Slashdot Mirror
Financial Institutions Balk at MS Licensing
mmol_6453 writes "Now, not only are hospitals groaning under the combination of Microsoft and the HIPAA, but banks are having issues relating to federal privacy laws. Favorite line: 'Microsoft has told...that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.'"
And in other news, Microsoft becomes the first fortune 500 company to trogan horse an operating system.
Karma: Not Particularly Funny.
"That makes Warby nervous. "Microsoft is definitely not known for their internal security," he says, citing undocumented macros in some Microsoft programs, which can be accessed by those who know the right combination of keystrokes. "The idea of Microsoft coming into a server, creates a potentially huge security risk," he says."
has anyone got any examples of this anywhere? i'd be curious to see some of these macros..
Microsoft does provide users with a high level of control over the auto update feature. Windows XP ships with the feature turned off, for example, so users must choose to activate it. And Microsoft notifies users of any updates, requiring them to agree to install them.
Microsoft: This is our highest level of control on anything we've ever included in windows! You can turn it on AND off!!!! AND you have to agree to install the updates, come on how can you hate us now, we give you so much control!
I dunno what they're going to do with 62 gigabytes of pr0n, though.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
Trusting the bank != trusting Microsoft. A bank that takes customer privacy seriously and switches away from using Microsoft products has a better chance of getting my business. Pity my account is so small... :(
Notice that everything he's directly quoted on in the article is straightforward...and then a completely bizarre indirect quote.
Most likely he gave a bunch of examples of macro viruses or undocumented APIs and the reporter decided to "condense" things a bit.
May we never see th
that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.
Ok, this sucks to start with. Why the hell does MS need access to banking systems? Besides to rape accounts that belong to companies that cheat licensing. (sorry, conspiracy theory again) The other thing here the TOTALLY bugs me is that this effects me! I've put alot of effort into removing MS products from my life. But, if banks are running MS, and they have access to those systems, then my efforts seem to be useless. "I'm sure Microsoft wouldn't do anything bad with that kind of power". PFFT.
Here comes another conspiracy theory:
MSFT: Hrm, rmAdmin has $0.34 in his checking account, must be having money problems, lets see, we'll sell his contact info to every 'debt consolidation' service on earth.
Ring ring
rmAdmin: Hello?
StupidTelemarketter: Hello Mr AIDmen...
rmAdmin: ACK!! DIE DIE DIE
click
Ok, maybe not that bad, but who knows...
Can all fish swim?
The article says about SP1: Solely for the purpose of preventing unlicensed use of the applicable OS Software, the OS Components will include installation on your computer of technological measures that are designed to prevent unlicensed use, and Microsoft may use this technology to confirm that you have a licensed copy of the OS Software.
This is done through a product key that is sent to Microsoft over the Internet. That means Microsoft must send an authorization back to your system, says Warby, requiring it to have access to your system.
While I'm no Microsoft licensing fan, I would like to dispel some FUD presented here. The product activation has always been a part of XP, and your system sends the product key number to MS, and not MS going to your system first. After it's activated, MS is not contacted, unless your hardware changes significantly, or you use Windows Update (which does not enforce product key restructions, although the product key is being sent). But in any case, MS never initiates contact with any system.
For SP1 upgrade, the authorization merely checks to see if your product key is one of two that have been widely pirated. It doesn't contact any server at all for this step.
There's 10 types of people in this world, those who understand binary and those who don't.
Solely to prevent piracy?
What a joke -- Microsoft could never stop piracy, as the devilsown copy of XP was out months before the release, and service pack 1 for it, fully cracked, was out in an integrated ISO weeks before the release of SP1.
Microsoft doesn't have a chance at stopping piracy, and it's just another lame excuse for Microsoft to follow the logical course of big business and try to control everything.
If Microsoft turns a deaf ear to angry consumers on the issue of collecting data, the federal government has every right to nail them to the wall for it, especially if it interferes with our health and banking privacy.
Arguments against using Macintosh or Linux usually center on retraining issues. However, heavy retraining occurred when migrating between Win3.11, WinNT, Win2000, and - for the chumps - WinXP. So if you have to retrain anyway, then why not go with something easier to both use and maintain like Macintosh OS X or Mandrake/Redhat?
When you consider the bizarre nature of the service pack EULAs, the migration to Macintosh or Linux should be the obvious choice to anyone that can read English.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
has told...that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.'
Of course, if you are willing to pay just a little more, Microsoft will sell you security. Coincidence? I think not.
I'm out of my mind right now, but feel free to leave a message.....
Spend some of that porn time on socializing with real live women and you may find an upgrade to porn. Yes yes, I know that sounds crazy, but there are things above and beyond porn.. try 'em out, they're way more fun.
has anyone got any examples of this anywhere? i'd be curious to see some of these macros..
Perhaps he's referring to many of Microsoft's easter eggs in the OS and apps.
Isn't there a web browsing easter egg in some program? Don't recall if that was MS or not.
Heck, EVERYONE Balks at MS Licensing.
How many people have passed on XP because of the licensing crap? I'll bet a LOT of people have.
I have, and it has nothing to do with piracy.
I think that MS is going to back off on a lot of this stuff, probably even Palladium in its most extreme form.
Their strategy at the highest level seems to be two pronged. On one hand they want to gather up all of the power and control of the monopolist, and on the other hand, they try to respond to customers as if they had to compete.
I know that a lot of people are skeptical about the last part of that, but I believe it. They backed off of the passport nightmare to a large extent.
There are lots of smaller things they've backed off on as well -- their first incarnation of their anti-piracy measures would have made it impossible for corporate users to roll out systems using software like ghost, but they backed down on that, and that concession has had a real effect on the ease with which one can pirate their software.
The banks have a real problem, and MS is going to have to address it or lose the business. I think they're going to address it.
The big conceptual problem, I think, is to consider MS to be a monolith. There are people who are pushing for this stuff, and there are others who are talking to the customers who are screaming bloody murder.
In the end, they will have to listen to their customers.
himm... there is something I can't understand here. a contract is void by default if it violates a law, so doesn't this invalidate the appropiate part of the EULA, if the purchaser makes it clear that the software will be used in an environment where privacy is mandated by the law?
i wonder if some sort of equal oppurtunity law would mandate microsoft to provide the software and updates with a licence and a method suitable for banks, hospitals etc.
ato
- pwd...container...host....logon...restart...data source
....you get the idea.If you are looking for specific troublemaking 'poison-pill' macros, I'm sorry, I don't have those handy, but if you want, I can send you a Word document you can fill out to request them
"Do something man. Right now."
Actually, there are three settings:
Off. Pops up dialog boxes and warnings: "DO YOU REALLY WANT TO DO THIS!?" sort of things. After clicking "yes" a few dozen times, WinXP no longer attempts to auto-update, and doesn't poll for update availability.
Automatic Download. Periodically (timeframe? anyone?) polls an MS server for updates, downloads them in the background, you have to click a little taskbar widget to install them.
Automatic Download and Install. Yep, just what it says: "Please, Microsoft, install arbitrary code on my system without alerting me!"
Of course, I'm currently leading an initiative to have all non-technical people required to set their level to "Automatic Download and Install", so I can only be a certain degree of harsh about what that means.
Jouster
I don't use Windows Update, but my understanding is that the "let Microsoft dig through your system" stuff is only if you do use Windows Update. If this is correct, then there is no problem - don't use it!
Surely someone managing machines in a business critical environment would have the nous to turn off the auto-update? Don't use it. Install patches and hot-fixes manually after fully testing them to make sure they don't kill your system. Do not rely on Microsoft (or any third party vendor for that matter) to automatically update your servers without you knowing exactly what is going on!
The XP-related stuff though, is a bit of a worry. Then again, the solution is pretty straight-forward - DON'T USE XP. If you need Windows, use Windows 2000. If Microsoft bring the same checks in to 2000 via future service packs, then configure your firewall properly and stop it happening.
As a street level tech mostly working on MS boxes I can be a tad upset about the "auto update" feature.. i've made so much money in billable hours on boxes that just needed windows updates and a disk defrag that i can't even count.. i usually charge $50 for this service and explain what i did and that they need to do it themselves evey once in a while... well i still get reapeat calls to do it about once every 10-12 months on most boxes..and they don't want to be bothered by learning to click on it themselves.. hey..let the little guy make a buck..:)
Just Limin' Mon
My mom phones me weekly yapping about some new virus that has slipped into her computer. She is 50+ and i think she is doing a nice job learning her WinXP. What she is frustrated with is the fact that she has a firewall, a antivirus program and she updates often even if she is on a modem. Still she have gotten successful attacks into her machine and even viruses has slipped past her antivirus system. She is getting real paranoid and feels that its not fun anymore when you have to be a fully fledged sysadmin to surf and write mails. She is going for linux and i will try to install it as safe as possible for her. No services open and a default drop on incoming connections should keep her safe for a while. That is what i would call proactive security.
Security must be proactive and not reactive. MS is simplifying reactive security instead of focusing on proactive security. The old vuln ??? patch treadmill is stupid. I think some dists should stop making their default installs wide open aswell. Close all ports and code a nice simple app that makes it easy to open the ones you need to be open.
HTTP/1.1 400
that's right, what happens when M$ decides to go kazaa all over your system. there's nothing you can do about it. face it, its just your hardware, the OS (i use the term lightly for windoze) belongs to them, 100%. You're just borrowing it. That's not good enough to pass muster for private information. If M$ wasn't so large, a bill to make them post surety bond for every financial house would be an ideal restraint for the mighty beast
oh well, chances of legislation unsupportive of m$ are about as likely as me giving birth.
"You never want a serious crisis to go to waste." - Rahm Emanuel
MS wants to be a bank, remember? How better to throttle back competition than by tossing a smoke bomb or two into their home office...
"While other banking institutions are suffering from network slowdowns and corrupted databases, MS First Union can provide you with reliable access to your funds around the clock. Bank with MSFU....we keep an eye on your money!"
Many rely on Solaris, etc. for mission critical data. I'm sure there are related processes on Linux somewhere in every large banking system. Might be automated network performance reporting....automated backup audits....prototype network planning....human resource forecasting...project management analysis, etc. There are too many facets to modern banking to be able to state simply that one OS or another is responsible for 'handling' personal accounts.
Why am I having a hard time believing that business as we know it will come to a complete halt if MS isn't allowed in the door?
Commerce in one form or another, from bartering coconuts to brokering used RAM, will find a way to continue, regardless if the transaction is on limestone, paper or bubble-ether crystals. Unified...disparate...co-mingled...far-stepped or translucid....who cares. The point is supply and demand, not demand by MS.
oh.. another eula thing... snooze...
-
There was Corporate America. And people enjoyed to remark this. And there was a company that claimed that Linux, Open Source, GPL and Co. were a treat to Capitalism... And there was a lot of FUD, among some people, that all this was the same thing as Communism, if not worst. And they raised Corporate America in a crusade against the Spectrum. And they said: buy only true corporate software. And Corporate America felt that it would be easier to deal with a corporation, rather than risking its health and wealth with something that sounded like some old enemies calls.
Now Corporate America is eating the fruits of its short vision and its lack of support to venture capitalists, small developers and a little more freedom for people. Soon, we may see that Corporate America is no more. Welcome to M$ America.
My 65 year old mom uses linux, for browsing, icq, occasional letter writing, and email. She actually prefers the lack of advert banners in icq, the fact she doesnt have to worry about viruses in her mail, and the fact galeon can block images and cookies from particular servers.
She also prefers the fact that the machine stays running.
When she was using windows (2000) she was getting very frustrated with regular crashing, slow reboot time, frequent virus infection, and slowdown caused by the virus checker itself. Not to mention the fact that a pension doesnt stretch very far towards expensive software, the straw that broke the camels back.. was the cost of msoffice when she decided she wanted to write some letters (most of her friends dont have computers atall)
openoffice is vastly overpowered for what she needs infact, she usually uses the old wordperfect 8 (or was it 9?) that was ported to linux.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Sadly though, this is also in windows2000 sp3. So, you'd have to move back to NT 4.0 to be completely safe.
While you may be correct in their intentions, the EULA doesn't specifically state this. Going by just the wording of the EULA, they can do whatever they want, if you have auto-update enabled or not. This is where the problem is. If they specified a clause that would state something to the effect of "unless the user turns off auto-update" or have this EULA addendum pop up when they user enables auto-update with a yes/no box, it would be much, much better. This wording of the EULA in current form of not mentioning any change based on auto-updates being enabled is what is keeping SP3 off of our rdesktop Terminal Server.
Another interesting note is that the EULA for SP3 with the bad text is only there when you install the update, the original Win2k eula.txt is still left unchanged on your hard drive. Makes it kind of confusing, if you ever want to review what you actually agreed to at a later date.
Yet, so far, the reports of them actually doing something about it and moving away from MS are very thin on the ground.
It would appear that however much MS wishes to shoot itself in the foot, or deny users specific rights, people are still unwilling to move to a different OS.
The fact Linux is free didn't compell them, the fact Linux doesn't "phone home" didn't compell them, the fact Linux is easier to maintain within an organisation didn't compell them, the fact Linux doesn't come with arcane restrictions on what you can and can't do with your PC didn't compell them, the fact Linux doesn't suffer so many virus attacks didn't compell them, the fact Linux is more secure and robust didn't compell them and the fact that Linux applications can read and write Word documents didn't compell them to move.
So the question is, what on earth will compell them to drop Windows on the desktop? Because it's sure as hell not any of the issues we've seen so far.
(and here i'm talking about the masses, not the odd special case)
Avantslash - View Slashdot cleanly on your mobile phone.
New Coke.
New Coke was a means of converting the bottling plants over from powdered supplies (sugar) to liquid supplies (high fructose corn syrup).
The way it worked was to make something that tasted sufficiently bad, compared to the original, that when they "switched back" to the old formula (actually, the old formula, minus sugar, plus corn syrup), they were sufficiently close to the old formula that people didn't complain about the switch (they just got fat off the new stuff).
The best way to get something small and distasteful past someone is to try for something very large and distasteful, and when people complain, back off to the small distasteful thing you wanted in the first place.
To get unimpeded weapons inspections, ask for a "regime change" and an OK to invade. To switch over to cheaper, easier indistrial process supplies, like corn syrup instead of sugar, change everything, and then change "almost all the way back".
If you don't think Microsoft knows about this technique, you are fooling yourself. You should be much more worried about the consequences of whatever they pick as their "backed down" position.
-- Terry
then hand back what the courts tell you to.
Corporate security officers really should be concerned about this. From a security and privacy point of view, Windows XP is already out of control, and it looks like it's getting worse. Even if all those connections were harmless, it's hard to even identify a real trojan horse with all that junk going on.
Software updates and contacts to other services are much more sensible under Linux: nothing happens unless you explicitly enable it, you have the option of updating via media or mirrors, and all software updates can happen through a single server.
I turn off automatic updates on all machine I admin (about 250 across various organizations), not out of greed, but out of fear and responsibility. The fear part comes in when you get a call at 6 am, followed by 10 more in the next hour saying 'all our computers are dead'. Not a happy day. Automatic updates can do this, and have done it to me. I like to get a patch, test it, THEN install it.
If your computers are protected properly, (firewall, virus scanners w/ heuristics etc), you can get away with not patching for a day or 2. Use this time wisely, large corporations do, you should also. That is the fear part.
The resopnsibility comes in when you test the stuff for your clients so the BSOD scenario does not happen. I charge a lot, but thing like this make me worth it to clients.
-Charlie
By requiring a key to activate XP, Microsoft has the ability to force an OS upgrade simply by no longer issuing them. Therefore if (say) Windows YP is released and sells abysmally, MS can announce the withdrawal of keys for XP, forcing users to get YP should they need to reactivate. Instant sales boost, instant share price surge.
and Linux is knocking at the door of the MIS. That would mean rooms full of servers and thousands of NT desktops.
Tellers and staff run custom apps, don't have multi-media or ever web browsers on their machines and definitely aren't playing with their machines so M$ latest geegaws are of absolutely no interest.
A usage study has shown that only a small percentage of the features of the Office Suite are actually used and a great deal of the features that M$ wants to reverse engineer into their products (in direct violation of the DMCA they pushed for, which will come back and bite them some day) are already available in other products from vendors with better market focus.
In the second-rate, also-ran, pursuit of Apple's flash and style, M$ has lost focus of their customers, the same boring old desktops that didn't want a computer with a funny name back in 1980.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
An obvious solution - suggested in other comments - is to configure your firewall to prevent your computer from connecting to Microsoft. But Microsoft have a plan for that: UPnP. Universal Plug'n'Play is a protocol supported by an increasing number of "broadband routers" that allows applications to punch holes in your firewall by installing NAT rules. This is attractive for things like chat and video conferencing programs, but it will also allow Microsoft to override any rules you have to prevent unauthorized connections.
Though UPnP works by sending SOAP messages to a small web-server in the router (also used for user configuration), on my router (Alcatel ST510 v4) it bypasses the password protection that you can set for user access to the web server.
You are an idiot. In our organisation automatic updates run - from the central SUS server that MS provides for free, and where the Admins can control which patches get installed.
My mom phones me weekly yapping about some new virus that has slipped into her computer.
... in fact she loves the fact that it is quick and stable, unlike the much more expensive machine she uses at work, which is down for software repairs quite frequently.
... unlike Windows, it does not change its behavior for no apparent reason, nor does it break mysteriously simply because you've added a new piece of software.
My mom has been running Debian for almost two years, and aside from a few calls early on of the "how do I do X under Linux" type, I haven't had to field any calls at all (none within the last year. None). Indeed, I havent had to fix her computer once since I installed it nearly two years ago.
Not once.
Now that Applix has grown a little staid, I'm probably going to upgrade her to Gentoo 1.4 when it is released, with Open Office.
She works with Microsoft every day at work, and has been agitating her employer to let her use GNU/Linux instead. My mom, who, like yours, is 50+.
However, even if her employer doesn't let her switch, she has no trouble importing and exporting to Microsoft Word and Excel formats using her GNU/Linux box
Most especially, she likes not having to worry about the latest Klez worm or misc. virus, something that is steadilly stressing out all her friends.
My mother, who is computer competent but certainly not computer savvy, has become a stronger propoent of Linux and free software than I have. All the Microsoft-funded astroturfers keep harping about how the consumers wants this or that slick or shiny feature, when in truth all of the computer illiterate and computer competent (but not necessarilly savvy) people I've exposed to GNU/Linux haven't ever wanted to go back. Why?
Because in truth people don't care all that much about shiny feature X or slick feature Y, they care far more about stability, predictability, and the ability to simply get their work done. And that is where GNU/Linux truly excells
What is interesting is how few people realize they have a viable choice, and once they do realize it, how many (of the people I know, at least, of various walks of life) end up dumping Windows like a bad habit.
The Future of Human Evolution: Autonomy
Microsoft is shooting themselves in the foot.
The climate that created microsoft was one of ignorance about computers among the various business managers. The cry was "Nobody ever got fired for buying IBM." Microsoft built on IBM's reputation.
Going to the much more technically knowledgable business people today and opening them up to vast leagal liabilities for using MS software is going to force these businesses to do something drastic. That something drastic is to find another OS.
Legal liability in this lawsuit crazy era is something that CEO's and management understands because they pay a lot of money to their lawyers to make them understand. And if Jack Lawyer says if you buy MS you could go to jail or be sued out of business for violating the law; Joe CEO is gonna tell the boys and girls to FIND ANOTHER SOLUTION.
The lack of security and MS's complete evasion of responsiblity for the functioning of the updates (or even the OS) is less of a worry, but there are many who look at the security of the data that runs the business who are not going to allow Automatic updates from MS or some unknown "Agent." Businessess have lawyers to help them protect their IP and if that IP is going out the gates of the Automatic Update, then guess what is going to happen.
Most business types are risk averse and a little bit of FUD will get MS out of the important areas. (Sure we can use MS, but then we'll have to let them look at our data. Nope, they don't sign secrecy agreements to protect our data from this process. Oh yeah, we have to let any "agent" that they hire into our computers as well.)
Hospitals and the medical field goes first, then banks.
If there was ever a clear, concise, demonstration that MS is still acting like an unrepentant monopoly, then this is it. No serious business in a competitive market would require its current customers to chose between violating Federal Laws and Regulations or violating a software liscence. The fact that this choice is being forced upon those customers to PROTECT Microsoft's interest in preventing piracy of its software is a crystal clear indication of Microsoft's nature.
Microsoft NEEDS to be busted into a billion little companies. But, I guess that they'll have to do that to themselves.
No, I don't hate Microsoft, I happen to like Office. I just don't like the monopoly: bad service, poor quality, and god only knows how many lost manhours arguing with windows.
Creatively spelled words are copyrighted (2002) May be used without persimmons.
Creative Spelling Copyright (2002). May use without Persimmons
My Mom is 108 years old. Windows XP one day manifested itself in a swirling cloud of darkness and evil and killed her cat. I installed Debian for her and it cured her arthritis and let her get involved in some kernel hacking. She's never had a problem with her computer, even when she loses power. Bless you Linux!
Just seems rather odd, doesn't it?
/. would never do something that hypocritical, right? I mean promoting FUD about Windows to further some weird Linux agenda.
All these articles from journalists complaining about Windows EULA, and quoting people at hospitals, financial institutions and so forth and asking them if they are afraid. But not once do they ever actually quote a lawyer who can interpret the real legal language.
I work for a Fortune 30 company, we're moving to XP. We're also a financial institution. Our lawyers looked over the licensing and saw nothing to be concerned with.
I've spoken to other people in this industry who are in the same situation.
It almost seems like the media is trying to promote FUD concerning Windows. Of course we all know that
So, let me get this straight. Easter eggs are now security threats? Whats next, a law to protect us from the evils of hidden credits or secret photos of the programmers?
If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
I haven't worked in the medical industry, but I have worked in the banking industry. They are in a very similar situation regarding software. There is no window shopping. You don't get to decide what platform these programs run on. You get what your vendor makes.
These programs must often follow stringent federal guidelines and the vendors often offer 24/7 live support (and I've called my vendor at 11:30pm on Christmas Eve and there was a knowledgable tech there to help me out).
Idealsim is a fine thing, but don't let it get in the way of getting your actual work done.
Boobies never hurt anyone. - Sherry Glaser.