Microsoft Media Player "Security Patch" Changes EULA Big Time

MobyTurbo writes "In an article on BSD Vault a careful reader posts that in the latest Windows Media Player security patch, the EULA (the "license agreement" you click on) says that you give MS the right to install digital rights management software, and the right to disable any other programs which may circumvent DRM on your computer." So if you want your machine secure, you also want microsoft to have free reign on your PC.

extortion

[s20451]

How can it be that they can change the EULA in order to disseminate a security patch? Isn't this essentially extortion? If I disagree with the EULA, and someone exploits the security hole the patch was designed to fix, can Microsoft be held liable?

Groan....

[cybermace5]

One of these days they will go too far.

Every move Microsoft has made follows
Machiavellian politics to the letter.

It's no longer about money, it's about
power. Microsoft will continue to find
ways to gain more control of computers,
and eventually will try to directly
attack other operating systems and make
them illegal. Microsoft doesn't even have
to worry about serving customers anymore.
There's almost too much momentum to over-
come here, folks. The only way that our
computers will belong to us in the future
is to make sure that we control how they
are used. Keep the hardware in the hands
of smaller manufacturers who have to
compete. Keep the software in the public
domain wherever possible.

At this point, even Apple looks good com-
pared to Microsoft. They have to listen
to their customers, they have adopted con-
cepts from better operating systems and
made it easier for users to use a com-
puter for any purpose they desire.

It doesn't matter what OS you use; BSD, Linux,
Solaris, or any of the other options. But by
choosing something other than Windows you
will help keep control in your hands. At this
point it would take thirty years for Microsoft
to go out of business, but we need to be looking
ahead. Do not accept these incremental attacks
on your freedom.

Re:Groan....

[kadehje]

Microsoft will continue to find ways to gain more control of computers, and eventually will try to directly attack other operating systems and make them illegal.

You're wrong on the "eventually" part. This campaign against other operating systems, as well as other technologies that threaten MS's dominance. What do you think the SSSCA/CBDTPA/S. 2048 bill is all about? Why do you think that Intel, IBM, and just about every other major tech company is screaming that they're scared shitless about this bill? Right now, Microsoft is going for checkmate in the technology game and this bill is their first move in their campaign. Should Microsoft even partially succeed in this campaign to bring every other tech company to its knees and force them to pay tribute (both financially and in policy matters) to Redmond, Microsoft will become the most powerful modern corporation in history.

Although this legislation has the proverbial snowball's chance of passing this time around, I feel that its main provisions will be enacted by the end of the decade unless Congress and Microsoft both get bludgeoned severely. These provisions may get enacted in a piecemeal fashion, but the two factors that will cause S. 2048 to become law are (a) Microsoft's huge war chest from which it can make "campaign contributions" and (b) Congress's tendancy to accept these "contributions" in exchange for favorable legislation for the contributor. The most obnoxious part of this legislation is the fact that it requires all hardware made in or imported to the United States to implement one DRM scheme dictated either by industry consensus or by the Commerce Department in 12 to 18 months if the industry can't reach a consensus. In addition, antitrust concerns will not be applicable to the process of reaching this DRM standard.

Here's the killer for all the other players in the tech industry: Microsoft holds most of the important patents for implementing DRM in software as well as major portions of implementing it in hardware. Unless another company's DRM research pans out no later than a year after this provision were to become law, there would be no alternative to whatever scheme Microsoft comes out with. Then, the Commerce Department would then impose the Microsoft standard on the nation's technology industry, extending Microsoft's grasp from the PC world to a significant portion of the U.S. GNP. Sun and IBM would be at the mercy of Microsoft, and since these companies are enemies of Gates & Co., it is likely that Microsoft would be able to use its control over these DRM patents to marginalize or even destroy these companies by making it impossible for these competitors to release new, innovative products that would, by law, include these DRM technologies.

Intel, AMD, Cisco, and other companies that primarily make hardware and most importantly don't produce software products that compete head-on with Microsoft's will also have a harder time profiting. Though it wouldn't be in MS's interest to destroy them, the folks in Redmond would be interested in taxing these companies based on a portion of their revenues for access to DRM technologies that they would need to sell new products. And MS would probably also wield enough muscle to force AMD and Intel to design future processors to run only future versions of Windows. If the Pentium 7 proved capable of running Linux, BeOS, or even Windows 2000, Microsoft could flush Intel down the drain faster than you can say "Enron."

Intel and IBM have advocated that the market determine the fate of DRM schemes. This will allow American businesses and consumers to determine which ones get adopted and which ones fall away. It should not be the government's right to state that Americans have the choice of buying a PC with Palladium installed or not buying a PC at all. It especially is not the government's prerogative to grant a company what is effectively an unregulated monopoly to a major portion of the U.S. economy, as every software and computer hardware company would be under the foot of Microsoft in a post SSSCA world.

We Americans like to boast about the fact that we reap the benefits of participating in a "capitalist" economy. Capitalism, in the ideal sense of the word, has never been practiced in history, just as communism has never been truly enacted in a country. If you define capitalism as the "Golden Rule" of "he who has the gold rules", then perhaps by vision of capitalism should really be called "laissez-faire socialism" or something. In my book, as soon as a movie studio buys the DMCA, or Microsoft buys the CBDTPA, or any other company purchases legislation that treats itself or its industry differently than the rest of the economy, it's proof that the U.S., like the rest of the world, is really a plutocracy. I think that the Microsoft situation is really just a symptom of a much larger illness of the American economy.

The next several years will determine the fate of the American economy and as well as the U.S. role in world affairs for the next several generations. This claim covers a lot more than Microsoft. It covers the tendancy of the U.S. government allowing Big Business to take on a bigger and bigger role in dictating legislation and policy matters. It may be that the Enron and WorldCom fiascos, the mega-mergers of the 1990s, the artificial "oil crisis" that caused the price of gasoline to exceed $2.50/gallon in some parts of the U.S., and the tens of billions of dollars worth of tax breaks that major employers across the country have been able to extort from cities and states have pissed Americans to the point where they feel the pendulum has to start moving the other way. I really hope we've reached that point, because if we're not there now, things may never change. If we were to continue on the present course, I think in the next 30 years, we're going to see the game of capitalism end once and for all, and the handful of winners of that game forming an oligarchy that will control the U.S. and its sphere of influence for the forseeable future. We would get to the point where each major sector of the economy is subject to the stranglehold one company which carries enough power to destroy any challenger to its market share before it can gain a foothold. There would be one dominant software company (in this post I have discussed my fear that this would be Microsoft), one dominant electronics company, one dominant energy company, one dominant bank, one dominant food supplier. The U.S. was actually pretty close to this point shortly after 1900, with Standard Oil, Ma Bell, the bank trusts and the like, and it took a remarkable shift in government policy (antitrust laws, worker safety laws, etc.) to change the American economy into a more truly competitive game. The U.S. is nearing the high-water mark of industry consolidation reached at the beginning of the 20th century. The industry consolidation scenario has repeated itself; I really hope that the popular uprisings that occured as a result of that are about to repeat themselves too.

Please tell me that the scenarios I've described are unrealistic. I really hope I'm being paranoid and that Microsoft will become merely a player and not The Player of the 2010's technology industry. IBM was stopped in the 1970's and 1980's in the courts (ironically enough it was never even convicted of antitrust violations), hopefully Microsoft will be next.

Re:Hmm

[ryanr]

mmm...Troll food. I'll answer anyway.

Most companies' idea of DRM limits you as to where you can put your music. And that measn not allowing it go go on a device that doesn't support the right flavor if DRM, if it supports it at all.

So, example scenarios:

You buy a $500 MP3 player device. It works great for a while hooked up to your Windows box. MS kicks on DRM one day, and you can't upload music to it anymore. It might be your rightfully-owned music, mind you... you could have ripped them all yourself from your own CDs.

Microsoft decides that MP3 files can't properly support DRM like WMA files can. So, they turn off the ability to play MP3, or maybe they delete them, or convert them to WMA. Since your portable player doesn't support WMA, you're screwed. Oh, and MS just happens to benefit financially since they control the WMA format, codecs, etc...

Maybe they do something really silly like force you to put the physical music CD in your drive whenever you want to play a digital song that was ripped from that album. Sounds stupid, I know, but what was the last game you played on CD that didn't require the disk in the drive to run?

The basic problem is that someone else's idea of what is reasonable to do with digital music will rarely match up with mine. I want to take a CD I bought, and pretty much use the music on any device I have that can play music. The problem is, of course, that the ability to do so also gives me the ability to share music on Kazaa if I choose.

I'm not neccessarily trying to argue that sharing music is legal or right (though I do believe the music companies are idiots for their handling of the situation.) I'm just saying that if I'm to retain my ability to play my music on any device that I want, I will also retain my ability to share it, that's just how it works.

Fortunatly, the cat is well out of the bag, and it's just not possible from a technical standpoint to prevent someone who can code and build their own machines from doing so. There are just too many MP3, Ogg, whatever players out there, and too many free OSes to stop it.

They would have to make it illegal to have hardware that would cooperate with the software of your choice. They would have to make it illegal to reverse-engineer systems in the privacy of my own home for my own use. They would have to make it illegal to attempt to bypass copy protection mechanisms, or even discuss it. They would have to give the copyright holders what amounts to police powers to show up at any time, and demand to see your license documentation under penalty of decades in prison.

Oh, wait...

Re:Corporate users can't install that

[marxmarv]

Fuck that too. As a system administrator, I refuse to work at a company where all developers have unlimited root access on the production network. I've seen too much stomping about production by developers (and their code) with no sense of Tao, and it's made my life incredibly frustrating in the past. There's no reason for you to be noodling about anywhere near production if the app is well-designed, well-partitioned from the system and keeps its tentacles out of everything.

I've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.

If your code is a web application, there is no reason, alibi or excuse for your code to run as root, to write files outside of its own chroot jail, to run privileged code, or to bind to privileged ports UNLESS your site uses custom Apache modules or is so big that it must use ASLB. That said, it's nice if a workstation's /usr/local is writable by the user of that workstation and IS leaves a pristine read-only copy around for you or them to rsync if the need arises.

If you develop on Windows, well, there's your problem.

-jhp

Re:Hmm

[carambola5]

They would have to make it illegal to have hardware that would cooperate with the software of your choice.

Microsoft is well on their way to making hardware do this by itself. Then, all they have to do is invest a little more in America (ie: buy a few more Congressmen) and, voila, every computer in America has one of these suckers. Goodbye Linux. Goodbye ability to do whatever you want with your own music.

been that way for a while

[jd142]

So we're updating machines at work to w2k by flashing an image on to the hard drive. Being the nice people we are, we've even backed up people's music for them. When we restored one woman's music, media player refused to run until it had been updated. So I updated it, checked that it ran the little demo it comes with and left. 10 minutes later I get a call that it won't play her music. Turns out that because the music had been ripped on what it thought was another machine, it refused to play it. Never mind that the hardware was exactly the same, except for the addition of 128 megs of ram. The hd had been formatted and a new os installed (essentially) so as far as media player was concerned, the files were now on a different pc and so it wouldn't play them.

I tried to explain to her that Bill Gates thought she was stealing music. I'm not sure it took though; I think she secretly thought we weren't letting her play it. Yeah, we'll back up a gig of music on the tape, spend the time restoring them and then not let you play them. She eventually just said she'd bring the cd's in again.

There may have been a way around all this, but for such an obvious non work related thing, wasn't going to do it. Didn't feel like installing winamp because she'd been so annoying and whiny about the whole thing.

Re:Legality of EULA

[sjames]

How is this interesting? When you sign or accept a contract, you are bound to it, whether you read and understand it or not. If you don't understand it, don't agree to it until you do understand it.

I note that most EULAs reservie the right to change the EULA at any time without notice. How about if when I click 'I Agree', I also say I hereby claim the right to alter this agreement at any time by posting notice in my underwear drawer!

Why not, it's just as fair. If the corporations don't like it, they shouldn't accept my money. If the courts have any sense of fairness left in them, they will either uphold both or rule both to be invalid.

Forget the EULA, watch for the *next* patch

[schmaltz]

This EULA's a precurser to M$ actually installing DRM and anti-anti-DRM software on your computer as part of the next security patch.

Re:automatic EULA remover

[Stary]

How could you be liable for something you never accepted? What about if somebody else installs a program on my computer with an EULA that says that Evil. Inc has the right to confiscate any computer equipment that runs this software? That's a bit like holding me liable for a contract you wrote while in my apartment. Or how about if Windows came pre-installed on my computer? Or what about if I bought the computer used with all the programs installed already?

Let's take it from another angle: You buy an ice cream. When you open the wrap cover, you find a small agreement saying "in order to eat this ice cream, you must agree to also stand on your head and make a sound like a horny lion, ten times, in a public place". So what do you do, sign it or return the ice cream? No, because tossing it into the nearest waste basket would make your afternoon a nice walk in the park enjoying your ice cream - since just because somebody tries to force you into "agreeing" to something before using a product doesnt mean it's illegal for you to use it without agreeing.

A side note: That'd be "truth" you're looking for.

Hold on... What about auto-update?

[rakslice]

If this patch was distributed through Windows Update as a critical update, and thus was auto-installed on my machine through my XP Auto-Update configuration, then it's not like I've agreed to a new EULA, right? It was automatically installed; I was never given an opportunity to disagree to a new license.

Buy console for games, computers for work.

[moncyb]

You say the cons for Linux and Macs are that they don't have many games. However, why not just buy gaming consoles for play. There are at least two non-Microsoft competitors in that market--Sony and Nintendo. Maybe some of you have reasons not to like them (they seem to be obsessed with copy protection too), but I think they are much better alternatives to MS. As an extra bonus, you don't have to mess with hardware configurations and stupid compatiblity problems, or wait for long boots...

...and yes there are games that are computer only, however it seems to me that recently all the good games are on console anyway, and the computer game section of stores are almost dead. I mean last time I looked, The Sims was the most exciting game there! Lame.

Mission

[ruvreve]

A mission for the enraged /. reader, discover what server(s), domains, IP addresses access a windows PC to check for DRM compliance and disable software.

Then publish this information on every website possible and allow everybody to update their firewalls blocking any sort of access to these places. And MAYBE send the information to Linksys so they can put a option in their "DSL/Cable Router" to block any sort of access to it.

Linksys may be able to increase sales by advertising just this feature to the average consumer.

Ok, so what.

[WhiteKnight07]

Just find somebody who is less than 18 years old to install it. Since they are a minor and therefore unable to enter into a binding contract the EULA is void.

Missing the Point

[tlambert]

All of you people talking about removing/subverting/ignoring/legally challenging/etc. the EULA are ignoring an important fact.

It doesn't *matter* if you legally accept the terms of the EULA or not, since those terms merely spell out *how the software will operate anyway*.

Say there is a magic "Get out of EULA Free" card that came with your Microsoft Monopoly game.

Say you use it.

That's not going to stop the software from disabling other software on your machine, interfering with its operation in a supposed attempt to ensure "Digital Rights" are observed, or installing other components into your OS automatically, without asking you for permission.

The software *doesn't know from EULA*.

In other words, you can debate the legality all you want, but that's not going to change how the code operates, once it has been installed on your machine.

-- Terry

Re:automatic EULA remover

[ceejayoz]

The Windows box has an EULA on it that you accept by opening the box. Using the program means accepting the EULA, even if you hack the program to hide the EULA on install. Go on, try this out in court, they'll laugh at you... "Yes, your Honor, I illegally altered the program so that it wouldn't show me the agreement, so I don't have to follow the agreement! Haha!"

Why I no longer work in technology

[marxmarv]

As a janitor, I refuse to work at a company where employees are allowed to eat in their offices.

Not quite an accurate analogy. As a clean room scrubber, I refuse to work at a company where employees are permitted to eat in the clean room. Or as a plumbing technician, I refuse to work at a company where employees are encouraged to flush everything down the loo and don't know better than to pee all over the floor. I simply refuse to work in places where people are permitted or, worse, encouraged to wallow in their own idiocy and create train wrecks on a daily basis and compel someone else to mop it up for them without the least bit of respect or deference.

In many situations, system administrators are responsible for system uptime and often given zero authority to enforce, create or even suggest policies which get in the way of whiny developers, regardless of the resultant increase in code quality[1]. Talented software engineers are a lot harder to find than talented system administrators because hiring managers perversely ignore most of the people who can do the job right, merely because said applicants are over 35. Most companies would rather try to replace a sysadmin than a software engineer because the chief job of the system administrator in a small-to-midsize organization is to hide and absorb institutional incompetence.

Then again, any software engineer who would demand root on a production system is probably insufficiently skilled to understand basic computing concepts like "separation of privilege" (as seen very recently in OpenSSH), "compartmentalization", "principle of least surprise", and so forth. Far from being engineers in any sense of the term, they're at best "code jockeys" and ought to be physically beaten on a daily basis with classic computer science texts. 90% of them are nothing more than whiners with degrees, and the other 10% design software for the users -- all of them including the poor sot who has to restart that crashy server at 2am every second or third morning.

So, if you can afford to turn down jobs because the software engineers have root access, then hooray for you. But you don't want to get in a pissing contest like that at most companies because the developers will usually win.

I left the technology industry about a year ago, and until more of the antipatterns shake out I don't plan on returning. Unfortunately, the corporate circle jerk has much invested in maintaining these antipatterns so I don't expect the situation will get better soon. As much antipathy as I have for people, professional body piercing sounds like a far preferable career with less bullshit and higher hourly pay. For that matter, so would pizza delivery or auto parts order desk.

-jhp

Re:Use GDIVX and Tiny Personal Firewall 3

[imr]

it seems to me that this news is about the right this eula gives them to actually disable those programs because they do the kind of services you describe.
Fishy, isn't it?
Can you still talk about a free market if those kind of eulas are legal?