Read the Fine Print 637
nihilist_1137 writes: "This story is about how MS changed its EULA and you just gave them control of your computer. In the section on Windows XP Professional, 'Internet-Based Services Components' paragraph says in part, 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.'"
This reminds me of an old Dilbert cartoon... (Score:3, Interesting)
Is is so drastic? (Score:2, Interesting)
Windowsupdate scans your computer for required updates and, depending on your settings, it downloads the appropriate updates and presents a notification on the taskbar that they need to be installed. One click and the updates are installed.
In principle, this system works great for your average Joe User. Of course, for this system to be "allowed", you need to grant Windowsupdate control of your computer hence this section in the EULA.
Now of course, this part of the EULA does open the possibility of Microsoft being malicious but I guess I would trust Microsoft just enough not to deliberately screw over all home consumers in this way
Hmmm (Score:2, Interesting)
On the other hand, it does set a very bad legal precedent...
Re:Two Perspectives (Score:3, Interesting)
Re:Once again, Slashdotters want to have it both w (Score:5, Interesting)
On the contrary, sysadmins are advising that users disable automatic updates on XP because the tendency of the auto update facility to replace, for example, working drivers with faulty ones, as well as not providing information on which packages are being downloaded. (Read that in an article somewhere. Never used auto update myself.)
I do see this as a privacy concern, because it is only with XP that windows update does not say "this is done without sending any information to microsoft." All other versions of windows use the anonymous facility, so they already have a working production update system which they've replaced with this more invasive version. -Coinciding with the EULA changes.
Whether it is an intentional attack on privacy/piracy or simply that MS decided the old mechanism wasn't efficient enough over a slow connection (or some other technical reason) is speculation.
Why do companies tolerate this? (Score:5, Interesting)
I'm really quite surprised that there hasn't been a big backlash from the legal departments of corporate customers over the text in the license agreements from software makers like Microsoft.
Most of the large organizations that I've worked with have relatively paranoid legal departments. The average person cannot, for example, sign a non-disclosure agreement, vendor contract, or do anything else that binds the company without having the document scrutinized in excruciating detail by the company's legal department. And, as anyone who's ever been through this process knows, excruciating is the correct word for this situation.
Yet people install software all the time that binds the company to ridiculously one-sided terms: This software is ours, not yours. Unless it breaks: then it's yours, not ours--and we're obligated to do everything up to and including nothing to help you.
It seems to me like two possible explanations exist--neither of them pleasant:
- Legal departments aren't challenging shrink-wrap licenses because they feel they're not really enforceable contracts. This seems to fly in the face of things like UCITA, though, which allow the software vendor to say "W3 0wn j00" in their license agreements with the force of law to back them up.
- Legal departments aren't challenging shrink-wrap licenses because they realize that most of the time they're dealing with a powerful monopoly--and that the choice is to accept unconscionable terms or simply be unable to perform essential functions. Most legal departments don't understand open-source software, and I think Microsoft's done a good enough job with its fearmongering campaign about the GPL that there will be a lot of hesitation even if the light bulb ever does come on.
There's also the issue of who's allowed to "sign" these things. In most corporate-user situations, the user doing the software installation (and therefore "agreeing" to the click-wrap terms) isn't a corporate officer or someone who's been delegated the authority to bind the company to a set of terms--no matter how reasonable. This seems to me to be pretty dangerous. In the case of a dispute with the vendor, it could potentially put the user at personal risk for representing they had the authority to bind the company when, in fact, they did not. While the economics of pursuing an individual over a company's breach of the license "agreement" probably don't make sense, this remains at least a theoretical risk.There is a difference (Score:3, Interesting)
It's true that for Windows Update to work, it must determine what versions of what programs are on your computer; however, in the past is explicitly said that no information was transmitted to MS in the process, presumably because all the checking was done client side. Now, obviously, if MS looked at what you downloaded they could make a guess at what you have, but such snooping could at least be said to be an invasion of privacy. Now they have made you explicitly say that such snooping is ok. Moreover, in this snippet of the agreement, at least, it does not say such snooping will always be for the express purpose of system upgrades. Finally, you always had the option of not using Windows Update, but it sounds like you have to agree to this now just to use the OS. So I think this is new, different, and shitty.
Re:Why do companies tolerate this? (Score:0, Interesting)
-------------
You obviously haven't been paying attention to the big fuss that has been going over the Volume Licensing when they altered the Select/Enterprise agreements then, there have been some rather ugly fights over this issue.
-------------
There's also the issue of who's allowed to "sign" these things. In most corporate-user situations, the user doing the software installation (and therefore "agreeing" to the click-wrap terms) isn't a corporate officer or someone who's been delegated the authority to bind the company to a set of terms--no matter how reasonable. This seems to me to be pretty dangerous. In the case of a dispute with the vendor, it could potentially put the user at personal risk for representing they had the authority to bind the company when, in fact, they did not. While the economics of pursuing an individual over a company's breach of the license "agreement" probably don't make sense, this remains at least a theoretical risk.
---------------
Your thinking here is technically incorrent, When you work for a company and install software onto the desktop, (company owned machine) you act as an agent of the company, nothing more in relation to the software veondor of rwhat you just installed. you are only personally liable to the company you work for, for breaking Software agreement that usually exist in the Employee Handbooks.
When the Audit or License police show up, they never care who really installed anyhting, just whos machine it is on (the companies).
The issue of who is allowed to sign needs to be taken by any company through different routes. Typically, via the HR agreement, and employee diciplinary actions, as well as locked down desktops and so forth. Make it a non-issue by that route.
Other Content Owners? (Score:3, Interesting)
Does this mean that if say a music distributor reaches an agreement with MS to send music over WMA that they can request MS to check for non-licensed files? Or can they request MS to implemented some form of CrippleWare into Media Player? (granted your own fault if you're listening to music on it with all the published concerns regarding privacy and the software)
Like everyone else has pretty much said, the Windows Update Feature doesn't really bother me much, but allowing updates requested from other Vendors kind of does--especially if it is a background process that I don't know about.
Re:Two Perspectives (Score:3, Interesting)
Not only have you paid for it, but if you buy it at a typical store like Best Buy you're stuck with it even if you don't agree to the license -- as soon as you open the shrinkwrap, it's non-returnable. Conveniently, you can't even read the full EULA until you've opened the product. M$ should have to print the entire EULA and attach it to the outside of the box.
Re:A Bridge too far? (Score:3, Interesting)
isn't that like saying that drug dealers will go too far and the addicts will stop using?
call me cynical, but I just see the corporate world as too depentant on microsoft (on the desktop anyway) to give them up even if they wanted to.
Re:Well, Does 'Random Joe' *like* his auto-update? (Score:3, Interesting)
Don't always believe what you read......
And next time you would like to call me ignorant - try doing some research outside Microsoft's information circles.
Re:A Bridge too far? (Score:3, Interesting)
I want both to happen. The government has a moral and legal obligation to protect the rights of users of proprietary software, just as it does users of other products.
GM or Ford couldn't escape liability for a design defect in their trucks that causes them to explode, taking with it a company's assets. They would be FULLY liable not only for the actual damages, but for compensatory damages.
This liability tends to discourage such horrific defects.
There is no such liability in software. You can EULA away all responsibility, even if you KNOW the product is defective. A company's data can be totally screwed by a defective software product, and the software company be totally non-liable.
The market SHOULD decide that OSS software is less expensive, less legally risky, and more secure, but this is not going to happen overnight. I believe in the long run that it will. This is why the proprietary IP cartel is pushing such new laws as the SSSCA that would essentially make it a felony to produce an open system.
Re:Pretty reasonable (Score:2, Interesting)
I thought it was even worse than that - more along the lines of "if you sell any computer with some OS that's not Windows, we won't sell you Windows at all"?
If it was some other company doing this (something the size of Adobe, say, for the sake of argument), that would be bad, but at least people would have the opportunity to "vote with their wallets" and go elsewhere for their software. Since Microsoft basically has a monopoly on desktop OSs, office software and miscellaneous other things, there isn't really that opportunity (I help my more hackerish friends install Linux, but much as I hate to say it, I don't think pushing non-hackerish people into leaving Windows is necessarily justified yet).
Personally I'm OK at the moment with Linux for most stuff and Win98 first edition for games, but I'm not sure what I'll do when stuff stops supporting Win9x (I don't mean Microsoft "support", I mean apps/games which will only run on an NT-based Windows, so I've probably got a few years yet). I'd better hope WINE are still making progress, I suppose.
keep reading the EULA... it gets 'better' (Score:1, Interesting)
It's also in the EULA for Windows 2000 - it's not new.
here:
" 10. Disclaimer of warranties. The limited warranty that appears above is
the only express warranty made to you and is provided in lieu of any other express warranties (if any) created by any documentation or packaging.
Except for the limited warranty AND and to the maximum extent provided by applicable law, Microsoft and its suppliers provide the software and support services (if any) as is and with all faults, and hereby disclaim all other
warranties and conditions, either express, implied or statutory, including,
but not limited to, any (if any) implied warranties, duties or conditions of
merchantability, of fitness for a particular purpose, of accuracy or completeness, or responses, of results, of workmanlike effort, of lack of viruses and lack of negligence, all with regard to the software, and the provision of or failure to provide support services. also, THERE IS NO
WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION,
CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE
SOFTWARE."
While IANAL, I'd be interested to read other's opinions of this stuff.
Re:Maybe IT wants it (Score:2, Interesting)
They have been trained, but there is hope. (Score:3, Interesting)
Everyone sees those service packs and weekly "anti-virus" updates. A few of them know that M$ is changing everything under their feet all the time. Some of them have even figured out that M$ is not the only program they have that calls home. They have been beat down with FUD and convinced that they need that "automatic" hand in there fixing things. To them this is the same feeling they get when they pay for a $100 oil change. They feel ripped off, but don't see a way out.
The people who know the most are the most embarrased. Here it is, laid bare, all those evil things the free software people have been telling them for years. The MicroTurds have led their companies down the rosy path all this time, ignoring poor perfomance and increasingly ugly control from M$. The waste of ever shifting formats was a demoralization they were willing to live with because they thought it would end one day. Now they look around and see the chains. The latest changes in document formats came as a huge shock to them because they know of no other applications than M$ for Windoze. So it is now obvious that the changes will never end and that they are being used as the upgrade train. Last thursday a co-worker told me that M$ was shifting all of their licensing to XP and rental only by next June. He was really shocked. IT is demoralized completely, especially the die hard M$ pushers. "What can we do?" they wonder.
People I work with are now interested in Linux and other free software. These are rank and file engineers who, as one of them put it, "use software like toilet paper, I use what's on the roll." I'm amazed. What I've told a few people about the concepts of free software, its motives licenses and current state, sunk in.
I have three old computers that I'm lending to people so they can see for themselves. I've warned them that I'm NOT a CS or IT dude, and that the machines could be better configured by someone that knew better or cared for things like noise, TV and movies. What I lend them are basic Debian machines with Gnome applications, Netscape, Mozilla, a few window managers and some kind of network connection. This way they don't feel like Free software robbed them of anything (I leave that to dying M$ junk), and I don't have to spend hours at their house figuring out their computer. In short, I try to give them the tools they use for 95% of their work and let them know that there are better tools available for people who really need them, like Latex for typesetters, databases and noise makers.
Re:strawman (Score:2, Interesting)
But the vast majority is. Just see my journal of a little experiment I did not too long ago.
Re:Software auto-update is common (Score:5, Interesting)
Google's Toolbar does the same thing, according to their official-until-we-change-it legalese
The difference is Google only checks for a single piece of information on a single piece of software and my system does not depend on this software to run. I have never had a Google Toolbar update screw up my entire system or even introduce another bug or open security holes. Google also has a pretty good privacy policy for which it has an excellent track record for following. In short, Google has earned my trust, Microsoft has proven time and time again they can not be trusted and it will take more than setting aside 28 days out of the last 20 years to fix problems to restore that trust.
If cars had this kind of EULA... (Score:3, Interesting)
So, here is the question: We in the software industry have quite a high opinion of ourselves, so why have we allowed things to get to this point?
At least they acknowledge they do this. (Score:3, Interesting)
I'm actually appalled at the number of applications that "phone home" while you're on the internet - sending back to the companies that created them information about themselves and the computer they are running on. Were it not for Zone Alarm, they would be doing this in secret without me ever knowing it.
At any rate, at least MS says that they do this. There are a lot of others. Even if you are using an Linux or BSD firewall, as I do, those probably are set up to allow you do send any sort of communication out without checking. Something like Zone Alarm will tell you what applications are trying to access the internet by themselves. Its been highly enlightening ever since I started using it.
In the case of something that runs over port 80 like IE, I'm not sure how you could use the internet while preventing it from sending back info to its parent company. I guess you would have to use something that promises not to have spyware built into it.
Re:Two Perspectives (Score:4, Interesting)
For example in Germany the whole EULA is completely void, that's why there are no longer OEM-licenses in Germany. (Courts said that users could use them everywhere, not just on the computer it came on)
The funny (or sad) part is that Microsoft also does not follow their own EULA in Germany: You don't get any refunds.
But they still ship everything with the EULA...
Freedom of Choice. (Score:3, Interesting)
It is about being able to opt out or opt in as you like.
It is about freedom of choice.
If they want to offer this as aservice fine. And maybe I might recommend it for your first time shopper, buying their first computer at the CompuMaximus Grotesguerria. But then maybe MS does know what the best choice would be for everyone in the country.
For Myself, I have sufficient experience that I would dare to have actual opinions about my choice of configuration.
For this I may well by relegated to that worse possible of all Microsoft hells. A world without Microsoft. Sign me up.
This is really just a piece of a larger issue..... (Score:3, Interesting)
What's really going on here is a larger issue which has been around with *all* of the Microsoft products since day 1. Everything is still designed around what makes the individual home user happy. Corporate environments are much different. Security is tighter, and they're usually run in a more authoritarian manner. "We, the sysadmins, will tell you what you can and can't run on your PC."
Despite MS trying to develop two flavors of Windows XP (home and corporate), even the corporate edition is chock-full of potential security issues that are only there because they made concessions to what the home consumer would think was "cool" or "worth upgrading for". If their "Professional" edition was truly aimed at corporate America, they'd remove all of the Internet media playing crap, never even consider letting the product auto-update itself, remove the default installation of the MSN messenger, ditch most of the cutsie wizards, and stick with a more clear-cut security model. (Try sharing the root of your C: or D: drive out under Windows XP. All you get is a warning that it's risky, security-wise, followed by it asking if you still wish to do it. If you do, you're not even sure what sort of permissions it placed on that share - or whether or not it is allowing it only for the local LAN, or for the whole Internet.) At least Windows 2000 gave everything to you straight. You just clicked the security tab and saw which options were on and off. Makes much more sense than trying to "user-friendly up" the security with simplistic prompts and questions.
A couple of points that I'd like to reinforce (Score:3, Interesting)
Hopefully, this will cause a backlash from the big corporate buyers that will cause MS to change the EULA, at least for a while. Perhaps we should change the name of the EULA to the Edict of Unlimited Arrogance!
Re:Nothing more than Windows Update (Score:3, Interesting)
The phrase in the EULA is a CYA measure on their part. They don't want someone enabling this, and then trying to sue them for it. However, I repeat, this is voluntary. You can leave it in the classic mode where you must instantiate an update.
Re:MS didn't think anyone would notice ANYTHING (Score:5, Interesting)
Funny thing is... (Score:3, Interesting)
Minors cannot enter into a contract (Score:2, Interesting)
Another comment: I would assume that MS's right to update is contingent on responsible use of the procedure. If someone was to hack the system and change everyone's start up screens to the Playmate centerfold, do you think that MS would be able to retain the right to complete future updates?
Re:Maybe the users want it (Score:1, Interesting)
Trolls. (Score:3, Interesting)
Microsoft has a default deny policy, and then states what rights they and you have.
Most open source licenses have a default accept/allow policy, only denying few things. When you agree to a GPL or BSD license, you are agreeing to the same thing as you have no warrenty.. just restrictions on what you may do with the source.
All this is saying is that Microsft software is one step more 'free'.. Oh, how the slashdot trolls are afraid of their government removing their freedom, but more afraid of giving Microsoft some.
Hipocrites. People make me laugh.
Re:Hmm.. (Score:4, Interesting)
Slight wording differences.. but still... what is "personally identifiable information "? For the longest time, an IP address did not fall into that category.. but as anyone knows... an IP address can id quite alot...
The privacy policy for windows update has:
-----start quote..
Windows Update Privacy Statement
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of information from your computer. This information includes:
Operating-system version number
Internet Explorer version number
Version numbers of other software
Plug and Play ID numbers of hardware devices
Windows Update does not collect your name, address, e-mail address, or any other form of personally identifiable information. The information collected is used only for the period of time that you are visiting the site, and is not saved.
To provide you with the best possible service, Windows Update also tracks and records whether the download and installation of specific updates succeeded or failed. Windows Update records the ID of the item that you attempted to download and install, and information about your operating system version and Internet Explorer version. The information that is stored cannot be associated with anything that is unique or personally identifiable about you or your computer.
------ end quote
The REAL Issue (Score:1, Interesting)