Read the Fine Print

nihilist_1137 writes: "This story is about how MS changed its EULA and you just gave them control of your computer. In the section on Windows XP Professional, 'Internet-Based Services Components' paragraph says in part, 'You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer.'"

Maybe the users want it

[shaunak]

"may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer."

If you would consider the average user for a moment. He does not give a damn about most issues you would start campaigns for. All she/he cares for is whether he can watch movies, listen to music and basically create word documents. So would he not like automatic fixes of bugs? From his point of view, it would be convenient.
It's about time you took note of the average userbase Microsoft are aiming for with XP.

Once again, Slashdotters want to have it both ways

[mblase]

We've been complaining on this site for months, if not years, about Microsoft's security. They have a bug? We want a patch right away. We complain about downloading patches? Microsoft makes the system able to download and install them itself. All the user has to do is set up auto-install of new updates.

But that's not good enough, because too many users/sysadmins are too stupid to turn this on or check it regularly. So we complain that Microsoft isn't doing enough -- that they need to make the OS download security upgrades automatically, whether or not the stupid user asks for it or not. This, we argued, is the only way Microsoft can stay ahead of security holes and make sure we take them up on the patches.

So Microsoft does this. But because doing so requires the user to agree to let Microsoft access and update their system, they have to add it to the EULA.

And then Slashdot complains that MS is taking too much control.

The mind boggles.

Re:Two Perspectives

[JanneM]

Two is that people are stupid if they don't read those agreements.
Now that's something else. I wouldn't call myself stupid. I have actually read the Windows 98 EULA, but all the software that's downloaded and tried through the years' EULAs, I don't bother to read. I mean, how many people actually read EULAs?

If they don't, they are getting what's coming to them. Anytime someone enters a legal agreement it is their duty to make sure they know what their agreement actually is. Would you take a loan, buy insurance, rent an apartment or buy a book from Amazon without knowing the terms of the deal?

This is even worse, though, as it is about the volume licensing for companies. Sure, I can understand that someone buying a game for their kids don't bother with the EULA (consumers do have a layer of legal protection against onerous agreements), but this is about companies not even bothering to find out the terms of use for software that's expensive and critical for their operation. That is stupid.

/Janne

Lack Of Knowledge The Key

[Self Bias Resistor]

Possibly, but I think you're missing the point here. Read this [slashdot.org] post to see what I mean. The point is that the average user doesn't know and/or care about these things. As long as he/she can play music, games, get his/her spam from Hotmail ;-) and write Word documents he/she couldn't care less because either they don't understand how this would work or consider it important. Hence, if your audience is ignorant of these things, you can get away with a hell of a lot under the impression that "it's for your convenience/benefit" because most people don't have the time or knowledge to question these actions. We (the technically literate) need to educate the rest of the community ourselves and not leave it up to Microsoft to utilise user ignorance to get away with such things.

Re:Pretty reasonable

[egreB]

You're damn right. This is Microsoft's software, not yours.
Agreed. Whatever they do or do not do to (wow) there software is their buisness.
If you don't like it, then don't install it.
*duut!* Not agreed. How many computers do you see in sales WITHOUT Windows? How many users would know what an OS is? Are the users given a choice? Nope - they have to stick with Windows. That's what's bothering me. And it all ends up in MS' marketing strategy - "if you sell ALL of your computers with Windows, we'll give you a BIG rebate!" Not many computer-sales-companies says no to that.

We have of course our beloved Macintosh, but that's a different story..

strawman

[coltrane99]

(1) I have not seen any credible posts demanding that auto-download and install of patches be on by default on Windows systems. There have been buggy patches before for Windows, could be again.
(2) Slashdot isn't a unitary entity. If you make the mistake of expecting every J. Random Poster's comment taken together to represent a coherent position on anything, you will be disappointed.

Re:Once again, Slashdotters want to have it both w

[belroth]

And what about the patches that cause bigger problems than they fix? I don't download most new patches immediately (unless it's a major bugfix), I wait until the dust settles.
MS have been known to release service packs that do just this.

Same legal team

[cluge]

Straight from the article : MS says "...is not intended to force upgrades on customers."

This is the same team that told the DOJ that MS isn't a monopoly and if they were they wouldn't do anythign illegal. Yeah I believe them, don't you?

Joy

[The Pi-Guy]

Just wait until their servers get hax0red...

A patch that is supposed to fix an Outlook virus becomes a virus? Methinks I'm gonna turn off autoupdate and tell it to warn me first...

--pi

A Bridge too far?

[mikethegeek]

" Several readers were also worried that Microsoft's broad assertion of its right to access their computers would force their companies into noncompliance with government security guidelines and various privacy laws. This concern was exacerbated by additional PUR language in the same Windows XP section. In terms of "Security Updates," users grant Microsoft the right to download updates to Microsoft's DRM (Digital Rights Management) technology to protect the intellectual property rights of "Secured Content" providers. It says Microsoft may "download onto your computer such security updates that a secure content owner has requested that MS, Microsoft Corporation, or their subsidiaries distribute." In other words, it would seem Microsoft's idea of a security update is one that protects the property rights of vendors, not the security of customers' systems."

What Microsoft is preparing us for is the next step: No root access to a machine.

This is scary ass stuff. Note that MS's EULA gives them the right to change these license terms on a whim. Your license with MS is one sided, MS can change anything they like, and you have no rights other than those MS chooses to grant you.

Running a business on such a system to me would see m an unwarranted risk, especially given MS's pathetic record when it comes to security related bugs and holes.

What MS is saying is that they have "root" access to your machine and can read anything or install anything at will.

This is clearly over the line. NO OTHER industry in the USA can sell a product and attatch the kinds of "strings" to it's use, while disclaiming any and all liability for defects as the software industry.

MS and other proprietary software vendors have had it totally their way for too damn long. We need some sort of law limiting what can be in a EULA, restoring the "first sale" doctrine, and at the very least, a right to "opt out" of new license changes made AFTER the sale.

The best solution is to use Linux or other OSS software. Sooner or later, Microsoft and their goons will go a step too far, and the business world will realize the danger of allowing such meglomaniacs THAT kind of control over their information system arteries.

If this little nugget isn't it, WHAT will be?

This can be done without the EULA.

[Crixus]

I think the most important issue here is that MS can have its OS's download and perform upgrades WITHOUT having to have this kind of language in the EULA.

All it would need to do is have an automatic wizard pop up ever week (or month) or so and ask your PERMISSION to check for and download the latest updates. The Wizard can even provide a lengthy explanation of what it's about to do for those who want more information.

That is all that's required for REAL updates.

This language in the EULA sounds like it might be giving them EXTRA permission to do other things. Checking version numbers of WHAT software? As someone else pointed out, will this include OfficeXP? Is it checking for pirated warez?

So despite all of the people up here screaming that ONCE AGAIN the /. crowd will do anything to bash MS, there is something to be concerned about here.

Rich...

MS didn't think anyone would notice ANYTHING

[jpellino]

My original point stands - you can't just walk all over what people need and think that can simply go on endlessly... MS spent years engineering a system that took away options - and they got their head handed to them, and the recent revelations show that plain old people DO care. MS is possibly getting off only for political reasons - but they seem to be going back to their old arrogant ways. MS is the irish potato of the computer world - monoculture on which not only does their well being depend, but so does the wellbeing of 90% of computer users. The crop goes bad and lots of users / businesses go dark. They may just creep up on enough small indecencies so that someone calls them on it. MS has an achilles heel somewhere - and the people who depend upon them better hope no-one finds it. This is not original - Nick Negroponte has laid this out in detail with several real possibilities. Someone needs to dope slap the folks who Ok these little things.

Re:Hmmm

[sqlrob]

Any company large enough to require a volume license will almost certainly have some manner of firewall.

Ever hear of port 80? Web services?

MS doesn't need a big hole. SOAP would do fine.

EULA != legal contract

[Anonymous Coward]

I don't know what the laws in your country are, but here in EU, EULAs can be totally ignored. I don't actually sign them, and clicking a button (or whatever the program asks me to do) doesn't count as a valid contract.

They could ask for my soul in the EULA, I really don't care, so why bother reading beyond first line?

Re:Maybe the users want it

[mikethegeek]

" The other big issue is the DRM software Microsoft, or its partners/subsidiaries, will install. Even with prompting, if you don't upgrade, then you have no access to a content provider's new media. All in all, this sounds like a giant headache for everyone that isn't Microsoft."

The only winning move is not to play. Media that requires or uses "DRM" should be vociferously boycotted and allowed to rot unsold on the shelves just like what was done to Divx.

If DRM enabled media sells, we will be stcuk with it. The DMCA makes it easy for IP cartel jackboots to squash those who try to undo DRM, and the SSSCA will make it equally illegal to essentially make a system that give true "root" access to the system owner.

Microsoft's most desired flaw

[Mozai]

Microsoft's most desired flaw is that they do exactly what they're asked to do. The complaint around here is that what they're asked to do isn't the right thing to do -- which you can distill to "users are stupid."

I'm a sysadmin at a small company -- 60 employees, few million dollars is revenue. A reoccuring problem I have is employees who open file attachments from strangers. I've written policy; I've had meetings and presentations. Hell, the CEO said to me once "good thing I use a Macintosh because I double-clicked on that gone.scr attatchment, eh?"

Updating virus protection, and applying patches on every desktop machine is a must. After a particularily scary security announcement about IExplorer.exe, I got the patch off of Microsoft, posted it to our local file server and sent out a letter to the entire staff [insert something here about office politics and loosing face for scaring people] saying "install this patch immediately." Little did I realize that the patch was broken and replaced later the same day on the website with a functioning one. So, I expected everyone would come to me and say "I tried but it did _this_ instead."

Two people came to me to complain. Two people of 59, when I said it was important to install this patch. Of the two people, one of them is a suit who hates using email (kudos to him for reading it).

Some sysadmin, as frustrated as I am, must have asked for this 'MS will upload patches to you whether you ask for it or not' feature. Hell, I've had suits whine to me about "can't you just update my virus software for me, automatically?" and I think to myself "I guess I should, since when I say 'DO THIS, it's very important,' you ignore me."

Uproar is not over the current mechanics...

[Karl Cocknozzle]

...But over the wording of a license agreement that allows MS to do anything they want to your computer.

Is this such a bad thing? OK so you have to trust Microsoft here but how else can Windowsupdate work?

Windowsupdate scans your computer for required updates and, depending on your settings, it downloads the appropriate updates and presents a notification on the taskbar that they need to be installed. One click and the updates are installed.

There's no justification for needing legal authority to install anything, as the system functions today. To "need" this level of authority, Microsoft would have to argue that THEY, not you, are in fact installing the software in question. In my opinion, (not a lawyer) that's crazy.

In order for the software to be installed, you (a person of sound mind and body) have to take the active step of saying "Yes." You're doing it. It's one-click installation, but you made the choice.

Unless future versions of Windows Update will automatically install things? I don't know whether to laugh or cry.

Got Code Red Part 44 after the Code Red Part 43 patch auto-installed? "Sorry, you agreed we could install anything we want, including buggy, poorly-tested code."

After all, Microsoft would never release a patch that opened up new holes in the feature it was supposed to fix. (Or in other random products.) Anyone claiming contrary will be burned as a witch.

FUD and idioticy

[SilentChris]

I can't believe this drivel even made it onto Slashdot. This paragraph (and the paragraphs around it, which the article is clearly not referencing for shock value) talk about a feature that has to be *turned on* to be used. In fact, the OS asks you early on if you even want to enable Automatic Updating, and IT administrators (like myself) can easily turn it off on a whole host of machines simply by using Group Policy: remove the option to automatically update.

This is a tech "shock" article, designed to get zealots in an uproar, and it should not even be bothered to be read.

They can download, but they can't execute.

[Tetravus]

Throughout the rest of the licensing agreement Microsoft is careful to differentiate between simply having information on a computer and actually executing that code.

This agreement doesn't say that MS can execute the new code that they force onto your workstation. So, if they did automatically execute it, they'd be stealing computing resources from your company.

hehe
~Tetravus

Trust?

[90XDoubleSide]

We can debate all day about whether the ability to get John Q. Public's computer security patched so it stops DDoSing your web server outweighs the value of having full control over your machine, but honestly, if you don't trust a company enough to have confidence in simple software updates, should you really be running their stuff in the first place?

Re:Correction

[Anonymous Coward]

Enough with the blanket statements. Just because Christians are fighting in N. Ireland, doesn't mean that's what Christianity is about.

OT religion (was Re:Correction)

[Anonymous Coward]

>>Enough with the blanket statements. Just because Christians are fighting in N. Ireland, doesn't mean that's what Christianity is about.

Enought with the blanket statements. Just because Muslims are fighting in Afghanistan, doesn't mean that's what Islam is about.

(yeah, yeah, I'm an atheist)

Re:Maybe the users want it: Yeah, Right

[Radrik]

"I'm sure the users want a system that by default only gives them 85% of the bandwidth because it reserves the rest for talking to Microsoft's servers (this is an XP out of the box default)."

This was a lie propagated by people who are too lazy to hit F1 and find out more information about the checkbox that they were un-checking. But, I guess once we've found something to badger MS about, it doesn't really matter whether it's true or not. After all, this is SlashDot, not some sort of forum for open thought.

-Mark

Good.

[base3]

This is just what open source software needs. I never thought I'd see the day that I'd be rooting for "eye-tee professionals" (aka Network Nazis) that say they need to "carefully test" any change to workstation software configuration, but the corporate masters are the ones that are either going to make this die, or start giving free software critical mass.

Way to go, Microsoft! Hope you get enough income from your digital "rights" management partnerships to offset the loss of sales and goodwill you're about to experience.

Smoke'n Logic, Batman!

[Erris]

Yeah, I guess it would take a half hour to click the radio button that says "Disable all automatic updates" the first time you run XP.

Radio Button says, "Disable", but License says "Screw you all day long!" I wonder which one will really hold force? I also wonder just how good this fine program will be at turning off the kill feature of XP so that your computer will continue working after you disable this "feature." Forget it, the slavery is made manifest and the number one condition of any oppresive EULA is the company saying that they can terminate your license and destroy your work at will. This is really that clause put into action.

Yes, it really is the best windows ever. I don't like it and I don't use it. I have one surviving windows 98 box that I've tried to make blind to the network. It never really worked that well, but I expect the EULA that came with it to reamain in force that way. XP, "Hunh, have you ever been eXPerienced?!" Not me.

Re:This is in the PRO version...

[tburkhol]

They're aiming for PROs, eh? Should be a lttile more enlightended than your base XP user, right?

Every time a new worm exploits some vulnerability in an MS product, we see (right here on /.) calls for competence in MSCEs. At least if the OS magically patches itself, there would be fewer boxes vulnerable to known holes.

Re:Maybe the users want it

[Anonymous Coward]

Then why not just present the user with the license agreement when the user opts to use the automatic upgrade feature? This seems much more reasonable than forcing the user to grant MS rights for a feature the user dosen't want or never intends to use.

Re:not really

[fossa]

With software under the gpl, bsd, etc., I don't have to read the license or agree to it to use the software. Once I legally obtain a copy, I am free to do as I wish as long as I do now violate copyright law. Only when I wish to do something which is not allowed by law (e.g. redistributing) must I follow the license (gpl, bsd, etc.).

This is very different from an MS style EULA which attempts to limit what I can do with my copy of the software over and above existing laws.

You are correct that it is easier to deal with software that is mostly under common licenses, but do not make the mistake that the free software licenses are anything like standard commercial EULA's.

Re:If cars had this kind of EULA...

[base3]

Except Microsoft wants to do this when you buy (that's right, buy, not "license") windows. Of course, MSs wet dream is to have you have to pay for Windows like a lease. They get as close as they can by "obsoleting" versions and encouraging vendors to do the same. Didn't work with XP, thankfully.

Re:Two Perspectives

[AntiNorm]

Anytime someone enters a legal agreement it is their duty to make sure they know what their agreement actually is.

But are EULAs really legal agreements?

No laws are clear on it, and it hasn't been tested in court yet. But the widespread suspicion is that a court would rule that an EULA is NOT a legal agreement.

Re:Maybe the users want it

[BlackGriffen]

Read that again. "Automatically" is the problem. In order to do it right, it should automatically check (giving the user the option to shut down checking, of course), notify the user, and only upgrade if the user clicks on "Ok." Basically, I read this as M$ getting sick of users not getting the latest security patches (which they shouldn't have needed in the first place), so they want the option of forcing the user to upgrade. God I'm glad my computer is 100% MS free.

BlackGriffen

Re:Maybe the users want it

[egreB]

If so, in my opinion, there is nothing to argue about. Sorry - my first post implied that Windows XP actually updated itself without asking. But if your statement is right (and I beleive it is), there is no problem! Hey, it's Microsofts software. It is actually a good feature. A lot of programs has such features, as noted. Good. I still won't use XP, but that's another issue.

It seems like, maybe, as implied by many other posters, /.ers bash every Microsoft bug, even if it's a feature (-8 I'm in love with Linux, and use it almost exclusivly, as everybody else, but it had been great if people analyzed the problems with open source software instead of Microsofts all the time. That way, we could be even better!

Ahaha.

[Scoria]

Yet another biased article published by Slashdot. Windows Update is an integral component of Windows XP; it's evident that this is the feature Microsoft refers to in the EULA. By default, it searches for updates to Windows at an interval.

If Slashdot were indeed an unbiased source for information, they'd have mentioned that this feature can indeed be disabled.

Re:FUD and idioticy

[dhogaza]

The point you're missing is that while it is optional now, the wording in the license makes it possible for MS to make it non-optional in the future.

And you are already bound by that agreement to let them do so if they decide to do so (if you're buying in bulk under that license).

The article is about the *license*, not about existing versions of the operating system.

Will they ever take advantage of this change in license? No one knows, least of all you.

red hat network does the same thing...

[Anonymous Coward]

Red Hat Network does exactly the same thing that the Microsoft EULA describes (automatically examines the version of Red Hat and RPMs on your system, and can auto download available updates)
Of course, the slashdot story fails to discuss this, making it look like Microsoft is the only company in the world with auto updating software.

I'm a Linux user, but have been disappointed of late with Slashdot's tendency to fail to research and present more than one side of a story. It's this aspect of Slashdot that is ruining it's credibility.

Re:Two Perspectives

[Anonymous Coward]

> Two is that people are stupid if they don't read those agreements. They are so used to clicking next that anyone who has agreed to this deserves to give thier info to M$

You must have missed the part where that language changed over time. Reading it once is not enough - you have to periodically go back and reread it, compare with the old copy (..and you did keep a copy of the old text around, didn't you?...), and see if you agree with the changes.

And if you don't, then what? You've already paid for and installed the product. A little late to be deciding you don't like the (changed) license.

Re:Kwitcherwhinin!

[base3]

I guarantee you that my 900-user law firm will not be upgrading

Wow. Bill's going to miss that 0.00000000000000000000000001 percent of annual sales.

Really, I agree with your sentiment, but it's better not to throw around numbers unless you have some big ones.

~~~

Re:Ahaha.

[Roy Ward]

Firstly, I don't see Slashdot claiming to be an unbiased source of information, or anyone seriously suggesting that it is.

Secondly, the issue is about the license, not the way that Microsoft currently chooses to implement it. If what they meant was "You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer. You may choose for this part of the license not to apply to you by disabling Windows Update", then they should have _said_ so in the license.

As it stands, Microsoft could technically at any time put out a "service pack that" doesn't allow Windows Update to be disabled any more.

If they don't intend to enforce a clause, it should not be in the licence.

Re:Ahaha.

[Anarchofascist]

Moderators, feel free to mod me down as redundant, but please also mark this comment's parent as redundant also?

"If Slashdot were indeed an unbiased source for information, they'd have mentioned that this feature can indeed be disabled."

As many people have already pointed out, this is a problem with the License, not the Software. You have unwittingly signed (at least until, gods willing, shrinkwrap licenses are ruled unenforceable) an agreement that Microsoft can change your computer to prevent you from doing things that you used to be able to do. The fact that you can turn off this feature does not detract from the fact that you have agreed to let them do this.

If the EULA had some legalese such as "...unless you select the 'disable' radiobutton," you would be totally correct. Since it does not, you are the weakest link. Goodbye.