Slashdot Mirror
More MS EULA Fun
gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
Gee that was fast, almost seems like u had it prepared.
The issue you microsoft loving moron is the EULA does not say that by turning off the Auto updates they wont do anything to your system..
The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them..
This means its within there power to say, Hey look hes got a pirated version of "Austin Powers The Spy Who couldnt come up with a second Orginal Movie and had to use the same old jokes over and over" and WIPE your system TOTALLY.
Its not the Ability to Auto Update.. ITS THE BROAD power there poorly worded EULA gives them.
Personal Website
If you actually read the article or the EULA you would realize that THIS HAS NOTHING TO DO WITH AUTOMATIC UPDATE. The line in there "WITH OUR WITHOUT YOUR CONSENT" should make that pretty fuckin obvious. This is probably for DIGITAL RIGHTS MANAGEMENT updates. Or for the update that will supposedly render all of us XP pirates offline. When you click the OK button you agree to EVERYTHING in the EULA. Including that MS can install and update programs WITHOUT YOUR CONSENT.
IMHO, most people are focusing on the wrong aspect of this change. Sure, this change in the EULA gives MS the power to connect to, scan, and update the OS Software on your PC - and with their past record with releasing buggy, security-flaw ridden software, one should think that having the most recent patches installed ASAP would be a good thing (though MS Have been known to go from bad to worse with some of their patches!)
However, you all seem to be missing a more obvious implication - if MS can connect to your machine to load Legitemate updates, How long do you think it will be before your local 3v1l Hax0r d00d works out how to spoof the mechanism to his/her own ends?
It's not necessarily what you are allowing MS to do that you should be worring about - it's what you will be allowing the rest of the world to do that should worry you!
<PARANOIA MODE="OFF">
Disclaimer: I meant what I thought, not what I wrote! What? You can't read my Mind? Oh dear!
Pedersen wrote:
> Once Linux satisfies my video editing needs, all
> Windows partitions are gone. Hmmm, maybe it's time
> for me to start researching that a bit better.
The best (and now probably the cheapest) digital video editing system I ever used was iMovie 2 on a Snow iMac. You can pick a 500mhz (the same one I have) one up on EBay these days for a bit over $200. Use that for video editing, and blow away those Windows partitions. That way you can have the little iMac's hard drive dedicated to video editing, and still have your entire PC hard drive for Linux. If the iMac has OS 9 on it, and you want to use as much open source as possible, later versions of iMovie will work with OS X.
Just a suggestion.
"What I'm thinking is different from what you are."
Belabera, "Mothra 3" 1998
I was using windows media player to watch the matrix on my laptop (which has no dvd drive (I OWN the dvd, and ripped it myself to watch on a train)) windows media player deleted the file when i tried to give it a test play... a small box came up and then the file became corrupted...
even the evil DMCA allows for "fair use" in this manner... so microsoft wrongly deleted files on my computer...
MSFT SUCKS! --- is that assuming to much?
-BCC
They might very well be. A case in point: My Hotmail account. Microsoft changed the default settings with respect to privacy without informing me some months ago. The new default settings allowed Microsoft to "share" my information with "business partners" without my consent.
At the very least this means that Microsoft would have been able to sell my personal data to spammers. (Did you ever wonder how so many spammers got that email address of your in your profile above?). We don't do this but assuming that we used a CRM solution that was from a competitor of Navision (has been bought up by Microsoft). Do you seriously belive that Microsoft would never consider using that information or private CRM DB info as a means of getting us to switch or at the very least using the fact that we might be using a competitor's software and sending our info to their CRM department so that Navision would suddenly be sending us spam or reps to sell their stuff to us.
Do you trust Microsoft that far, legally, when Microsoft takes great pains to avoid any liability whatsoever with their EULA's?
"You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." That's two separate things. Unless I'm reading it wrong, even if you can disable the automatic updates there's no provision for disabling Microsoft's snooping. Now, if the agreement said something like... "You acknowledge and agree that Microsoft may automatically provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer, and for the purposes of doing so may check the version of the OS Product and/or its components that you are utilizing" ...I would be less suspicious of their intentions.
There must be ways around this (not legal ofcourse) for example, you could set your firewall not to make or accept connections to microsoft's servers, thus blocking new patches that might contain drm code. There can't be anything in Windows that would disable the OS if it did not receive a patch regularly since they would have to account for the fact that some people simply dont have internet/network connections.
Microsoft isnt playing nice. neither am i (i've never paid for a copy of windows) - win2k is the last microsoft OS i will ever use.
This comment does not represent the views or opinions of the user.
Forcing someone into a new agreement is illegal. Governments should give this some attention. The updates are necessary, partly because the software is sloppily written. The user does not have a good option; the only option is to get a new operating system and re-train everyone, and accept that some programs on which a business is dependent don't work. That's force.
You can remove the Microsoft EULA: Windows VBScript for automatically removing the click-through End-User License Agreements found in most installers.
It's no fun to work at an abusive company. We are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.
As companies become more abusive, it becomes more miserable to work there. If you are good at what you do, quit and get a job somewhere where people are treated like people.
This is where it is all leading:
EULA:
- I can do anything I like.
- You have no power.
- You can't say anything bad about me.
- Everything belongs to me.
I knew a 3-year-old who said this.Slashdot has a sneaky EULA, too. At the top of every Slashdot article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service says at section "4. CONTENT", paragraph 6,
"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."
The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.
This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, Slashdot's The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.
I find it interesting that as of this post, the offending statements are not in the EULA I got from clicking on Windows Update, selecting SP3 only, and clicking "review and install". I couldn't find anything out of the oridinary, in fact. Where was the original EULA found? Do you have to get it off their web page to see this?
Well, either way, I'm gonna install it. I personally feel that there is a lot of paranoia running around, as for Microsoft to initiate an upload of some software updates to a random windows user X, there would be a HUGE GAPING HOLE in the security of the software (if M$ can do it, 1337 h4x0rz can do it...), plus they would have to know your IP (which seems to change on a regular basis for many home users I've met). So that leaves two avenues: auto-updates (for those who leave that enabled), and manual updates. For those who've used the Window Update feature to manually update, You get a fair amount of information on each update, and although they could sneak something by, I think someone out there would figure it out, and I don't think microsoft is blind to the fact that the public outcry would be substantial.
At least that's my opinion.
Well this is easily negated with a firewall.
.NET? Basicly unblockable unless you kill all web access completely.
No. You are effectivly trying to fight a trojan in the operating system. Unless you know exacly how it works the only sure protection would be never to connect the computer to the net at all.
For starters your opponet is the OS itself, so you can't go with a software firewall - you'd need a seperate firewall box sitting between you and the net. Second, you have no idea when the packets/connections look like, so you have to keep a lockdown on all types of connections both inbound and outbound. This can be a major pain on a general purpose PC doing vaious sorts of web access - games, voice chat, P2P, and other applications constantly bumping into to firewall.
The reak kicker is that if they really wanted to they could stll get past any firewall. They could piggyback on a legitimate connection any time you touch a Microsoft controlled website. Yeah, it's getting a bit extreme, but it's possible. The OS could keep the HTTP connection alive and insert a sideband channel in the HTML itself. SOAP anyone? Or
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
My work provided laptop is Win2K. I don't have any choice in the matter, that is the company required OS. I installed SP3 last night. It changed my auto-update setting to automatic without telling me. At work and at home I am behind firewalls. In the work environment all updating of Windows is handled internally, not by windowsupdate.microsoft.com. At home I patch manually. I don't want auto-update turned on. Since I always turn it off, I didn't realize it had been turned on until I checked, after reading this story on slashdot.
I have submitted a formal request for exception to be allowed to install Solaris or Linux on my laptop since I all of my work is primarily done on Solaris platforms. As of right now I have no intention of any of my own PC's having Windows ever again (my personal workstation is RedHat 7.1) and if I get this exception same rule goes at work. My wife uses Mac, and so does my son.
I have never seen RedHat or Solaris updates change settings on my PC/server/etc without asking if it was okay to do so. Solaris packages ask if it's okay to install with root permissions or modify permissions. When is the last time a Windows package asked you that? I've been using computers since about 1979, I'm tired of being treated like I'm stupid. I suspect a major part of the reason users are stupid is because software companies taught them to be stupid.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
be interested in seeing the cost justification for TCO. I've NEVER seen figures that favored M$ except from M$ of course. The additional maitenance cost on a win2k box and the additional time ensures our sysadmins have 25 windows boxes or 75 various Unix boxes and they can keep up with either. I hardly beleive the cost of the initial equipment outweighs the long term support costs, and M$ support is VERY POOR, compared to a service contract from SUN or IBM. I KNOW THIS FOR A FACT, I've been a NCR ADMIN, SOLARIS, AIX, MS, and Linux for the same company.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Step 1: Log into Windows 2000 (any flavor) with a non-administrator user account.
Step 2: Go to windowsupdate.microsoft.com
Step 3: Note the following message Step 4: Explain to me your insinuation that manual updates somehow require administrator rights but automatic ones don't.
Also, considering that the updates are installed automatically, imagine all the new and interesting EULAs that will spring up now that I no longer have the option of not agreeing to them.
At 6:28 am an article is posted about the negative aspects of the new Microsoft EULA. At 6:31 am an Anonymous Coward posts a well-written, generally grammatically-correct response that explains the need for it.
./ is being actively astroturfed?
The response is 383 words. That's over 127 words per minute.
Furthermore, this paragraph smacks of being mandate-driven...
And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.
Am I the only one getting the feeling that
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
Sure it does: a future MS OS advertises "Automatically deletes potential virus files" then proceeds to remove any "suspicious" files, eg any unsigned files downloaded over P2P. Nothing you can do about it.
I'm not saying they will but you're saying they can't and that's just not true.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
"If I'm reading the EULA right, it lets them auto-download, but not auto-install. That's not full admin rights."
Really? Why would the update NEED to "run" when their EULA gives them the "right" to download them to places like \WINDOWS and \WINDOWS\SYSTEM. You get the picture...
Corporatism != Free Market