Financial Institutions Balk at MS Licensing

mmol_6453 writes "Now, not only are hospitals groaning under the combination of Microsoft and the HIPAA, but banks are having issues relating to federal privacy laws. Favorite line: 'Microsoft has told...that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.'"

Trojan Horse?

[mdechene]

And in other news, Microsoft becomes the first fortune 500 company to trogan horse an operating system.

Re:Trojan Horse?

[CoolVibe]

Oh that's okqya, sometimes I have to type something when i havn't had any coffee yet. The result is usua;llly somethong like thios. SOmehow my fingers (adn my brain) need vcoffee to type somewaht corectly.

;-)

from the article..

[\\]

"That makes Warby nervous. "Microsoft is definitely not known for their internal security," he says, citing undocumented macros in some Microsoft programs, which can be accessed by those who know the right combination of keystrokes. "The idea of Microsoft coming into a server, creates a potentially huge security risk," he says."

has anyone got any examples of this anywhere? i'd be curious to see some of these macros..

Yeah, MS can access my system all they like

[darkov]

I dunno what they're going to do with 62 gigabytes of pr0n, though.

Re:Yeah, MS can access my system all they like

[alexburke]

I dunno what they're going to do with 62 gigabytes of pr0n, though.

Probably the same thing you do with it.

Trust

[DoctorFrog]

Trusting the bank != trusting Microsoft. A bank that takes customer privacy seriously and switches away from using Microsoft products has a better chance of getting my business. Pity my account is so small... :(

Probably a misquote

[0x0d0a]

Notice that everything he's directly quoted on in the article is straightforward...and then a completely bizarre indirect quote.

Most likely he gave a bunch of examples of macro viruses or undocumented APIs and the reporter decided to "condense" things a bit.

Re:Probably a misquote

[Dynedain]

Exactly.

When a reporter was writing an article on my company, we were asked what software packages we use (we mentioned both 3D Studio and Maya).

When we go the first draft of the article passed by us, the reporter had written that we used Maya on a certain major project for a whole slew of reasons, when in reality, we had been working exclusively in 3DStudio for that project.

What we had said was that Maya and 3DStudio were both good programs for all those reasons. We never mentioned what package we were using on that project but the writer had 'condensed' the quotes, to the point where it was false.

Its like condensing this quote from the Bible: "Thou shalt not kill." to this: "Thou shalt ... kill."

Hard to fathom

[SgtChaireBourne]

I can see reasons for and against (mostly against) running Win2000 on workstations. But given the licensing and security problems to date with WinXP and various service packs, I still find it hard to believe that anyone requiring privacy of data or security would consider istaying with MS-Windows even for the workstations. There are neither technical reasons nor financial reasons to use it on any of the infrastructure, at least none that stand scrutiny.

Arguments against using Macintosh or Linux usually center on retraining issues. However, heavy retraining occurred when migrating between Win3.11, WinNT, Win2000, and - for the chumps - WinXP. So if you have to retrain anyway, then why not go with something easier to both use and maintain like Macintosh OS X or Mandrake/Redhat?

When you consider the bizarre nature of the service pack EULAs, the migration to Macintosh or Linux should be the obvious choice to anyone that can read English.

Re:Hard to fathom

[Dynedain]

its not retraining....

its software, software, software

Find a *nix based CAD package that compares to AutoCAD. In terms of 3D, Maya is as usable as 3D Studio, but costs twice as much. And Gimp has absolutely nothing on Photoshop (I use both). Music Editing/Sound Engineering? forget it. Tax and Accounting packages (QuickBooks, TurboTax, etc.) - not there.

Although the training is a big issue (hint, its training end users in new software thats expensive, not the OS training), the big concern is software availability. What good does having the option of 30 different email clients if you cant do the major task that your company pays you to do.

Re:Hard to fathom

[PhreakinPenguin]

Don't take offense to this, but your comment sounds like someone who doesn't know alot about businesses that require specific apps to stay in business.

Our office does a ton of work for medical centers and family practices that use software to manage their patient flow and medical records. These programs will ONLY run on Windows using SQL. Sure, there are 2 or 3 out there that run off SCO but the quality of program is inferior to the Windows versions.

NextGen, Alteer, Practice Partner, and Medical Manager our all Windows only apps. These 4 are the the most widely used systems in family practice offices around our area. They don't run on a *nix platform, and they never will.

It's not a case of having to replace workstations, hell that's the easy part. It's a case of the software only running on a specific platform and the server requires it.

Wow, you need a girlfriend!

[SaraSmith]

Spend some of that porn time on socializing with real live women and you may find an upgrade to porn. Yes yes, I know that sounds crazy, but there are things above and beyond porn.. try 'em out, they're way more fun.

Re:Wow, you need a girlfriend!

[darkov]

Actually, it's my girlfriend's collection.

Re:Wow, you need a girlfriend!

[KingJoshi]

Actually, it's my girlfriend's collection.

Just because you have a collection of porn of a particular girl does not make her your girlfriend.

Financial institutions??

[Polo]

Heck, EVERYONE Balks at MS Licensing.

How many people have passed on XP because of the licensing crap? I'll bet a LOT of people have.

I have, and it has nothing to do with piracy.

An unusual prediction

[astrashe]

I think that MS is going to back off on a lot of this stuff, probably even Palladium in its most extreme form.

Their strategy at the highest level seems to be two pronged. On one hand they want to gather up all of the power and control of the monopolist, and on the other hand, they try to respond to customers as if they had to compete.

I know that a lot of people are skeptical about the last part of that, but I believe it. They backed off of the passport nightmare to a large extent.

There are lots of smaller things they've backed off on as well -- their first incarnation of their anti-piracy measures would have made it impossible for corporate users to roll out systems using software like ghost, but they backed down on that, and that concession has had a real effect on the ease with which one can pirate their software.

The banks have a real problem, and MS is going to have to address it or lose the business. I think they're going to address it.

The big conceptual problem, I think, is to consider MS to be a monolith. There are people who are pushing for this stuff, and there are others who are talking to the customers who are screaming bloody murder.

In the end, they will have to listen to their customers.

Re:An unusual prediction

[Verteiron]

This is how you make horrible things happen: propose something truly nasty, and let users and techies make a huge fuss about it. Then back down from the worst practice due to "customer input" and simply go forward without the top 5% of the bad stuff. Now MS has implemented 95% of their bad stuff, but techies and consumers don't mind because they've now Made a Difference.

Lather, rinse, repeat...

breaking the law

[agurkan]

himm... there is something I can't understand here. a contract is void by default if it violates a law, so doesn't this invalidate the appropiate part of the EULA, if the purchaser makes it clear that the software will be used in an environment where privacy is mandated by the law?

i wonder if some sort of equal oppurtunity law would mandate microsoft to provide the software and updates with a licence and a method suitable for banks, hospitals etc.

Closer than you think....

[djupedal]

...have you taken the time to study Excel & Word macros, lately? Break out a VB editor and crack open any of the stock templates that ship with Office....Project, ACCESS, etc. Look in the macros for strings that contain:

• pwd...container...host....logon...restart...data source

....you get the idea.

If you are looking for specific troublemaking 'poison-pill' macros, I'm sorry, I don't have those handy, but if you want, I can send you a Word document you can fill out to request them :)

All missing the point!

[krazyninja]

We are all missing the point. The point is, where is Warby, and others like him going to go? The moment he takes his eyes off Microsoft, there is *no* other singly unified system, that can provide both ease of use, and integration. He has to worry about retraining his staff. That is why most admins think that "a known devil is better". Unless other backend server vendors like Novell/oracle come up with a better, unified proposition, it is going to be a tough sell.

Re:All missing the point!

[Corrado]

I think Apple should step up and fill the gap. They have very capable machines and could support almost any business. Besides the power of the machines, the user experience is like no other. I love Linux, but I wouldnt give up my Mac for every day use.

They even have servers. With no license fees!!!

It's kinda funny; when we accuired a well known pizza chain they were using Macs. We "converted" them from those hethen machines. Now, it looks like they might have been right going with the Macintosh. At least from a legal/licensing point-of-view.

Re:All missing the point!

[IamTheRealMike]

Hmmm, perhaps, but Apple sell hardware primarily, and there's nothing wrong with the hardware most business has - the issue is with software.

A medium sized company can easily have 5000 desktops. The average price of a Mac is I'd guess about £1000, so that's a cool £5,000,000 (about $7,500,000) just to replace hardware that already worked? You might as well pay the fees to Microsoft, that's almost certainly cheaper. And don't forget that most businesses have at least 1 or 2 custom apps.

The obvious solution is Linux - with a decent set of administators Linux is within a year of being just great on the corporate desktop. The final usability problems are being hammered at a truly astonishing rate, and with tricks like CrossOver Office Server you can pay for 1 copy of Office (I guess it'd work with other programs too) but have it serve hundreds of desktops. Wine is so critical in these areas, for custom business apps, and the Mac has no equivalent, probably won't for some time, if ever.

Re:what other options would you suggest?

[Jouster]

Actually, there are three settings:

Off. Pops up dialog boxes and warnings: "DO YOU REALLY WANT TO DO THIS!?" sort of things. After clicking "yes" a few dozen times, WinXP no longer attempts to auto-update, and doesn't poll for update availability.
Automatic Download. Periodically (timeframe? anyone?) polls an MS server for updates, downloads them in the background, you have to click a little taskbar widget to install them.
Automatic Download and Install. Yep, just what it says: "Please, Microsoft, install arbitrary code on my system without alerting me!"

Of course, I'm currently leading an initiative to have all non-technical people required to set their level to "Automatic Download and Install", so I can only be a certain degree of harsh about what that means.

Jouster

This is a non-issue!

[arb]

I don't use Windows Update, but my understanding is that the "let Microsoft dig through your system" stuff is only if you do use Windows Update. If this is correct, then there is no problem - don't use it!

Surely someone managing machines in a business critical environment would have the nous to turn off the auto-update? Don't use it. Install patches and hot-fixes manually after fully testing them to make sure they don't kill your system. Do not rely on Microsoft (or any third party vendor for that matter) to automatically update your servers without you knowing exactly what is going on!

The XP-related stuff though, is a bit of a worry. Then again, the solution is pretty straight-forward - DON'T USE XP. If you need Windows, use Windows 2000. If Microsoft bring the same checks in to 2000 via future service packs, then configure your firewall properly and stop it happening.

Re:what other options would you suggest?

[pennsol]

As a street level tech mostly working on MS boxes I can be a tad upset about the "auto update" feature.. i've made so much money in billable hours on boxes that just needed windows updates and a disk defrag that i can't even count.. i usually charge $50 for this service and explain what i did and that they need to do it themselves evey once in a while... well i still get reapeat calls to do it about once every 10-12 months on most boxes..and they don't want to be bothered by learning to click on it themselves.. hey..let the little guy make a buck..:)

My mom.

[miffo.swe]

My mom phones me weekly yapping about some new virus that has slipped into her computer. She is 50+ and i think she is doing a nice job learning her WinXP. What she is frustrated with is the fact that she has a firewall, a antivirus program and she updates often even if she is on a modem. Still she have gotten successful attacks into her machine and even viruses has slipped past her antivirus system. She is getting real paranoid and feels that its not fun anymore when you have to be a fully fledged sysadmin to surf and write mails. She is going for linux and i will try to install it as safe as possible for her. No services open and a default drop on incoming connections should keep her safe for a while. That is what i would call proactive security.

Security must be proactive and not reactive. MS is simplifying reactive security instead of focusing on proactive security. The old vuln ??? patch treadmill is stupid. I think some dists should stop making their default installs wide open aswell. Close all ports and code a nice simple app that makes it easy to open the ones you need to be open.

what happens when M$ decides to go kazaa! boom!

[kraksmoka]

"Of equal concern, says Warby, is that by agreeing to the Windows 2000 SP3 licensing terms, the credit union is potentially granting access not just to Microsoft, but to its "designated agents" The Microsoft license offers no assurances about who those companies might be, says Warby. "What if the designated agent is some small company overseas," he says, "in a country with a lax legal system?""

that's right, what happens when M$ decides to go kazaa all over your system. there's nothing you can do about it. face it, its just your hardware, the OS (i use the term lightly for windoze) belongs to them, 100%. You're just borrowing it. That's not good enough to pass muster for private information. If M$ wasn't so large, a bill to make them post surety bond for every financial house would be an ideal restraint for the mighty beast

oh well, chances of legislation unsupportive of m$ are about as likely as me giving birth.

Think bigger...

[djupedal]

MS wants to be a bank, remember? How better to throttle back competition than by tossing a smoke bomb or two into their home office...

"While other banking institutions are suffering from network slowdowns and corrupted databases, MS First Union can provide you with reliable access to your funds around the clock. Bank with MSFU....we keep an eye on your money!"

Re:Preventing piracy? ha!

[marauder404]

Piracy hasn't been eliminated, but it's way down. No longer can the office secretary pass the copy of XP that she got with her computer around the office. She has to go find a warez group on IRC or on Usenet, download the ISO, and then burn it to disc, which are skills beyond the average Windows user. Microsoft's activation policy solved what it set out to do: prevent casual piracy.

give me a break

[djupedal]

Why am I having a hard time believing that business as we know it will come to a complete halt if MS isn't allowed in the door?

Commerce in one form or another, from bartering coconuts to brokering used RAM, will find a way to continue, regardless if the transaction is on limestone, paper or bubble-ether crystals. Unified...disparate...co-mingled...far-stepped or translucid....who cares. The point is supply and demand, not demand by MS.

One thing to note

[Mr_Silver]

Time and time again, people, organisations and institutions have complained about Microsofts tactics, stability, security and licencing issues.

Yet, so far, the reports of them actually doing something about it and moving away from MS are very thin on the ground.

It would appear that however much MS wishes to shoot itself in the foot, or deny users specific rights, people are still unwilling to move to a different OS.

The fact Linux is free didn't compell them, the fact Linux doesn't "phone home" didn't compell them, the fact Linux is easier to maintain within an organisation didn't compell them, the fact Linux doesn't come with arcane restrictions on what you can and can't do with your PC didn't compell them, the fact Linux doesn't suffer so many virus attacks didn't compell them, the fact Linux is more secure and robust didn't compell them and the fact that Linux applications can read and write Word documents didn't compell them to move.

So the question is, what on earth will compell them to drop Windows on the desktop? Because it's sure as hell not any of the issues we've seen so far.

(and here i'm talking about the masses, not the odd special case)

Re:One thing to note

[Asprin]

So the question is, what on earth will compell them to drop Windows on the desktop? Because it's sure as hell not any of the issues we've seen so far.

When I can buy LeasePlus, Smart.alx and Great Plains Dynamics as ELF binaries.

Seriously, the reason small-medium businesses buy MS servers and workstations in the first place is because they need to run that one application that runs their business, and it only runs on MS because the vendor doesn't have the resources to devote to multiple platforms. For us, it's a combination of the apps I mentioned (and a couple of other minor ones).

There are hundreds (if not thousands) of small software companies that write, manage and maintain ONE niche-software app to run the businesses in their specific industry. They use MS tools and platforms because they are easy, cheap*** and ubiquitous. There is some competition, but it is limited by huge barriers to entry -- mostly, up-front capital and specific in-depth industry experience (for example: in order to write effective lease management and accounting software, you first have to know the leasing industry inside and out.)

Oh, and did I mention that we hate the software we're using, but so does everyone else. We're stuck with it because the only alternatives are either prohibitively expensive to switch or crummier or both. We're too small to pay someone develop custom software in-house, and our industry is too small to generate enough free-developer interest for a non-propretary/open-source solution to be practical.

There is only one way Linux is going to **REPLACE** the MS servers in our storage/mopcloset/utility/telco room: Our vendors need to start developing for Linux, or at least on an open platform like LAMP or WAMP that allows us to pick one or the other.

Why do you think monkeyboy gets so jacked up about DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! ?

Until then, Linux is going to have to run our web site and our email and be happy with that. There aren't enough open-source developers in equipment leasing.



*** "cheap" in a relative sense. Consider that we're going to send the equivalent of a small automobile to each of our two or three software vendors every year for the priviledge of being able to call them when their shitty, crappy, slow and bug-infested software takes a dump after an update all the while frustrated that we can't get working features we were promised three years ago when we bought the software for the price of a good-sized house.

But, you know what? Our business couldn't function without it.

Take everything in reach...

[PhilHibbs]

then hand back what the courts tell you to.

Windows calls home--often

[g4dget]

One of my machines is running Windows XP, and it is calling home to various Microsoft machines, frequently. Part of it is probably auto-updating, but there are apparently other things it does as well. And many major Windows programs check their own home server whether there is an update, and many of them don't take "No" for an answer.

Corporate security officers really should be concerned about this. From a security and privacy point of view, Windows XP is already out of control, and it looks like it's getting worse. Even if all those connections were harmless, it's hard to even identify a real trojan horse with all that junk going on.

Software updates and contacts to other services are much more sensible under Linux: nothing happens unless you explicitly enable it, you have the option of updating via media or mirrors, and all software updates can happen through a single server.

Re:what other options would you suggest?

[Groo+Wanderer]

I turn off automatic updates on all machine I admin (about 250 across various organizations), not out of greed, but out of fear and responsibility. The fear part comes in when you get a call at 6 am, followed by 10 more in the next hour saying 'all our computers are dead'. Not a happy day. Automatic updates can do this, and have done it to me. I like to get a patch, test it, THEN install it.

If your computers are protected properly, (firewall, virus scanners w/ heuristics etc), you can get away with not patching for a day or 2. Use this time wisely, large corporations do, you should also. That is the fear part.

The resopnsibility comes in when you test the stuff for your clients so the BSOD scenario does not happen. I charge a lot, but thing like this make me worth it to clients.

-Charlie

Re:Preventing piracy? ha!

[BrainInAJar]

So it turns casual pirates into seasoned ones?

People who have now found connections to a world of pirated software, right at their fingertips?

No - it's enforcing obsolence

[Analysis+Paralysis]

By requiring a key to activate XP, Microsoft has the ability to force an OS upgrade simply by no longer issuing them. Therefore if (say) Windows YP is released and sells abysmally, MS can announce the withdrawal of keys for XP, forcing users to get YP should they need to reactivate. Instant sales boost, instant share price surge.

Re:Some corrections

[rseuhs]

You quietly assume that

• Microsoft actually does what they say they do. Last time I checked Microsoft didn't give any guarantees of what they do, just a bunch of webpages. (And even IF they would issue some kind of guarantee or agreement. They have broken such things in the past often enough)
• Microsoft installed the new EULA just for kicks and will never ever use the power to access YOUR system.

If lying to yourself makes you comfortable, well just keep lying to yourself.

I work at major bank

[crovira]

and Linux is knocking at the door of the MIS. That would mean rooms full of servers and thousands of NT desktops.

Tellers and staff run custom apps, don't have multi-media or ever web browsers on their machines and definitely aren't playing with their machines so M$ latest geegaws are of absolutely no interest.

A usage study has shown that only a small percentage of the features of the Office Suite are actually used and a great deal of the features that M$ wants to reverse engineer into their products (in direct violation of the DMCA they pushed for, which will come back and bite them some day) are already available in other products from vendors with better market focus.

In the second-rate, also-ran, pursuit of Apple's flash and style, M$ has lost focus of their customers, the same boring old desktops that didn't want a computer with a funny name back in 1980.

Firewalls may not help

[ebcdic]

An obvious solution - suggested in other comments - is to configure your firewall to prevent your computer from connecting to Microsoft. But Microsoft have a plan for that: UPnP. Universal Plug'n'Play is a protocol supported by an increasing number of "broadband routers" that allows applications to punch holes in your firewall by installing NAT rules. This is attractive for things like chat and video conferencing programs, but it will also allow Microsoft to override any rules you have to prevent unauthorized connections.

Though UPnP works by sending SOAP messages to a small web-server in the router (also used for user configuration), on my router (Alcatel ST510 v4) it bypasses the password protection that you can set for user access to the web server.

Re:High level of control

[sqlrob]

You mean auto update with things like SP4 for NT that broke TCP/IP, SP6 that was rapidly replaced with SP6a (don't know why there), DirectX 8.0 that was rapidly replaced with DirectX 8.0a ...

So, tell me again why autoupdate is a good idea.

My Mom's Computer has run flawlessly for 2 years

[FreeUser]

My mom phones me weekly yapping about some new virus that has slipped into her computer.

My mom has been running Debian for almost two years, and aside from a few calls early on of the "how do I do X under Linux" type, I haven't had to field any calls at all (none within the last year. None). Indeed, I havent had to fix her computer once since I installed it nearly two years ago.

Not once.

Now that Applix has grown a little staid, I'm probably going to upgrade her to Gentoo 1.4 when it is released, with Open Office.

She works with Microsoft every day at work, and has been agitating her employer to let her use GNU/Linux instead. My mom, who, like yours, is 50+.

However, even if her employer doesn't let her switch, she has no trouble importing and exporting to Microsoft Word and Excel formats using her GNU/Linux box ... in fact she loves the fact that it is quick and stable, unlike the much more expensive machine she uses at work, which is down for software repairs quite frequently.

Most especially, she likes not having to worry about the latest Klez worm or misc. virus, something that is steadilly stressing out all her friends.

My mother, who is computer competent but certainly not computer savvy, has become a stronger propoent of Linux and free software than I have. All the Microsoft-funded astroturfers keep harping about how the consumers wants this or that slick or shiny feature, when in truth all of the computer illiterate and computer competent (but not necessarilly savvy) people I've exposed to GNU/Linux haven't ever wanted to go back. Why?

Because in truth people don't care all that much about shiny feature X or slick feature Y, they care far more about stability, predictability, and the ability to simply get their work done. And that is where GNU/Linux truly excells ... unlike Windows, it does not change its behavior for no apparent reason, nor does it break mysteriously simply because you've added a new piece of software.

What is interesting is how few people realize they have a viable choice, and once they do realize it, how many (of the people I know, at least, of various walks of life) end up dumping Windows like a bad habit.

Re:Let me get this straight

[Gannoc]

My Mom is 108 years old. Windows XP one day manifested itself in a swirling cloud of darkness and evil and killed her cat. I installed Debian for her and it cured her arthritis and let her get involved in some kernel hacking. She's never had a problem with her computer, even when she loses power. Bless you Linux!

Why doesn't the media talk to lawyers?

[sheldon]

Just seems rather odd, doesn't it?

All these articles from journalists complaining about Windows EULA, and quoting people at hospitals, financial institutions and so forth and asking them if they are afraid. But not once do they ever actually quote a lawyer who can interpret the real legal language.

I work for a Fortune 30 company, we're moving to XP. We're also a financial institution. Our lawyers looked over the licensing and saw nothing to be concerned with.

I've spoken to other people in this industry who are in the same situation.

It almost seems like the media is trying to promote FUD concerning Windows. Of course we all know that /. would never do something that hypocritical, right? I mean promoting FUD about Windows to further some weird Linux agenda.

You don't understand.

[RatBastard]

We're not talking programs like The Gimp or even Mozilla. We're talking professional grade applications that often have to follow Federal guidelines in their implementation. You can't just yank these programs and replace them with some home-grown FSF/GNU/OS replacement.

I haven't worked in the medical industry, but I have worked in the banking industry. They are in a very similar situation regarding software. There is no window shopping. You don't get to decide what platform these programs run on. You get what your vendor makes.

These programs must often follow stringent federal guidelines and the vendors often offer 24/7 live support (and I've called my vendor at 11:30pm on Christmas Eve and there was a knowledgable tech there to help me out).

Idealsim is a fine thing, but don't let it get in the way of getting your actual work done.