Forgot your password?
typodupeerror
Microsoft

Microsoft Media Player "Security Patch" Changes EULA Big Time 771

Posted by CmdrTaco
from the under-the-guise-of-security dept.
MobyTurbo writes "In an article on BSD Vault a careful reader posts that in the latest Windows Media Player security patch, the EULA (the "license agreement" you click on) says that you give MS the right to install digital rights management software, and the right to disable any other programs which may circumvent DRM on your computer." So if you want your machine secure, you also want microsoft to have free reign on your PC.
This discussion has been archived. No new comments can be posted.

Microsoft Media Player "Security Patch" Changes EULA Big Time

Comments Filter:
  • MS/Borg (Score:2, Funny)

    by Sandman196 (587461)
    Sometimes, the Bill/Borg pic says it all.
    • Re:MS/Borg (Score:5, Informative)

      by uncoveror (570620) <webmaster@uBLUEncoveror.com minus berry> on Saturday June 29, 2002 @01:59PM (#3792432) Homepage
      Time to kick media player to the curb, and use winamp, quicktime, realone, or anything else. Just take steps not to install the spyware if you use real. Do a custom install, not the quick install, and uncheck the things you don't need.
    • I think This Link [mugshots.org] is most telling.
    • Re:MS/Borg (Score:5, Funny)

      by Anonymous Coward on Saturday June 29, 2002 @02:31PM (#3792560)
      I pirated all my Microsoft software... does the EULA still apply to me?
      • Re:MS/Borg (Score:2, Interesting)

        by kaustik (574490)
        I think that an EULA like this would apply more-so to one who had pirated the software. Running even a pirated version of this would expose your computer to the scrutiny of M$ - scrutiny that is even less-wanted by people like you and I who most likely have massive amounts of software that we may have "delayed" on paying any licensing fees for. I wonder how long it will be before I boot up my XP partition to an empty hard drive and picture of a disapproving Bill shaking his finger at me... or an FBI agent at my door.
  • extortion (Score:5, Insightful)

    by s20451 (410424) on Saturday June 29, 2002 @01:26PM (#3792264) Journal
    How can it be that they can change the EULA in order to disseminate a security patch? Isn't this essentially extortion? If I disagree with the EULA, and someone exploits the security hole the patch was designed to fix, can Microsoft be held liable?
    • Re:extortion (Score:5, Interesting)

      by rabtech (223758) on Saturday June 29, 2002 @01:34PM (#3792309) Homepage
      No, because most companies reserve the "right" to change the terms of the EULA, without notification, at ANY TIME.

      The whole concept of the EULA is so silly... I really hope it gets tossed out of court ASAP. Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?
      • Legality of EULA (Score:5, Interesting)

        by javacowboy (222023) on Saturday June 29, 2002 @02:10PM (#3792469)
        Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?

        This is an interesting point. How legally binding *IS* the EULA? It's generally accepted that in internet transactions involving credit card numbers, a customer can at any time deny having made the transaction. Without a signature, there's no way to PROVE that the customer made the transaction: they can't take that customer to court. This is why there is a much larger allowance for bad debts on online credit card transactions. In a real-life transaction with a carbon copy, all they need is your signature to prove that you made the transaction, and they can sue you.

        In that vein, how can the EULA possibly be legally binding? I can see how the signature on the invoice for their computer or copy of Windows, they could be held liable. However, how can I user clicking on "OK" in a upgrade screen be legally binding?

        I don't understand how the judicial/legislative system has allowed them to get away with this, whereas credit card companies are screwed on fraudulent online transactions. This doesn't make any sense to me. Some court somewhere should be able to strike down the EULA as non-binding contracts, due to the lack of a customer signature or any other proof that the customer entered the transaction.
        • In that vein, how can the EULA possibly be legally binding?

          It depends what the EULA says. In this case, the EULA is not making the end-user liable for anything, it is merely limiting Microsoft's liablity.

        • by DaveWood (101146) on Saturday June 29, 2002 @05:43PM (#3793220) Homepage
          IANAL, but until very recently, your suspicions were basically correct; company lawyers have their field day with shrink-wrap licenses but they're very very careful not to test the more exotic provisions in court.

          That is, until they're safely set up inside a UCITA-adopting state.

          Why, you ask? What's this UCITA anyway? Not another acronym. I'm too lazy to write another letter. Trying to keep my phone bill down. And I can never keep my boycotts straight once I get to the store.

          From the mouth of the beast... [ucitaonline.com]

          And on a slightly more ethical tip...

          The FSF's writeup [gnu.org]

          And the CPSR's writeup [cpsr.org]...

          Google will give you more.

          Think your EULA's not binding? UCITA gives it all that 100%-All-American Bought and Paid For Congressional Stamp of Approval. Some democracy we have, huh?

          -David
        • Re:Legality of EULA (Score:5, Informative)

          by Arandir (19206) on Saturday June 29, 2002 @06:21PM (#3793342) Homepage Journal
          How legally binding *IS* the EULA?

          The unfortunate state of civilization today is that it is governed by men and not by laws. Thus it doesn't matter whether a EULA (any EULA) is legally binding or not. All that matters is that enough people think they are.

          In terms of the law, most EULAs are completely invalid. Exercise of pre-existing rights is considered assent. There is a total lack of consideration. And there is no way to verify that a particular "licensee" has even seen the contract.

          In terms of Rule by Fallible Human Beings, EULAs are completely valid if you can get enough people to believe that they are valid. But even if you can't, you can still take them to court and draw out the process to bleed them dry until the give in and settle.

          I don't understand how the judicial/legislative system has allowed them to get away with this, whereas credit card companies are screwed on fraudulent online transactions.

          The difference is easy. The average person cares about losing money. But the average person is very ignorant about their legal rights with regards to copyrightable materials, especially when it concerns software.

          Wait until some large company starts putting the screws to enough people. Then the situation will change. Bankrupt enough grandmas in court for EULA violations, and the public opinion will change.
      • Re:extortion (Score:4, Interesting)

        by donutello (88309) on Saturday June 29, 2002 @03:48PM (#3792842) Homepage
        No, because most companies reserve the "right" to change the terms of the EULA, without notification, at ANY TIME.

        Horseshit! You can't change a EULA without notification. This is Contract Law 101. You can't change a contract unilaterally. Show me a EULA which reserves the right to change itself without notice and I'll show you a EULA that has no feet to stand on.

        The whole concept of the EULA is so silly... I really hope it gets tossed out of court ASAP. Where else can the manufacturer of a product hold you under a contract you did not sign, and change the terms of that contract at any time without notifying you or getting your agreement on the changes?

        The concept of a EULA is not silly. A paper signature is only one way to prove that you actually indulged in the transaction. It is not necessary to prove that you actually did. And nowhere can anyone change the terms of a contract without notifying you or getting your agreement on the changes. It hasn't happened in this instance and won't happen ever.
        • Re:extortion (Score:3, Informative)

          by ImaLamer (260199)
          I agree.

          In the only _real_ law book I've read on the subject, which reads as easy as applied cryptography's first few chapters(seriously, it's very basic the hard shit follows), explains that a contract contains a portion where they must provide something while you must also. Either party fails to provide it's side of the deal the contract is null or goes into despute (court)

          No one party can change lines of a contract or edit the final conditions without the users consent (read:signature). Of course clicking YES to the new one _could_ be the same ... i hope not...
      • by schmaltz (70977) on Saturday June 29, 2002 @03:57PM (#3792877)
        This EULA's a precurser to M$ actually installing DRM and anti-anti-DRM software on your computer as part of the next security patch.
    • Re:extortion (Score:5, Insightful)

      by brsmith4 (567390) <brsmith4.gmail@com> on Saturday June 29, 2002 @01:40PM (#3792345)
      How can it be that they can change the EULA in order to disseminate a security patch? Isn't this essentially extortion?

      No. M$ has lawyers that would have picked that up pretty quickly. Do you think they would want another scandal, in the wake of the anti-trust suits and now the accounting problems that are happening all throughout corporate america? I don't think they would be that stupid as to cause another magnifying glass to be scrutinizing them. They are just playing the dumb pawn in the RIAA/MPAA game. If they were to be tried for 'extortion', they can simply plea that they were conforming to the DMCA by preventing its users from engaging in illegal activity thus eliminating their liability.

      If I disagree with the EULA, and someone exploits the security hole the patch was designed to fix, can Microsoft be held liable?

      No, because if you disagree with the EULA you are automatically forbidden from applying the security patch in the first place. If you didn't install the patch because of disagreement from the EULA, then you have no right to the security 'benefits' the patch brings. So in short, if you don't and you get hacked, its your own fault, not theirs.

      All this microsoft legal stuff is quite fascinating. I am still waiting to hear that M$ has been over stating their earnings. In their case, they are probably understating (for tax purposes)
    • Re:extortion (Score:2, Insightful)

      by bsane (148894)
      Exactly- agreeing to this EULA would be similar to signing a contract under duress. At least it would be in the unlikely situation that the EULA would stand up in court on its own.
  • So where is the end? (Score:3, Interesting)

    by Lumpy (12016) on Saturday June 29, 2002 @01:29PM (#3792276) Homepage
    When will someone or a group of someone stand up and challenge the EULA? More and more scumbag companies like Microsoft try to force things on it's customers. Most of what they have in EULA's are illegal for anyone or any company to try and force upon someone WITHOUT having them sign away their rights... and now they have set a presedence that you dont even have to sign to give away your rights.

    When is the user going to quit rolling over and taking in the rear with a smile and being forced by the EULA to say "thank you may I please have another?"

    Or is the general populace pretty much doomed.

    • by Sloppy (14984) on Saturday June 29, 2002 @02:23PM (#3792525) Homepage Journal

      When will someone or a group of someone stand up and challenge the EULA?

      After the disaster. I can keep my GPG private key pretty secure, because

      1. Only one person (me) has access to it
      2. Nobody particularly wants it
      Windows probably uses public key crypto to verify when Microsoft is attacking it, so that it can decide to allow the attack. When this company,
      1. who has thousands of employees,
      2. whose products are used by governments and large, juicy, corporations,
      3. who has repeatedly demonstrated lack of security consciousness,
      loses control of the root-any-Windows-box key, it will become Interesting Times for all Windows users. Everywhere (including here on Slashdot, you can bet) there will be howls of laughter. But among the Windows users, and in Congress, the words will finally be spoken out loud: "Something has to be done."

      But I don't think anything can happen before the disaster. It's just not how our culture works.

    • Keep in mind that credit card companies do the same thing. They send you a new agreement when THEY decide to change it, and your only option is to cut the card in half and send it back to them. Of course, if enough people did that....
      • by R2.0 (532027)
        "Keep in mind that credit card companies do the same thing."

        Not really.

        "They send you a new agreement when THEY decide to change it,"

        By doing so, they are giving you the notice they are required by law to give. They are in effect saying "enclosed are proposed changes to our contract..."

        "and your only option is to cut the card in half and send it back to them."

        And if you don't agree to the changes in the contract, you are allowed to terminate the contract, just like hundreds of years of common law allow.

        That's where MS changing the EULA unilaterally is different. One can always get a different cc card - the field is hugely competitive. But, since MS is a convicted monopolist, by definition I DO NOT have any competitive options. I CAN'T just say "Screw you, MS - I'm uninstalling Windows" - there is little competition.
    • I can't tell you where the end is, but I can tell you we are nowhere near the middle yet. As has historically happened forever, the people with the most wealth and power are going to win this battle. Something in their personal makeup motivates them to pursue more wealth and power relentlessly, while the rest of us get mad for a while and then get over it. I like listening to my vast collection of illegal mp3's, but not enough to mortgage my house for legal costs if state troopers come knocking on my door. I have more to lose than I have to gain. Yes, there are lofty principles, but I have to live somewhere. The people on the other side of the argument have millions and billions personally to gain from winning, so who is going to fight harder?

  • Not new. (Score:5, Informative)

    by Oily Tuna (542581) on Saturday June 29, 2002 @01:29PM (#3792280) Homepage Journal
    That clause has been in the Media Player EULA for ages.

    Yeah, it's bad, and it's always been bad.
  • by Xpilot (117961) on Saturday June 29, 2002 @01:31PM (#3792290) Homepage
    ...earlier on [slashdot.org] I think.
  • by Jucius Maximus (229128) <zyrbmf5j4x&snkmail,com> on Saturday June 29, 2002 @01:32PM (#3792291) Homepage Journal
    I remember some weeks back that someone had posted a script pointing to an auto-EULA remover for microsoft installers. Can that person please post their link again?
    • by xenoweeno (246136) on Saturday June 29, 2002 @01:34PM (#3792312)
      The EULA remover is here [google.com] thanks to DejaGoogle.
      • "its purpose is
        twofold: (1) to make a point about the absurdity of hidden "agreements"
        that buyers cannot know about until after sale, and (2) to be able to
        honestly say that I never accepted any EULA, and thus my use of the
        software is limited only by copyright law, just like a book or a CD."

        Hmm... and removing that EULA click-through page you won't be liable? And the other trueth is that if I close my eyes I'm invisible.

        • by Stary (151493) <stary@novasphere.net> on Saturday June 29, 2002 @04:06PM (#3792904) Homepage Journal
          How could you be liable for something you never accepted? What about if somebody else installs a program on my computer with an EULA that says that Evil. Inc has the right to confiscate any computer equipment that runs this software? That's a bit like holding me liable for a contract you wrote while in my apartment. Or how about if Windows came pre-installed on my computer? Or what about if I bought the computer used with all the programs installed already?

          Let's take it from another angle: You buy an ice cream. When you open the wrap cover, you find a small agreement saying "in order to eat this ice cream, you must agree to also stand on your head and make a sound like a horny lion, ten times, in a public place". So what do you do, sign it or return the ice cream? No, because tossing it into the nearest waste basket would make your afternoon a nice walk in the park enjoying your ice cream - since just because somebody tries to force you into "agreeing" to something before using a product doesnt mean it's illegal for you to use it without agreeing.

          A side note: That'd be "truth" you're looking for.

          • How could you be liable for something you never accepted?

            'cause if you're proactively downloading a EULA remover, you're not exactly using the software legally. You obviously knew there was a contract but tried to get around it. "Oh, officer, I didn't have to stop there because I cut down the stop sign and took it home!"
      • That may not work on M$ products because on the box it says the user must agree to the enclosed EULA before using the program. If they don't agree, the box says they can return it, even when it's opened. Thus using the EULA remover wouldn't accomplish anything.
  • by peterdaly (123554) <{petedaly} {at} {ix.netcom.com}> on Saturday June 29, 2002 @01:32PM (#3792295)
    I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand. I maintain a web site that basically sells access to TIFF imaged documents. All of a sudden we had about a hundred pissed off customers (some not wanting to pay their bill) because _WE_ broke access to the information that runs their businesses. As each customer ran windows update, our website broke. Of course they all say they have not installed any new software, which makes it all the more difficult to troubleshoot until the problem was figured out.

    MS is without a doubt throwing non-security things into "security patches", and I for one don't like the unadvertised "featues" one bit.

    -Pete
    • That's bad. All the patent images on the USPTO site are TIFF files.
      • Yes, it's annoying having to track bullshit changes in a huge pile of untested hacks sold into an all-but-captive market, but it shouldn't take much more than 4 hours of hacking perl (or your choice of language) and ImageMagick bindings to do online transcoding the images from TIFF to PNG or GIF or JPEG or even BMP. That will at least get the information and the revenue flowing again, and makes for a usable long-term solution if re-encoding an entire library isn't cost-effective.

        -jhp

    • by yerricde (125198) on Saturday June 29, 2002 @02:13PM (#3792479) Homepage Journal

      I thought it was bad recently when a "Critical" IE6 security path completetly broke the ability to view TIFF images in a browser without hacking the registry by hand.

      Actually, it was Microsoft dropping support for Netscape plug-ins such as QuickTime 5 because of a patent dispute.

      I maintain a web site that basically sells access to TIFF imaged documents.

      Adobe TIFF has three common lossless modes [apple.com]: Apple PackBits (RLE algorithm used in MacPaint and at least one NES game), CCITT Fax (a strange bilevel image codec used by fax machines), and Unisys LZW [burnallgifs.org]. PNG, on the other hand, uses Phil Katz's Deflate (LZSS on a 32 KB window, followed by Huffman coding), which makes smaller files than any of TIFF's three algorithms.

      What does TIFF [libtiff.org] do that PNG [libpng.org] doesn't?

      • PNG, on the other hand, uses Phil Katz's Deflate (LZSS on a 32 KB window, followed by Huffman coding), which makes smaller files than any of TIFF's three algorithms.

        TIFF has a deflate compression scheme too, though not everyone supports it. TIFF can be smaller; CCITT Fax, which is designed for bilevel text, actually works better than PNG for bilevel text.

        What does TIFF do that PNG doesn't?

        JPEG. Multiple images in one picture; libtiff's registered tags allow for a 3D scan to be stored in one file as a series of slices. Thumbnails can be included by the same mechanism. It can also be used like PDF, in holding an entire document in one file. It provides for anyone to register new tags, for arbitary extension. It's an extraordinarily flexible file format.

      • What does TIFF do that PNG doesn't?

        Does PNG support multiple images in one file? Don't take this as a troll...I've had fax software that would store all the pages of an incoming fax in a single TIFF file that could be viewed/printed/etc. Does PNG support a similar capability?

        (For images on a website that you don't want to put through JPEG losses, PNG rocks.)

  • Easy choice (Score:2, Insightful)

    by ZaneMcAuley (266747)
    Nobody forces you to use WMP.

    Just use a different media player.

    BlazeMediaPro, Winamp, more, take your pick.

    oh and yeah, add microsoft.com to your hosts file :D
  • I'm not that familiar with Windows Media Player licenses, but the line about security upgrades might well be present in previous versions. It doesn't seem to be in the license for the mac client (7.3)
  • It's just to win points with DRM advocates. It's an underhanded means of controlling its "users" from the perspective of the DRM folks. I would be interested to know if there's been some discussion between MS and the DRM folks to ensure/track this sort of thing.

    And in the balance: security vs control.

    Either the villanous attackers are in control/capable of control
    OR
    Microsoft is in control.

    Geez. It's a lose-lose situation.
    • by kawika (87069) on Saturday June 29, 2002 @02:45PM (#3792605)
      Yep. Take a look here [microsoft.com] to see Microsoft's plans for cozying up to the DRM folks. The strange thing is that the final presentation on "Mercury" isn't available. That was the most interesting one. It was about how the DRM software would manage rights for portable media players over the Internet using public/private keys. And of course, Microsoft runs this whole DRM infrastructure for a nice fee.

      I was there for most of the live presentation, and during the Q&A someone got up and asked what would happen if the keys were compromised, for example someone found a way to hack the unique id in a player. The MS guy indicated that the keys for an entire brand/model of player could be shut off if necessary. The next question, of course, was how the buyers of those players would feel when their expensive players became useless. The MS guy said that the decision to shut off access wouldn't be Microsoft's, but they could do so on a court order, for example.

      Why would someone want to buy a portable media player (or desktop media player for that matter) that could become worthless a few months later because someone else hacked it and rendered the DRM insecure? You wouldn't. Why would a manufacturer want to take the chance that they'd be involved in a messy class-action suit from customers because their portable media player now can't play music? They wouldn't.>/b>

      I just can't see how this can come to pass.
  • by Animats (122034) on Saturday June 29, 2002 @01:39PM (#3792342) Homepage
    If you're in a large company, contact your legal department immediately. That's a serious issue, because it gives Microsoft the unlimited right to destroy any software on your machine. That's not something the individual employee is authorized to agree to.
    • by BurritoWarrior (90481) on Saturday June 29, 2002 @02:00PM (#3792434)
      If you're in a large company and individual users have the rights/permissions to install software/patches on their machines -- short your own stock, you're in more trouble than just a EULA. :)
      • Fuck that. As a software developer, I refuse to work at a company that doesn't give me the right to run my machine the way I see fit.

        I've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.
        • Startled writes (emphasis mine)
          've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.
          And it sucks to be in IT at those companies as well -- having to process a ticket for each individual user who "needs" some new paint program installed, and the executive (aka "VIP" ticket) that wants Solitare and minesweeper re-installed on his company supplied ultra-thin laptop.

          The alternative is no cake walk -- thousands of users with WinAmp and Comet Cursor installed, worms, viruses and malware everywhere.

        • Fuck that too. As a system administrator, I refuse to work at a company where all developers have unlimited root access on the production network. I've seen too much stomping about production by developers (and their code) with no sense of Tao, and it's made my life incredibly frustrating in the past. There's no reason for you to be noodling about anywhere near production if the app is well-designed, well-partitioned from the system and keeps its tentacles out of everything.
          I've seen those companies that require you to get IT for every little thing. The usual result-- IT cops a major attitude, nothing gets installed, everything breaks, and no one gets a damned thing done.
          If your code is a web application, there is no reason, alibi or excuse for your code to run as root, to write files outside of its own chroot jail, to run privileged code, or to bind to privileged ports UNLESS your site uses custom Apache modules or is so big that it must use ASLB. That said, it's nice if a workstation's /usr/local is writable by the user of that workstation and IS leaves a pristine read-only copy around for you or them to rsync if the need arises.

          If you develop on Windows, well, there's your problem.

          -jhp

  • Scary (Score:5, Interesting)

    by scotfl (312954) <scotfl@gmail.com> on Saturday June 29, 2002 @01:46PM (#3792375) Homepage Journal
    These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer.

    Now there's a particularly nasty line. It starts off with DRM for 'Secure Content' (which I guess is M$'s new term for protected IP), but then it expands into 'Other Programs'. Which means, MS is now reserving the right to disable any program they don't like.

    Furthermore, the patch that disables the program will "will be automatically downloaded onto your computer," without your knowledge. But, the real kicker is this one (my favourite line):

    If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.

    So even if they send out patches killing off all non-MS software, they can bury a notice so deep in microsoft.com that no one will ever find it, and claim (correctly) they are going above and beyond the EULA. Damn, I'm glad I use Macs and NetBSD.
  • Groan.... (Score:3, Insightful)

    by cybermace5 (446439) <g.ryan@macetech.com> on Saturday June 29, 2002 @01:47PM (#3792382) Homepage Journal
    One of these days they will go too far.

    Every move Microsoft has made follows
    Machiavellian politics to the letter.

    It's no longer about money, it's about
    power. Microsoft will continue to find
    ways to gain more control of computers,
    and eventually will try to directly
    attack other operating systems and make
    them illegal. Microsoft doesn't even have
    to worry about serving customers anymore.
    There's almost too much momentum to over-
    come here, folks. The only way that our
    computers will belong to us in the future
    is to make sure that we control how they
    are used. Keep the hardware in the hands
    of smaller manufacturers who have to
    compete. Keep the software in the public
    domain wherever possible.

    At this point, even Apple looks good com-
    pared to Microsoft. They have to listen
    to their customers, they have adopted con-
    cepts from better operating systems and
    made it easier for users to use a com-
    puter for any purpose they desire.

    It doesn't matter what OS you use; BSD, Linux,
    Solaris, or any of the other options. But by
    choosing something other than Windows you
    will help keep control in your hands. At this
    point it would take thirty years for Microsoft
    to go out of business, but we need to be looking
    ahead. Do not accept these incremental attacks
    on your freedom.
    • Re:Groan.... (Score:4, Insightful)

      by kadehje (107385) <erick069@hotmail.com> on Saturday June 29, 2002 @09:59PM (#3793907) Homepage
      Microsoft will continue to find ways to gain more control of computers, and eventually will try to directly attack other operating systems and make them illegal.

      You're wrong on the "eventually" part. This campaign against other operating systems, as well as other technologies that threaten MS's dominance. What do you think the SSSCA/CBDTPA/S. 2048 bill is all about? Why do you think that Intel, IBM, and just about every other major tech company is screaming that they're scared shitless about this bill? Right now, Microsoft is going for checkmate in the technology game and this bill is their first move in their campaign. Should Microsoft even partially succeed in this campaign to bring every other tech company to its knees and force them to pay tribute (both financially and in policy matters) to Redmond, Microsoft will become the most powerful modern corporation in history.

      Although this legislation has the proverbial snowball's chance of passing this time around, I feel that its main provisions will be enacted by the end of the decade unless Congress and Microsoft both get bludgeoned severely. These provisions may get enacted in a piecemeal fashion, but the two factors that will cause S. 2048 to become law are (a) Microsoft's huge war chest from which it can make "campaign contributions" and (b) Congress's tendancy to accept these "contributions" in exchange for favorable legislation for the contributor. The most obnoxious part of this legislation is the fact that it requires all hardware made in or imported to the United States to implement one DRM scheme dictated either by industry consensus or by the Commerce Department in 12 to 18 months if the industry can't reach a consensus. In addition, antitrust concerns will not be applicable to the process of reaching this DRM standard.

      Here's the killer for all the other players in the tech industry: Microsoft holds most of the important patents for implementing DRM in software as well as major portions of implementing it in hardware. Unless another company's DRM research pans out no later than a year after this provision were to become law, there would be no alternative to whatever scheme Microsoft comes out with. Then, the Commerce Department would then impose the Microsoft standard on the nation's technology industry, extending Microsoft's grasp from the PC world to a significant portion of the U.S. GNP. Sun and IBM would be at the mercy of Microsoft, and since these companies are enemies of Gates & Co., it is likely that Microsoft would be able to use its control over these DRM patents to marginalize or even destroy these companies by making it impossible for these competitors to release new, innovative products that would, by law, include these DRM technologies.

      Intel, AMD, Cisco, and other companies that primarily make hardware and most importantly don't produce software products that compete head-on with Microsoft's will also have a harder time profiting. Though it wouldn't be in MS's interest to destroy them, the folks in Redmond would be interested in taxing these companies based on a portion of their revenues for access to DRM technologies that they would need to sell new products. And MS would probably also wield enough muscle to force AMD and Intel to design future processors to run only future versions of Windows. If the Pentium 7 proved capable of running Linux, BeOS, or even Windows 2000, Microsoft could flush Intel down the drain faster than you can say "Enron."

      Intel and IBM have advocated that the market determine the fate of DRM schemes. This will allow American businesses and consumers to determine which ones get adopted and which ones fall away. It should not be the government's right to state that Americans have the choice of buying a PC with Palladium installed or not buying a PC at all. It especially is not the government's prerogative to grant a company what is effectively an unregulated monopoly to a major portion of the U.S. economy, as every software and computer hardware company would be under the foot of Microsoft in a post SSSCA world.

      We Americans like to boast about the fact that we reap the benefits of participating in a "capitalist" economy. Capitalism, in the ideal sense of the word, has never been practiced in history, just as communism has never been truly enacted in a country. If you define capitalism as the "Golden Rule" of "he who has the gold rules", then perhaps by vision of capitalism should really be called "laissez-faire socialism" or something. In my book, as soon as a movie studio buys the DMCA, or Microsoft buys the CBDTPA, or any other company purchases legislation that treats itself or its industry differently than the rest of the economy, it's proof that the U.S., like the rest of the world, is really a plutocracy. I think that the Microsoft situation is really just a symptom of a much larger illness of the American economy.

      The next several years will determine the fate of the American economy and as well as the U.S. role in world affairs for the next several generations. This claim covers a lot more than Microsoft. It covers the tendancy of the U.S. government allowing Big Business to take on a bigger and bigger role in dictating legislation and policy matters. It may be that the Enron and WorldCom fiascos, the mega-mergers of the 1990s, the artificial "oil crisis" that caused the price of gasoline to exceed $2.50/gallon in some parts of the U.S., and the tens of billions of dollars worth of tax breaks that major employers across the country have been able to extort from cities and states have pissed Americans to the point where they feel the pendulum has to start moving the other way. I really hope we've reached that point, because if we're not there now, things may never change. If we were to continue on the present course, I think in the next 30 years, we're going to see the game of capitalism end once and for all, and the handful of winners of that game forming an oligarchy that will control the U.S. and its sphere of influence for the forseeable future. We would get to the point where each major sector of the economy is subject to the stranglehold one company which carries enough power to destroy any challenger to its market share before it can gain a foothold. There would be one dominant software company (in this post I have discussed my fear that this would be Microsoft), one dominant electronics company, one dominant energy company, one dominant bank, one dominant food supplier. The U.S. was actually pretty close to this point shortly after 1900, with Standard Oil, Ma Bell, the bank trusts and the like, and it took a remarkable shift in government policy (antitrust laws, worker safety laws, etc.) to change the American economy into a more truly competitive game. The U.S. is nearing the high-water mark of industry consolidation reached at the beginning of the 20th century. The industry consolidation scenario has repeated itself; I really hope that the popular uprisings that occured as a result of that are about to repeat themselves too.

      Please tell me that the scenarios I've described are unrealistic. I really hope I'm being paranoid and that Microsoft will become merely a player and not The Player of the 2010's technology industry. IBM was stopped in the 1970's and 1980's in the courts (ironically enough it was never even convicted of antitrust violations), hopefully Microsoft will be next.
  • I actually mentioned something like this [slashdot.org] but I didn't think they'd actually be that sleazy for real!
  • alternatives (Score:2, Informative)

    by Cyno01 (573917)
    forget windows media player, its features suck, it it has next to no plugins, for music use winamp 2.x it has cooler visualisations anyway and for video nullsoft just released a new version of winamp3, winamp is the superior media player and its FREE, suck on that bill
  • I guess, the end result will be that one day, to keep your PC secure you'll have to give-up administrator rights.
    Your Windoze-PC, that is....

    Think of your colo-provider - once you've got the root-password, they also dismiss any liability for damages from your acts.

    I'm sure, the various critics of the antitrust trial of the DoJ and the states can name some reasons why this is good for the consumer....
    :-)

  • scope creep (Score:2, Interesting)

    by theCat (36907)
    People are going to say that this is such a bad thing. But really, it's just an extended interpretation of what was always in the license. Software companies have been telling us for decades that we don't own the software we buy, and we've let them. And it doesn't matter that to now they haven't done much with that stipulation (except make it hard/impossible to sell a used computer with software) but they could have at any time. So now, Microsoft is

    Back In The Olden Days, why, we just wrote our own software! Companies sold hardware and a compiler. That has slowly changed, and now we are staring down the barrel of the 'software subscription' gun. Meaning, you will have as much control over the nature and quality of your software (and hence your entire computing experience) as you have over the programming on broadcast TV. Which is, none at all. The masses are thrilled with that (they still watch TV, too) and M$ and all the others are selling to the masses and probably not a single reader of this post. So yeah it sucks when M$ takes control, as if they never had control, but if you have a problem with that you can join with a bunch of software rebels and create your own software, and license it the way you like. Yeah sure I'm not the first to come up with that idea, but before we lament what the software companies do because we let them, we can just go around them.

    After all, we do still own the hardware. For now.
  • (WANL == We are not lawyers)

    What I don't understand is why we haven't seen class action lawsuits brought against Micro$oft (and a few others) from the consumer end. If some smart lawyers out there want to make a buck this is the place to be (IMO). Examples:

    1. M$ changing EULA's during software updates. This is the ultimate, IMO. A company should not be able to change the EULA after the fact under any circumstances, and if they do you should be able to opt out and get your money back. I could easily imagine nefarious schemes to really screw consumers using these tactics.

    2. Gator (I know, not M$) installing software without the users knowledge. The media companies are suing Gator (as they should), but consumers should as well because 99.9% of them don't even know they are opt-ing in to anything.

    3. Security and liability. Somewhere down the line, security holes in M$ software started costing consumers and companies millions, perhaps billions. The developers of said software should bear some legal responsibility to make secure code. If they don't then there is no incentive for M$ to even fix the bugs in a timely manner.

    4. Monopolistic practices hurt the consumer. Software bundling and misleading statements are akin to practices made by the tobacco industry 20 years ago. By hurting the consumer, the consumer should have a legal right to recoup costs due to said illegal activities.

    I can't believe in a world where McD's pays millions for coffee spills, juries award millions for defective products and lawyers litter the streets like sharks that we cannot find a legal loop hole to win some of these cases....

    -Sean
  • I have used BSPLAYER [bsplayer.com] for the last several months before this knowledge.
    There are a ton of other softwares to run movies on the M$ operating system.

    Just look for them if BSplayer doesn't fit your needs.

    • by applef00 (574694)

      You can't "just say no."

      Even if you decide not to use WMP, it's still installed on your system (if you're using 98, 2000, XP); which means that you're still bound by the EULA (the one that was in place when you last installed your OS or updated WMP).

  • by Animats (122034) on Saturday June 29, 2002 @02:13PM (#3792481) Homepage
    Some things to expect that Microsoft might do, and would now be allowed to do.
    • Register all file types understood by Microsoft Media Player (.avi, .mp3, etc.) to Media Player and not let go. Prevent any assignment of those types to another player. This enforces the "requirement" that content be played through a "DRM compliant" player. (That's a likely plan; Microsoft software has been notorious for grabbing control of file types. So far, you've usually been able to make it let go.)
    • Compute a digital fingerprint of played content and check with a Microsoft server to see if it's pirated. This would make the RIAA and MPAA very happy. (Isn't this already being done for audio CDs, to get the title info?)
    • Check for "pirate" file sharing clients and turn them off. (Probably not for a while, but possible.)

    This is the stuff the RIAA has been asking Congress for, but Congress hasn't gone along with it. Now it's coming in through the back door.

    And notice that this system includes a back door, through which Microsoft can secretly install new software that takes away functions or spies on you.

  • DOH!!

    But they can't install DRM software without my knowledge, can they? Or does MediaPlayer now contain stealthware?

    "Hey Ick, you were just kidding about it exploding, right? ...Ick?"
  • Use Winamp. Or iTunes (Mac), which is better anyway.
  • What with their inane system restore function, and the worse SystemFileProtection crap, the windows media player is consider a system file ?!?! After minutes of cursing I found an article by a helpful hacker who advised killing the statemgr and poof no more Media player :)

    Some day it will be POOF and no more Windows :)
  • Any contract like this should be illegal and void.

    Its like making a contract, where in very fine print at the bottom it says, "You agree that you will become a slave."

    What's next, are they going to put in clauses saying that you agree that they may place virus' on your computer?
  • "FYI my patch is for Media Player 6.4 on Windows NT 4.0."

    I though MP was up to 7.1 now.

    Besides, this [microsoft.com] is much scarier.
  • This is really cool when you mix with legalization of attacks on p2p networks [slashdot.org]. This effectively, and legally, lets Microsoft prevent your computer from being a p2p node.

    I wonder if the EULA lets them use you as a node in a concerted attack on p2p networks that "break" DRM.

    Anybody have the full EULA?

  • But the security patch trashed a friend of Mine's computer. Internet Explorer 6 began crashing every 30 seconds until I told him how to use system restore to restore his computer to the point before he installed the patch. Now it's fine again....
  • "If you disagree with me, don't read. I don't mind!"

    If you don't like the software, don't download it. Bill Gates doesn't mind.

  • by jd142 (129673) on Saturday June 29, 2002 @03:37PM (#3792803) Homepage
    So we're updating machines at work to w2k by flashing an image on to the hard drive. Being the nice people we are, we've even backed up people's music for them. When we restored one woman's music, media player refused to run until it had been updated. So I updated it, checked that it ran the little demo it comes with and left. 10 minutes later I get a call that it won't play her music. Turns out that because the music had been ripped on what it thought was another machine, it refused to play it. Never mind that the hardware was exactly the same, except for the addition of 128 megs of ram. The hd had been formatted and a new os installed (essentially) so as far as media player was concerned, the files were now on a different pc and so it wouldn't play them.

    I tried to explain to her that Bill Gates thought she was stealing music. I'm not sure it took though; I think she secretly thought we weren't letting her play it. Yeah, we'll back up a gig of music on the tape, spend the time restoring them and then not let you play them. She eventually just said she'd bring the cd's in again.

    There may have been a way around all this, but for such an obvious non work related thing, wasn't going to do it. Didn't feel like installing winamp because she'd been so annoying and whiny about the whole thing.
  • by Arcturax (454188) on Saturday June 29, 2002 @03:54PM (#3792862)
    We can go through the courts but there is no guarantee you will win. In fact, if anything, you may do the opposite, set a precident that EULA's are legally binding.

    So instead, you will just have to stop using Microsoft software. People bitch and moan and gripe but at the end of the day they sit down and load up Windows.

    Well, if you really want an effective protest, you are going to have to change. There are some options and they are not as bad as they seem once you adjust!

    First off, there is Linux.
    Pros: Keep old hardware, plenty of free software available, WINE may let you play some Windows only games, large community of geeks who will likely help you for free if you get into trouble (a million places to go for "support"). EULA, if any, is not the work of the devil.
    Cons: Limited number of games, some only available through WINE, need to learn UNIX (big curve for some people), some hardware may not work right or at all, ease of use is not all there yet. No office but there are alternatives which are getting better by the month.

    There is also the Macintosh:
    Pros: Extremely easy to use, rock solid OS which matches or exceeds the windows experience when it comes to user interface, cd burning from the desktop and overall user experience. Plug and play far superior to Windows and Linux. Good and rapidly growing supply of games and other software. OS is based on open source software (NetBSD) and Linux/UNIX software can and is being ported over (you can even replace your UI with Gnome or KDE if you wish!). Microsoft office is available as well as the open source alternatives ported to Mac OS X. Large fanatic user base who will often help out other Mac users in distress for free.
    Cons: Not as many games/software choices as Windows, though this has improved imensely in the last 4 years. EULA may be the work of the devil, check Steve Job's receding hairline to see if horns are exposed. Mac OS X still a young OS and there will be bumps in the road. Last but not least, you will need a new computer and the hardware is a bit more expensive though this is made up for quality and an average usable lifetime of 4 years compared to 2 for a PC.

    So you may have to make some sacrifices and changes, but you can give M$ the finger and still have a usable computing solution in your home or office.
    • You say the cons for Linux and Macs are that they don't have many games. However, why not just buy gaming consoles for play. There are at least two non-Microsoft competitors in that market--Sony and Nintendo. Maybe some of you have reasons not to like them (they seem to be obsessed with copy protection too), but I think they are much better alternatives to MS. As an extra bonus, you don't have to mess with hardware configurations and stupid compatiblity problems, or wait for long boots...

      ...and yes there are games that are computer only, however it seems to me that recently all the good games are on console anyway, and the computer game section of stores are almost dead. I mean last time I looked, The Sims was the most exciting game there! Lame.

  • by elmegil (12001) on Saturday June 29, 2002 @04:06PM (#3792905) Homepage Journal
    So if you want your machine secure, you also want microsoft to have free reign on your PC.

    So obviously it's not possible to have your machine secure, because it won't be if you give MS free reign on your machine.

  • by KMSelf (361) <karsten@linuxmafia.com> on Saturday June 29, 2002 @04:12PM (#3792922) Homepage

    Patching a number of systems at the office (my desktop's Debian GNU/Linux, but others suffer...), I noticed that the EULA dialog (digression #2: HTF is someone supposed to be able to read the text in a dialog that shows ~8 lines x 20 columns?) didn't present the EULA by the time I'd clicked the "Accept" button. This several times. And though we're running some older systems, this included a set of newer 1 GHz+ boxen.

    What's the legal status of a contract which disappears "on approval" before it's been read?

  • by rakslice (90330) <rakslice&gmx,net> on Saturday June 29, 2002 @05:05PM (#3793107) Homepage Journal
    If this patch was distributed through Windows Update as a critical update, and thus was auto-installed on my machine through my XP Auto-Update configuration, then it's not like I've agreed to a new EULA, right? It was automatically installed; I was never given an opportunity to disagree to a new license.
  • by Angst Badger (8636) on Saturday June 29, 2002 @06:06PM (#3793304)
    Years ago, it was a common observation that increasingly draconian and intrusive licensing agreements would lead to widespread adoption of Free and Open Source software. It hasn't been quite that dramatic, but it has been happening, mostly in Europe and elsewhere outside of the United States. But give it time -- the new MS EULA is a direct threat to corporate security. Joe Average may miss this point, but you can be sure that corporate IT security folks will flash on it as soon as they realize that they just agreed to be rooted by MS.
  • Mission (Score:4, Insightful)

    by ruvreve (216004) on Saturday June 29, 2002 @06:12PM (#3793321) Journal
    A mission for the enraged /. reader, discover what server(s), domains, IP addresses access a windows PC to check for DRM compliance and disable software.

    Then publish this information on every website possible and allow everybody to update their firewalls blocking any sort of access to these places. And MAYBE send the information to Linksys so they can put a option in their "DSL/Cable Router" to block any sort of access to it.

    Linksys may be able to increase sales by advertising just this feature to the average consumer.
  • Ok, so what. (Score:3, Insightful)

    by WhiteKnight07 (521975) on Saturday June 29, 2002 @06:51PM (#3793413)
    Just find somebody who is less than 18 years old to install it. Since they are a minor and therefore unable to enter into a binding contract the EULA is void.
  • Missing the Point (Score:4, Insightful)

    by tlambert (566799) on Saturday June 29, 2002 @07:00PM (#3793447)


    All of you people talking about removing/subverting/ignoring/legally challenging/etc. the EULA are ignoring an important fact.

    It doesn't *matter* if you legally accept the terms of the EULA or not, since those terms merely spell out *how the software will operate anyway*.

    Say there is a magic "Get out of EULA Free" card that came with your Microsoft Monopoly game.

    Say you use it.

    That's not going to stop the software from disabling other software on your machine, interfering with its operation in a supposed attempt to ensure "Digital Rights" are observed, or installing other components into your OS automatically, without asking you for permission.

    The software *doesn't know from EULA*.

    In other words, you can debate the legality all you want, but that's not going to change how the code operates, once it has been installed on your machine.

    -- Terry
  • by Robber Baron (112304) on Saturday June 29, 2002 @08:28PM (#3793683) Homepage
    If you retreive the patch via windowsupdate [windowsupdate.com](only works with IE), the EULA doesn't say ANYTHING about DRM or crippling your ability to access secure content!

    What the hell? I thought the BSD article was a troll, but to be sure I checked out his links and sure enough, THAT version of the patch [microsoft.com] contains the paragraph about DRM etc...

    Well now we have two versions of the same EULA with conflicting conditions, both of which are posted in VERY public places! Now I'm no expert on contract law, but with two publicly posted conflicting versions, as far as I'm concerned, we can safely ignore both! Way to go Bill!
  • by Hyperhaplo (575219) on Sunday June 30, 2002 @02:11AM (#3794595)
    People:
    GDIVX [divxity.com] runs on XP etc and is better (in my opinion) than the Media Player. There are heaps of players out there.


    There is a nice program out there for Windows users called Tiny Personal Firewall [tinysoftware.com]. This wonderful little program is not just a firewall ... it has this WONDERFUL new addition: It tracks and protects your Windows (TM) from nasty software running.


    It has default restrictions available and it sets itself up for standard windows programs like Office, IE, etc.


    The cool part: When you install a new program TPF3 not only asks you if you want the program to execute, it also asks you what level of execution to grant. For example: Internet explorer (by default) can ONLY download into the c:\download directory.


    So... if I'm on a box with XP I install TPF3 and nothing gets by it. Is your Media player trying to contact the Internet? block it! Is your media player trying to install something? Block it! Easy as that. Give it a go.

    • it seems to me that this news is about the right this eula gives them to actually disable those programs because they do the kind of services you describe.
      Fishy, isn't it?
      Can you still talk about a free market if those kind of eulas are legal?

CCI Power 6/40: one board, a megabyte of cache, and an attitude...

Working...