Slashdot Mirror
Financial Institutions Balk at MS Licensing
mmol_6453 writes "Now, not only are hospitals groaning under the combination of Microsoft and the HIPAA, but banks are having issues relating to federal privacy laws. Favorite line: 'Microsoft has told...that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.'"
"That makes Warby nervous. "Microsoft is definitely not known for their internal security," he says, citing undocumented macros in some Microsoft programs, which can be accessed by those who know the right combination of keystrokes. "The idea of Microsoft coming into a server, creates a potentially huge security risk," he says."
has anyone got any examples of this anywhere? i'd be curious to see some of these macros..
that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.
Ok, this sucks to start with. Why the hell does MS need access to banking systems? Besides to rape accounts that belong to companies that cheat licensing. (sorry, conspiracy theory again) The other thing here the TOTALLY bugs me is that this effects me! I've put alot of effort into removing MS products from my life. But, if banks are running MS, and they have access to those systems, then my efforts seem to be useless. "I'm sure Microsoft wouldn't do anything bad with that kind of power". PFFT.
Here comes another conspiracy theory:
MSFT: Hrm, rmAdmin has $0.34 in his checking account, must be having money problems, lets see, we'll sell his contact info to every 'debt consolidation' service on earth.
Ring ring
rmAdmin: Hello?
StupidTelemarketter: Hello Mr AIDmen...
rmAdmin: ACK!! DIE DIE DIE
click
Ok, maybe not that bad, but who knows...
Can all fish swim?
has anyone got any examples of this anywhere? i'd be curious to see some of these macros..
Perhaps he's referring to many of Microsoft's easter eggs in the OS and apps.
Isn't there a web browsing easter egg in some program? Don't recall if that was MS or not.
- pwd...container...host....logon...restart...data source
....you get the idea.If you are looking for specific troublemaking 'poison-pill' macros, I'm sorry, I don't have those handy, but if you want, I can send you a Word document you can fill out to request them
I don't use Windows Update, but my understanding is that the "let Microsoft dig through your system" stuff is only if you do use Windows Update. If this is correct, then there is no problem - don't use it!
Surely someone managing machines in a business critical environment would have the nous to turn off the auto-update? Don't use it. Install patches and hot-fixes manually after fully testing them to make sure they don't kill your system. Do not rely on Microsoft (or any third party vendor for that matter) to automatically update your servers without you knowing exactly what is going on!
The XP-related stuff though, is a bit of a worry. Then again, the solution is pretty straight-forward - DON'T USE XP. If you need Windows, use Windows 2000. If Microsoft bring the same checks in to 2000 via future service packs, then configure your firewall properly and stop it happening.
My mom phones me weekly yapping about some new virus that has slipped into her computer. She is 50+ and i think she is doing a nice job learning her WinXP. What she is frustrated with is the fact that she has a firewall, a antivirus program and she updates often even if she is on a modem. Still she have gotten successful attacks into her machine and even viruses has slipped past her antivirus system. She is getting real paranoid and feels that its not fun anymore when you have to be a fully fledged sysadmin to surf and write mails. She is going for linux and i will try to install it as safe as possible for her. No services open and a default drop on incoming connections should keep her safe for a while. That is what i would call proactive security.
Security must be proactive and not reactive. MS is simplifying reactive security instead of focusing on proactive security. The old vuln ??? patch treadmill is stupid. I think some dists should stop making their default installs wide open aswell. Close all ports and code a nice simple app that makes it easy to open the ones you need to be open.
HTTP/1.1 400
-- Hi! I'm the "Good Times" signature virus. Copy me into your Sig!
This would obviously be a horrible disaster for MS, because not only would they not make any money but it'd also make the news. ("We're sorry, but we can't process your transaction today, as we had to erase Windows XP from all our computers thanks to a supplementary EULA from Microsoft. Please call back in two to three weeks when we have completed our rollout of Windows 3.1.")
that's right, what happens when M$ decides to go kazaa all over your system. there's nothing you can do about it. face it, its just your hardware, the OS (i use the term lightly for windoze) belongs to them, 100%. You're just borrowing it. That's not good enough to pass muster for private information. If M$ wasn't so large, a bill to make them post surety bond for every financial house would be an ideal restraint for the mighty beast
oh well, chances of legislation unsupportive of m$ are about as likely as me giving birth.
"You never want a serious crisis to go to waste." - Rahm Emanuel
MS wants to be a bank, remember? How better to throttle back competition than by tossing a smoke bomb or two into their home office...
"While other banking institutions are suffering from network slowdowns and corrupted databases, MS First Union can provide you with reliable access to your funds around the clock. Bank with MSFU....we keep an eye on your money!"
Many rely on Solaris, etc. for mission critical data. I'm sure there are related processes on Linux somewhere in every large banking system. Might be automated network performance reporting....automated backup audits....prototype network planning....human resource forecasting...project management analysis, etc. There are too many facets to modern banking to be able to state simply that one OS or another is responsible for 'handling' personal accounts.
Why am I having a hard time believing that business as we know it will come to a complete halt if MS isn't allowed in the door?
Commerce in one form or another, from bartering coconuts to brokering used RAM, will find a way to continue, regardless if the transaction is on limestone, paper or bubble-ether crystals. Unified...disparate...co-mingled...far-stepped or translucid....who cares. The point is supply and demand, not demand by MS.
a contract is void by default if it violates a law
IANAL, this is more complicated. The problem here is that there are two (possibly) mutually exclusive constraints on the client , so that he may be screwed in any case: if he complies with the law his user agreement his void and microsoft can refuse giving support, or worse, sue.
Of course if the client violates the law he is vulnerable to suits from the government or, much worse, his own clients or third parties damaged by possible exploits.
so this seems like a real concern. If I were a bank's lawyer (which again, IANAL) I'd be scared shitless, I'd recomend just to forget about it all.
Working for necessity's mother.
You have Medical Manager running on as a Windows App?
The version we have runs on a SCO box with a terminal program for the client. (it's being replaced this year for an EMR solution)
I wonder how many programs out there are called Medical Manager.
Ursula Andress, Catherine Deneuve, and Charo, twice...
My 59 year old mother manages linux with no problems. I do most admin tasks from my house 60 miles away including fixing things when X freezes, (adsl at both ends and a ssh tunnel).
Yet, so far, the reports of them actually doing something about it and moving away from MS are very thin on the ground.
It would appear that however much MS wishes to shoot itself in the foot, or deny users specific rights, people are still unwilling to move to a different OS.
The fact Linux is free didn't compell them, the fact Linux doesn't "phone home" didn't compell them, the fact Linux is easier to maintain within an organisation didn't compell them, the fact Linux doesn't come with arcane restrictions on what you can and can't do with your PC didn't compell them, the fact Linux doesn't suffer so many virus attacks didn't compell them, the fact Linux is more secure and robust didn't compell them and the fact that Linux applications can read and write Word documents didn't compell them to move.
So the question is, what on earth will compell them to drop Windows on the desktop? Because it's sure as hell not any of the issues we've seen so far.
(and here i'm talking about the masses, not the odd special case)
Avantslash - View Slashdot cleanly on your mobile phone.
Windows software runs in emulation under MacOS X (and MacOS 9). Connectix, the maker of the most popular emulator, "Virtual PC" (VPC), has to do a better job on performance--especially with graphic-intensive applications--but I buy and install any Windows software package I need and run it on my Macintosh G4.
I have Windows 98 and Windows NT 4.0 (sp6) installed on one VPC setup and I plan to put XP on another. I'm a computing consultant and I regularly invite my clients to forward suspicious software to me. I run it on a clean, isolated VPC machine and, if it turns out to be a virus, I inform the customer, drag the test machine into the trash and I'm on my merry way. And it's more stable and easier to maintain than an actual PC.
As I said before, if they could get performance out of the doldrums, Apple would have another great "switch" story to tell.
I don't really understand what a bank or hospital would need with a CAD or 3d rendering program? All they need is a front end to their database of clients/patients, which was mostly likely custom made for them in the first place. Thus it would be fairly easy for someone to make ( or port ) a fronted that behaved the exact same way. Then there is no need to buy new hardware (as would be the case for a mac solution) and no need to retrain (except the IT people) as the software would behave the same.
Corporate security officers really should be concerned about this. From a security and privacy point of view, Windows XP is already out of control, and it looks like it's getting worse. Even if all those connections were harmless, it's hard to even identify a real trojan horse with all that junk going on.
Software updates and contacts to other services are much more sensible under Linux: nothing happens unless you explicitly enable it, you have the option of updating via media or mirrors, and all software updates can happen through a single server.
I turn off automatic updates on all machine I admin (about 250 across various organizations), not out of greed, but out of fear and responsibility. The fear part comes in when you get a call at 6 am, followed by 10 more in the next hour saying 'all our computers are dead'. Not a happy day. Automatic updates can do this, and have done it to me. I like to get a patch, test it, THEN install it.
If your computers are protected properly, (firewall, virus scanners w/ heuristics etc), you can get away with not patching for a day or 2. Use this time wisely, large corporations do, you should also. That is the fear part.
The resopnsibility comes in when you test the stuff for your clients so the BSOD scenario does not happen. I charge a lot, but thing like this make me worth it to clients.
-Charlie
So the EULA is invalid. Will Windows care? Will Windows behave any different because of that? Can you feel secure because of that?
I don't think so.
It's amazing how many things Windows users are willing to do.
Sun is offering an alternative: Sun Ray workstations with Linux, Evolution, Mozilla and Gnome Desktop. The price is about US$ 1000 per machine.
Using existing hardware is the cost-saving question. Is it more affordable to install Linux and retrain the entire staff to use Linux software than to replace the hardware and retrain the staff.
And are there alternatives to retraining, like founding user groups with advanced users helping others to get to know the system. There might be a drop to productivity during the time the users need these groups. It's a complicated matter.
It is sure that they cannot break the law. So the alternatives really are pressing Microsoft to alter their licences or switch to another OS. The cost and convenience of doing so will determine what they'll do.
Well, personally I'd like `shut the hell up abpout this one'. My Win98 machine has been bugging me to update IE6 to patch some of it's mny security holes every day for weeks.
I don't have IE6. I don't want IE6. So far as I can see there is no way to tell M$ this.
_O_
.|< The named which can be named is not the true named
You mean auto update with things like SP4 for NT that broke TCP/IP, SP6 that was rapidly replaced with SP6a (don't know why there), DirectX 8.0 that was rapidly replaced with DirectX 8.0a ...
So, tell me again why autoupdate is a good idea.
You are an idiot. In our organisation automatic updates run - from the central SUS server that MS provides for free, and where the Admins can control which patches get installed.
My mom phones me weekly yapping about some new virus that has slipped into her computer.
... in fact she loves the fact that it is quick and stable, unlike the much more expensive machine she uses at work, which is down for software repairs quite frequently.
... unlike Windows, it does not change its behavior for no apparent reason, nor does it break mysteriously simply because you've added a new piece of software.
My mom has been running Debian for almost two years, and aside from a few calls early on of the "how do I do X under Linux" type, I haven't had to field any calls at all (none within the last year. None). Indeed, I havent had to fix her computer once since I installed it nearly two years ago.
Not once.
Now that Applix has grown a little staid, I'm probably going to upgrade her to Gentoo 1.4 when it is released, with Open Office.
She works with Microsoft every day at work, and has been agitating her employer to let her use GNU/Linux instead. My mom, who, like yours, is 50+.
However, even if her employer doesn't let her switch, she has no trouble importing and exporting to Microsoft Word and Excel formats using her GNU/Linux box
Most especially, she likes not having to worry about the latest Klez worm or misc. virus, something that is steadilly stressing out all her friends.
My mother, who is computer competent but certainly not computer savvy, has become a stronger propoent of Linux and free software than I have. All the Microsoft-funded astroturfers keep harping about how the consumers wants this or that slick or shiny feature, when in truth all of the computer illiterate and computer competent (but not necessarilly savvy) people I've exposed to GNU/Linux haven't ever wanted to go back. Why?
Because in truth people don't care all that much about shiny feature X or slick feature Y, they care far more about stability, predictability, and the ability to simply get their work done. And that is where GNU/Linux truly excells
What is interesting is how few people realize they have a viable choice, and once they do realize it, how many (of the people I know, at least, of various walks of life) end up dumping Windows like a bad habit.
The Future of Human Evolution: Autonomy
You know, we *just* deactivated a computer lab running Windows 3.1 connected to a Novell 3.11 server that was running some special client software that required those OSes. It ran just fine and did its job. Windows 3.1 has been unsupported for ages now. I can imagine the hell we'd have gone through if the decision to upgrade was forced upon us earlier. We also still have numerous Windows 95 clients out there, and a boatload of NT.
So saying XP will be supported for years and years is hardly a comforting fact.
Exactly. Being a Windows admin is harder than most slashdotters think. It takes a special skill to find the correct time to patch - after MS fixes the show-stopper bugs but before the next worm.
Microsoft is shooting themselves in the foot.
The climate that created microsoft was one of ignorance about computers among the various business managers. The cry was "Nobody ever got fired for buying IBM." Microsoft built on IBM's reputation.
Going to the much more technically knowledgable business people today and opening them up to vast leagal liabilities for using MS software is going to force these businesses to do something drastic. That something drastic is to find another OS.
Legal liability in this lawsuit crazy era is something that CEO's and management understands because they pay a lot of money to their lawyers to make them understand. And if Jack Lawyer says if you buy MS you could go to jail or be sued out of business for violating the law; Joe CEO is gonna tell the boys and girls to FIND ANOTHER SOLUTION.
The lack of security and MS's complete evasion of responsiblity for the functioning of the updates (or even the OS) is less of a worry, but there are many who look at the security of the data that runs the business who are not going to allow Automatic updates from MS or some unknown "Agent." Businessess have lawyers to help them protect their IP and if that IP is going out the gates of the Automatic Update, then guess what is going to happen.
Most business types are risk averse and a little bit of FUD will get MS out of the important areas. (Sure we can use MS, but then we'll have to let them look at our data. Nope, they don't sign secrecy agreements to protect our data from this process. Oh yeah, we have to let any "agent" that they hire into our computers as well.)
Hospitals and the medical field goes first, then banks.
If there was ever a clear, concise, demonstration that MS is still acting like an unrepentant monopoly, then this is it. No serious business in a competitive market would require its current customers to chose between violating Federal Laws and Regulations or violating a software liscence. The fact that this choice is being forced upon those customers to PROTECT Microsoft's interest in preventing piracy of its software is a crystal clear indication of Microsoft's nature.
Microsoft NEEDS to be busted into a billion little companies. But, I guess that they'll have to do that to themselves.
No, I don't hate Microsoft, I happen to like Office. I just don't like the monopoly: bad service, poor quality, and god only knows how many lost manhours arguing with windows.
Creatively spelled words are copyrighted (2002) May be used without persimmons.
Creative Spelling Copyright (2002). May use without Persimmons
What surprises me is that no one seems to think it's odd that it seems to be OK (ie legal) for Microsoft to change the EULA from what you originally agreed to in order for you to install security patches.
There has got to be something wrong with extracting a payment (ie agreement to a new license) in order to get a needed fix to an already paid for product.
I have no intention of installing sp3 for Win2k unless they change that EULA, no way am I agreeing that MS can have access to my system.
Now perhaps, if due to this fact hackers gain access to my system through a security hole that sp3 would have patched, I can sue MS for charging for a fix to a broken product. You don't see the car companies charging for the fixes when there is a problem that requires a recall, and that costs them a lot more than the service pack costs MS.
OK, I'm not sure how much of a case there really is here, but I'd sure like to see someone try!
Mike
It seems like a small story from a small news outfit that is quite thin on anything other than Mr. Warby's hearsay. Talk about FUD... but with any news site, no matter how obscure, as soon as it hits the front page of slashdot, it is beyond reproach. That's something we should watch out for, after reading so much yesterday about Alan Sokal's Social Text hoax. In summary, he tricked a popular publication of the literary, postmodern Left into printing a hoax article of his that any amount of editorial review should have uncovered as a hoax, to the discredit of the journal, the editors, and (hopefully) perhaps some of the movement itself.
Let's not be so reactionary that we leave ourselves open to a Sokaling - a doc without any factual basis, that goes unchecked because its conclusions agree with our mindset.
What should also be mentioned is Slashdot's ability to make the news. We're a publication with a large circulation, that doesn't do much fact checking before our editors endorse an article. (I know that we never set out to be a reputable news site, but when google's news is referencing us as the top source on a story... I'd be happy if we just held ourselves to a higher bar.) If the Smallsville Post carries a totally unresearched article that doesn't ever leave the downtown coffee shop area, and LexLutherCorp doesn't even bother returning a comment on it, and suddenly the Daily Planet, without doing any more investigating, just decides to reprint it to its own (much-larger) readership... well, it bites when the article turns out to be crap.
Now that it's been slashBotted, the article will probably get a response from MS PR, something along the lines of, "Don't be silly, of course Microsoft has the highest committment to customer data confidentiality, as part of our TrustWorthy Computing (TM) Initiative. All of the data we use comes from version numbers, and we leave the option for customers to completely disable the Microsoft Windows Update feature. Look at how paranoid and reactionary this bunch of misfits is. Snort. Linux users... " =)
Let's win the spin war Larry Wall style, not MS style.
my 2 cents...
Hence the reason Microsoft is now selling broadband hardware? To ensure that a percentage of their installed userbase won't ever be able to cut them off, even with evil-linux-savvy-friends who come over and try.
Fear the day some joker installs an M$-router in something important (like an ISP, or as a gateway to a bank).
I like to get a patch, test it, THEN install it.
As do I. For the buisness world, what I would like to see is the ability to redirect the auto updates feature (of both the OS update, and other software updates) to access a server of the sysadmins choice. This (and the related server side software to do this) could allow sysadmins to test the new patches from MS, agree or disagree with the liceancing, and then role out the patches across the network with relitive ease. This type of a system could also do things like make tracking the software liceancing for a large network easy or make it simple to do things like account for whats on a given system.
Oh, wait, we are talking about M$. They won't ever make it that easy for companies they plan on screw^H^H^H^H selling software assurance to.