Slashdot Mirror

← Back to Stories (view on slashdot.org)

Surprises in Microsoft Vista's EULA

Posted by ryuzaki0 on from the oh-look-a-sheep dept.

androthi writes "Scott Granneman takes a look at some surprises in Microsoft Vista's EULA that limit what security professionals and others can do with the new operating system. You want to post benchmarking results? Well, Microsoft may now have a say in it. Vista's EULA no longer shows up on Microsoft's software licensing page, but does still exist — also take note of Windows DRM deciding what you can and can not listen to, and Defender deciding and removing what it considers spyware automatically (by default)."

21 of 385 comments (clear)

  1. a way around? by ryanelm · · Score: 3, Insightful

    I don't 'sign' the EULA when i use a public machine...

  2. sined, sealed and delivered by yagu · · Score: 4, Interesting

    To quote the Buckaroo Bonzai movie, Microsoft's locked in monopoly is sined, sealed and delivered. The EULA for Vista provides more evidence Microsoft is the 800 lb. guerilla that doesn't care about potential faceoffs on these issues any more. The article seems to think differently:

    If you thought that the legal troubles the company faced in the late 90s would perhaps mellow it out, you were wrong. Far from it. The draconian limitations I've discussed could only be enacted by a monopoly unafraid of alienating its users, as it feels they have no other alternative. Microsoft may yet learn, however, that there are limits to what its users will bear. To paraphrase what my fifth-grade teacher often told his rambunctious class, "Beware the wrath of a patient user base." Security pros have already given Microsoft a deserved black eye over the never-ending string of gaffes and vulnerabilities streaming out of the company. It seems now as though another black eyes and a bloody nose may be coming, along with a final wave goodbye. There comes a point at which corporate hubris causes a fall, and we may be seeing the beginning of that collapse. If so, Microsoft will have no one but itself to blame.

    I'm not sure how the article's author would see the user base reacting. Pick a different platform? How? At what expense? No, Microsoft has got this one in the bag.

    I predicted in the late 90's if Microsoft didn't have to pay real consequences for their business practices, eventually they would be rolling out OSes at any price they wanted and noone would be able to do much about it. This was at a time where hardware dramatically was decreasing in price but Windows, all flavors, continued to sustain an amazingly different cost curve. I predicted eventually:

    • Microsoft would put out an OS at around $400
    • Their OS would eventually be the largest cost of a new machine

    It looks like we're pretty close to both. I'll continue to do my development in my Linux world, but I'm guessing there will be a momentary raised eyebrow with Microsoft's Vista, Vista's EULA with it's almost amazing restrictions (especially compared with already draconian past EULAs) and then business as usual.

    1. Re:sined, sealed and delivered by frosty_tsm · · Score: 2, Insightful

      "Given away" might be a bit strong, but yes.

      I wonder which happened:
      1) OEM companies didn't like that a person could buy off-the-shelf components to make a cheaper, faster, and more reliable machine. They then asked MS to make this more expensive for the user.
      2) MS realized that most of their OS sales was to OEM companies, and that they could rip off consumers buying the OS unbundled.

      What are we paying for now that we weren't getting 10 years ago? Fancier versions of Media Player (which happen to get worse and worse with every iteration)?

    2. Re:sined, sealed and delivered by x3nos · · Score: 2

      Ill probably get a downmodded as troll for this, but heh my Karma is good

      Viva la Revolucion!

      --
      /* somewhat functional - fix later */
    3. Re:sined, sealed and delivered by ClamIAm · · Score: 4, Funny

      Yeah, tell me about it. Soon, MS's EULAs will require a paper contract, with a notary cosine. And with every little thing they get away with, they'll get more obtuse. Of course, I feel like I'm going off on a tangent, here...

  3. Oh boy by DurendalMac · · Score: 3, Insightful

    Defender automatically removing stuff without the user knowing. That's just asking for problems. How long before there's a widespread outbreak of Defender deleting perfectly legitimate software?

    1. Re:Oh boy by CodeMasterPhilzar · · Score: 2, Insightful

      It would seem to me that is a virus-writer's wet dream... All they need do now is trick Defender into identifying some other parts of your system as spyware... And the snake eats itself... Or some such...

      --
      --- Just another Code-Monkey
    2. Re:Oh boy by kfg · · Score: 2, Insightful

      Yes. The point being that when you "enable" Defender you are no longer the authority on what is and is not legitimate software. The fact that you classify the software as legitimate is no longer a relevant factor.

      Abrogation of authority to a "higher power" is not a bug, it's a feature.

      KFG

  4. The only winning strategy by j00r0m4nc3r · · Score: 5, Funny

    Is not to play

  5. Moo by Chacham · · Score: 4, Funny

    I have the best comment *ever* about this story.

    I'll post it as soon as Microsoft oks it.

    --
    Have you read my journal today?
  6. What an Awesome Idea! by Mateo_LeFou · · Score: 3, Funny

    If we keep brainstorming great stuff like that, we will be able to do all kinds of awesome stuff, like:

    study our own computers' performance.
    tell people what we find
    share ideas on how to improve them

    Before you know it, we'l have "free speech" as I like to call it.

    --
    My turnips listen for the soft cry of your love
  7. The Benchmarking is for .NET 3.0 only (FUD) by Trevahaha · · Score: 3, Insightful

    There are only restrictions involved in posting benchmarks for .NET 3.0 . And these restrictions only require that you state what version you were using and the methodology you took. It doesn't have any restrictions on "bad" results or any attempt to stop people from reporting accurate results. They wrote these restrictions to prevent people from testing .NET on a 386 and then JAVA on a 3 GHZ and saying "See JAVA is faster!" and it's similar to the restrictions for .NET 1.1 and 2.0... it's just because it's bundled with Vista that it's now included with the Vista EULA.

    1. Re:The Benchmarking is for .NET 3.0 only (FUD) by Trevahaha · · Score: 2, Informative
      I did... it does not state that. Please highlight where you think it says Microsoft must approve your results before you publicly post the information. From what I see, it just says you must post all the information in a publicly accessible place (such as a public website). It also says Microsoft reserves the right to re-run the test and publish their benchmarks.
      From http://msdn2.microsoft.com/en-us/library/ms973265. aspx
      Benchmark Testing, Microsoft .NET Framework
      You may conduct internal benchmark testing of the .NET Framework component of the OS Components (".NET Component"). You may disclose the results of any benchmark test of the .NET Component, provided that you comply with the following terms: (1) you must disclose all the information necessary for replication of the tests, including complete and accurate details of your benchmark testing methodology, the test scripts/cases, tuning parameters applied, hardware and software platforms tested, the name and version number of any third-party testing tool used to conduct the testing, and complete source code for the benchmark suite/harness that is developed by or for you and used to test both the .NET Component and the competing implementation(s); (2) you must disclose the date(s) that you conducted the benchmark tests, along with specific version information for all Microsoft software products tested, including the .NET Component; (3) your benchmark testing was performed using all performance tuning and best practice guidance set forth in the product documentation and/or on Microsoft's support Web sites, and uses the latest updates, patches, and fixes available for the .NET Component and the relevant Microsoft operating system; (4) it shall be sufficient if you make the disclosures provided for above at a publicly available location such as a Web site, so long as every public disclosure of the results of your benchmark test expressly identifies the public site containing all required disclosures; and (5) nothing in this provision shall be deemed to waive any other right that you may have to conduct benchmark testing. The foregoing obligations shall not apply to your disclosure of the results of any customized benchmark test of the .NET Component, whereby such disclosure is made under confidentiality in conjunction with a bid request by a prospective customer, such customer's application(s) are specifically tested and the results are only disclosed to such specific customer. Notwithstanding any other agreement you may have with Microsoft, if you disclose such benchmark test results, Microsoft shall have the right to disclose the results of benchmark tests it conducts of your products that compete with the .NET Component, provided it complies with the same conditions above.
  8. I know why... by Soapy+One · · Score: 2, Funny

    Microsoft doesn't want us posting benchmarks proving that Vista is worthless...it might hurt their sales.

  9. Might as well be hanged for a sheep as for a lamb by Carnildo · · Score: 3, Interesting

    After reading the Vista EULA while installing a copy at work for compatibility testing, it became very obvious to me that the only way Vista would make it onto any computer I own is if I were to install a pirated copy of Vista Ultimate with all the anti-piracy features removed. I figure that since there's no way in hell I'm going to comply with the EULA, why follow copyright law, either?

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  10. Stupid, tired arguments by thebdj · · Score: 3, Insightful

    Where to start...
    1. The benchmark testing and posting applies to .NET Framework components. I do not see this being some great ending of benchmarking the Windows OS. Also, the link for further information does not (currently?) work. So, this could just be an issue that isn't an issue at all.
    2. This version argument is really tiring. In some ways I see their logic, in other ways I think the six version idea is stupid. Actually, there are more versions of XP then two. Technically, there are four. Windows Media Center Edition and Starter Edition. I imagine Starter Vista will be virtually unseen like XP SE. As for Win MCE, I suppose that would be Home Premium. XP Home = Vista Home, XP Pro = Vista Business. Guess this only leaves two extraneous versions...
    3. The Virtualization argument is pointless. How many home users do virtualization? How many business (which do the most virtualization) actually use XP Home licenses? I really think this is a non-issue like #1.
    4. The license transfer is more stringent version of the current license transfer. The example they give is a bit weak. At work, if you get a new workstation? I seriously think that corporate licensing will have provisions for this sort of thing. How many people buy their own work computer licenses? Unless you own your own business, not many. Most home users keep a machine for several years. If you assume a home user is on a 3-year replacement cycle (the most common business practice I have found), they will probably only need a single transfer before the new OS is out (though after this, you never know.) Also, how many new PC purchases do not come with a new license?

    I by no means am a Microsoft supporter. I have said on multiple occassions that Windows XP would be the last Windows OS I would ever use. I intend on changing my mom to Linux when XP support disappears. I do think that some of these arguments are very bogus though. There are plenty of other reasons to hate Vista, including the evil DRM, more Microsoft monopoly violations, and stupid, half-assed "security" tools.

    --
    "Some days you just can't get rid of a bomb."
  11. Re:No virtual DRM == Anti-Macintosh by 99BottlesOfBeerInMyF · · Score: 2, Insightful

    I know there is a Mac version of office. But it doesn't have the VBA components that drive many corporations.

    That's okay. All the companies still paying Office licensing fees and relying on VBA for internal apps will be crushed by the competition in a few years anyway :)

  12. UCITA and EULAs by Lonewolf666 · · Score: 4, Informative

    There is indeed an attempt to make EULAs contractually enforceable, the so called Uniform Computer Information Transactions Act (UCITA).
    Wikipedia's article on the subject, http://en.wikipedia.org/wiki/UCITA, does however claim the UCITA "has only been passed in two states as of 2004 -- Virginia and Maryland". If you live in one of those, you might be out of luck.
    In other jurisdictions, EULAs are probably unenforcable. Wikipedia has another article that covers the US situation:
    http://en.wikipedia.org/wiki/Shrinkwrap_license.
    In Germany, a few years ago Microsoft failed to enforce the EULA that disallowed separate sales of OEM software. The court ruled that an equivalent of the First-sale doctrine http://en.wikipedia.org/wiki/Doctrine_of_first_sal e applied. The EULA that said otherwise was obviously disregarded.

    --
    C - the footgun of programming languages
  13. DirectX maybe not that significant. by Kadin2048 · · Score: 2, Interesting

    I'm really not sure of this. The gap between console gaming and PC gaming is getting narrower, and there's really nothing but inertia stopping a console manufacturer from using a keyboard and mouse as input devices instead of a dual-analog type controller.

    Consoles have networking and multiplayer and downloadable games, which used to all be hallmarks of the PC ... they also have lower cost of ownership over time (less upgrades).

    If the console manufacturers don't make it a pain in the ass to develop games (which has always been the bane of their existence in the past; more games come out for the PC than consoles for this reason, I suspect), then it just makes sense that would be the direction things go in.

    Pretty much everything you can do with regards to games on a PC, you can do on the next generation of consoles. Windows may have the PC gaming market locked up, but that market may not be as big or as significant as they think it is.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  14. Re:EULAs are NOT contracts by mr_matticus · · Score: 2, Insightful

    "Can you cite case law holding EULAs valid?"
    Law is not a permissive pursuit--it's a limiting field. That is, it's legal until it's ruled illegal. Still, if you need examples, ProCD v. Zeidenberg is the de facto standard here. There have been other, smaller cases in a number of states as well. Further, there has been no case that has categorically overturned EULAs.

    "More specifically, can you cite case law upholding contractual terms entered into under duress?
    In what way are users under duress when opting to install software? "How about terms which are unavailable until or altered after a transaction has taken place?"
    Those would fall under the umbrella of invalid terms, depending on the case. Note that terms are available for most major products prior to purchase on the website--just as laws are available to the public to read before an individual chooses to act. "I didn't know" is not in itself a valid legal defense, unless you were prevented from knowing.

    "Can you then demonstrate that, once the terms of contract become available (during the installation process), a refund is easily obtained by the end user?" You fail to make the distinction between the EULA and the company honoring its side of the agreement. If you decline the terms of a software license, you are entitled to return the software. The fact that Microsoft doesn't honor that provision is not a consequence of a EULA existing, but rather a business practice in noncompliance with their stated terms. You may freely sue away in an attempt to get a court order compelling Microsoft to give you that refund, but it has no bearing on EULA validity.

  15. Re:Psst... Don't tell anybody... by qurk · · Score: 2, Funny

    but admit that we are dependant on a microsoft OS because of its interoperability with 90% of the programs most computer-savvy people need to survive their day-to-day lives.
    Hmmmm, I wouldn't consider you a computer-savvy person if you can't find fully functional if not better Linux replacements for 90% of Microsoft software (except games). Even with games if you are calling yourself "computer savvy" I think you can set up wine or winex or something and get most games to run on Linux. Hmm...I've heard strong cases from people in specific cases (graphics, music editing, some office software), but to say that computer savvy people are dependant on Microsoft OS is a little over the top.
    I haven't touched Microsoft software for like 5 years and I guess your comment struck a chord with me, as it implies that I am not "computer savvy", heh.