Slashdot Mirror
Microsoft Media Player "Security Patch" Changes EULA Big Time
MobyTurbo writes "In an article on BSD Vault a careful reader posts that in the latest Windows Media Player security patch, the EULA (the "license agreement" you click on) says that you give MS the right to install digital rights management software, and the right to disable any other programs which may circumvent DRM on your computer." So if you want your machine secure,
you also want microsoft to have free reign on your PC.
How can it be that they can change the EULA in order to disseminate a security patch? Isn't this essentially extortion? If I disagree with the EULA, and someone exploits the security hole the patch was designed to fix, can Microsoft be held liable?
Toronto-area transit rider? Rate your ride.
I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand. I maintain a web site that basically sells access to TIFF imaged documents. All of a sudden we had about a hundred pissed off customers (some not wanting to pay their bill) because _WE_ broke access to the information that runs their businesses. As each customer ran windows update, our website broke. Of course they all say they have not installed any new software, which makes it all the more difficult to troubleshoot until the problem was figured out.
MS is without a doubt throwing non-security things into "security patches", and I for one don't like the unadvertised "featues" one bit.
-Pete
Soccer Goal Plans
The EULA remover is here thanks to DejaGoogle.
If you're in a large company, contact your legal department immediately. That's a serious issue, because it gives Microsoft the unlimited right to destroy any software on your machine. That's not something the individual employee is authorized to agree to.
These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer.
Now there's a particularly nasty line. It starts off with DRM for 'Secure Content' (which I guess is M$'s new term for protected IP), but then it expands into 'Other Programs'. Which means, MS is now reserving the right to disable any program they don't like.
Furthermore, the patch that disables the program will "will be automatically downloaded onto your computer," without your knowledge. But, the real kicker is this one (my favourite line):
If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.
So even if they send out patches killing off all non-MS software, they can bury a notice so deep in microsoft.com that no one will ever find it, and claim (correctly) they are going above and beyond the EULA. Damn, I'm glad I use Macs and NetBSD.
"In my values, freedom is more important than 'serving users' in a mere practical sense." -- RMS
mmm...Troll food. I'll answer anyway.
Most companies' idea of DRM limits you as to where you can put your music. And that measn not allowing it go go on a device that doesn't support the right flavor if DRM, if it supports it at all.
So, example scenarios:
You buy a $500 MP3 player device. It works great for a while hooked up to your Windows box. MS kicks on DRM one day, and you can't upload music to it anymore. It might be your rightfully-owned music, mind you... you could have ripped them all yourself from your own CDs.
Microsoft decides that MP3 files can't properly support DRM like WMA files can. So, they turn off the ability to play MP3, or maybe they delete them, or convert them to WMA. Since your portable player doesn't support WMA, you're screwed. Oh, and MS just happens to benefit financially since they control the WMA format, codecs, etc...
Maybe they do something really silly like force you to put the physical music CD in your drive whenever you want to play a digital song that was ripped from that album. Sounds stupid, I know, but what was the last game you played on CD that didn't require the disk in the drive to run?
The basic problem is that someone else's idea of what is reasonable to do with digital music will rarely match up with mine. I want to take a CD I bought, and pretty much use the music on any device I have that can play music. The problem is, of course, that the ability to do so also gives me the ability to share music on Kazaa if I choose.
I'm not neccessarily trying to argue that sharing music is legal or right (though I do believe the music companies are idiots for their handling of the situation.) I'm just saying that if I'm to retain my ability to play my music on any device that I want, I will also retain my ability to share it, that's just how it works.
Fortunatly, the cat is well out of the bag, and it's just not possible from a technical standpoint to prevent someone who can code and build their own machines from doing so. There are just too many MP3, Ogg, whatever players out there, and too many free OSes to stop it.
They would have to make it illegal to have hardware that would cooperate with the software of your choice. They would have to make it illegal to reverse-engineer systems in the privacy of my own home for my own use. They would have to make it illegal to attempt to bypass copy protection mechanisms, or even discuss it. They would have to give the copyright holders what amounts to police powers to show up at any time, and demand to see your license documentation under penalty of decades in prison.
Oh, wait...
Time to kick media player to the curb, and use winamp, quicktime, realone, or anything else. Just take steps not to install the spyware if you use real. Do a custom install, not the quick install, and uncheck the things you don't need.
The Uncoveror: It's the real news.
Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?
This is an interesting point. How legally binding *IS* the EULA? It's generally accepted that in internet transactions involving credit card numbers, a customer can at any time deny having made the transaction. Without a signature, there's no way to PROVE that the customer made the transaction: they can't take that customer to court. This is why there is a much larger allowance for bad debts on online credit card transactions. In a real-life transaction with a carbon copy, all they need is your signature to prove that you made the transaction, and they can sue you.
In that vein, how can the EULA possibly be legally binding? I can see how the signature on the invoice for their computer or copy of Windows, they could be held liable. However, how can I user clicking on "OK" in a upgrade screen be legally binding?
I don't understand how the judicial/legislative system has allowed them to get away with this, whereas credit card companies are screwed on fraudulent online transactions. This doesn't make any sense to me. Some court somewhere should be able to strike down the EULA as non-binding contracts, due to the lack of a customer signature or any other proof that the customer entered the transaction.
This space left intentionally blank.
I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand.
Actually, it was Microsoft dropping support for Netscape plug-ins such as QuickTime 5 because of a patent dispute.
I maintain a web site that basically sells access to TIFF imaged documents.
Adobe TIFF has three common lossless modes: Apple PackBits (RLE algorithm used in MacPaint and at least one NES game), CCITT Fax (a strange bilevel image codec used by fax machines), and Unisys LZW. PNG, on the other hand, uses Phil Katz's Deflate (LZSS on a 32 KB window, followed by Huffman coding), which makes smaller files than any of TIFF's three algorithms.
What does TIFF do that PNG doesn't?
Will I retire or break 10K?
This is the stuff the RIAA has been asking Congress for, but Congress hasn't gone along with it. Now it's coming in through the back door.
And notice that this system includes a back door, through which Microsoft can secretly install new software that takes away functions or spies on you.
You can remove wmplayer.exe and rename mplayer2.exe (in the same directory) to wmplayer.exe
That's a start
I pirated all my Microsoft software... does the EULA still apply to me?
Yep. Take a look here to see Microsoft's plans for cozying up to the DRM folks. The strange thing is that the final presentation on "Mercury" isn't available. That was the most interesting one. It was about how the DRM software would manage rights for portable media players over the Internet using public/private keys. And of course, Microsoft runs this whole DRM infrastructure for a nice fee.
I was there for most of the live presentation, and during the Q&A someone got up and asked what would happen if the keys were compromised, for example someone found a way to hack the unique id in a player. The MS guy indicated that the keys for an entire brand/model of player could be shut off if necessary. The next question, of course, was how the buyers of those players would feel when their expensive players became useless. The MS guy said that the decision to shut off access wouldn't be Microsoft's, but they could do so on a court order, for example.
Why would someone want to buy a portable media player (or desktop media player for that matter) that could become worthless a few months later because someone else hacked it and rendered the DRM insecure? You wouldn't. Why would a manufacturer want to take the chance that they'd be involved in a messy class-action suit from customers because their portable media player now can't play music? They wouldn't.>/b>
I just can't see how this can come to pass.
Microsoft is well on their way to making hardware do this by itself. Then, all they have to do is invest a little more in America (ie: buy a few more Congressmen) and, voila, every computer in America has one of these suckers. Goodbye Linux. Goodbye ability to do whatever you want with your own music.
IWARS.
People, in general, disappoint me. Politicians even more so.
So we're updating machines at work to w2k by flashing an image on to the hard drive. Being the nice people we are, we've even backed up people's music for them. When we restored one woman's music, media player refused to run until it had been updated. So I updated it, checked that it ran the little demo it comes with and left. 10 minutes later I get a call that it won't play her music. Turns out that because the music had been ripped on what it thought was another machine, it refused to play it. Never mind that the hardware was exactly the same, except for the addition of 128 megs of ram. The hd had been formatted and a new os installed (essentially) so as far as media player was concerned, the files were now on a different pc and so it wouldn't play them.
I tried to explain to her that Bill Gates thought she was stealing music. I'm not sure it took though; I think she secretly thought we weren't letting her play it. Yeah, we'll back up a gig of music on the tape, spend the time restoring them and then not let you play them. She eventually just said she'd bring the cd's in again.
There may have been a way around all this, but for such an obvious non work related thing, wasn't going to do it. Didn't feel like installing winamp because she'd been so annoying and whiny about the whole thing.
We can go through the courts but there is no guarantee you will win. In fact, if anything, you may do the opposite, set a precident that EULA's are legally binding.
So instead, you will just have to stop using Microsoft software. People bitch and moan and gripe but at the end of the day they sit down and load up Windows.
Well, if you really want an effective protest, you are going to have to change. There are some options and they are not as bad as they seem once you adjust!
First off, there is Linux.
Pros: Keep old hardware, plenty of free software available, WINE may let you play some Windows only games, large community of geeks who will likely help you for free if you get into trouble (a million places to go for "support"). EULA, if any, is not the work of the devil.
Cons: Limited number of games, some only available through WINE, need to learn UNIX (big curve for some people), some hardware may not work right or at all, ease of use is not all there yet. No office but there are alternatives which are getting better by the month.
There is also the Macintosh:
Pros: Extremely easy to use, rock solid OS which matches or exceeds the windows experience when it comes to user interface, cd burning from the desktop and overall user experience. Plug and play far superior to Windows and Linux. Good and rapidly growing supply of games and other software. OS is based on open source software (NetBSD) and Linux/UNIX software can and is being ported over (you can even replace your UI with Gnome or KDE if you wish!). Microsoft office is available as well as the open source alternatives ported to Mac OS X. Large fanatic user base who will often help out other Mac users in distress for free.
Cons: Not as many games/software choices as Windows, though this has improved imensely in the last 4 years. EULA may be the work of the devil, check Steve Job's receding hairline to see if horns are exposed. Mac OS X still a young OS and there will be bumps in the road. Last but not least, you will need a new computer and the hardware is a bit more expensive though this is made up for quality and an average usable lifetime of 4 years compared to 2 for a PC.
So you may have to make some sacrifices and changes, but you can give M$ the finger and still have a usable computing solution in your home or office.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
This EULA's a precurser to M$ actually installing DRM and anti-anti-DRM software on your computer as part of the next security patch.
Big Daddy, Johnny, Burp, Aunt Zelda, Scott, Slurp, Big Momma
Let's take it from another angle: You buy an ice cream. When you open the wrap cover, you find a small agreement saying "in order to eat this ice cream, you must agree to also stand on your head and make a sound like a horny lion, ten times, in a public place". So what do you do, sign it or return the ice cream? No, because tossing it into the nearest waste basket would make your afternoon a nice walk in the park enjoying your ice cream - since just because somebody tries to force you into "agreeing" to something before using a product doesnt mean it's illegal for you to use it without agreeing.
A side note: That'd be "truth" you're looking for.
Tomorrow will be cancelled due to lack of interest
So obviously it's not possible to have your machine secure, because it won't be if you give MS free reign on your machine.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Patching a number of systems at the office (my desktop's Debian GNU/Linux, but others suffer...), I noticed that the EULA dialog (digression #2: HTF is someone supposed to be able to read the text in a dialog that shows ~8 lines x 20 columns?) didn't present the EULA by the time I'd clicked the "Accept" button. This several times. And though we're running some older systems, this included a set of newer 1 GHz+ boxen.
What's the legal status of a contract which disappears "on approval" before it's been read?
What part of "gestalt" don't you understand?
IANAL, but until very recently, your suspicions were basically correct; company lawyers have their field day with shrink-wrap licenses but they're very very careful not to test the more exotic provisions in court.
That is, until they're safely set up inside a UCITA-adopting state.
Why, you ask? What's this UCITA anyway? Not another acronym. I'm too lazy to write another letter. Trying to keep my phone bill down. And I can never keep my boycotts straight once I get to the store.
From the mouth of the beast...
And on a slightly more ethical tip...
The FSF's writeup
And the CPSR's writeup...
Google will give you more.
Think your EULA's not binding? UCITA gives it all that 100%-All-American Bought and Paid For Congressional Stamp of Approval. Some democracy we have, huh?
-David
We're on the road to Tycho.
A mission for the enraged /. reader, discover what server(s), domains, IP addresses access a windows PC to check for DRM compliance and disable software.
Then publish this information on every website possible and allow everybody to update their firewalls blocking any sort of access to these places. And MAYBE send the information to Linksys so they can put a option in their "DSL/Cable Router" to block any sort of access to it.
Linksys may be able to increase sales by advertising just this feature to the average consumer.
All of you people talking about removing/subverting/ignoring/legally challenging/etc. the EULA are ignoring an important fact.
It doesn't *matter* if you legally accept the terms of the EULA or not, since those terms merely spell out *how the software will operate anyway*.
Say there is a magic "Get out of EULA Free" card that came with your Microsoft Monopoly game.
Say you use it.
That's not going to stop the software from disabling other software on your machine, interfering with its operation in a supposed attempt to ensure "Digital Rights" are observed, or installing other components into your OS automatically, without asking you for permission.
The software *doesn't know from EULA*.
In other words, you can debate the legality all you want, but that's not going to change how the code operates, once it has been installed on your machine.
-- Terry
If you retreive the patch via windowsupdate(only works with IE), the EULA doesn't say ANYTHING about DRM or crippling your ability to access secure content!
What the hell? I thought the BSD article was a troll, but to be sure I checked out his links and sure enough, THAT version of the patch contains the paragraph about DRM etc...
Well now we have two versions of the same EULA with conflicting conditions, both of which are posted in VERY public places! Now I'm no expert on contract law, but with two publicly posted conflicting versions, as far as I'm concerned, we can safely ignore both! Way to go Bill!
You're using her as bait, Master!
Microsoft will continue to find ways to gain more control of computers, and eventually will try to directly attack other operating systems and make them illegal.
You're wrong on the "eventually" part. This campaign against other operating systems, as well as other technologies that threaten MS's dominance. What do you think the SSSCA/CBDTPA/S. 2048 bill is all about? Why do you think that Intel, IBM, and just about every other major tech company is screaming that they're scared shitless about this bill? Right now, Microsoft is going for checkmate in the technology game and this bill is their first move in their campaign. Should Microsoft even partially succeed in this campaign to bring every other tech company to its knees and force them to pay tribute (both financially and in policy matters) to Redmond, Microsoft will become the most powerful modern corporation in history.
Although this legislation has the proverbial snowball's chance of passing this time around, I feel that its main provisions will be enacted by the end of the decade unless Congress and Microsoft both get bludgeoned severely. These provisions may get enacted in a piecemeal fashion, but the two factors that will cause S. 2048 to become law are (a) Microsoft's huge war chest from which it can make "campaign contributions" and (b) Congress's tendancy to accept these "contributions" in exchange for favorable legislation for the contributor. The most obnoxious part of this legislation is the fact that it requires all hardware made in or imported to the United States to implement one DRM scheme dictated either by industry consensus or by the Commerce Department in 12 to 18 months if the industry can't reach a consensus. In addition, antitrust concerns will not be applicable to the process of reaching this DRM standard.
Here's the killer for all the other players in the tech industry: Microsoft holds most of the important patents for implementing DRM in software as well as major portions of implementing it in hardware. Unless another company's DRM research pans out no later than a year after this provision were to become law, there would be no alternative to whatever scheme Microsoft comes out with. Then, the Commerce Department would then impose the Microsoft standard on the nation's technology industry, extending Microsoft's grasp from the PC world to a significant portion of the U.S. GNP. Sun and IBM would be at the mercy of Microsoft, and since these companies are enemies of Gates & Co., it is likely that Microsoft would be able to use its control over these DRM patents to marginalize or even destroy these companies by making it impossible for these competitors to release new, innovative products that would, by law, include these DRM technologies.
Intel, AMD, Cisco, and other companies that primarily make hardware and most importantly don't produce software products that compete head-on with Microsoft's will also have a harder time profiting. Though it wouldn't be in MS's interest to destroy them, the folks in Redmond would be interested in taxing these companies based on a portion of their revenues for access to DRM technologies that they would need to sell new products. And MS would probably also wield enough muscle to force AMD and Intel to design future processors to run only future versions of Windows. If the Pentium 7 proved capable of running Linux, BeOS, or even Windows 2000, Microsoft could flush Intel down the drain faster than you can say "Enron."
Intel and IBM have advocated that the market determine the fate of DRM schemes. This will allow American businesses and consumers to determine which ones get adopted and which ones fall away. It should not be the government's right to state that Americans have the choice of buying a PC with Palladium installed or not buying a PC at all. It especially is not the government's prerogative to grant a company what is effectively an unregulated monopoly to a major portion of the U.S. economy, as every software and computer hardware company would be under the foot of Microsoft in a post SSSCA world.
We Americans like to boast about the fact that we reap the benefits of participating in a "capitalist" economy. Capitalism, in the ideal sense of the word, has never been practiced in history, just as communism has never been truly enacted in a country. If you define capitalism as the "Golden Rule" of "he who has the gold rules", then perhaps by vision of capitalism should really be called "laissez-faire socialism" or something. In my book, as soon as a movie studio buys the DMCA, or Microsoft buys the CBDTPA, or any other company purchases legislation that treats itself or its industry differently than the rest of the economy, it's proof that the U.S., like the rest of the world, is really a plutocracy. I think that the Microsoft situation is really just a symptom of a much larger illness of the American economy.
The next several years will determine the fate of the American economy and as well as the U.S. role in world affairs for the next several generations. This claim covers a lot more than Microsoft. It covers the tendancy of the U.S. government allowing Big Business to take on a bigger and bigger role in dictating legislation and policy matters. It may be that the Enron and WorldCom fiascos, the mega-mergers of the 1990s, the artificial "oil crisis" that caused the price of gasoline to exceed $2.50/gallon in some parts of the U.S., and the tens of billions of dollars worth of tax breaks that major employers across the country have been able to extort from cities and states have pissed Americans to the point where they feel the pendulum has to start moving the other way. I really hope we've reached that point, because if we're not there now, things may never change. If we were to continue on the present course, I think in the next 30 years, we're going to see the game of capitalism end once and for all, and the handful of winners of that game forming an oligarchy that will control the U.S. and its sphere of influence for the forseeable future. We would get to the point where each major sector of the economy is subject to the stranglehold one company which carries enough power to destroy any challenger to its market share before it can gain a foothold. There would be one dominant software company (in this post I have discussed my fear that this would be Microsoft), one dominant electronics company, one dominant energy company, one dominant bank, one dominant food supplier. The U.S. was actually pretty close to this point shortly after 1900, with Standard Oil, Ma Bell, the bank trusts and the like, and it took a remarkable shift in government policy (antitrust laws, worker safety laws, etc.) to change the American economy into a more truly competitive game. The U.S. is nearing the high-water mark of industry consolidation reached at the beginning of the 20th century. The industry consolidation scenario has repeated itself; I really hope that the popular uprisings that occured as a result of that are about to repeat themselves too.
Please tell me that the scenarios I've described are unrealistic. I really hope I'm being paranoid and that Microsoft will become merely a player and not The Player of the 2010's technology industry. IBM was stopped in the 1970's and 1980's in the courts (ironically enough it was never even convicted of antitrust violations), hopefully Microsoft will be next.
GDIVX runs on XP etc and is better (in my opinion) than the Media Player. There are heaps of players out there.
There is a nice program out there for Windows users called Tiny Personal Firewall. This wonderful little program is not just a firewall
It has default restrictions available and it sets itself up for standard windows programs like Office, IE, etc.
The cool part: When you install a new program TPF3 not only asks you if you want the program to execute, it also asks you what level of execution to grant. For example: Internet explorer (by default) can ONLY download into the c:\download directory.
So... if I'm on a box with XP I install TPF3 and nothing gets by it. Is your Media player trying to contact the Internet? block it! Is your media player trying to install something? Block it! Easy as that. Give it a go.
You have a sick, twisted mind. Please subscribe me to your newsletter.