interesting)
even the evil DMCA allows for "fair use" in this manner... so microsoft wrongly deleted files on my computer...
MSFT SUCKS! --- is that assuming to much?
-BCC
Re:Somewhat somplistic, aren't you? (Score:4, Interesting)
At the very least this means that Microsoft would have been able to sell my personal data to spammers. (Did you ever wonder how so many spammers got that email address of your in your profile above?). We don't do this but assuming that we used a CRM solution that was from a competitor of Navision (has been bought up by Microsoft). Do you seriously belive that Microsoft would never consider using that information or private CRM DB info as a means of getting us to switch or at the very least using the fact that we might be using a competitor's software and sending our info to their CRM department so that Navision would suddenly be sending us spam or reps to sell their stuff to us.
Do you trust Microsoft that far, legally, when Microsoft takes great pains to avoid any liability whatsoever with their EULA's?
We're watching the wrong hand (Score:5, Interesting)
Live with it and then just upgrade to a better OS (Score:2, Interesting)
Microsoft isnt playing nice. neither am i (i've never paid for a copy of windows) - win2k is the last microsoft OS i will ever use.
Forcing a contract is illegal. (Score:5, Interesting)
Forcing someone into a new agreement is illegal. Governments should give this some attention. The updates are necessary, partly because the software is sloppily written. The user does not have a good option; the only option is to get a new operating system and re-train everyone, and accept that some programs on which a business is dependent don't work. That's force.
You can remove the Microsoft EULA: Windows VBScript for automatically removing the click-through End-User License Agreements found in most installers [google.com].
It's no fun to work at an abusive company. We are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.
As companies become more abusive, it becomes more miserable to work there. If you are good at what you do, quit and get a job somewhere where people are treated like people.
This is where it is all leading:
EULA:
Slashdot has a sneaky EULA, too. At the top of every Slashdot article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service [osdn.com] says at section "4. CONTENT", paragraph 6,
"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."
The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.
This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, Slashdot's The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.
Clear as mud (Score:4, Interesting)
Also, what happens if one of their "fixes" happens to wipe out a Linux partition? Are we supposed to accept that this agreement absolves them of any liability? If you rent an apartment, your lease may allow your landlord to go into your house for necessary repairs ("fixes"? "upgrades"?) without your consent. But that doesn't mean if he breaks something else while he's there that he is absolved of any liability. I'd think that MS ought to be very cautious of performing these updates without any warning whatsoever. I believe they've already had faulty [pcworld.com] patches in the past.
Uhhhh, that's not in the EULA... (Score:2, Interesting)
Well, either way, I'm gonna install it. I personally feel that there is a lot of paranoia running around, as for Microsoft to initiate an upload of some software updates to a random windows user X, there would be a HUGE GAPING HOLE in the security of the software (if M$ can do it, 1337 h4x0rz can do it...), plus they would have to know your IP (which seems to change on a regular basis for many home users I've met). So that leaves two avenues: auto-updates (for those who leave that enabled), and manual updates. For those who've used the Window Update feature to manually update, You get a fair amount of information on each update, and although they could sneak something by, I think someone out there would figure it out, and I don't think microsoft is blind to the fact that the public outcry would be substantial.
At least that's my opinion.
Re:And if they didn't? (Score:5, Interesting)
No. You are effectivly trying to fight a trojan in the operating system. Unless you know exacly how it works the only sure protection would be never to connect the computer to the net at all.
For starters your opponet is the OS itself, so you can't go with a software firewall - you'd need a seperate firewall box sitting between you and the net. Second, you have no idea when the packets/connections look like, so you have to keep a lockdown on all types of connections both inbound and outbound. This can be a major pain on a general purpose PC doing vaious sorts of web access - games, voice chat, P2P, and other applications constantly bumping into to firewall.
The reak kicker is that if they really wanted to they could stll get past any firewall. They could piggyback on a legitimate connection any time you touch a Microsoft controlled website. Yeah, it's getting a bit extreme, but it's possible. The OS could keep the HTTP connection alive and insert a sideband channel in the HTML itself. SOAP anyone? Or
-
Re:Forcing a contract is illegal. (Score:3, Interesting)
Words, thoughts and ideas are completely different. If someone uses an idea you thought of, it does not prevent you from using the same idea. The whole idea of "intellectual property" seems so ludicrous to me in theory. How can you "own" an idea when anyone else can think of it? It's not like a car that has some physical existence and can only be in one place at a certain time.
"... it is the nature of idea to be communicated; written, spoken, done. The idea is like grass. It craves light, likes crowds, thrives on crossbreeding, grows better for being stepped on." - Ursula K. Le Guin, The Dispossessed
Now this is an interesting example. Although I am using an idea that someone else thought of, I note that it is not "my" idea (whatever that means) by placing a persons name after the idea, signifying that that person thought of it before me. Does this mean that she is the first person to ever think of it? Not necessarily, she is probably just a person with enough popularity to spread ideas (to me, at least). Would she be offended if I had included the idea without giving her credit? Considering the idea in question, probably not. Why do I do this, then? Probably to give respect to someone for putting a thought into words so eloquently.
I installed SP3 on my Win2K laptop (Score:3, Interesting)
My work provided laptop is Win2K. I don't have any choice in the matter, that is the company required OS. I installed SP3 last night. It changed my auto-update setting to automatic without telling me. At work and at home I am behind firewalls. In the work environment all updating of Windows is handled internally, not by windowsupdate.microsoft.com. At home I patch manually. I don't want auto-update turned on. Since I always turn it off, I didn't realize it had been turned on until I checked, after reading this story on slashdot.
I have submitted a formal request for exception to be allowed to install Solaris or Linux on my laptop since I all of my work is primarily done on Solaris platforms. As of right now I have no intention of any of my own PC's having Windows ever again (my personal workstation is RedHat 7.1) and if I get this exception same rule goes at work. My wife uses Mac, and so does my son.
I have never seen RedHat or Solaris updates change settings on my PC/server/etc without asking if it was okay to do so. Solaris packages ask if it's okay to install with root permissions or modify permissions. When is the last time a Windows package asked you that? I've been using computers since about 1979, I'm tired of being treated like I'm stupid. I suspect a major part of the reason users are stupid is because software companies taught them to be stupid.
As a responsible manager I'd (Score:3, Interesting)
Not only privacy but contract law. (Score:2, Interesting)
Re:Script kiddies' wet dream (Score:5, Interesting)
Step 1: Log into Windows 2000 (any flavor) with a non-administrator user account.
Step 2: Go to windowsupdate.microsoft.com
Step 3: Note the following message Step 4: Explain to me your insinuation that manual updates somehow require administrator rights but automatic ones don't.
Also, considering that the updates are installed automatically, imagine all the new and interesting EULAs that will spring up now that I no longer have the option of not agreeing to them.
Re:Forcing a contract is illegal. (Score:3, Interesting)
Re:And if they didn't? (Score:3, Interesting)
Furthermore, even if clicking that does disable Automatic Updates, it doesn't guarantee that all of Microsoft's access to your computer is disabled. That EULA clause effectively authorizes them to leave a back door open even with Automatic Update turned off. That EULA doesn't say anything about "unless you turn off Automatic Update".
Paranoid? Perhaps, but show me in the source that it doesn't do that.
Slashdot being astroturfed? (offtopic) (Score:5, Interesting)
The response is 383 words. That's over 127 words per minute.
Furthermore, this paragraph smacks of being mandate-driven...
And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.
Am I the only one getting the feeling that
Re:Perception (Score:3, Interesting)
You can see the bind Microsoft's in. They produce buggy code. Everyone produces buggy code. If every programmer was perfect, we'd live in a much different computer-based society. One of Microsoft's big problems is that when they release bugfixes, they don't get applied. Many of the worms and trojans plaguing Microsoft web and mail servers have had patches released for quite some time. Poor Windows sysadmins and end-users just don't apply them. With 90% of the OS market, not having end-users apply bugfixes opens a significant number of systems to exposure.
So what can they do? Well, they can step up notification and education programs to get end-users to patch their systems, but you can't outfox stupidity or ignorance. So rather than depending on the user to patch their system, why not throw out the patches to the systems who need it? That's not such a bad idea. You take the responsibility out of the hands of the people who have failed to fulfill their duties and put them in the hands of yourself, who you trust just slightly more (and really, I do trust Microsoft just slightly more than your average end-user). That is not a bad idea from a computer security standpoint. You'd just better make damn sure your implementation is safe (a concern you noted)
But the EULA is worded badly. It does give Microsoft the authority to do much more, and furthermore, it doesn't notify the end-user of their options to turn this ability off. It gives no choice, so the people who don't trust Microsoft can't easily discover their options.
Don't fault Microsoft for being insecure and then chastise them when they take a relatively reasonable step to fix it. You're assumptions about whether auto-push-updates are a good thing (even with security considerations weighed in) come from a background where end-users are responsible enough to patch their systems. That's not the group of people Microsoft is dealing with. I agree that they should be chastised, though, for sneaking in a EULA clause, and go further to offer alternatives (we call this constructive criticism) about a way to make their solution be more palatable to the techie community.
Re:Odd (Score:5, Interesting)
Did you know that Visual Studio limits your ability to release your code under license you want? If you use visual studio you are not allowed to write GPLed software.
I don't care how nice it is, I value my freedom too much to use it.
Re:Script kiddies' wet dream (Score:3, Interesting)
Sure it does: a future MS OS advertises "Automatically deletes potential virus files" then proceeds to remove any "suspicious" files, eg any unsigned files downloaded over P2P. Nothing you can do about it.
I'm not saying they will but you're saying they can't and that's just not true.
TWW
Re:Script kiddies' wet dream (Score:2, Interesting)
Really? Why would the update NEED to "run" when their EULA gives them the "right" to download them to places like \WINDOWS and \WINDOWS\SYSTEM. You get the picture...