Slashdot Mirror
More MS EULA Fun
gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
Bzzzt, wrong. The passage (as quoted from the article) is: "You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." With the automatic update functionality both in Windows 2000 and in Mac OS, you actively check if there are updates available for your system. This may happen through a cron job (whatever that's called in Windows), but it is your computer that checks. The new passage of the EULA says that _Microsoft_ may check _your_ computer, without your notice, and then "upload" their "fixes". This is, if you haven't noticed, the other way around. The automatic update can be disabled (it is on my working machine), but this? Since you gave _them_ the right to mess around with your computer, I doubt that you can disable this "push update". Furthermore, this may constitute a serious security problem: if MS can upload what they want on your system, some other people could do, too.
I agree that most users never read the EULA anyway, which is their fault, but they might just read it if it were understandable. How about saying no to the EULA box and mailing Microsoft for clarification on what exactly the EULA means? Surely this is within one's rights as a customer, or is it against the law in the USA now (unpatriotic?) to ask to understand what the EULA is requiring of you?
I have no "warez" on my machine or MP3's for that matter, and I do use my Windows machine to "make money" but I don't think I want to allow Microsoft access to my computer for other reasons. The reasons include Microsoft changing the OS to a subscription model without my consent, Microsoft having access to company and private information which would constitue a breach of my and my company's privacy (small company, no corporate versions) and Microsoft modifying the OS to exclude me using competitor's software without warning me in advance.
I think this is a case for the EU commission on privacy and legality of contracts here in Europe. I don't know about the USA though (OI assume that obviously such contracts are legal in the USA).
Yes, (s)he does.
I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates."
Hmmmmm, so you're experienced at running servers, are you? And you'd love to see some organisation you know little about randomly updating your servers with whatever code they like, whenever they feel like it?
Are security and reliability really your top priorities?
Almost everyone probably has -something- to hide. No, maybe not a porn stash or illegal copies of things, but most people have at least one thing they wouldn't want others to know about. An expectation of privacy isn't really that sinister. Heck, how many of you folks use envelopes instead of the (much cheaper to send) post cards? What? You don't want them all to be able to easily read your mail? Even though most postal carriers would probably never bother? What? You don't want to release your medical history to the world? Even though we often practically force presidential candidates & misc. other politicians to do so?
Besides, complacency isn't the answer. MS isn't currently collecting people's first-born; but reserving the right to would (and should!) raise a few eyebrows. It's not that I think they have sinister intentions right now, it's just that I don't trust them to come up with a way to profit at my expense... something not exactly foreign to them, according the to DOJ...
I don't think that they need that clause in the EULA to do what they want to do; all they need to say is that by using their updating software, you grant them the right to make certain changes to the system for the purpose of installing that software & that if you don't like that, you can just turn it off and prevent it from connecting to MS for updates, but that this may not be a good idea.
BTW, yes it really does bother some people to know that MS has a backdoor on their system, just as much as it would bother them to have sub7, netbus, or BO installed. While we may (think) we know exactly what it's doing, given MS' track record on security, it might as well be BO -- at least you can password protect an installation of that...
Just remember an old legal proverb: only a fool signs a contract because he thinks it's unenforcable.
It gives legal legroom for full admin rights since vague words like "upgrades or fixes" are a lawyer's wet dream. DRM is an upgrade in MS's view, deleting unauthorised mpegs is a fix to the MPAA. Are you going to argue?
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
-
The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based
services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its
components that you are utilizing and may provide upgrades
or fixes to the OS Product that will be automatically
downloaded to your computer.
Could this be construed to allow Microsoft to access your machine even with Windows Update off? Corporate users, especially sysadmins, should bring that clause to the attention of their attorneys. It's probably unwise for corporate users to install this update without obtaining legal advice.Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.
Following is an excerpt from the Win2ksp3 supplemental EULA: (text bolded by post author)
I don't know what "automatic" means to you, but according to my understanding of English, it seems to preclude consent.
Yes, it DOES have to do with the Windows Automatic Updates.
Then why is it not a supplemental EULA for auto-update, rather than the operating system patch? That this EULA change was made to the operating system service pack suggests that your interpretation of M$'s intentions are incorrect.
Further interesting is that the excerpt quoted above does NOT appear in the EULA to which you must agree to begin the download, but only in the EULA click box that comes up when you begin installing sp3. The preambles of both statements are identical, clearly demonstrating the intent to deceive the user.
It would be up to Microsoft to go after every single violator that they want punished
Nope, it would be the other way around. MS can do anything it wants to your computer, just by piggybacking it within some security update. Then it will be up to you to seek justice in court and to prove that EULA is illegal.Sure you are.
The law says you have the right to do certain things with the copyrighted works you own, such as make backups for personal use, etc. But the copyright owners don't have an obligation by law to make that possible, and that's exactly the "loophole" they're using against us right now.
Well, we're just applying exactly the same principle to Microsoft: they may have the right to remotely perform installs and upgrades to your system, but you don't have an obligation to make that possible. By putting the appropriate firewalls in place, you're simply not giving them the technological means to do what they have a "right" to do.
Now, I agree that in practice it'll work out such that the big corps like Microsoft will have the right to do whatever they please and you won't have the right to do jack shit, but that's a different discussion...
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.