Slashdot Mirror
Read the Fine Print
nihilist_1137 writes: "This story is about how MS changed its EULA and you just gave them control of your computer. In the section on Windows XP Professional, 'Internet-Based Services Components' paragraph says in part, 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.'"
"may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer."
If you would consider the average user for a moment. He does not give a damn about most issues you would start campaigns for. All she/he cares for is whether he can watch movies, listen to music and basically create word documents. So would he not like automatic fixes of bugs? From his point of view, it would be convenient.
It's about time you took note of the average userbase Microsoft are aiming for with XP.
-Shaunak.
We've been complaining on this site for months, if not years, about Microsoft's security. They have a bug? We want a patch right away. We complain about downloading patches? Microsoft makes the system able to download and install them itself. All the user has to do is set up auto-install of new updates.
But that's not good enough, because too many users/sysadmins are too stupid to turn this on or check it regularly. So we complain that Microsoft isn't doing enough -- that they need to make the OS download security upgrades automatically, whether or not the stupid user asks for it or not. This, we argued, is the only way Microsoft can stay ahead of security holes and make sure we take them up on the patches.
So Microsoft does this. But because doing so requires the user to agree to let Microsoft access and update their system, they have to add it to the EULA.
And then Slashdot complains that MS is taking too much control.
The mind boggles.
Two is that people are stupid if they don't read those agreements.
Now that's something else. I wouldn't call myself stupid. I have actually read the Windows 98 EULA, but all the software that's downloaded and tried through the years' EULAs, I don't bother to read. I mean, how many people actually read EULAs?
If they don't, they are getting what's coming to them. Anytime someone enters a legal agreement it is their duty to make sure they know what their agreement actually is. Would you take a loan, buy insurance, rent an apartment or buy a book from Amazon without knowing the terms of the deal?
This is even worse, though, as it is about the volume licensing for companies. Sure, I can understand that someone buying a game for their kids don't bother with the EULA (consumers do have a layer of legal protection against onerous agreements), but this is about companies not even bothering to find out the terms of use for software that's expensive and critical for their operation. That is stupid.
/Janne
Trust the Computer. The Computer is your friend.
Possibly, but I think you're missing the point here. Read this post to see what I mean. The point is that the average user doesn't know and/or care about these things. As long as he/she can play music, games, get his/her spam from Hotmail ;-) and write Word documents he/she couldn't care less because either they don't understand how this would work or consider it important. Hence, if your audience is ignorant of these things, you can get away with a hell of a lot under the impression that "it's for your convenience/benefit" because most people don't have the time or knowledge to question these actions. We (the technically literate) need to educate the rest of the community ourselves and not leave it up to Microsoft to utilise user ignorance to get away with such things.
----------
When the pin is pulled, Mr. Grenade is no longer our friend.
You're damn right. This is Microsoft's software, not yours.
Agreed. Whatever they do or do not do to (wow) there software is their buisness.
If you don't like it, then don't install it.
*duut!* Not agreed. How many computers do you see in sales WITHOUT Windows? How many users would know what an OS is? Are the users given a choice? Nope - they have to stick with Windows. That's what's bothering me. And it all ends up in MS' marketing strategy - "if you sell ALL of your computers with Windows, we'll give you a BIG rebate!" Not many computer-sales-companies says no to that.
We have of course our beloved Macintosh, but that's a different story..
(1) I have not seen any credible posts demanding that auto-download and install of patches be on by default on Windows systems. There have been buggy patches before for Windows, could be again.
(2) Slashdot isn't a unitary entity. If you make the mistake of expecting every J. Random Poster's comment taken together to represent a coherent position on anything, you will be disappointed.
And what about the patches that cause bigger problems than they fix? I don't download most new patches immediately (unless it's a major bugfix), I wait until the dust settles.
MS have been known to release service packs that do just this.
I hereby inform you that I have NOT been required to provide any decryption keys.
Straight from the article : MS says "...is not intended to force upgrades on customers."
This is the same team that told the DOJ that MS isn't a monopoly and if they were they wouldn't do anythign illegal. Yeah I believe them, don't you?
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Just wait until their servers get hax0red...
A patch that is supposed to fix an Outlook virus becomes a virus? Methinks I'm gonna turn off autoupdate and tell it to warn me first...
--pi
" Several readers were also worried that Microsoft's broad assertion of its right to access their computers would force their companies into noncompliance with government security guidelines and various privacy laws. This concern was exacerbated by additional PUR language in the same Windows XP section. In terms of "Security Updates," users grant Microsoft the right to download updates to Microsoft's DRM (Digital Rights Management) technology to protect the intellectual property rights of "Secured Content" providers. It says Microsoft may "download onto your computer such security updates that a secure content owner has requested that MS, Microsoft Corporation, or their subsidiaries distribute." In other words, it would seem Microsoft's idea of a security update is one that protects the property rights of vendors, not the security of customers' systems."
What Microsoft is preparing us for is the next step: No root access to a machine.
This is scary ass stuff. Note that MS's EULA gives them the right to change these license terms on a whim. Your license with MS is one sided, MS can change anything they like, and you have no rights other than those MS chooses to grant you.
Running a business on such a system to me would see m an unwarranted risk, especially given MS's pathetic record when it comes to security related bugs and holes.
What MS is saying is that they have "root" access to your machine and can read anything or install anything at will.
This is clearly over the line. NO OTHER industry in the USA can sell a product and attatch the kinds of "strings" to it's use, while disclaiming any and all liability for defects as the software industry.
MS and other proprietary software vendors have had it totally their way for too damn long. We need some sort of law limiting what can be in a EULA, restoring the "first sale" doctrine, and at the very least, a right to "opt out" of new license changes made AFTER the sale.
The best solution is to use Linux or other OSS software. Sooner or later, Microsoft and their goons will go a step too far, and the business world will realize the danger of allowing such meglomaniacs THAT kind of control over their information system arteries.
If this little nugget isn't it, WHAT will be?
=== The price of freedom is eternal vigilance
I think the most important issue here is that MS can have its OS's download and perform upgrades WITHOUT having to have this kind of language in the EULA.
/. crowd will do anything to bash MS, there is something to be concerned about here.
All it would need to do is have an automatic wizard pop up ever week (or month) or so and ask your PERMISSION to check for and download the latest updates. The Wizard can even provide a lengthy explanation of what it's about to do for those who want more information.
That is all that's required for REAL updates.
This language in the EULA sounds like it might be giving them EXTRA permission to do other things. Checking version numbers of WHAT software? As someone else pointed out, will this include OfficeXP? Is it checking for pirated warez?
So despite all of the people up here screaming that ONCE AGAIN the
Rich...
Ignore Alien Orders
My original point stands - you can't just walk all over what people need and think that can simply go on endlessly... MS spent years engineering a system that took away options - and they got their head handed to them, and the recent revelations show that plain old people DO care. MS is possibly getting off only for political reasons - but they seem to be going back to their old arrogant ways. MS is the irish potato of the computer world - monoculture on which not only does their well being depend, but so does the wellbeing of 90% of computer users. The crop goes bad and lots of users / businesses go dark. They may just creep up on enough small indecencies so that someone calls them on it. MS has an achilles heel somewhere - and the people who depend upon them better hope no-one finds it. This is not original - Nick Negroponte has laid this out in detail with several real possibilities. Someone needs to dope slap the folks who Ok these little things.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Ever hear of port 80? Web services?
MS doesn't need a big hole. SOAP would do fine.
I don't know what the laws in your country are, but here in EU, EULAs can be totally ignored. I don't actually sign them, and clicking a button (or whatever the program asks me to do) doesn't count as a valid contract.
They could ask for my soul in the EULA, I really don't care, so why bother reading beyond first line?
Microsoft's most desired flaw is that they do exactly what they're asked to do. The complaint around here is that what they're asked to do isn't the right thing to do -- which you can distill to "users are stupid."
I'm a sysadmin at a small company -- 60 employees, few million dollars is revenue. A reoccuring problem I have is employees who open file attachments from strangers. I've written policy; I've had meetings and presentations. Hell, the CEO said to me once "good thing I use a Macintosh because I double-clicked on that gone.scr attatchment, eh?"
Updating virus protection, and applying patches on every desktop machine is a must. After a particularily scary security announcement about IExplorer.exe, I got the patch off of Microsoft, posted it to our local file server and sent out a letter to the entire staff [insert something here about office politics and loosing face for scaring people] saying "install this patch immediately." Little did I realize that the patch was broken and replaced later the same day on the website with a functioning one. So, I expected everyone would come to me and say "I tried but it did _this_ instead."
Two people came to me to complain. Two people of 59, when I said it was important to install this patch. Of the two people, one of them is a suit who hates using email (kudos to him for reading it).
Some sysadmin, as frustrated as I am, must have asked for this 'MS will upload patches to you whether you ask for it or not' feature. Hell, I've had suits whine to me about "can't you just update my virus software for me, automatically?" and I think to myself "I guess I should, since when I say 'DO THIS, it's very important,' you ignore me."
There's no justification for needing legal authority to install anything, as the system functions today. To "need" this level of authority, Microsoft would have to argue that THEY, not you, are in fact installing the software in question. In my opinion, (not a lawyer) that's crazy.
In order for the software to be installed, you (a person of sound mind and body) have to take the active step of saying "Yes." You're doing it. It's one-click installation, but you made the choice.
Unless future versions of Windows Update will automatically install things? I don't know whether to laugh or cry.
Got Code Red Part 44 after the Code Red Part 43 patch auto-installed? "Sorry, you agreed we could install anything we want, including buggy, poorly-tested code."
After all, Microsoft would never release a patch that opened up new holes in the feature it was supposed to fix. (Or in other random products.) Anyone claiming contrary will be burned as a witch.
Who did what now?
This is a tech "shock" article, designed to get zealots in an uproar, and it should not even be bothered to be read.
Throughout the rest of the licensing agreement Microsoft is careful to differentiate between simply having information on a computer and actually executing that code.
This agreement doesn't say that MS can execute the new code that they force onto your workstation. So, if they did automatically execute it, they'd be stealing computing resources from your company.
hehe
~Tetravus
We can debate all day about whether the ability to get John Q. Public's computer security patched so it stops DDoSing your web server outweighs the value of having full control over your machine, but honestly, if you don't trust a company enough to have confidence in simple software updates, should you really be running their stuff in the first place?
"Reality is just a convenient measure of complexity" -Alvy Ray Smith
Enough with the blanket statements. Just because Christians are fighting in N. Ireland, doesn't mean that's what Christianity is about.
>>Enough with the blanket statements. Just because Christians are fighting in N. Ireland, doesn't mean that's what Christianity is about.
Enought with the blanket statements. Just because Muslims are fighting in Afghanistan, doesn't mean that's what Islam is about.
(yeah, yeah, I'm an atheist)
"I'm sure the users want a system that by default only gives them 85% of the bandwidth because it reserves the rest for talking to Microsoft's servers (this is an XP out of the box default)."
This was a lie propagated by people who are too lazy to hit F1 and find out more information about the checkbox that they were un-checking. But, I guess once we've found something to badger MS about, it doesn't really matter whether it's true or not. After all, this is SlashDot, not some sort of forum for open thought.
-Mark
Way to go, Microsoft! Hope you get enough income from your digital "rights" management partnerships to offset the loss of sales and goodwill you're about to experience.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Radio Button says, "Disable", but License says "Screw you all day long!" I wonder which one will really hold force? I also wonder just how good this fine program will be at turning off the kill feature of XP so that your computer will continue working after you disable this "feature." Forget it, the slavery is made manifest and the number one condition of any oppresive EULA is the company saying that they can terminate your license and destroy your work at will. This is really that clause put into action.
Yes, it really is the best windows ever. I don't like it and I don't use it. I have one surviving windows 98 box that I've tried to make blind to the network. It never really worked that well, but I expect the EULA that came with it to reamain in force that way. XP, "Hunh, have you ever been eXPerienced?!" Not me.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Every time a new worm exploits some vulnerability in an MS product, we see (right here on /.) calls for competence in MSCEs. At least if the OS magically patches itself, there would be fewer boxes vulnerable to known holes.
With software under the gpl, bsd, etc., I don't have to read the license or agree to it to use the software. Once I legally obtain a copy, I am free to do as I wish as long as I do now violate copyright law. Only when I wish to do something which is not allowed by law (e.g. redistributing) must I follow the license (gpl, bsd, etc.).
This is very different from an MS style EULA which attempts to limit what I can do with my copy of the software over and above existing laws.
You are correct that it is easier to deal with software that is mostly under common licenses, but do not make the mistake that the free software licenses are anything like standard commercial EULA's.
Except Microsoft wants to do this when you buy (that's right, buy, not "license") windows. Of course, MSs wet dream is to have you have to pay for Windows like a lease. They get as close as they can by "obsoleting" versions and encouraging vendors to do the same. Didn't work with XP, thankfully.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Anytime someone enters a legal agreement it is their duty to make sure they know what their agreement actually is.
But are EULAs really legal agreements?
No laws are clear on it, and it hasn't been tested in court yet. But the widespread suspicion is that a court would rule that an EULA is NOT a legal agreement.
I pledge allegiance to the flag...
of the Corporate States of America...
Red Hat Network does exactly the same thing that the Microsoft EULA describes (automatically examines the version of Red Hat and RPMs on your system, and can auto download available updates)
Of course, the slashdot story fails to discuss this, making it look like Microsoft is the only company in the world with auto updating software.
I'm a Linux user, but have been disappointed of late with Slashdot's tendency to fail to research and present more than one side of a story. It's this aspect of Slashdot that is ruining it's credibility.
> Two is that people are stupid if they don't read those agreements. They are so used to clicking next that anyone who has agreed to this deserves to give thier info to M$
You must have missed the part where that language changed over time. Reading it once is not enough - you have to periodically go back and reread it, compare with the old copy (..and you did keep a copy of the old text around, didn't you?...), and see if you agree with the changes.
And if you don't, then what? You've already paid for and installed the product. A little late to be deciding you don't like the (changed) license.
Wow. Bill's going to miss that 0.00000000000000000000000001 percent of annual sales.
Really, I agree with your sentiment, but it's better not to throw around numbers unless you have some big ones.
~~~
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.