Slashdot Mirror
Microsoft Media Player "Security Patch" Changes EULA Big Time
MobyTurbo writes "In an article on BSD Vault a careful reader posts that in the latest Windows Media Player security patch, the EULA (the "license agreement" you click on) says that you give MS the right to install digital rights management software, and the right to disable any other programs which may circumvent DRM on your computer." So if you want your machine secure,
you also want microsoft to have free reign on your PC.
I remember some weeks back that someone had posted a script pointing to an auto-EULA remover for microsoft installers. Can that person please post their link again?
forget windows media player, its features suck, it it has next to no plugins, for music use winamp 2.x it has cooler visualisations anyway and for video nullsoft just released a new version of winamp3, winamp is the superior media player and its FREE, suck on that bill
"Sic Semper Tyrannosaurus Rex."
Time to kick media player to the curb, and use winamp, quicktime, realone, or anything else. Just take steps not to install the spyware if you use real. Do a custom install, not the quick install, and uncheck the things you don't need.
The Uncoveror: It's the real news.
You can't "just say no."
Even if you decide not to use WMP, it's still installed on your system (if you're using 98, 2000, XP); which means that you're still bound by the EULA (the one that was in place when you last installed your OS or updated WMP).
Fuck that. As a software developer, I refuse to work at a company that doesn't give me the right to run my machine the way I see fit.
I've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.
I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand.
Actually, it was Microsoft dropping support for Netscape plug-ins such as QuickTime 5 because of a patent dispute.
I maintain a web site that basically sells access to TIFF imaged documents.
Adobe TIFF has three common lossless modes: Apple PackBits (RLE algorithm used in MacPaint and at least one NES game), CCITT Fax (a strange bilevel image codec used by fax machines), and Unisys LZW. PNG, on the other hand, uses Phil Katz's Deflate (LZSS on a 32 KB window, followed by Huffman coding), which makes smaller files than any of TIFF's three algorithms.
What does TIFF do that PNG doesn't?
Will I retire or break 10K?
Securing software that you don't run?
If you dont run it (remove it even) how can it be a security risk? Common sense?
As for the adding ms to the hosts file, i was joking.
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
They don't use the engine separately, they just embed an instance of Media Player in the program. You'll have to have accepted the EULA to use them.
IANAL, but until very recently, your suspicions were basically correct; company lawyers have their field day with shrink-wrap licenses but they're very very careful not to test the more exotic provisions in court.
That is, until they're safely set up inside a UCITA-adopting state.
Why, you ask? What's this UCITA anyway? Not another acronym. I'm too lazy to write another letter. Trying to keep my phone bill down. And I can never keep my boycotts straight once I get to the store.
From the mouth of the beast...
And on a slightly more ethical tip...
The FSF's writeup
And the CPSR's writeup...
Google will give you more.
Think your EULA's not binding? UCITA gives it all that 100%-All-American Bought and Paid For Congressional Stamp of Approval. Some democracy we have, huh?
-David
We're on the road to Tycho.
How legally binding *IS* the EULA?
The unfortunate state of civilization today is that it is governed by men and not by laws. Thus it doesn't matter whether a EULA (any EULA) is legally binding or not. All that matters is that enough people think they are.
In terms of the law, most EULAs are completely invalid. Exercise of pre-existing rights is considered assent. There is a total lack of consideration. And there is no way to verify that a particular "licensee" has even seen the contract.
In terms of Rule by Fallible Human Beings, EULAs are completely valid if you can get enough people to believe that they are valid. But even if you can't, you can still take them to court and draw out the process to bleed them dry until the give in and settle.
I don't understand how the judicial/legislative system has allowed them to get away with this, whereas credit card companies are screwed on fraudulent online transactions.
The difference is easy. The average person cares about losing money. But the average person is very ignorant about their legal rights with regards to copyrightable materials, especially when it concerns software.
Wait until some large company starts putting the screws to enough people. Then the situation will change. Bankrupt enough grandmas in court for EULA violations, and the public opinion will change.
A Government Is a Body of People, Usually Notably Ungoverned
Sounds like you are trying to use a "non-web" format on the web. Stick to image formats browsers can actually read... TIFF has no place on the web. Bandwidth and all, you know.
Clever signature text goes here.
I agree.
... i hope not...
In the only _real_ law book I've read on the subject, which reads as easy as applied cryptography's first few chapters(seriously, it's very basic the hard shit follows), explains that a contract contains a portion where they must provide something while you must also. Either party fails to provide it's side of the deal the contract is null or goes into despute (court)
No one party can change lines of a contract or edit the final conditions without the users consent (read:signature). Of course clicking YES to the new one _could_ be the same
Get your Unix fortune now!
A Lawyer Looks At Software Licensing
by L.J. Kutten
For the past four years; many software companies have been
publicly bemoaning their losses to unauthorized duplication. They
claim for every "legal" copy sold, three or four illegal copies are
eventually distributed. When asked for proof, they do not give it.
Their only evidence is their "private" research (which they will not
submit to third party verification).
While no industry expert denies the existence of unauthorized
duplication, experts differ on whether this duplication actually
deprives a company of profits or sales. Take the following two
examples:
* A 13-year old child possesses unauthorized CP/M versions of dBase
II and Wordstar configured for the Apple II computer. He neither owns
a CP/M card nor a printer. To him, the software is like baseball
cards, the more he "owns" the better; and
* The business person who wants to try out a $800 program to make
sure it will (1) fulfill his needs, or (2) work adequately with his
hardware (perhaps there is a printer conflict). If the software does
not work, the floppy diskette containing it goes back into a pile. If
does work, a legitimate copy is purchased so the user can get support.
Whatever the real extent of the problem, companies are searching
for a solution. Many have adopted a "tear open" license agreement as
their way of handling the problem.
A typical tear open license agreement (also called "shrink wrap"
or "box top") is a one page form attached to the outside of mass
marketed software. On the form is a statement that says "OPENING THIS
PACKAGE INDICATES YOUR ACCEPTANCE OF THE AGREEMENT AND THAT YOU AGREE
TO ABIDE BY ALL THE TERMS AND CONDITIONS SET FORTH." Following the
statement are a set of rules and prohibition which "control" use of
the software. Typical provisions include the following:
1. Warranty disclaimer: The software is sold "AS IS." The
manufacturer totally disclaims any express or implied warranties. If
the software does not work as expected (or at all) that is the buyer's
problem and not the manufacturers;
2 Prohibition against disassembley: The program cannot be
disassembled or patched for any reason; and
3. Prohibition against resale: Under no circumstance can the
original purchaser transfer his ownership interest in the program,
whether it be by sale, lease, rental, or even by gift. If the
purchaser has no further need for the program, it must be destroyed or
returned to the manufacturer.
The software manufacturers claim that by opening the package the
user has agreed to abide by any term found on it. Not surprisingly,
users claim the forms are not worth the paper they are printed on.
Whether or not these agreements are binding is open to question.
There are no cases, at either state or federal level, to interpret
them.
The Problem With Tear Open Agreements
The enforceability of tear open agreements begins with the
proposition that (1) they are binding contracts and (2) the developer
has retained title to each individual copy of the program. The fact
that a developer has claimed they are binding contracts or he has
retained title is unimportant. A court would look at what really
occurred as opposed to what one party calls the transaction.
Are They Binding Contracts? If the license agreement is to be
binding, the manufacturer must be able to prove that both parties
considered it to be part of the contract before the sales transaction
was completed. If the agreement was not known until after the sale
was completed (e.g. the seller got paid and the buyer got the
software), then it is void. Under general principal of contract law,
no party can unilaterally add additional terms to a contract after it
has been accepted.
In a normal retail sales situation, the manufacturer can argue
that the buyer knew or should have known of the license agreement
prior to sale and thus should be bound by it. The trouble with
assumption is that a buyer would claim (1) he had no knowledge of it
and that the vendor did not mention it or (2) that the vendor did
mention it but the buyer told the vendor that he did not consider it
binding. (How many retail sellers would refuse to take the buyer's
money in such a circumstance?)
In mail order sale, the license agreement is almost never
mentioned. The first time the buyer finds out about it is after the
goods have been received. In such cases, the agreement is not worth
the paper it is printed on.
A court would also be bothered by the fact that a tear open
agreement is a contract of adhesion. That is, it is offered to the
buyer on a "take it or leave it" basis. The buyer cannot bargain
about the terms contained in it. The law does not favor adhesion
contracts and they are automatically suspect.
Finally manufacturers must realize that no court will ever
enforce a contract where the buyer pays for software and the
manufacturer, through a tear open contract, does not promise to
deliver anything.
Are They Licenses? There are a number of factors to determine
whether a license (with retained ownership) or a sale of a copy is
involved:
1. Is the license for a limited period?
2. Does the license have to be signed before the software is made
available?
3. Is more than one payment made to the "licensor?"
4. Does the "licensee" have any obligation to return its copy of the
software to the "licensor" if he has no further use of it (i.e. can he
throw it in the trash without liability)?
5. Does the "licensor" have any duties to the "licensee" to make sure
the software even works?
An answer of no to each question would indicate that the parties
really intended the transaction to be an outright sale. This is
clearly seen if you examine the license agreements for minicomputer
and mainframe computer software. These agreements are typically (1)
for a definite period of time, (2) the license agreement must be
signed by all parties prior to delivery of the software, (3) in many
instances the licensee has to pay a yearly royalty/service fee, (4)
the licensor agrees to upkeep and modify the program as necessary, and
(5) the licensee has a duty to return the software after a specified
period.
Other Problems With Tear Open Agreement: Even assuming a court
would find a tear open agreement to be a binding contract or a true
license agreement, there are many other problems that must be
resolved.
Tear open agreements may violate four provisions of Article Two
of the Uniform Commercial Code (the U.C.C.) Article Two codifies the
law of sales and it is the law in every American jurisdiction except
Louisiana.
U.C.C. |2-312 gives a dealer the power to transfer all rights,
including title, to the buyer unless the dealer gives the buyer actual
notice of the limitation. There is nothing to prevent software
manufacturers from contractually requiring its dealers to give this
written notice on their sales forms.
U.C.C. |2-513 gives the buyer the unqualified right, except in
C.O.D. sales, to inspect the goods at any reasonable time and place
before accepting them. The buyer can take the sealed package home,
remove the shrink wrap and test the software to make sure it fulfills
its advertised claims, etc. Given the fact that many software
packages require a minimum of 30-40 hours training to utilize, the
fact that a demonstration package was available or that the buyer
could try the software out a a local store (how many stores would
allow any user to tie up a machine for 35 hours to test one package)
is irrelevant. The buyer has a reasonable time to inspect the goods
and either accept or reject them.
Under U.C.C. |2-201 if the price exceeds $500, the party being
bound by a contract has to sign a writing relating to the contract.
Thus, the buyer pays $501 for a software package and did not sign the
restrictive agreement, then the terms of the agreement do not bind
him.
Many license agreements disclaim all warranties (i.e. the
software is sold "as is" and the manufacturer guarantees nothing).
Under U.C.C. |2-316 this is permissible, except whenever an express
warranty disagrees with a disclaimer, the warranty will prevail. The
law says express warranties are created by instruction manuals,
training guides, use of demonstration models, advertising and the
like. Thus any disclaimer of an express warranty is voidable.
Tear open agreement may also violate various federal and state
consumer protection statutes. It is arguable that the manufacturers
have committed fraud against the buying public in that they encourage
the public to buy their products yet do not advertise their license
restrictions. It is a deceptive trade practice under the Federal
Trade Commission Act (a federal law) to let a transaction look like a
sale when it is not. Many states have similar legislation.
Courts would also be bothered by the fact that the consumer bears
the entire risk of loss. In a U.S. Supreme Court case dealing with
price fixing, the Court said that risk of loss after transfer of
possession weigh heavily in determining whether or not a sale has
taken place. If the buyer bears the entire risk of loss, it strongly
indicates a sale, and not a license took place.
Can a sale later become a license? The license says that
"opening the package" or "using the software" indicates acceptance of
the license terms. Does that mean the buyer did not accept them at
the point of purchase? If so what did he buy? If he did buy it, does
he lose or forfeit some property right upon opening the package. If
so, the manufacturers should realize that the law does not like
forfeitures of any type.
There may be an admission against interest in requiring the buyer
to sign a card acknowledging the validity of the license agreement.
Under the law, a party cannot have contradictory claims. If the
agreement is really self executing, why require the buyer to sign a
card acknowledging its validity unless the manufacturer has its own
doubts about its self execution?
There may be another admission against interest in that many
manufacturers, for income tax purpose, treat the transaction between
themselves and their dealers as sales and not licenses. Similarly, a
court would inquire into whether or not the manufacturer took returns
from its dealers. If it did not, then it indicates a sale took place.
In the same genre, manufacturers fail to control their dealers.
If they really wanted to create binding licenses they could
contractually require their dealers to have the license agreement
signed before delivery of the software. They do not do this. (Too
much trouble they claim.) Instead they exercise almost no control
over dealer's selling practices. Most dealers treat software the same
way they treat hardware. The dealer uses sales forms, invoices and
receipts that imply a sale took place.
Current-day practice is not to have a "tear-open" agreement, but, instead, the agreement is presented when the user attempts to install the software. The user had no knowledge of the agreement's existence, let alone its terms, when the user paid for the software. By this lawyer's logic, that makes the agreement null and void.
Click-wrap licenses usually tell the reader to return the software to its place of purchase for a full refund, if the user refuses to be bound by it. Unfortunately, the place of purchase will generally not take it back or refund the user, as an understandable matter of policy (they have no way of knowing if you copied the distribution media prior to returning the software). However, this effectively means that the user is forced to either accept the terms of the agreement, or not use the software and let it rot, since they can't get it refunded.
Often, click-wrap licenses state that opening the package constitutes acceptance. However, you didn't even see the license until you attempted to install the software (which obviously happens after opening the package).
The only way the typical /.er can pick up a chick is with a forklift. -- AC
GDIVX runs on XP etc and is better (in my opinion) than the Media Player. There are heaps of players out there.
There is a nice program out there for Windows users called Tiny Personal Firewall. This wonderful little program is not just a firewall
It has default restrictions available and it sets itself up for standard windows programs like Office, IE, etc.
The cool part: When you install a new program TPF3 not only asks you if you want the program to execute, it also asks you what level of execution to grant. For example: Internet explorer (by default) can ONLY download into the c:\download directory.
So... if I'm on a box with XP I install TPF3 and nothing gets by it. Is your Media player trying to contact the Internet? block it! Is your media player trying to install something? Block it! Easy as that. Give it a go.
You have a sick, twisted mind. Please subscribe me to your newsletter.