Read the Fine Print

nihilist_1137 writes: "This story is about how MS changed its EULA and you just gave them control of your computer. In the section on Windows XP Professional, 'Internet-Based Services Components' paragraph says in part, 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.'"

Re:Once again, Slashdotters want to have it both w

[Thomas+Marsh]

Microsoft makes the system able to download and install them itself. All the user has to do is set up auto-install of new updates.

But that's not good enough, because too many users/sysadmins are too stupid to turn this on or check it regularly.

On the contrary, sysadmins are advising that users disable automatic updates on XP because the tendency of the auto update facility to replace, for example, working drivers with faulty ones, as well as not providing information on which packages are being downloaded. (Read that in an article somewhere. Never used auto update myself.)

I do see this as a privacy concern, because it is only with XP that windows update does not say "this is done without sending any information to microsoft." All other versions of windows use the anonymous facility, so they already have a working production update system which they've replaced with this more invasive version. -Coinciding with the EULA changes.

Whether it is an intentional attack on privacy/piracy or simply that MS decided the old mechanism wasn't efficient enough over a slow connection (or some other technical reason) is speculation.

Why do companies tolerate this?

[Phil+Wherry]

[IANAL, so consider these comments accordingly]

I'm really quite surprised that there hasn't been a big backlash from the legal departments of corporate customers over the text in the license agreements from software makers like Microsoft.

Most of the large organizations that I've worked with have relatively paranoid legal departments. The average person cannot, for example, sign a non-disclosure agreement, vendor contract, or do anything else that binds the company without having the document scrutinized in excruciating detail by the company's legal department. And, as anyone who's ever been through this process knows, excruciating is the correct word for this situation.

Yet people install software all the time that binds the company to ridiculously one-sided terms: This software is ours, not yours. Unless it breaks: then it's yours, not ours--and we're obligated to do everything up to and including nothing to help you.

It seems to me like two possible explanations exist--neither of them pleasant:

• Legal departments aren't challenging shrink-wrap licenses because they feel they're not really enforceable contracts. This seems to fly in the face of things like UCITA, though, which allow the software vendor to say "W3 0wn j00" in their license agreements with the force of law to back them up.
  
  
• Legal departments aren't challenging shrink-wrap licenses because they realize that most of the time they're dealing with a powerful monopoly--and that the choice is to accept unconscionable terms or simply be unable to perform essential functions. Most legal departments don't understand open-source software, and I think Microsoft's done a good enough job with its fearmongering campaign about the GPL that there will be a lot of hesitation even if the light bulb ever does come on.
  

There's also the issue of who's allowed to "sign" these things. In most corporate-user situations, the user doing the software installation (and therefore "agreeing" to the click-wrap terms) isn't a corporate officer or someone who's been delegated the authority to bind the company to a set of terms--no matter how reasonable. This seems to me to be pretty dangerous. In the case of a dispute with the vendor, it could potentially put the user at personal risk for representing they had the authority to bind the company when, in fact, they did not. While the economics of pursuing an individual over a company's breach of the license "agreement" probably don't make sense, this remains at least a theoretical risk.

Re:Software auto-update is common

[NumberSyx]

Google's Toolbar does the same thing, according to their official-until-we-change-it legalese

The difference is Google only checks for a single piece of information on a single piece of software and my system does not depend on this software to run. I have never had a Google Toolbar update screw up my entire system or even introduce another bug or open security holes. Google also has a pretty good privacy policy for which it has an excellent track record for following. In short, Google has earned my trust, Microsoft has proven time and time again they can not be trusted and it will take more than setting aside 28 days out of the last 20 years to fix problems to restore that trust.

Re:MS didn't think anyone would notice ANYTHING

[i_am_nitrogen]

What about OEM installs of Windows? People who buy a computer from Office Max or Wal-Mart don't ever get the "Agree/Disagree" prompt. Usually there's a little book that says "For distribution only with a new PC." inside the box, but does it ever say anywhere "Read me or die a horrible death?"