Microsoft Media Player "Security Patch" Changes EULA Big Time

MobyTurbo writes "In an article on BSD Vault a careful reader posts that in the latest Windows Media Player security patch, the EULA (the "license agreement" you click on) says that you give MS the right to install digital rights management software, and the right to disable any other programs which may circumvent DRM on your computer." So if you want your machine secure, you also want microsoft to have free reign on your PC.

extortion

[s20451]

How can it be that they can change the EULA in order to disseminate a security patch? Isn't this essentially extortion? If I disagree with the EULA, and someone exploits the security hole the patch was designed to fix, can Microsoft be held liable?

Re:extortion

[rabtech]

No, because most companies reserve the "right" to change the terms of the EULA, without notification, at ANY TIME.

The whole concept of the EULA is so silly... I really hope it gets tossed out of court ASAP. Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?

Re:extortion

[donutello]

No, because most companies reserve the "right" to change the terms of the EULA, without notification, at ANY TIME.

Horseshit! You can't change a EULA without notification. This is Contract Law 101. You can't change a contract unilaterally. Show me a EULA which reserves the right to change itself without notice and I'll show you a EULA that has no feet to stand on.

The whole concept of the EULA is so silly... I really hope it gets tossed out of court ASAP. Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?

The concept of a EULA is not silly. A paper signature is only one way to prove that you actually indulged in the transaction. It is not necessary to prove that you actually did. And nowhere can anyone change the terms of a contract without notifying you or getting your agreement on the changes. It hasn't happened in this instance and won't happen ever.

Re:extortion

[ImaLamer]

I agree.

In the only _real_ law book I've read on the subject, which reads as easy as applied cryptography's first few chapters(seriously, it's very basic the hard shit follows), explains that a contract contains a portion where they must provide something while you must also. Either party fails to provide it's side of the deal the contract is null or goes into despute (court)

No one party can change lines of a contract or edit the final conditions without the users consent (read:signature). Of course clicking YES to the new one _could_ be the same ... i hope not...

automatic EULA remover

[Jucius+Maximus]

I remember some weeks back that someone had posted a script pointing to an auto-EULA remover for microsoft installers. Can that person please post their link again?

Re:automatic EULA remover

[xenoweeno]

The EULA remover is here thanks to DejaGoogle.

Re:automatic EULA remover

[rmohr02]

That may not work on M$ products because on the box it says the user must agree to the enclosed EULA before using the program. If they don't agree, the box says they can return it, even when it's opened. Thus using the EULA remover wouldn't accomplish anything.

Re:automatic EULA remover

[Stary]

How could you be liable for something you never accepted? What about if somebody else installs a program on my computer with an EULA that says that Evil. Inc has the right to confiscate any computer equipment that runs this software? That's a bit like holding me liable for a contract you wrote while in my apartment. Or how about if Windows came pre-installed on my computer? Or what about if I bought the computer used with all the programs installed already?

Let's take it from another angle: You buy an ice cream. When you open the wrap cover, you find a small agreement saying "in order to eat this ice cream, you must agree to also stand on your head and make a sound like a horny lion, ten times, in a public place". So what do you do, sign it or return the ice cream? No, because tossing it into the nearest waste basket would make your afternoon a nice walk in the park enjoying your ice cream - since just because somebody tries to force you into "agreeing" to something before using a product doesnt mean it's illegal for you to use it without agreeing.

A side note: That'd be "truth" you're looking for.

Re:automatic EULA remover

[ceejayoz]

How could you be liable for something you never accepted?

'cause if you're proactively downloading a EULA remover, you're not exactly using the software legally. You obviously knew there was a contract but tried to get around it. "Oh, officer, I didn't have to stop there because I cut down the stop sign and took it home!"

Re:automatic EULA remover

[ceejayoz]

The Windows box has an EULA on it that you accept by opening the box. Using the program means accepting the EULA, even if you hack the program to hide the EULA on install. Go on, try this out in court, they'll laugh at you... "Yes, your Honor, I illegally altered the program so that it wouldn't show me the agreement, so I don't have to follow the agreement! Haha!"

Re:automatic EULA remover

[ceejayoz]

You purchased the software. You have a right to use the disk and manual you purchased in any way you see fit.

WRONG! WRONG WRONG WRONG! Most software purchases are in fact licenses, with terms of use and the option for the company to revoke your license.

This has been held up by the courts, so don't spout some BS about how it's illegal and doesn't matter anyways.

Security Patches are the getting worse

[peterdaly]

I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand. I maintain a web site that basically sells access to TIFF imaged documents. All of a sudden we had about a hundred pissed off customers (some not wanting to pay their bill) because _WE_ broke access to the information that runs their businesses. As each customer ran windows update, our website broke. Of course they all say they have not installed any new software, which makes it all the more difficult to troubleshoot until the problem was figured out.

MS is without a doubt throwing non-security things into "security patches", and I for one don't like the unadvertised "featues" one bit.

-Pete

Corporate users can't install that

[Animats]

If you're in a large company, contact your legal department immediately. That's a serious issue, because it gives Microsoft the unlimited right to destroy any software on your machine. That's not something the individual employee is authorized to agree to.

Re:Corporate users can't install that

[BurritoWarrior]

If you're in a large company and individual users have the rights/permissions to install software/patches on their machines -- short your own stock, you're in more trouble than just a EULA. :)

Re:Corporate users can't install that

[startled]

Fuck that. As a software developer, I refuse to work at a company that doesn't give me the right to run my machine the way I see fit.

I've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.

Re:Corporate users can't install that

[marxmarv]

Fuck that too. As a system administrator, I refuse to work at a company where all developers have unlimited root access on the production network. I've seen too much stomping about production by developers (and their code) with no sense of Tao, and it's made my life incredibly frustrating in the past. There's no reason for you to be noodling about anywhere near production if the app is well-designed, well-partitioned from the system and keeps its tentacles out of everything.

I've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.

If your code is a web application, there is no reason, alibi or excuse for your code to run as root, to write files outside of its own chroot jail, to run privileged code, or to bind to privileged ports UNLESS your site uses custom Apache modules or is so big that it must use ASLB. That said, it's nice if a workstation's /usr/local is writable by the user of that workstation and IS leaves a pristine read-only copy around for you or them to rsync if the need arises.

If you develop on Windows, well, there's your problem.

-jhp

Re:Corporate users can't install that

[Anonymous+DWord]

hint:-shift the letters in HAL one down

GZK?

Scary

[scotfl]

These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer.

Now there's a particularly nasty line. It starts off with DRM for 'Secure Content' (which I guess is M$'s new term for protected IP), but then it expands into 'Other Programs'. Which means, MS is now reserving the right to disable any program they don't like.

Furthermore, the patch that disables the program will "will be automatically downloaded onto your computer," without your knowledge. But, the real kicker is this one (my favourite line):

If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.

So even if they send out patches killing off all non-MS software, they can bury a notice so deep in microsoft.com that no one will ever find it, and claim (correctly) they are going above and beyond the EULA. Damn, I'm glad I use Macs and NetBSD.

Groan....

[cybermace5]

One of these days they will go too far.

Every move Microsoft has made follows
Machiavellian politics to the letter.

It's no longer about money, it's about
power. Microsoft will continue to find
ways to gain more control of computers,
and eventually will try to directly
attack other operating systems and make
them illegal. Microsoft doesn't even have
to worry about serving customers anymore.
There's almost too much momentum to over-
come here, folks. The only way that our
computers will belong to us in the future
is to make sure that we control how they
are used. Keep the hardware in the hands
of smaller manufacturers who have to
compete. Keep the software in the public
domain wherever possible.

At this point, even Apple looks good com-
pared to Microsoft. They have to listen
to their customers, they have adopted con-
cepts from better operating systems and
made it easier for users to use a com-
puter for any purpose they desire.

It doesn't matter what OS you use; BSD, Linux,
Solaris, or any of the other options. But by
choosing something other than Windows you
will help keep control in your hands. At this
point it would take thirty years for Microsoft
to go out of business, but we need to be looking
ahead. Do not accept these incremental attacks
on your freedom.

Re:Groan....

[kadehje]

Microsoft will continue to find ways to gain more control of computers, and eventually will try to directly attack other operating systems and make them illegal.

You're wrong on the "eventually" part. This campaign against other operating systems, as well as other technologies that threaten MS's dominance. What do you think the SSSCA/CBDTPA/S. 2048 bill is all about? Why do you think that Intel, IBM, and just about every other major tech company is screaming that they're scared shitless about this bill? Right now, Microsoft is going for checkmate in the technology game and this bill is their first move in their campaign. Should Microsoft even partially succeed in this campaign to bring every other tech company to its knees and force them to pay tribute (both financially and in policy matters) to Redmond, Microsoft will become the most powerful modern corporation in history.

Although this legislation has the proverbial snowball's chance of passing this time around, I feel that its main provisions will be enacted by the end of the decade unless Congress and Microsoft both get bludgeoned severely. These provisions may get enacted in a piecemeal fashion, but the two factors that will cause S. 2048 to become law are (a) Microsoft's huge war chest from which it can make "campaign contributions" and (b) Congress's tendancy to accept these "contributions" in exchange for favorable legislation for the contributor. The most obnoxious part of this legislation is the fact that it requires all hardware made in or imported to the United States to implement one DRM scheme dictated either by industry consensus or by the Commerce Department in 12 to 18 months if the industry can't reach a consensus. In addition, antitrust concerns will not be applicable to the process of reaching this DRM standard.

Here's the killer for all the other players in the tech industry: Microsoft holds most of the important patents for implementing DRM in software as well as major portions of implementing it in hardware. Unless another company's DRM research pans out no later than a year after this provision were to become law, there would be no alternative to whatever scheme Microsoft comes out with. Then, the Commerce Department would then impose the Microsoft standard on the nation's technology industry, extending Microsoft's grasp from the PC world to a significant portion of the U.S. GNP. Sun and IBM would be at the mercy of Microsoft, and since these companies are enemies of Gates & Co., it is likely that Microsoft would be able to use its control over these DRM patents to marginalize or even destroy these companies by making it impossible for these competitors to release new, innovative products that would, by law, include these DRM technologies.

Intel, AMD, Cisco, and other companies that primarily make hardware and most importantly don't produce software products that compete head-on with Microsoft's will also have a harder time profiting. Though it wouldn't be in MS's interest to destroy them, the folks in Redmond would be interested in taxing these companies based on a portion of their revenues for access to DRM technologies that they would need to sell new products. And MS would probably also wield enough muscle to force AMD and Intel to design future processors to run only future versions of Windows. If the Pentium 7 proved capable of running Linux, BeOS, or even Windows 2000, Microsoft could flush Intel down the drain faster than you can say "Enron."

Intel and IBM have advocated that the market determine the fate of DRM schemes. This will allow American businesses and consumers to determine which ones get adopted and which ones fall away. It should not be the government's right to state that Americans have the choice of buying a PC with Palladium installed or not buying a PC at all. It especially is not the government's prerogative to grant a company what is effectively an unregulated monopoly to a major portion of the U.S. economy, as every software and computer hardware company would be under the foot of Microsoft in a post SSSCA world.

We Americans like to boast about the fact that we reap the benefits of participating in a "capitalist" economy. Capitalism, in the ideal sense of the word, has never been practiced in history, just as communism has never been truly enacted in a country. If you define capitalism as the "Golden Rule" of "he who has the gold rules", then perhaps by vision of capitalism should really be called "laissez-faire socialism" or something. In my book, as soon as a movie studio buys the DMCA, or Microsoft buys the CBDTPA, or any other company purchases legislation that treats itself or its industry differently than the rest of the economy, it's proof that the U.S., like the rest of the world, is really a plutocracy. I think that the Microsoft situation is really just a symptom of a much larger illness of the American economy.

The next several years will determine the fate of the American economy and as well as the U.S. role in world affairs for the next several generations. This claim covers a lot more than Microsoft. It covers the tendancy of the U.S. government allowing Big Business to take on a bigger and bigger role in dictating legislation and policy matters. It may be that the Enron and WorldCom fiascos, the mega-mergers of the 1990s, the artificial "oil crisis" that caused the price of gasoline to exceed $2.50/gallon in some parts of the U.S., and the tens of billions of dollars worth of tax breaks that major employers across the country have been able to extort from cities and states have pissed Americans to the point where they feel the pendulum has to start moving the other way. I really hope we've reached that point, because if we're not there now, things may never change. If we were to continue on the present course, I think in the next 30 years, we're going to see the game of capitalism end once and for all, and the handful of winners of that game forming an oligarchy that will control the U.S. and its sphere of influence for the forseeable future. We would get to the point where each major sector of the economy is subject to the stranglehold one company which carries enough power to destroy any challenger to its market share before it can gain a foothold. There would be one dominant software company (in this post I have discussed my fear that this would be Microsoft), one dominant electronics company, one dominant energy company, one dominant bank, one dominant food supplier. The U.S. was actually pretty close to this point shortly after 1900, with Standard Oil, Ma Bell, the bank trusts and the like, and it took a remarkable shift in government policy (antitrust laws, worker safety laws, etc.) to change the American economy into a more truly competitive game. The U.S. is nearing the high-water mark of industry consolidation reached at the beginning of the 20th century. The industry consolidation scenario has repeated itself; I really hope that the popular uprisings that occured as a result of that are about to repeat themselves too.

Please tell me that the scenarios I've described are unrealistic. I really hope I'm being paranoid and that Microsoft will become merely a player and not The Player of the 2010's technology industry. IBM was stopped in the 1970's and 1980's in the courts (ironically enough it was never even convicted of antitrust violations), hopefully Microsoft will be next.

Re:Hmm

[ryanr]

mmm...Troll food. I'll answer anyway.

Most companies' idea of DRM limits you as to where you can put your music. And that measn not allowing it go go on a device that doesn't support the right flavor if DRM, if it supports it at all.

So, example scenarios:

You buy a $500 MP3 player device. It works great for a while hooked up to your Windows box. MS kicks on DRM one day, and you can't upload music to it anymore. It might be your rightfully-owned music, mind you... you could have ripped them all yourself from your own CDs.

Microsoft decides that MP3 files can't properly support DRM like WMA files can. So, they turn off the ability to play MP3, or maybe they delete them, or convert them to WMA. Since your portable player doesn't support WMA, you're screwed. Oh, and MS just happens to benefit financially since they control the WMA format, codecs, etc...

Maybe they do something really silly like force you to put the physical music CD in your drive whenever you want to play a digital song that was ripped from that album. Sounds stupid, I know, but what was the last game you played on CD that didn't require the disk in the drive to run?

The basic problem is that someone else's idea of what is reasonable to do with digital music will rarely match up with mine. I want to take a CD I bought, and pretty much use the music on any device I have that can play music. The problem is, of course, that the ability to do so also gives me the ability to share music on Kazaa if I choose.

I'm not neccessarily trying to argue that sharing music is legal or right (though I do believe the music companies are idiots for their handling of the situation.) I'm just saying that if I'm to retain my ability to play my music on any device that I want, I will also retain my ability to share it, that's just how it works.

Fortunatly, the cat is well out of the bag, and it's just not possible from a technical standpoint to prevent someone who can code and build their own machines from doing so. There are just too many MP3, Ogg, whatever players out there, and too many free OSes to stop it.

They would have to make it illegal to have hardware that would cooperate with the software of your choice. They would have to make it illegal to reverse-engineer systems in the privacy of my own home for my own use. They would have to make it illegal to attempt to bypass copy protection mechanisms, or even discuss it. They would have to give the copyright holders what amounts to police powers to show up at any time, and demand to see your license documentation under penalty of decades in prison.

Oh, wait...

Re:MS/Borg

[uncoveror]

Time to kick media player to the curb, and use winamp, quicktime, realone, or anything else. Just take steps not to install the spyware if you use real. Do a custom install, not the quick install, and uncheck the things you don't need.

Legality of EULA

[javacowboy]

Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?

This is an interesting point. How legally binding *IS* the EULA? It's generally accepted that in internet transactions involving credit card numbers, a customer can at any time deny having made the transaction. Without a signature, there's no way to PROVE that the customer made the transaction: they can't take that customer to court. This is why there is a much larger allowance for bad debts on online credit card transactions. In a real-life transaction with a carbon copy, all they need is your signature to prove that you made the transaction, and they can sue you.

In that vein, how can the EULA possibly be legally binding? I can see how the signature on the invoice for their computer or copy of Windows, they could be held liable. However, how can I user clicking on "OK" in a upgrade screen be legally binding?

I don't understand how the judicial/legislative system has allowed them to get away with this, whereas credit card companies are screwed on fraudulent online transactions. This doesn't make any sense to me. Some court somewhere should be able to strike down the EULA as non-binding contracts, due to the lack of a customer signature or any other proof that the customer entered the transaction.

Re:Legality of EULA

[sjames]

How is this interesting? When you sign or accept a contract, you are bound to it, whether you read and understand it or not. If you don't understand it, don't agree to it until you do understand it.

I note that most EULAs reservie the right to change the EULA at any time without notice. How about if when I click 'I Agree', I also say I hereby claim the right to alter this agreement at any time by posting notice in my underwear drawer!

Why not, it's just as fair. If the corporations don't like it, they shouldn't accept my money. If the courts have any sense of fairness left in them, they will either uphold both or rule both to be invalid.

Re:Legality of EULA

[Arandir]

How legally binding *IS* the EULA?

The unfortunate state of civilization today is that it is governed by men and not by laws. Thus it doesn't matter whether a EULA (any EULA) is legally binding or not. All that matters is that enough people think they are.

In terms of the law, most EULAs are completely invalid. Exercise of pre-existing rights is considered assent. There is a total lack of consideration. And there is no way to verify that a particular "licensee" has even seen the contract.

In terms of Rule by Fallible Human Beings, EULAs are completely valid if you can get enough people to believe that they are valid. But even if you can't, you can still take them to court and draw out the process to bleed them dry until the give in and settle.

I don't understand how the judicial/legislative system has allowed them to get away with this, whereas credit card companies are screwed on fraudulent online transactions.

The difference is easy. The average person cares about losing money. But the average person is very ignorant about their legal rights with regards to copyrightable materials, especially when it concerns software.

Wait until some large company starts putting the screws to enough people. Then the situation will change. Bankrupt enough grandmas in court for EULA violations, and the public opinion will change.

PNG packs tighter than TIFF

[yerricde]

I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand.

Actually, it was Microsoft dropping support for Netscape plug-ins such as QuickTime 5 because of a patent dispute.

I maintain a web site that basically sells access to TIFF imaged documents.

Adobe TIFF has three common lossless modes: Apple PackBits (RLE algorithm used in MacPaint and at least one NES game), CCITT Fax (a strange bilevel image codec used by fax machines), and Unisys LZW. PNG, on the other hand, uses Phil Katz's Deflate (LZSS on a 32 KB window, followed by Huffman coding), which makes smaller files than any of TIFF's three algorithms.

What does TIFF do that PNG doesn't?

Re:PNG packs tighter than TIFF

[dvdeug]

PNG, on the other hand, uses Phil Katz's Deflate (LZSS on a 32 KB window, followed by Huffman coding), which makes smaller files than any of TIFF's three algorithms.

TIFF has a deflate compression scheme too, though not everyone supports it. TIFF can be smaller; CCITT Fax, which is designed for bilevel text, actually works better than PNG for bilevel text.

What does TIFF do that PNG doesn't?

JPEG. Multiple images in one picture; libtiff's registered tags allow for a 3D scan to be stored in one file as a series of slices. Thumbnails can be included by the same mechanism. It can also be used like PDF, in holding an entire document in one file. It provides for anyone to register new tags, for arbitary extension. It's an extraordinarily flexible file format.

Re:PNG packs tighter than TIFF

[ncc74656]

What does TIFF do that PNG doesn't?

Does PNG support multiple images in one file? Don't take this as a troll...I've had fax software that would store all the pages of an incoming fax in a single TIFF file that could be viewed/printed/etc. Does PNG support a similar capability?

(For images on a website that you don't want to put through JPEG losses, PNG rocks.)

Things Microsoft might do under this EULA

[Animats]

Some things to expect that Microsoft might do, and would now be allowed to do.

• Register all file types understood by Microsoft Media Player (.avi, .mp3, etc.) to Media Player and not let go. Prevent any assignment of those types to another player. This enforces the "requirement" that content be played through a "DRM compliant" player. (That's a likely plan; Microsoft software has been notorious for grabbing control of file types. So far, you've usually been able to make it let go.)
• Compute a digital fingerprint of played content and check with a Microsoft server to see if it's pirated. This would make the RIAA and MPAA very happy. (Isn't this already being done for audio CDs, to get the title info?)
• Check for "pirate" file sharing clients and turn them off. (Probably not for a while, but possible.)

This is the stuff the RIAA has been asking Congress for, but Congress hasn't gone along with it. Now it's coming in through the back door.

And notice that this system includes a back door, through which Microsoft can secretly install new software that takes away functions or spies on you.

Re:Two questions

[birder]

You can remove wmplayer.exe and rename mplayer2.exe (in the same directory) to wmplayer.exe

That's a start

Re:Easy choice

[ZaneMcAuley]

Securing software that you don't run?

If you dont run it (remove it even) how can it be a security risk? Common sense?

As for the adding ms to the hosts file, i was joking.

Re:MS/Borg

I pirated all my Microsoft software... does the EULA still apply to me?

Re:Brownie Points with DRM advocates

[kawika]

Yep. Take a look here to see Microsoft's plans for cozying up to the DRM folks. The strange thing is that the final presentation on "Mercury" isn't available. That was the most interesting one. It was about how the DRM software would manage rights for portable media players over the Internet using public/private keys. And of course, Microsoft runs this whole DRM infrastructure for a nice fee.

I was there for most of the live presentation, and during the Q&A someone got up and asked what would happen if the keys were compromised, for example someone found a way to hack the unique id in a player. The MS guy indicated that the keys for an entire brand/model of player could be shut off if necessary. The next question, of course, was how the buyers of those players would feel when their expensive players became useless. The MS guy said that the decision to shut off access wouldn't be Microsoft's, but they could do so on a court order, for example.

Why would someone want to buy a portable media player (or desktop media player for that matter) that could become worthless a few months later because someone else hacked it and rendered the DRM insecure? You wouldn't. Why would a manufacturer want to take the chance that they'd be involved in a messy class-action suit from customers because their portable media player now can't play music? They wouldn't.>/b>

I just can't see how this can come to pass.

Re:Hmm

[carambola5]

They would have to make it illegal to have hardware that would cooperate with the software of your choice.

Microsoft is well on their way to making hardware do this by itself. Then, all they have to do is invest a little more in America (ie: buy a few more Congressmen) and, voila, every computer in America has one of these suckers. Goodbye Linux. Goodbye ability to do whatever you want with your own music.

been that way for a while

[jd142]

So we're updating machines at work to w2k by flashing an image on to the hard drive. Being the nice people we are, we've even backed up people's music for them. When we restored one woman's music, media player refused to run until it had been updated. So I updated it, checked that it ran the little demo it comes with and left. 10 minutes later I get a call that it won't play her music. Turns out that because the music had been ripped on what it thought was another machine, it refused to play it. Never mind that the hardware was exactly the same, except for the addition of 128 megs of ram. The hd had been formatted and a new os installed (essentially) so as far as media player was concerned, the files were now on a different pc and so it wouldn't play them.

I tried to explain to her that Bill Gates thought she was stealing music. I'm not sure it took though; I think she secretly thought we weren't letting her play it. Yeah, we'll back up a gig of music on the tape, spend the time restoring them and then not let you play them. She eventually just said she'd bring the cd's in again.

There may have been a way around all this, but for such an obvious non work related thing, wasn't going to do it. Didn't feel like installing winamp because she'd been so annoying and whiny about the whole thing.

How to take a stand and have it count

[Arcturax]

We can go through the courts but there is no guarantee you will win. In fact, if anything, you may do the opposite, set a precident that EULA's are legally binding.

So instead, you will just have to stop using Microsoft software. People bitch and moan and gripe but at the end of the day they sit down and load up Windows.

Well, if you really want an effective protest, you are going to have to change. There are some options and they are not as bad as they seem once you adjust!

First off, there is Linux.
Pros: Keep old hardware, plenty of free software available, WINE may let you play some Windows only games, large community of geeks who will likely help you for free if you get into trouble (a million places to go for "support"). EULA, if any, is not the work of the devil.
Cons: Limited number of games, some only available through WINE, need to learn UNIX (big curve for some people), some hardware may not work right or at all, ease of use is not all there yet. No office but there are alternatives which are getting better by the month.

There is also the Macintosh:
Pros: Extremely easy to use, rock solid OS which matches or exceeds the windows experience when it comes to user interface, cd burning from the desktop and overall user experience. Plug and play far superior to Windows and Linux. Good and rapidly growing supply of games and other software. OS is based on open source software (NetBSD) and Linux/UNIX software can and is being ported over (you can even replace your UI with Gnome or KDE if you wish!). Microsoft office is available as well as the open source alternatives ported to Mac OS X. Large fanatic user base who will often help out other Mac users in distress for free.
Cons: Not as many games/software choices as Windows, though this has improved imensely in the last 4 years. EULA may be the work of the devil, check Steve Job's receding hairline to see if horns are exposed. Mac OS X still a young OS and there will be bumps in the road. Last but not least, you will need a new computer and the hardware is a bit more expensive though this is made up for quality and an average usable lifetime of 4 years compared to 2 for a PC.

So you may have to make some sacrifices and changes, but you can give M$ the finger and still have a usable computing solution in your home or office.

Forget the EULA, watch for the *next* patch

[schmaltz]

This EULA's a precurser to M$ actually installing DRM and anti-anti-DRM software on your computer as part of the next security patch.

Logical Fallacy

[elmegil]

So if you want your machine secure, you also want microsoft to have free reign on your PC.

So obviously it's not possible to have your machine secure, because it won't be if you give MS free reign on your machine.

On patch, EULA doesn't display

[KMSelf]

Patching a number of systems at the office (my desktop's Debian GNU/Linux, but others suffer...), I noticed that the EULA dialog (digression #2: HTF is someone supposed to be able to read the text in a dialog that shows ~8 lines x 20 columns?) didn't present the EULA by the time I'd clicked the "Accept" button. This several times. And though we're running some older systems, this included a set of newer 1 GHz+ boxen.

What's the legal status of a contract which disappears "on approval" before it's been read?

Re:MS/Borg

[ceejayoz]

They don't use the engine separately, they just embed an instance of Media Player in the program. You'll have to have accepted the EULA to use them.

Hold on... What about auto-update?

[rakslice]

If this patch was distributed through Windows Update as a critical update, and thus was auto-installed on my machine through my XP Auto-Update configuration, then it's not like I've agreed to a new EULA, right? It was automatically installed; I was never given an opportunity to disagree to a new license.

Buy console for games, computers for work.

[moncyb]

You say the cons for Linux and Macs are that they don't have many games. However, why not just buy gaming consoles for play. There are at least two non-Microsoft competitors in that market--Sony and Nintendo. Maybe some of you have reasons not to like them (they seem to be obsessed with copy protection too), but I think they are much better alternatives to MS. As an extra bonus, you don't have to mess with hardware configurations and stupid compatiblity problems, or wait for long boots...

...and yes there are games that are computer only, however it seems to me that recently all the good games are on console anyway, and the computer game section of stores are almost dead. I mean last time I looked, The Sims was the most exciting game there! Lame.

My friend, it's called UCITA

[DaveWood]

IANAL, but until very recently, your suspicions were basically correct; company lawyers have their field day with shrink-wrap licenses but they're very very careful not to test the more exotic provisions in court.

That is, until they're safely set up inside a UCITA-adopting state.

Why, you ask? What's this UCITA anyway? Not another acronym. I'm too lazy to write another letter. Trying to keep my phone bill down. And I can never keep my boycotts straight once I get to the store.

From the mouth of the beast...

And on a slightly more ethical tip...

The FSF's writeup

And the CPSR's writeup...

Google will give you more.

Think your EULA's not binding? UCITA gives it all that 100%-All-American Bought and Paid For Congressional Stamp of Approval. Some democracy we have, huh?

-David

Another big win for Open Source

[Angst+Badger]

Years ago, it was a common observation that increasingly draconian and intrusive licensing agreements would lead to widespread adoption of Free and Open Source software. It hasn't been quite that dramatic, but it has been happening, mostly in Europe and elsewhere outside of the United States. But give it time -- the new MS EULA is a direct threat to corporate security. Joe Average may miss this point, but you can be sure that corporate IT security folks will flash on it as soon as they realize that they just agreed to be rooted by MS.

Mission

[ruvreve]

A mission for the enraged /. reader, discover what server(s), domains, IP addresses access a windows PC to check for DRM compliance and disable software.

Then publish this information on every website possible and allow everybody to update their firewalls blocking any sort of access to these places. And MAYBE send the information to Linksys so they can put a option in their "DSL/Cable Router" to block any sort of access to it.

Linksys may be able to increase sales by advertising just this feature to the average consumer.

Ok, so what.

[WhiteKnight07]

Just find somebody who is less than 18 years old to install it. Since they are a minor and therefore unable to enter into a binding contract the EULA is void.

Missing the Point

[tlambert]

All of you people talking about removing/subverting/ignoring/legally challenging/etc. the EULA are ignoring an important fact.

It doesn't *matter* if you legally accept the terms of the EULA or not, since those terms merely spell out *how the software will operate anyway*.

Say there is a magic "Get out of EULA Free" card that came with your Microsoft Monopoly game.

Say you use it.

That's not going to stop the software from disabling other software on your machine, interfering with its operation in a supposed attempt to ensure "Digital Rights" are observed, or installing other components into your OS automatically, without asking you for permission.

The software *doesn't know from EULA*.

In other words, you can debate the legality all you want, but that's not going to change how the code operates, once it has been installed on your machine.

-- Terry

There are conflicting versions of the EULA!!!

[Robber+Baron]

If you retreive the patch via windowsupdate(only works with IE), the EULA doesn't say ANYTHING about DRM or crippling your ability to access secure content!

What the hell? I thought the BSD article was a troll, but to be sure I checked out his links and sure enough, THAT version of the patch contains the paragraph about DRM etc...

Well now we have two versions of the same EULA with conflicting conditions, both of which are posted in VERY public places! Now I'm no expert on contract law, but with two publicly posted conflicting versions, as far as I'm concerned, we can safely ignore both! Way to go Bill!

Why I no longer work in technology

[marxmarv]

As a janitor, I refuse to work at a company where employees are allowed to eat in their offices.

Not quite an accurate analogy. As a clean room scrubber, I refuse to work at a company where employees are permitted to eat in the clean room. Or as a plumbing technician, I refuse to work at a company where employees are encouraged to flush everything down the loo and don't know better than to pee all over the floor. I simply refuse to work in places where people are permitted or, worse, encouraged to wallow in their own idiocy and create train wrecks on a daily basis and compel someone else to mop it up for them without the least bit of respect or deference.

In many situations, system administrators are responsible for system uptime and often given zero authority to enforce, create or even suggest policies which get in the way of whiny developers, regardless of the resultant increase in code quality[1]. Talented software engineers are a lot harder to find than talented system administrators because hiring managers perversely ignore most of the people who can do the job right, merely because said applicants are over 35. Most companies would rather try to replace a sysadmin than a software engineer because the chief job of the system administrator in a small-to-midsize organization is to hide and absorb institutional incompetence.

Then again, any software engineer who would demand root on a production system is probably insufficiently skilled to understand basic computing concepts like "separation of privilege" (as seen very recently in OpenSSH), "compartmentalization", "principle of least surprise", and so forth. Far from being engineers in any sense of the term, they're at best "code jockeys" and ought to be physically beaten on a daily basis with classic computer science texts. 90% of them are nothing more than whiners with degrees, and the other 10% design software for the users -- all of them including the poor sot who has to restart that crashy server at 2am every second or third morning.

So, if you can afford to turn down jobs because the software engineers have root access, then hooray for you. But you don't want to get in a pissing contest like that at most companies because the developers will usually win.

I left the technology industry about a year ago, and until more of the antipatterns shake out I don't plan on returning. Unfortunately, the corporate circle jerk has much invested in maintaining these antipatterns so I don't expect the situation will get better soon. As much antipathy as I have for people, professional body piercing sounds like a far preferable career with less bullshit and higher hourly pay. For that matter, so would pizza delivery or auto parts order desk.

-jhp

Use GDIVX and Tiny Personal Firewall 3

[Hyperhaplo]

People:
GDIVX runs on XP etc and is better (in my opinion) than the Media Player. There are heaps of players out there.

There is a nice program out there for Windows users called Tiny Personal Firewall. This wonderful little program is not just a firewall ... it has this WONDERFUL new addition: It tracks and protects your Windows (TM) from nasty software running.

It has default restrictions available and it sets itself up for standard windows programs like Office, IE, etc.

The cool part: When you install a new program TPF3 not only asks you if you want the program to execute, it also asks you what level of execution to grant. For example: Internet explorer (by default) can ONLY download into the c:\download directory.

So... if I'm on a box with XP I install TPF3 and nothing gets by it. Is your Media player trying to contact the Internet? block it! Is your media player trying to install something? Block it! Easy as that. Give it a go.

Re:Use GDIVX and Tiny Personal Firewall 3

[imr]

it seems to me that this news is about the right this eula gives them to actually disable those programs because they do the kind of services you describe.
Fishy, isn't it?
Can you still talk about a free market if those kind of eulas are legal?

Aluminium

[leonbrooks]

Gold only has value because people agree that it does. If opinion shifts, then value disappears. This is as true for gold or diamonds as it is for dollars or pesos.

Agree. Aluminium `the eternal metal' was once rare and precious.

I give this troll a 7 out of 10

[DaveWood]

As troll's go, you have good style, my friend. Feels like shades of Huxley and Orwell... What have you been reading lately? But I digress.

I give you only a seven because, while creative, your position is too blatant; anyone with even a made-for-TV level of familiarity on the last few decades, ehh, months of this country's history, will know whose kool-aid you're drinking.

Anyway, I hearby bestow the coveted Richard M. Nixon Good Citizen's Award for trying.

Happy hysteria,
-Dave