Slashdot Mirror
More MS EULA Fun
gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
Gee that was fast, almost seems like u had it prepared.
The issue you microsoft loving moron is the EULA does not say that by turning off the Auto updates they wont do anything to your system..
The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them..
This means its within there power to say, Hey look hes got a pirated version of "Austin Powers The Spy Who couldnt come up with a second Orginal Movie and had to use the same old jokes over and over" and WIPE your system TOTALLY.
Its not the Ability to Auto Update.. ITS THE BROAD power there poorly worded EULA gives them.
Personal Website
Bzzzt, wrong. The passage (as quoted from the article) is: "You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." With the automatic update functionality both in Windows 2000 and in Mac OS, you actively check if there are updates available for your system. This may happen through a cron job (whatever that's called in Windows), but it is your computer that checks. The new passage of the EULA says that _Microsoft_ may check _your_ computer, without your notice, and then "upload" their "fixes". This is, if you haven't noticed, the other way around. The automatic update can be disabled (it is on my working machine), but this? Since you gave _them_ the right to mess around with your computer, I doubt that you can disable this "push update". Furthermore, this may constitute a serious security problem: if MS can upload what they want on your system, some other people could do, too.
I agree that most users never read the EULA anyway, which is their fault, but they might just read it if it were understandable. How about saying no to the EULA box and mailing Microsoft for clarification on what exactly the EULA means? Surely this is within one's rights as a customer, or is it against the law in the USA now (unpatriotic?) to ask to understand what the EULA is requiring of you?
I have no "warez" on my machine or MP3's for that matter, and I do use my Windows machine to "make money" but I don't think I want to allow Microsoft access to my computer for other reasons. The reasons include Microsoft changing the OS to a subscription model without my consent, Microsoft having access to company and private information which would constitue a breach of my and my company's privacy (small company, no corporate versions) and Microsoft modifying the OS to exclude me using competitor's software without warning me in advance.
I think this is a case for the EU commission on privacy and legality of contracts here in Europe. I don't know about the USA though (OI assume that obviously such contracts are legal in the USA).
I checked the Automatic Updates Control Panel Applet, It was clearly unchecked, as in "Don't check for updates".
Yes, when I checked my system services, there was Automatic updates set to Start automatically and currently started and running even though It was clearly disabled in Control Panel.
Set to manual, stop the service, that should do it.
Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.
Yes, (s)he does.
I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates."
Hmmmmm, so you're experienced at running servers, are you? And you'd love to see some organisation you know little about randomly updating your servers with whatever code they like, whenever they feel like it?
Are security and reliability really your top priorities?
"You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." That's two separate things. Unless I'm reading it wrong, even if you can disable the automatic updates there's no provision for disabling Microsoft's snooping. Now, if the agreement said something like... "You acknowledge and agree that Microsoft may automatically provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer, and for the purposes of doing so may check the version of the OS Product and/or its components that you are utilizing" ...I would be less suspicious of their intentions.
Forcing someone into a new agreement is illegal. Governments should give this some attention. The updates are necessary, partly because the software is sloppily written. The user does not have a good option; the only option is to get a new operating system and re-train everyone, and accept that some programs on which a business is dependent don't work. That's force.
You can remove the Microsoft EULA: Windows VBScript for automatically removing the click-through End-User License Agreements found in most installers.
It's no fun to work at an abusive company. We are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.
As companies become more abusive, it becomes more miserable to work there. If you are good at what you do, quit and get a job somewhere where people are treated like people.
This is where it is all leading:
EULA:
- I can do anything I like.
- You have no power.
- You can't say anything bad about me.
- Everything belongs to me.
I knew a 3-year-old who said this.Slashdot has a sneaky EULA, too. At the top of every Slashdot article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service says at section "4. CONTENT", paragraph 6,
"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."
The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.
This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, Slashdot's The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.
Almost everyone probably has -something- to hide. No, maybe not a porn stash or illegal copies of things, but most people have at least one thing they wouldn't want others to know about. An expectation of privacy isn't really that sinister. Heck, how many of you folks use envelopes instead of the (much cheaper to send) post cards? What? You don't want them all to be able to easily read your mail? Even though most postal carriers would probably never bother? What? You don't want to release your medical history to the world? Even though we often practically force presidential candidates & misc. other politicians to do so?
Besides, complacency isn't the answer. MS isn't currently collecting people's first-born; but reserving the right to would (and should!) raise a few eyebrows. It's not that I think they have sinister intentions right now, it's just that I don't trust them to come up with a way to profit at my expense... something not exactly foreign to them, according the to DOJ...
I don't think that they need that clause in the EULA to do what they want to do; all they need to say is that by using their updating software, you grant them the right to make certain changes to the system for the purpose of installing that software & that if you don't like that, you can just turn it off and prevent it from connecting to MS for updates, but that this may not be a good idea.
BTW, yes it really does bother some people to know that MS has a backdoor on their system, just as much as it would bother them to have sub7, netbus, or BO installed. While we may (think) we know exactly what it's doing, given MS' track record on security, it might as well be BO -- at least you can password protect an installation of that...
Just remember an old legal proverb: only a fool signs a contract because he thinks it's unenforcable.
I think I'll be leaving my Win2k box at SP2, thank you very much.
I don't think the mainstream public really cares about what's in a EULA. Hell, I generally don't either. But just think of the implications of people refusing to install patches and security updates because they're accompanied by EULAs with bizarre "big brother" clauses.
Now, with that said did any of you bother to read the article? Here is the offending text:
"You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer,"
A little sensationalistic to call this "remote admin rights" isn't it? Basically, this just gives them the legal legroom required to make their automatic updates feature work, which is a good thing. It means more patched machines out there - less of that Nimda shit.
Nobody's spying on your MP3 collection. There's nothing to see here, folks.
Well this is easily negated with a firewall.
.NET? Basicly unblockable unless you kill all web access completely.
No. You are effectivly trying to fight a trojan in the operating system. Unless you know exacly how it works the only sure protection would be never to connect the computer to the net at all.
For starters your opponet is the OS itself, so you can't go with a software firewall - you'd need a seperate firewall box sitting between you and the net. Second, you have no idea when the packets/connections look like, so you have to keep a lockdown on all types of connections both inbound and outbound. This can be a major pain on a general purpose PC doing vaious sorts of web access - games, voice chat, P2P, and other applications constantly bumping into to firewall.
The reak kicker is that if they really wanted to they could stll get past any firewall. They could piggyback on a legitimate connection any time you touch a Microsoft controlled website. Yeah, it's getting a bit extreme, but it's possible. The OS could keep the HTTP connection alive and insert a sideband channel in the HTML itself. SOAP anyone? Or
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
It seems to me that the EULA means that you're not allowed to block out their requests. You'll have the FBI breaking down your door to uninstall your firewall if they really want to "upgrade" you.
My work provided laptop is Win2K. I don't have any choice in the matter, that is the company required OS. I installed SP3 last night. It changed my auto-update setting to automatic without telling me. At work and at home I am behind firewalls. In the work environment all updating of Windows is handled internally, not by windowsupdate.microsoft.com. At home I patch manually. I don't want auto-update turned on. Since I always turn it off, I didn't realize it had been turned on until I checked, after reading this story on slashdot.
I have submitted a formal request for exception to be allowed to install Solaris or Linux on my laptop since I all of my work is primarily done on Solaris platforms. As of right now I have no intention of any of my own PC's having Windows ever again (my personal workstation is RedHat 7.1) and if I get this exception same rule goes at work. My wife uses Mac, and so does my son.
I have never seen RedHat or Solaris updates change settings on my PC/server/etc without asking if it was okay to do so. Solaris packages ask if it's okay to install with root permissions or modify permissions. When is the last time a Windows package asked you that? I've been using computers since about 1979, I'm tired of being treated like I'm stupid. I suspect a major part of the reason users are stupid is because software companies taught them to be stupid.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
"The issue you microsoft loving moron is the EULA does not say that by turning off the Auto updates they wont do anything to your system..
The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them.."
Who's to say that the next version of `Doze won't make IMPOSSIBLE to turn off "auto update", just as they have made it impossible in XP to (without a hack) to turn off or uninstall MS Messenger (which will bug you to get a Passport until you either DO, get rid of it by a hack, or throw a brick into your monitor).
I can see them doing just the same with AutoUpdate. Why not? The new EULA gives them the right.
Microsoft doesn't give a rats ass about patching defects. Indeed, history shows that they generally do so only when dragged into it kicking and screaming, as they have recently by the mounting embarassment and BAD PUBLICITY over their OS's many security holes.
They want everyone running AutoUpdate in the background for these reasons:
1. So they can slip in upgrades to fix embarassing holes without scruitiny (ie, the public knowing about the defect). This will reduce media attention.
2. So that they can slip in updated "activation" and key crap at will.
3. So that they can slip in DRMware whenever they feel like it. That is exactly what the recent Media Player EULA was changed to allow them to do.
Corporatism != Free Market
If this automatically downloads and installs future patches, does this mean that you do not have to agree to any new EULAs? Since you won't be clicking "I agree" on them, do they count?
be interested in seeing the cost justification for TCO. I've NEVER seen figures that favored M$ except from M$ of course. The additional maitenance cost on a win2k box and the additional time ensures our sysadmins have 25 windows boxes or 75 various Unix boxes and they can keep up with either. I hardly beleive the cost of the initial equipment outweighs the long term support costs, and M$ support is VERY POOR, compared to a service contract from SUN or IBM. I KNOW THIS FOR A FACT, I've been a NCR ADMIN, SOLARIS, AIX, MS, and Linux for the same company.
errr....umm...*whooosh* *whoosh* Is this thing on ?
-
The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based
services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its
components that you are utilizing and may provide upgrades
or fixes to the OS Product that will be automatically
downloaded to your computer.
Could this be construed to allow Microsoft to access your machine even with Windows Update off? Corporate users, especially sysadmins, should bring that clause to the attention of their attorneys. It's probably unwise for corporate users to install this update without obtaining legal advice.set to disable, not manual. manual doesn't really mean manual. trust me, I am a mcse ;-)
ostiguy
> Gee that was fast, almost seems like u had it
> prepared.
I think it would be incredibly naive of us not to think that Microsoft doesn't have paid shills here on Slahsdot, ready at a moment's notice to spout corporate spin in response to anti-microsoft articles. God knows they've done it before. (I remember reading articles about how MS paid people to post negative messages about OS/2 on the support board on CompuServe)
MS probably doesn't care too much about the die-hard Linux/Unix/Apple folks on these boards, but I'm sure they realize that a lot of tech media tend to....shall we say "borrow" story ideas from here? And they definitely want to start putting their own spin on some of these issues right away. I'd say this is partly why we've been seeing so many rebuttals against the standard "MS sux" line we see so much of on here. (Some of those responses are actually valid - but it's easy to spot the shills: they're the ones who rely on misdirection to obscure the true issues, much like the first poster here has.)
Personally, I can think of few things lower than people who do this kind of thing. This is lying writ large, and selling yourself out in the most public of ways. But then, it's never too hard to finhd people with no self-respect to do your dirty work for you for a few bucks. Witness some of our fine elected representatives.
The crimes of eBay are a disgrace to it's pig latin heritage!
The only way will be for the client machine to initiate the connection.
Let's assume this is correct.
a.k.a. Automatic Windows Update (or some other memory resident application)
Some other memory resident "application" like the operating system itself, perhaps? Just tie the "call home and check for update" code to something that happens periodically but not too often -- booting, loading an app, opening a file, making a network connection, -- take your choice. Hardly a new concept, Microsoft apps already do this (IE, for example, on startup), but not very stealthily.
-- Alastair
At 6:28 am an article is posted about the negative aspects of the new Microsoft EULA. At 6:31 am an Anonymous Coward posts a well-written, generally grammatically-correct response that explains the need for it.
./ is being actively astroturfed?
The response is 383 words. That's over 127 words per minute.
Furthermore, this paragraph smacks of being mandate-driven...
And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.
Am I the only one getting the feeling that
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
"It's no big deal, everybody is doing it"
"No, Microsoft is the only who does [nasty things]"
"Then don't use it, geeez."
First of all, even if you only "go with manual updates" Microsoft still has the right to ignore all settings you made and install one update or another (DRM) anyway.
What will you do? Sue them?
Interestingly enough, I did this as well, several weeks ago. Imagine my surprise when last night, after a reboot, I suddenly noticed the Messenger icon in my systray again! I have auto-updating disabled, and I'm blocking all requests to microsoft.com at my router. So how did it suddenly pop back after being gone for weeks?
End of lesson. You may press the button.
Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.
Following is an excerpt from the Win2ksp3 supplemental EULA: (text bolded by post author)
I don't know what "automatic" means to you, but according to my understanding of English, it seems to preclude consent.
Yes, it DOES have to do with the Windows Automatic Updates.
Then why is it not a supplemental EULA for auto-update, rather than the operating system patch? That this EULA change was made to the operating system service pack suggests that your interpretation of M$'s intentions are incorrect.
Further interesting is that the excerpt quoted above does NOT appear in the EULA to which you must agree to begin the download, but only in the EULA click box that comes up when you begin installing sp3. The preambles of both statements are identical, clearly demonstrating the intent to deceive the user.
I just love slashdot's faithfulness to the cause. Right below a blatantly anti-MSFT article was a big Visual Studio.NET advertisement. I'm saving a screenshot of this.
my sig's at the bottom of the page.
Why hasn't this been modded up to funny as hell? I'm still laughing!
A steaming cup of soykaf would be real wiz right now.
"Interestingly enough, I did this as well, several weeks ago. Imagine my surprise when last night, after a reboot, I suddenly noticed the Messenger icon in my systray again! I have auto-updating disabled, and I'm blocking all requests to microsoft.com at my router. So how did it suddenly pop back after being gone for weeks?"
7 46 .html
m l
Windows Update will put the MS Messenger "trojan" back on your PC.
See this Register article (which has a link to a simple batch file hack that will expunge Messenger for you):
http://www.theregister.co.uk/content/archive/24
The article on the "trojan" behavior of Windows Update on reinstalling MS Messenger:
http://www.theregister.co.uk/content/4/24668.ht
It's not that I MIND MS Messenger... It's that I DONT USE IT. So why should I have it wasting RAM and running? I use AIM, have for years, and all my IM friends use it, so I have no reason to change or to sign up for a Passport...
Corporatism != Free Market