Slashdot Mirror
More MS EULA Fun
gray code writes: "The Register is reporting that Microsoft has placed an interesting wrinkle in the EULA of WinXP SP1 and Win2k SP3 that asks for the same remote admin rights as the Windows Media Player patch that raised such an uproar. I think I'll be leaving my Win2k box at SP2, thank you very much." Update: 08/04 15:05 GMT by T : Helix150 writes that a separate EULA for W2K's SP3 "contains this nasty bit: 'You may not disclose the results of any benchmark test of the .NET Framework component of the OS Components to any third party without Microsoft's prior written approval.' Hmmm..."
Gee that was fast, almost seems like u had it prepared.
The issue you microsoft loving moron is the EULA does not say that by turning off the Auto updates they wont do anything to your system..
The EULA gives them TOTAL power of your computer no matter what you do short of taking away any connection between you and them..
This means its within there power to say, Hey look hes got a pirated version of "Austin Powers The Spy Who couldnt come up with a second Orginal Movie and had to use the same old jokes over and over" and WIPE your system TOTALLY.
Its not the Ability to Auto Update.. ITS THE BROAD power there poorly worded EULA gives them.
Personal Website
Bzzzt, wrong. The passage (as quoted from the article) is: "You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." With the automatic update functionality both in Windows 2000 and in Mac OS, you actively check if there are updates available for your system. This may happen through a cron job (whatever that's called in Windows), but it is your computer that checks. The new passage of the EULA says that _Microsoft_ may check _your_ computer, without your notice, and then "upload" their "fixes". This is, if you haven't noticed, the other way around. The automatic update can be disabled (it is on my working machine), but this? Since you gave _them_ the right to mess around with your computer, I doubt that you can disable this "push update". Furthermore, this may constitute a serious security problem: if MS can upload what they want on your system, some other people could do, too.
I agree that most users never read the EULA anyway, which is their fault, but they might just read it if it were understandable. How about saying no to the EULA box and mailing Microsoft for clarification on what exactly the EULA means? Surely this is within one's rights as a customer, or is it against the law in the USA now (unpatriotic?) to ask to understand what the EULA is requiring of you?
I have no "warez" on my machine or MP3's for that matter, and I do use my Windows machine to "make money" but I don't think I want to allow Microsoft access to my computer for other reasons. The reasons include Microsoft changing the OS to a subscription model without my consent, Microsoft having access to company and private information which would constitue a breach of my and my company's privacy (small company, no corporate versions) and Microsoft modifying the OS to exclude me using competitor's software without warning me in advance.
I think this is a case for the EU commission on privacy and legality of contracts here in Europe. I don't know about the USA though (OI assume that obviously such contracts are legal in the USA).
I checked the Automatic Updates Control Panel Applet, It was clearly unchecked, as in "Don't check for updates".
Yes, when I checked my system services, there was Automatic updates set to Start automatically and currently started and running even though It was clearly disabled in Control Panel.
Set to manual, stop the service, that should do it.
Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.
Yes, (s)he does.
I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates."
Hmmmmm, so you're experienced at running servers, are you? And you'd love to see some organisation you know little about randomly updating your servers with whatever code they like, whenever they feel like it?
Are security and reliability really your top priorities?
"You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its components that you are utilizing and may provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer." That's two separate things. Unless I'm reading it wrong, even if you can disable the automatic updates there's no provision for disabling Microsoft's snooping. Now, if the agreement said something like... "You acknowledge and agree that Microsoft may automatically provide upgrades or fixes to the OS Product that will be automatically downloaded to your computer, and for the purposes of doing so may check the version of the OS Product and/or its components that you are utilizing" ...I would be less suspicious of their intentions.
Forcing someone into a new agreement is illegal. Governments should give this some attention. The updates are necessary, partly because the software is sloppily written. The user does not have a good option; the only option is to get a new operating system and re-train everyone, and accept that some programs on which a business is dependent don't work. That's force.
You can remove the Microsoft EULA: Windows VBScript for automatically removing the click-through End-User License Agreements found in most installers.
It's no fun to work at an abusive company. We are seeing a rise in the number of sneaky contracts. This seems due to the presence of people with no technical knowledge at technically oriented companies. These people cannot contribute to the real work of the companies; all they can do is invent ways to abuse the customer.
As companies become more abusive, it becomes more miserable to work there. If you are good at what you do, quit and get a job somewhere where people are treated like people.
This is where it is all leading:
EULA:
- I can do anything I like.
- You have no power.
- You can't say anything bad about me.
- Everything belongs to me.
I knew a 3-year-old who said this.Slashdot has a sneaky EULA, too. At the top of every Slashdot article, it says, "The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way."
This sounds like you own your comments, doesn't it? However, the OSDN Terms of Service says at section "4. CONTENT", paragraph 6,
"In each such case, the submitting user grants OSDN the royalty-free, perpetual, irrevocable, non-exclusive and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable Open Source Initiative-approved license."
The contract is written in such a way as to appear that it has been made intentionally confusing. However, it looks like "comments are owned by whoever posted them" means that, yes, you own the intellectual property you created, but VA Software Corporation owns it too.
This appears similar to owning a car, but under the condition that someone else can use it at any time, and without notifying you. In any case, Slashdot's The Fine Print is misleading; it is not all of the fine print, although that line at the top of each story certainly encourages you to believe it is.
Almost everyone probably has -something- to hide. No, maybe not a porn stash or illegal copies of things, but most people have at least one thing they wouldn't want others to know about. An expectation of privacy isn't really that sinister. Heck, how many of you folks use envelopes instead of the (much cheaper to send) post cards? What? You don't want them all to be able to easily read your mail? Even though most postal carriers would probably never bother? What? You don't want to release your medical history to the world? Even though we often practically force presidential candidates & misc. other politicians to do so?
Besides, complacency isn't the answer. MS isn't currently collecting people's first-born; but reserving the right to would (and should!) raise a few eyebrows. It's not that I think they have sinister intentions right now, it's just that I don't trust them to come up with a way to profit at my expense... something not exactly foreign to them, according the to DOJ...
I don't think that they need that clause in the EULA to do what they want to do; all they need to say is that by using their updating software, you grant them the right to make certain changes to the system for the purpose of installing that software & that if you don't like that, you can just turn it off and prevent it from connecting to MS for updates, but that this may not be a good idea.
BTW, yes it really does bother some people to know that MS has a backdoor on their system, just as much as it would bother them to have sub7, netbus, or BO installed. While we may (think) we know exactly what it's doing, given MS' track record on security, it might as well be BO -- at least you can password protect an installation of that...
Just remember an old legal proverb: only a fool signs a contract because he thinks it's unenforcable.
It gives legal legroom for full admin rights since vague words like "upgrades or fixes" are a lawyer's wet dream. DRM is an upgrade in MS's view, deleting unauthorised mpegs is a fix to the MPAA. Are you going to argue?
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Well this is easily negated with a firewall.
.NET? Basicly unblockable unless you kill all web access completely.
No. You are effectivly trying to fight a trojan in the operating system. Unless you know exacly how it works the only sure protection would be never to connect the computer to the net at all.
For starters your opponet is the OS itself, so you can't go with a software firewall - you'd need a seperate firewall box sitting between you and the net. Second, you have no idea when the packets/connections look like, so you have to keep a lockdown on all types of connections both inbound and outbound. This can be a major pain on a general purpose PC doing vaious sorts of web access - games, voice chat, P2P, and other applications constantly bumping into to firewall.
The reak kicker is that if they really wanted to they could stll get past any firewall. They could piggyback on a legitimate connection any time you touch a Microsoft controlled website. Yeah, it's getting a bit extreme, but it's possible. The OS could keep the HTTP connection alive and insert a sideband channel in the HTML itself. SOAP anyone? Or
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
It seems to me that the EULA means that you're not allowed to block out their requests. You'll have the FBI breaking down your door to uninstall your firewall if they really want to "upgrade" you.
Step 1: Log into Windows 2000 (any flavor) with a non-administrator user account.
Step 2: Go to windowsupdate.microsoft.com
Step 3: Note the following message Step 4: Explain to me your insinuation that manual updates somehow require administrator rights but automatic ones don't.
Also, considering that the updates are installed automatically, imagine all the new and interesting EULAs that will spring up now that I no longer have the option of not agreeing to them.
-
The OS Product or OS Components contain components that enable and facilitate the use of certain Internet-based
services. You acknowledge and agree that Microsoft may automatically check the version of the OS Product and/or its
components that you are utilizing and may provide upgrades
or fixes to the OS Product that will be automatically
downloaded to your computer.
Could this be construed to allow Microsoft to access your machine even with Windows Update off? Corporate users, especially sysadmins, should bring that clause to the attention of their attorneys. It's probably unwise for corporate users to install this update without obtaining legal advice.At 6:28 am an article is posted about the negative aspects of the new Microsoft EULA. At 6:31 am an Anonymous Coward posts a well-written, generally grammatically-correct response that explains the need for it.
./ is being actively astroturfed?
The response is 383 words. That's over 127 words per minute.
Furthermore, this paragraph smacks of being mandate-driven...
And before we crucify Microsoft alone for including this "heinous" behavior, check Apple. Mac OS has performed automatic updating since Mac OS 9. I don't know about any other software, but I would love to see some form of update checking and/or installation method for servers, especially the variety that are intended to be installed, turned on, and forgotten, like email notifications or schedulable updates. I'd also like to see a move to create a standard through which updates can be propogated for any software. Some software already scan, like Adobe Acrobat Reader, Macromedia ShockWave, and I think QuickTime. If there were one place, maybe things could be more organized and more user friendly.
Am I the only one getting the feeling that
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
Nowhere did I see the Eula state "with or without your consent" either. Stop making stuff up.
Following is an excerpt from the Win2ksp3 supplemental EULA: (text bolded by post author)
I don't know what "automatic" means to you, but according to my understanding of English, it seems to preclude consent.
Yes, it DOES have to do with the Windows Automatic Updates.
Then why is it not a supplemental EULA for auto-update, rather than the operating system patch? That this EULA change was made to the operating system service pack suggests that your interpretation of M$'s intentions are incorrect.
Further interesting is that the excerpt quoted above does NOT appear in the EULA to which you must agree to begin the download, but only in the EULA click box that comes up when you begin installing sp3. The preambles of both statements are identical, clearly demonstrating the intent to deceive the user.
I just love slashdot's faithfulness to the cause. Right below a blatantly anti-MSFT article was a big Visual Studio.NET advertisement. I'm saving a screenshot of this.
my sig's at the bottom of the page.