Forgot your password?
typodupeerror
Microsoft

Read the Fine Print 637

Posted by michael
from the show-this-to-your-boss dept.
nihilist_1137 writes: "This story is about how MS changed its EULA and you just gave them control of your computer. In the section on Windows XP Professional, 'Internet-Based Services Components' paragraph says in part, 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.'"
This discussion has been archived. No new comments can be posted.

Read the Fine Print

Comments Filter:
  • *Scanning software*
    Netscape.exe
    *1 Upgrade Found*
    Applying Opera 6.01.exe

    Okay, I can only wish :)
    • Unfortunatly given Microsoft's past behavior the more likely scenerio is: *Scanning software* Opera 6.01.exe *1 Upgrade Found* Deleting Opera 6.01.exe Applying IE6.0.exe
  • by shaunak (304231) <shaunak AT gmx DOT net> on Sunday February 10, 2002 @11:05AM (#2982076) Homepage
    "may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer."

    If you would consider the average user for a moment. He does not give a damn about most issues you would start campaigns for. All she/he cares for is whether he can watch movies, listen to music and basically create word documents. So would he not like automatic fixes of bugs? From his point of view, it would be convenient.
    It's about time you took note of the average userbase Microsoft are aiming for with XP.
    • They're aiming for PROs, eh? Should be a lttile more enlightended than your base XP user, right? Unless of course "Pro" doesn't refer to IT or TECH pro features - but instead is a label designed to entice users to spend extra bucks for the "Pro" version...
    • by Discoflamingo13 (90009) on Sunday February 10, 2002 @11:19AM (#2982131) Homepage Journal

      The problem isn't the "average user." The problem is the end-user who doesn't want software installed automatically, for stability/interoperability reasons. Our XP lab at school used to auto-update new patches and fixes, until most of the functionality for accessing the Linux/Solaris servers was completely shot, and several UI problems came up. Things that used to work (like the Zip drives) suddenly didn't. Just because Microsoft updated the software doesn't mean it got any better.

      The other big issue is the DRM software Microsoft, or its partners/subsidiaries, will install. Even with prompting, if you don't upgrade, then you have no access to a content provider's new media. All in all, this sounds like a giant headache for everyone that isn't Microsoft.

      • by mikethegeek (257172) <blair@NOwcmifm.comSLIONPAM minus cat> on Sunday February 10, 2002 @12:08PM (#2982328) Homepage
        " The other big issue is the DRM software Microsoft, or its partners/subsidiaries, will install. Even with prompting, if you don't upgrade, then you have no access to a content provider's new media. All in all, this sounds like a giant headache for everyone that isn't Microsoft."

        The only winning move is not to play. Media that requires or uses "DRM" should be vociferously boycotted and allowed to rot unsold on the shelves just like what was done to Divx.

        If DRM enabled media sells, we will be stcuk with it. The DMCA makes it easy for IP cartel jackboots to squash those who try to undo DRM, and the SSSCA will make it equally illegal to essentially make a system that give true "root" access to the system owner.
      • I'm sure the users want a system that by default only gives them 85% of the bandwidth because it reserves the rest for talking to Microsoft's servers (this is an XP out of the box default).

        On another note they've used auto-update of the OS through MSN for a while and a few of the people I know stopped using MSN because of compatability problems caused by the updates... updates that they couldn't turn off... One person actually had to reinstall her machine because one of the updates completely hosed her system... updating core OS dlls without checking with the user is a BAD idea...

        Then again I'm sure the argument from Microsoft will be if you're only using our apps compatibility isn't a problem =)

        In general having a system that tells you an update is available and provides an automatic method for installing it is good... but it should also provide a way to find more information if you're a technical user and let you know of any potential problems and let you decide what to do...

        • "I'm sure the users want a system that by default only gives them 85% of the bandwidth because it reserves the rest for talking to Microsoft's servers (this is an XP out of the box default)."

          This was a lie propagated by people who are too lazy to hit F1 and find out more information about the checkbox that they were un-checking. But, I guess once we've found something to badger MS about, it doesn't really matter whether it's true or not. After all, this is SlashDot, not some sort of forum for open thought.

          -Mark
    • by Black Parrot (19622) on Sunday February 10, 2002 @11:28AM (#2982174)


      If the users want it, why is it in the EULA instead of the television commercials?

    • Re:Maybe IT wants it (Score:2, Interesting)

      by shokk (187512)
      I can see this being extremely useful in IT, but only if you can point it at a local server where you select what patches are OK. IT tends to want to deploy service packs are they are verified to work with certain known software packages. For a home user, I would want to verify this myself, so I would hope that they would make this optional. Otherwise, I will not be buying Windows XP.
  • by Xpilot (117961) on Sunday February 10, 2002 @11:05AM (#2982077) Homepage
    ... where Dilbert installs some obnoxious program on his computer that scans his hard drive, steals his credit card number and automatically purchases software IT thinks HE needs. At that time, it was a joke. Now it's a chilling reality.

  • You could refuse - ditto MaOS - if this is no longer the case, they could be on very shaky ground. You cannot be successful in the long run by simply writing agreements that obviate existing rights, such as privacy.
    • Possibly, but I think you're missing the point here. Read this [slashdot.org] post to see what I mean. The point is that the average user doesn't know and/or care about these things. As long as he/she can play music, games, get his/her spam from Hotmail ;-) and write Word documents he/she couldn't care less because either they don't understand how this would work or consider it important. Hence, if your audience is ignorant of these things, you can get away with a hell of a lot under the impression that "it's for your convenience/benefit" because most people don't have the time or knowledge to question these actions. We (the technically literate) need to educate the rest of the community ourselves and not leave it up to Microsoft to utilise user ignorance to get away with such things.

      • My original point stands - you can't just walk all over what people need and think that can simply go on endlessly... MS spent years engineering a system that took away options - and they got their head handed to them, and the recent revelations show that plain old people DO care. MS is possibly getting off only for political reasons - but they seem to be going back to their old arrogant ways. MS is the irish potato of the computer world - monoculture on which not only does their well being depend, but so does the wellbeing of 90% of computer users. The crop goes bad and lots of users / businesses go dark. They may just creep up on enough small indecencies so that someone calls them on it. MS has an achilles heel somewhere - and the people who depend upon them better hope no-one finds it. This is not original - Nick Negroponte has laid this out in detail with several real possibilities. Someone needs to dope slap the folks who Ok these little things.
  • Is is so drastic? (Score:2, Interesting)

    by Glorat (414139)
    Is this such a bad thing? OK so you have to trust Microsoft here but how else can Windowsupdate work?

    Windowsupdate scans your computer for required updates and, depending on your settings, it downloads the appropriate updates and presents a notification on the taskbar that they need to be installed. One click and the updates are installed.

    In principle, this system works great for your average Joe User. Of course, for this system to be "allowed", you need to grant Windowsupdate control of your computer hence this section in the EULA.

    Now of course, this part of the EULA does open the possibility of Microsoft being malicious but I guess I would trust Microsoft just enough not to deliberately screw over all home consumers in this way
    • by internic (453511)

      It's true that for Windows Update to work, it must determine what versions of what programs are on your computer; however, in the past is explicitly said that no information was transmitted to MS in the process, presumably because all the checking was done client side. Now, obviously, if MS looked at what you downloaded they could make a guess at what you have, but such snooping could at least be said to be an invasion of privacy. Now they have made you explicitly say that such snooping is ok. Moreover, in this snippet of the agreement, at least, it does not say such snooping will always be for the express purpose of system upgrades. Finally, you always had the option of not using Windows Update, but it sounds like you have to agree to this now just to use the OS. So I think this is new, different, and shitty.

    • ...But over the wording of a license agreement that allows MS to do anything they want to your computer.
      Is this such a bad thing? OK so you have to trust Microsoft here but how else can Windowsupdate work?

      Windowsupdate scans your computer for required updates and, depending on your settings, it downloads the appropriate updates and presents a notification on the taskbar that they need to be installed. One click and the updates are installed.

      There's no justification for needing legal authority to install anything, as the system functions today. To "need" this level of authority, Microsoft would have to argue that THEY, not you, are in fact installing the software in question. In my opinion, (not a lawyer) that's crazy.

      In order for the software to be installed, you (a person of sound mind and body) have to take the active step of saying "Yes." You're doing it. It's one-click installation, but you made the choice.

      Unless future versions of Windows Update will automatically install things? I don't know whether to laugh or cry.

      Got Code Red Part 44 after the Code Red Part 43 patch auto-installed? "Sorry, you agreed we could install anything we want, including buggy, poorly-tested code."

      After all, Microsoft would never release a patch that opened up new holes in the feature it was supposed to fix. (Or in other random products.) Anyone claiming contrary will be burned as a witch.
  • by irishmikev (39393) on Sunday February 10, 2002 @11:08AM (#2982089)
    Doesn't this just refer to the option to have XP auto-update your pc? You can turn that option off on the desktop if you don't want it, and the first time it runs it prompts you for what it's default behavior should be.
  • Hmmm (Score:2, Interesting)

    by Xawen (514418)
    Seems to me that this only applies to the volume licenses. Any company large enough to require a volume license will almost certainly have some manner of firewall. If they have a hole large enough for MS to get in to do things like this, they have bigger problems than someone just scanning thier Windows versions.

    On the other hand, it does set a very bad legal precedent...
  • by mickwd (196449) on Sunday February 10, 2002 @11:08AM (#2982092)
    .....betweeen a Microsoft Product and a Virus/Trojan ?

    The EULA.
  • by mblase (200735) on Sunday February 10, 2002 @11:10AM (#2982100)
    We've been complaining on this site for months, if not years, about Microsoft's security. They have a bug? We want a patch right away. We complain about downloading patches? Microsoft makes the system able to download and install them itself. All the user has to do is set up auto-install of new updates.

    But that's not good enough, because too many users/sysadmins are too stupid to turn this on or check it regularly. So we complain that Microsoft isn't doing enough -- that they need to make the OS download security upgrades automatically, whether or not the stupid user asks for it or not. This, we argued, is the only way Microsoft can stay ahead of security holes and make sure we take them up on the patches.

    So Microsoft does this. But because doing so requires the user to agree to let Microsoft access and update their system, they have to add it to the EULA.

    And then Slashdot complains that MS is taking too much control.

    The mind boggles.
    • strawman (Score:4, Insightful)

      by coltrane99 (545982) on Sunday February 10, 2002 @11:19AM (#2982135)
      (1) I have not seen any credible posts demanding that auto-download and install of patches be on by default on Windows systems. There have been buggy patches before for Windows, could be again.
      (2) Slashdot isn't a unitary entity. If you make the mistake of expecting every J. Random Poster's comment taken together to represent a coherent position on anything, you will be disappointed.
      • Re:strawman (Score:2, Interesting)

        by tshak (173364)
        (2) Slashdot isn't a unitary entity.

        But the vast majority is. Just see my journal of a little experiment I did not too long ago.
    • And what about the patches that cause bigger problems than they fix? I don't download most new patches immediately (unless it's a major bugfix), I wait until the dust settles.
      MS have been known to release service packs that do just this.
    • by Thomas Marsh (452064) on Sunday February 10, 2002 @11:25AM (#2982159)
      Microsoft makes the system able to download and install them itself. All the user has to do is set up auto-install of new updates.


      But that's not good enough, because too many users/sysadmins are too stupid to turn this on or check it regularly.


      On the contrary, sysadmins are advising that users disable automatic updates on XP because the tendency of the auto update facility to replace, for example, working drivers with faulty ones, as well as not providing information on which packages are being downloaded. (Read that in an article somewhere. Never used auto update myself.)

      I do see this as a privacy concern, because it is only with XP that windows update does not say "this is done without sending any information to microsoft." All other versions of windows use the anonymous facility, so they already have a working production update system which they've replaced with this more invasive version. -Coinciding with the EULA changes.

      Whether it is an intentional attack on privacy/piracy or simply that MS decided the old mechanism wasn't efficient enough over a slow connection (or some other technical reason) is speculation.
    • And who says that this will be used only (or even primarily)for security upgrades? It would be just as easy to introduce subtle file incompatibilities in Word or major differences in the .NET environment to screw potential competitors. How long before an automatic download kills MP3 playback and suggests conversion to Media Player?

      A lot of us lost all trust in Microsoft a long time ago. Once lost, trust is a very difficult thing to regain.

    • There is a difference here. There are two ways to do this:

      1. The operating system logs into a remote site, and checks for new files. It then checks a local list/database/registry/etc and decides "Ah, that's a new patch. I need that." See Windows 98/2000/Sierra Auto-Update.
      2. A remote server logs into a workstation computer, scans a database/files/MP3's (yes, fear on the last one, but it's always fun to take these to the far extreme), then recommends upgrades.


      The difference between the two is who has access to my files. Right now, with my Windows 98 machine that I use for games and video capture, I don't mind hitting the auto-update as long as that message saying "We're not sending any information to Microsoft" stays on.

      As soon as I sit down to my computer, and it by itself says "Oh, Hi, I just checked your stuff, and we noticed that you need patches. And while we're at it, we checked your MP3 list, and we don't think you legally own 'Rinbo Revolution'."

      Extreme? Yes. But it's no different in my mind between letting the plumber in to fix my pipes, or giving him a key and saying "Come in whenever you like and just look around and tell me what I need." I don't trust anybody (except my wife ;) well enough to just give them the key to my house. Or my computer, for that matter.
    • by iCEBaLM (34905) <{moc.mlabeci} {ta} {mlabeci}> on Sunday February 10, 2002 @11:35AM (#2982201)
      We've been complaining on this site for months, if not years, about Microsoft's security. They have a bug? We want a patch right away. We complain about downloading patches? Microsoft makes the system able to download and install them itself. All the user has to do is set up auto-install of new updates.

      The problem is when you not only tell it you do NOT want auto-updates but also you STOP THE AUTO UPDATE SERVICE and then, when your computer becomes unbearably slow and unresponsive you check the process list and, uh, what's that, autoupd using all my CPU time?! But I told it I didn't WANT auto updates! ARGH..

      It really happens... You cannot turn off auto updates in XP.

      -- iCEBaLM
    • And what would you be saying if every linux distro had a license agreement which stated "At any time we can root your box and replace any packages we want" ??

      This isn't about "having it both ways", it's about whether or not YOU own your box and whether or not YOU control what is done with it. Let's not drag other issues into it.


    • And then Slashdot complains that MS is taking too much control.

      Freedom is about choises, freedom is about having options and beeing able to choose (even if you don't do it).

      Having so-called "upgrades" and "patches" showed down your throat, is not freedom.

      That's why the /. crowd is complaining !!

    • The issue is not with Microsoft making available technology and web services that lets people upgrade their machines. The issue is not even with Microsoft turning this on by default. The issue is that Microsoft claims a legal right to do this unconditionally, whether you want it or not, whether you have disabled it or not. And they don't just claim that right for security-related updates but also for verifying license compliance.

      Besides, one might well ask why Microsoft is shipping software with gaping security holes in the first place. In 2002, there is no excuse for any company or group to ship software with buffer overrun-related security problems (yes, this also means open source software).

  • Google's Toolbar does the same thing, according to their official-until-we-change-it legalese [google.com]:
    "Periodically, the Google Toolbar contacts our servers to see if you are running the most current version. If necessary, we will automatically provide you with the latest update to the Google Toolbar."
    • by NumberSyx (130129) on Sunday February 10, 2002 @01:29PM (#2982619) Journal

      Google's Toolbar does the same thing, according to their official-until-we-change-it legalese

      The difference is Google only checks for a single piece of information on a single piece of software and my system does not depend on this software to run. I have never had a Google Toolbar update screw up my entire system or even introduce another bug or open security holes. Google also has a pretty good privacy policy for which it has an excellent track record for following. In short, Google has earned my trust, Microsoft has proven time and time again they can not be trusted and it will take more than setting aside 28 days out of the last 20 years to fix problems to restore that trust.

  • XP antispy Program (Score:5, Informative)

    by linzeal (197905) on Sunday February 10, 2002 @11:13AM (#2982109) Homepage Journal
    This program [xp-antispy.de] controls how your computer "interacts" with M$. Damn fine german engineering

    From the website
    "XP-AntiSpy is a little utility that let's you disable some built-in update and authetication 'features' in WindowsXP. For example, there's a service running in the background wich is called 'Automatic Updates'. I don't know what this service transfers from my machine to other machines on the internet, especially the MS ones. So I play it safe and disable such functions. If you like, you can even disable these function manually, by going through the System and checking or unchecking some checkboxes. This will take you approximately half an hour."

    • If the site's wonky overload of javascript is giving your browser fits, try this direct link to download the utility:

      http://www.xp-antispy.de/XPAntiSpy3-English.zip

  • This is nothing more than the automatic Windows Update feature which IS NOT EVEN ON BY DEFAULT!!! It specifically asks you whether or not you want to enable the feature, and explains exactly what it is used for. This is nothing new. Just the typical "IT'S MICROSOFT SO IT MUST BE EVIL" attitude of /.
    • OK. YOU need to re-read that sentence from the EULA... Windows update is an ACTIVE process. You have to enable it. You have to run the update. You have to select/agree the downloads.

      This little 'phrase' is saying that they reserve the right to make those decisions FOR YOU.

      And THAT is a bad idea, if for no reason other than their track record of patch management and hidden 'features' in their patches.
      • Perhaps you might try using XP and seeing how it works, then you'd better understand. Normally, to update XP you have to go and click on Windows update, search for updates, download them, etc just like past versions of Windows. However it offers you the OPTION (it askes during setup and can be changed later) fi you'd like it to grab and install updates automatically. If you answer yes, it will update itself for you, and then just let you know.

        The phrase in the EULA is a CYA measure on their part. They don't want someone enabling this, and then trying to sue them for it. However, I repeat, this is voluntary. You can leave it in the classic mode where you must instantiate an update.
  • It is this sort of this that angers me. It angers me deeply and profoundly.

    This Type of survics should always be an opt-in.

    Most US law is on the basis of the ordinary citizen is automaticly opted-out of things unless they opt in. People do not have to opt out of buglary, rape, robbery, murder, slavery, etc.

    Businesses now assume that you should be automatically want what they offer, and that we should automatically agree to any condition they impose. Microsoft is one of the largest sinners in this regard.

    May Bill Gates be tortured by the demons of all worlds religions in the after life. May he be forced to suckle from the 16 poisoned leathern teats of Gophahmet, Whore of Betrayal, until he bursts from an unwholesome engorgement of curdled bile. And may many other such joys [theonion.com] await him as well.

    Don't mind me. I'm pissed, it's early, and I haven't had my coffee yet.

  • Same legal team (Score:3, Insightful)

    by cluge (114877) on Sunday February 10, 2002 @11:25AM (#2982158) Homepage
    Straight from the article : MS says "...is not intended to force upgrades on customers."

    This is the same team that told the DOJ that MS isn't a monopoly and if they were they wouldn't do anythign illegal. Yeah I believe them, don't you?

  • by Phil Wherry (122138) on Sunday February 10, 2002 @11:30AM (#2982182) Homepage
    [IANAL, so consider these comments accordingly]

    I'm really quite surprised that there hasn't been a big backlash from the legal departments of corporate customers over the text in the license agreements from software makers like Microsoft.

    Most of the large organizations that I've worked with have relatively paranoid legal departments. The average person cannot, for example, sign a non-disclosure agreement, vendor contract, or do anything else that binds the company without having the document scrutinized in excruciating detail by the company's legal department. And, as anyone who's ever been through this process knows, excruciating is the correct word for this situation.

    Yet people install software all the time that binds the company to ridiculously one-sided terms: This software is ours, not yours. Unless it breaks: then it's yours, not ours--and we're obligated to do everything up to and including nothing to help you.

    It seems to me like two possible explanations exist--neither of them pleasant:
    • Legal departments aren't challenging shrink-wrap licenses because they feel they're not really enforceable contracts. This seems to fly in the face of things like UCITA, though, which allow the software vendor to say "W3 0wn j00" in their license agreements with the force of law to back them up.

    • Legal departments aren't challenging shrink-wrap licenses because they realize that most of the time they're dealing with a powerful monopoly--and that the choice is to accept unconscionable terms or simply be unable to perform essential functions. Most legal departments don't understand open-source software, and I think Microsoft's done a good enough job with its fearmongering campaign about the GPL that there will be a lot of hesitation even if the light bulb ever does come on.
    There's also the issue of who's allowed to "sign" these things. In most corporate-user situations, the user doing the software installation (and therefore "agreeing" to the click-wrap terms) isn't a corporate officer or someone who's been delegated the authority to bind the company to a set of terms--no matter how reasonable. This seems to me to be pretty dangerous. In the case of a dispute with the vendor, it could potentially put the user at personal risk for representing they had the authority to bind the company when, in fact, they did not. While the economics of pursuing an individual over a company's breach of the license "agreement" probably don't make sense, this remains at least a theoretical risk.
    • They don't get it yet, and those that do are embarassed.

      Everyone sees those service packs and weekly "anti-virus" updates. A few of them know that M$ is changing everything under their feet all the time. Some of them have even figured out that M$ is not the only program they have that calls home. They have been beat down with FUD and convinced that they need that "automatic" hand in there fixing things. To them this is the same feeling they get when they pay for a $100 oil change. They feel ripped off, but don't see a way out.

      The people who know the most are the most embarrased. Here it is, laid bare, all those evil things the free software people have been telling them for years. The MicroTurds have led their companies down the rosy path all this time, ignoring poor perfomance and increasingly ugly control from M$. The waste of ever shifting formats was a demoralization they were willing to live with because they thought it would end one day. Now they look around and see the chains. The latest changes in document formats came as a huge shock to them because they know of no other applications than M$ for Windoze. So it is now obvious that the changes will never end and that they are being used as the upgrade train. Last thursday a co-worker told me that M$ was shifting all of their licensing to XP and rental only by next June. He was really shocked. IT is demoralized completely, especially the die hard M$ pushers. "What can we do?" they wonder.

      People I work with are now interested in Linux and other free software. These are rank and file engineers who, as one of them put it, "use software like toilet paper, I use what's on the roll." I'm amazed. What I've told a few people about the concepts of free software, its motives licenses and current state, sunk in.

      I have three old computers that I'm lending to people so they can see for themselves. I've warned them that I'm NOT a CS or IT dude, and that the machines could be better configured by someone that knew better or cared for things like noise, TV and movies. What I lend them are basic Debian machines with Gnome applications, Netscape, Mozilla, a few window managers and some kind of network connection. This way they don't feel like Free software robbed them of anything (I leave that to dying M$ junk), and I don't have to spend hours at their house figuring out their computer. In short, I try to give them the tools they use for 95% of their work and let them know that there are better tools available for people who really need them, like Latex for typesetters, databases and noise makers.

    • Minors cannot legally sign a contract. I say, to avoid ALL claims by M$ or anyone else that you are bound by a bullshit EULA, have an underage child handle all the initial parts of your software installs. YOU never saw, nor clicked on any "I Agree" button and the child is not legally bound by such.



  • Joy (Score:2, Insightful)

    by The Pi-Guy (529892)
    Just wait until their servers get hax0red...

    A patch that is supposed to fix an Outlook virus becomes a virus? Methinks I'm gonna turn off autoupdate and tell it to warn me first...

    --pi
  • A Bridge too far? (Score:5, Insightful)

    by mikethegeek (257172) <blair@NOwcmifm.comSLIONPAM minus cat> on Sunday February 10, 2002 @11:37AM (#2982211) Homepage
    " Several readers were also worried that Microsoft's broad assertion of its right to access their computers would force their companies into noncompliance with government security guidelines and various privacy laws. This concern was exacerbated by additional PUR language in the same Windows XP section. In terms of "Security Updates," users grant Microsoft the right to download updates to Microsoft's DRM (Digital Rights Management) technology to protect the intellectual property rights of "Secured Content" providers. It says Microsoft may "download onto your computer such security updates that a secure content owner has requested that MS, Microsoft Corporation, or their subsidiaries distribute." In other words, it would seem Microsoft's idea of a security update is one that protects the property rights of vendors, not the security of customers' systems."

    What Microsoft is preparing us for is the next step: No root access to a machine.

    This is scary ass stuff. Note that MS's EULA gives them the right to change these license terms on a whim. Your license with MS is one sided, MS can change anything they like, and you have no rights other than those MS chooses to grant you.

    Running a business on such a system to me would see m an unwarranted risk, especially given MS's pathetic record when it comes to security related bugs and holes.

    What MS is saying is that they have "root" access to your machine and can read anything or install anything at will.

    This is clearly over the line. NO OTHER industry in the USA can sell a product and attatch the kinds of "strings" to it's use, while disclaiming any and all liability for defects as the software industry.

    MS and other proprietary software vendors have had it totally their way for too damn long. We need some sort of law limiting what can be in a EULA, restoring the "first sale" doctrine, and at the very least, a right to "opt out" of new license changes made AFTER the sale.

    The best solution is to use Linux or other OSS software. Sooner or later, Microsoft and their goons will go a step too far, and the business world will realize the danger of allowing such meglomaniacs THAT kind of control over their information system arteries.

    If this little nugget isn't it, WHAT will be?
    • You are so contradictary!

      First, you say:

      MS and other proprietary software vendors have had it totally their way for too damn long. We need some sort of law limiting what can be in a EULA, restoring the "first sale" doctrine, and at the very least, a right to "opt out" of new license changes made AFTER the sale.

      And Then You Say:

      The best solution is to use Linux or other OSS software. Sooner or later, Microsoft and their goons will go a step too far, and the business world will realize the danger of allowing such meglomaniacs THAT kind of control over their information system arteries.

      On the one hand you claim we need government intervention, on the other you claim the market can straighten it out!

      You know what I believe? I believe the market CAN and IS handling this. People who are pissed off over this stuff drop MS, and migrate. People who WPA are switching to Linux/OSS products.

      When more people follow their conscience and switch from MS products, the more pressure MS will feel. MS will change when people start switching in mass exodus.
      • Re:A Bridge too far? (Score:3, Interesting)

        by mikethegeek (257172)
        "On the one hand you claim we need government intervention, on the other you claim the market can straighten it out!"

        I want both to happen. The government has a moral and legal obligation to protect the rights of users of proprietary software, just as it does users of other products.

        GM or Ford couldn't escape liability for a design defect in their trucks that causes them to explode, taking with it a company's assets. They would be FULLY liable not only for the actual damages, but for compensatory damages.

        This liability tends to discourage such horrific defects.

        There is no such liability in software. You can EULA away all responsibility, even if you KNOW the product is defective. A company's data can be totally screwed by a defective software product, and the software company be totally non-liable.

        The market SHOULD decide that OSS software is less expensive, less legally risky, and more secure, but this is not going to happen overnight. I believe in the long run that it will. This is why the proprietary IP cartel is pushing such new laws as the SSSCA that would essentially make it a felony to produce an open system.

    • Re:A Bridge too far? (Score:3, Interesting)

      by oni (41625)
      Sooner or later, Microsoft and their goons will go a step too far

      isn't that like saying that drug dealers will go too far and the addicts will stop using?

      call me cynical, but I just see the corporate world as too depentant on microsoft (on the desktop anyway) to give them up even if they wanted to.
  • by Crixus (97721) on Sunday February 10, 2002 @11:38AM (#2982215) Homepage
    I think the most important issue here is that MS can have its OS's download and perform upgrades WITHOUT having to have this kind of language in the EULA.

    All it would need to do is have an automatic wizard pop up ever week (or month) or so and ask your PERMISSION to check for and download the latest updates. The Wizard can even provide a lengthy explanation of what it's about to do for those who want more information.

    That is all that's required for REAL updates.

    This language in the EULA sounds like it might be giving them EXTRA permission to do other things. Checking version numbers of WHAT software? As someone else pointed out, will this include OfficeXP? Is it checking for pirated warez?

    So despite all of the people up here screaming that ONCE AGAIN the /. crowd will do anything to bash MS, there is something to be concerned about here.

    Rich...
  • by Spuggy (69103) on Sunday February 10, 2002 @11:46AM (#2982238) Homepage
    [From the Article:It says Microsoft may "download onto your computer such security updates that a secure content owner has requested that MS, Microsoft Corporation, or their subsidiaries distribute."]

    Does this mean that if say a music distributor reaches an agreement with MS to send music over WMA that they can request MS to check for non-licensed files? Or can they request MS to implemented some form of CrippleWare into Media Player? (granted your own fault if you're listening to music on it with all the published concerns regarding privacy and the software)

    Like everyone else has pretty much said, the Windows Update Feature doesn't really bother me much, but allowing updates requested from other Vendors kind of does--especially if it is a background process that I don't know about.
  • by Mozai (3547) on Sunday February 10, 2002 @12:10PM (#2982336) Homepage
    Microsoft's most desired flaw is that they do exactly what they're asked to do. The complaint around here is that what they're asked to do isn't the right thing to do -- which you can distill to "users are stupid."

    I'm a sysadmin at a small company -- 60 employees, few million dollars is revenue. A reoccuring problem I have is employees who open file attachments from strangers. I've written policy; I've had meetings and presentations. Hell, the CEO said to me once "good thing I use a Macintosh because I double-clicked on that gone.scr attatchment, eh?"

    Updating virus protection, and applying patches on every desktop machine is a must. After a particularily scary security announcement about IExplorer.exe, I got the patch off of Microsoft, posted it to our local file server and sent out a letter to the entire staff [insert something here about office politics and loosing face for scaring people] saying "install this patch immediately." Little did I realize that the patch was broken and replaced later the same day on the website with a functioning one. So, I expected everyone would come to me and say "I tried but it did _this_ instead."

    Two people came to me to complain. Two people of 59, when I said it was important to install this patch. Of the two people, one of them is a suit who hates using email (kudos to him for reading it).

    Some sysadmin, as frustrated as I am, must have asked for this 'MS will upload patches to you whether you ask for it or not' feature. Hell, I've had suits whine to me about "can't you just update my virus software for me, automatically?" and I think to myself "I guess I should, since when I say 'DO THIS, it's very important,' you ignore me."
  • FUD and idioticy (Score:4, Insightful)

    by SilentChris (452960) on Sunday February 10, 2002 @12:22PM (#2982382) Homepage
    I can't believe this drivel even made it onto Slashdot. This paragraph (and the paragraphs around it, which the article is clearly not referencing for shock value) talk about a feature that has to be *turned on* to be used. In fact, the OS asks you early on if you even want to enable Automatic Updating, and IT administrators (like myself) can easily turn it off on a whole host of machines simply by using Group Policy: remove the option to automatically update.

    This is a tech "shock" article, designed to get zealots in an uproar, and it should not even be bothered to be read.

    • by dhogaza (64507)
      The point you're missing is that while it is optional now, the wording in the license makes it possible for MS to make it non-optional in the future.

      And you are already bound by that agreement to let them do so if they decide to do so (if you're buying in bulk under that license).

      The article is about the *license*, not about existing versions of the operating system.

      Will they ever take advantage of this change in license? No one knows, least of all you.

  • Good and Bad (Score:2, Informative)

    by JWSmythe (446288)
    Well, this could be a very good, or bad thing..

    From the good point of view, they're taking responsibility to fix things. The end user with 1 XP machine that coudn't even figure out how to spell "windowsupdate.microsoft.com" is saved from potential problems. Never more will we have to ask/tell the customer, "Go update your software."

    Now think about the admin with 400 XP servers on his network. Once a week, he doesn't have to install patches on each and every one. I've had fun before watching a team of 3 guys updating software on 150 NT4 servers. I didn't even ask what the problem was, but I know that we completely reinstalled and reconfigured 16 Linux machines (fresh OS installs, replaced some hardware, set up the sites, and had them running again) before they were anywhere close to done.

    The XP admin will love this, assuming they do implement it. The EULA is just saying right now that they have permission to do it.

    There is a downside. NT4 SP6 (not SP6a). Anyone remember that one? I believe it was the one that when you installed and rebooted on a Compaq built server, it would fail to boot. The only fix (from Microsoft) was to reinstall Windows.. How many companies use those nice expensive Compaq servers, which would be automatically killed off.

    I have a computer at my home, with an i810 chipset, and an Intel Pro10/100 NIC. Windowsupdate insists that there is an update for it. I installed it (point, click, let it run). When it came back up, no more network. The new network driver doesn't recognize my network card. But, Windows automatically identified it as the new and updated driver..

    The scenerio of the XP admin with 400 machines under his control. Now he has to go to each and every one, and try to fix the network driver. How long would you think it would take to fix 400 machines? How long if the update happened to come on Friday at 5:30pm, 30 minutes after he left for a weekend vacation.

    We have a policy at my office, no changes on Friday. Maintaince stuff is fine, but no changes that will potentially make people work over the weekend. If Microsoft is calling the shots on updates, it's on their timetable. Maybe the day they call to update my network driver is the same day that all the Admins from my office are at a conference, meeting, or something..

    We all know stuff never happens at the right time, but we don't really need an extra variable of random events.

    I'm all for the updates. Maybe if they have it the way the WindowsUpdate notification works now, it would be very good. it says "There's an update available", they click the button, and it does them.. I'll be interested to see how they implement it, if they do..

    Of course, we don't run XP for damned good reasons (We're a 90% Unix shop). NT survives for our legacy sites. I'll watch the comments fly when M$ kills off a few hundred thousand users with a flawed update. :)

    • Now think about the admin with 400 XP servers on his network. Once a week, he doesn't have to install patches on each and every one.

      I'll think about the home user. You know, the one who, unlike the corporate admin, doesn't have clue 1 about backing out a bad patch. You outlined the problems corporate admins have had with bad Windows updates. What's a clueless home user going to do when things start breaking and he really didn't do anything to the system?

  • I've been hunting for the past hour on microsoft's site and on google looking for the XP EULA, and I can't find it. I'm awaiting delivery of a laptop with XP on it, and I want to see if I need to delete everything or not when it shows up.

    Where the hell did microsoft hide the EULA?
  • Throughout the rest of the licensing agreement Microsoft is careful to differentiate between simply having information on a computer and actually executing that code.

    This agreement doesn't say that MS can execute the new code that they force onto your workstation. So, if they did automatically execute it, they'd be stealing computing resources from your company.

    hehe
    ~Tetravus
  • End User License Agreements, also known as "shrink-wrap licenses" or "click-through licenses" are not legally binding.

    Here's a page [cr.yp.to] that explains further, including citations of court cases where the judge found that they weren't legally binding.

    Microsoft updating their EULA means about as much as Steve Ballmer having MSN carry his latest round of whinings and what they wish the world really was.

  • Something else to consider -- Service Packs.

    Let's say MS updates their DRM policies and you don't agree with them, and they distribute an "update" to their customers. You disabled auto-updating, and you decide against applying this patch. Now WMP can't play some recently released media, but no biggie, you can find other ways of playing media.

    Now let's say a massive bug/hole is discovered and Microsoft is responsive and develops a fix. What's to say they won't release this patch ONLY as a Service Pack, which contains this patch and also includes the DRM patch (and who knows what else!)?
  • Trust? (Score:3, Insightful)

    by 90XDoubleSide (522791) <ninetyxdoubleside@@@hailmail...net> on Sunday February 10, 2002 @01:18PM (#2982573)
    We can debate all day about whether the ability to get John Q. Public's computer security patched so it stops DDoSing your web server outweighs the value of having full control over your machine, but honestly, if you don't trust a company enough to have confidence in simple software updates, should you really be running their stuff in the first place?
  • is it not true that most people out there do not have broadband? won't you know when Microsoft tries to downlaod something onto your machine? besides, a computers true usefullness has nothing to do with an internet connection. go ahead, buy Windows XP with Office XP, and use it as it was desinged for; stand alone with no access (no pun intended) to the outside world. without that LAN/modem connection, you are fine. IMHO.
  • by Sanity (1431) on Sunday February 10, 2002 @01:35PM (#2982648) Homepage Journal
    ...we wouldn't own the car we had just purchased. We wouldn't have any rights against the manufacturer if there was a problem with the car. The manufacturer would have control over where we could drive with the car (and have the capability to arbitrarily add new restrictions without our knowledge). The manufacturer would be able to control where we purchase gas for our car, and arbitrarily increase the fuel consumption of our car without our knowledge just so their "preferred" oil company could make more money from us.

    So, here is the question: We in the software industry have quite a high opinion of ourselves, so why have we allowed things to get to this point?

  • by Pinball Wizard (161942) on Sunday February 10, 2002 @01:48PM (#2982717) Homepage Journal
    I usually don't like to hawk commercial products, but I've been awfully fond of Zone Alarm [zonelabs.com] ever since I started using it.

    I'm actually appalled at the number of applications that "phone home" while you're on the internet - sending back to the companies that created them information about themselves and the computer they are running on. Were it not for Zone Alarm, they would be doing this in secret without me ever knowing it.

    At any rate, at least MS says that they do this. There are a lot of others. Even if you are using an Linux or BSD firewall, as I do, those probably are set up to allow you do send any sort of communication out without checking. Something like Zone Alarm will tell you what applications are trying to access the internet by themselves. Its been highly enlightening ever since I started using it.

    In the case of something that runs over port 80 like IE, I'm not sure how you could use the internet while preventing it from sending back info to its parent company. I guess you would have to use something that promises not to have spyware built into it.

  • by King_TJ (85913) on Sunday February 10, 2002 @01:56PM (#2982748) Journal
    Personally, I think this article was written just for the sake of sensationalism and to nit-pick at some details of a EULA. As it has been repeatedly pointed out, MS still asks you in Windows XP how you'd like to handle auto-updates. You can A) disable them completely, B) just have it alert you that a new update is available, and let you decide if you want to download it, or C) let MS auto-download them all to you. Some people (normally *home* users) would like to choose option C, so MS wanted to have a clause in their EULA allowing them to offer this option to you without legal issues coming up.

    What's really going on here is a larger issue which has been around with *all* of the Microsoft products since day 1. Everything is still designed around what makes the individual home user happy. Corporate environments are much different. Security is tighter, and they're usually run in a more authoritarian manner. "We, the sysadmins, will tell you what you can and can't run on your PC."

    Despite MS trying to develop two flavors of Windows XP (home and corporate), even the corporate edition is chock-full of potential security issues that are only there because they made concessions to what the home consumer would think was "cool" or "worth upgrading for". If their "Professional" edition was truly aimed at corporate America, they'd remove all of the Internet media playing crap, never even consider letting the product auto-update itself, remove the default installation of the MSN messenger, ditch most of the cutsie wizards, and stick with a more clear-cut security model. (Try sharing the root of your C: or D: drive out under Windows XP. All you get is a warning that it's risky, security-wise, followed by it asking if you still wish to do it. If you do, you're not even sure what sort of permissions it placed on that share - or whether or not it is allowing it only for the local LAN, or for the whole Internet.) At least Windows 2000 gave everything to you straight. You just clicked the security tab and saw which options were on and off. Makes much more sense than trying to "user-friendly up" the security with simplistic prompts and questions.
  • by rben (542324) on Sunday February 10, 2002 @02:49PM (#2982935) Homepage
    1. Most people will get Windows XP Professional pre-installed on their computer. They won't have the option to change their minds because of the EULA, they'll just have agreed by buying the computer.
    2. This feature should be turned off by default at the very least. It's not. Since the OS will be pre-installed, and updates are not announced unless it's a DRM modification, if I read the article correctly, they won't know anything is going on.
    3. Our current admnistration recently called on the software industry to do more to protect computers from viruses. This change could conceivably be interpreted as a response to that call. Unfortunately, that means that we probably won't get a lot of help from this administration on this issue.
    4. This has happened before, back in the days of Ma Bell you couldn't even attach a piece of equipment to the phone network without explicit permission from Ma Bell. You weren't even allowed to own your own telephone. That kind of arrogance can only exist when a company has a monopoly. The only way to fix it is to eliminate the monopoly.
    5. Microsoft has a long history of making changes in software that break the compeitors software. This change in the EULA gives them a way to automatically distribute such "fixes" without alerting people that its even being done. How long will it be before MS decides that in order to better secure the digital rights of their partners, they should disable any software, such as Gnuetella clients, that might infringe on those rights.

    Hopefully, this will cause a backlash from the big corporate buyers that will cause MS to change the EULA, at least for a while. Perhaps we should change the name of the EULA to the Edict of Unlimited Arrogance!

  • Funny thing is... (Score:3, Interesting)

    by tcc (140386) on Sunday February 10, 2002 @03:26PM (#2983091) Homepage Journal
    I am still forcing everyone in the company which I am working as IT admin, to stay on Win2k. When I buy win2k licenses these days, it's a bit more expensive than BEFORE winXP came out... which is odd. Anyways, Win2k is the best OS MS ever did, and it's the first time I am not missing my old amiga's OS. XP on the other hand is great for home users for the look and ease of use, but it's basically just 2K with a buttload of useless (for professionnals) services added, decreasing overall performance, and killing your privacy. I'd like to see the sales figures of XP pro compared to win2k in corporate environments because I'm sure I'm not the only one who had reserves buying that after evaluating it.
  • Ahaha. (Score:5, Insightful)

    by Scoria (264473) <slashmail@init[ ]ized.org ['ial' in gap]> on Sunday February 10, 2002 @04:43PM (#2983424) Homepage
    Yet another biased article published by Slashdot. Windows Update is an integral component of Windows XP; it's evident that this is the feature Microsoft refers to in the EULA. By default, it searches for updates to Windows at an interval.

    If Slashdot were indeed an unbiased source for information, they'd have mentioned that this feature can indeed be disabled.
    • Re:Ahaha. (Score:3, Insightful)

      by Roy Ward (14216)
      Firstly, I don't see Slashdot claiming to be an unbiased source of information, or anyone seriously suggesting that it is.

      Secondly, the issue is about the license, not the way that Microsoft currently chooses to implement it. If what they meant was "You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer. You may choose for this part of the license not to apply to you by disabling Windows Update", then they should have _said_ so in the license.

      As it stands, Microsoft could technically at any time put out a "service pack that" doesn't allow Windows Update to be disabled any more.

      If they don't intend to enforce a clause, it should not be in the licence.
  • Trolls. (Score:3, Interesting)

    by GiMP (10923) on Sunday February 10, 2002 @07:10PM (#2984017)
    You do realize that the GPL, BSD, and many other licenses you love.. also allow this. You can think of a software license like a firewall.

    Microsoft has a default deny policy, and then states what rights they and you have.

    Most open source licenses have a default accept/allow policy, only denying few things. When you agree to a GPL or BSD license, you are agreeing to the same thing as you have no warrenty.. just restrictions on what you may do with the source.

    All this is saying is that Microsft software is one step more 'free'.. Oh, how the slashdot trolls are afraid of their government removing their freedom, but more afraid of giving Microsoft some.

    Hipocrites. People make me laugh.
    • Re:Trolls. (Score:3, Informative)

      by rabidcow (209019)
      Uh, no.

      This is about Microsoft forcing you (so to speak) to give them permission to access your computer. Open source licenses do not force you to agree to allow the author/distributer to do anything with your computer. Open source licenses generally have no terms related to actual *use* of the software, they only apply to redistributing modifications to the source code.

      I think it pretty much all comes down to one thing: "Don't touch my stuff!"

Competence, like truth, beauty, and contact lenses, is in the eye of the beholder. -- Dr. Laurence J. Peter

Working...