Re: Over-reaction (@Rabbi)

You say nobody is cut-off from WU. That's nice, and Andy Enderby kindly points out an obvious reason why this has to be true. My point is simply that the MS chap made three specific claims to get MS off the hook, and one of those is that they had to foist this update on everyone without asking because WU itself couldn't "pull" it the next time the user gave explicit permission.

Unless I write my own (or grovel over the sources), I have to trust whoever wrote my OS. That trust is undermined if people make false statements when cornered.

ProCD vs Zeidenberg

First of all, EULAs are untested and likely invalid in the UK. UK has good protection from these after sale contracts.

In the US, the pro EULA lobby like to point to ProCD vs Zeidenberg, but they ignore the key points the judge makes.

So before anyone claims it, let me explain why I think that case is not applicable more widely.

ProCD isn't typical because Zeidenberg made a business around selling a website that resold ProCDs database. (People would use the website, which would query the software and return the information to them). He also bought several versions of the ProCD software as newer versions came out.

So he could reasonably be assumed to have read, understood and even pre-investigated the license, the appeal judge makes such an assumption, that he read and understood the license.

If you bought a piece of software, there are 2 possible sets of terms that apply. The normal 'merchantability/fit for purpose' terms that are assumed in a normal purchase, and the EULA terms which is what the vendors claims are the terms.

Zeidenberg did not use his software according to any terms a reasonable person would assume from the purchase. He built a web site reselling the use of the contents of the package, so this is a special case.

The main thrust of UCC stands, EULAs are not valid.

The judge also confirmed this "the American Law Institute and the National Conference of Commissioners on Uniform Laws have conceded the invalidity of shrink- wrap licenses under current law, see 908 F. Supp. at 655- 66"

He then goes on to make it clear that this decision is a norrow refinement to clear up an ambiguous case.

"To propose a change in a law's text is not necessarily to propose a change in the law's effect....New words may be designed to fortify the current rule with a more precise text that curtails uncertainty."

'Fortify' rather than reverse, 'uncertainty' means this was an ambiguous area, 'more precise', i.e. narrow.

not just me that thinks this is it?

But, if i disable automatic updates, my pc shouldn't even know there are any updates to get. Windows shouldn't be initiating a connection to Microsoft Update unless i explicitly tell it to.

firewall software

3rd party firewall software will do very little to stop MSWin from connecting to the internet if it is installed on top of MSWin. A hardware or OS Virtualization solution would need to be used to effectively keep the OS communication under control.

Yet more proof that many Linux users haven't a freaking clue about how computers work

If you're running a service that reaches out to a website and downloads an update, the update has not been "injected" into your system.

If you don't want Windows Update to update itself, turn it off.

The EULA...

Sorry guys, the EUA is valid until a court has decided that it is either invalid or illegal.

Lies? Or incompetence?

"Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications," the product manager, Nate Clinton, wrote. "That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades."

Bollocks.

In Linux, I can either run Synaptic, or go to the command prompt and enter:

apt-get update

to get the latest list of updates from the Internet repository. I can add or remove repositories at a whim, using a simple text editor.

So Microsoft is claiming either that they are too incompetent to write a simple script, or an ActiveX application, to update Windows Updater *on demand* byt the user, or they are simply lying to cover up the fact that they have committed *MILLIONS* of illegal computer accesses all ocer the wordl - probably orders of magnitude more such illegal accesses than all virus writers combined, ever, in the history of the PC.

My bet would be on the lying and illegal access.

Reverse the changes?

Has anyone tried restoring the older versions of the DLL's and retrying WU?

HIPAA problem

Seems to me that anyone with a HIPAA-compliant computer has a serious problem here, since the updates are being made outside of their control

Not Surprised

It is not the broken code, lazy programming practices, or the phenomenal number of exploits that everyone is getting excited about. It is the attitude of a BIG corporation flaunting its wealth and sneering at its end users for paying top dollar for a poorly written operating system.

It just happened that a point and click interface was just what a suitably numbed workforce needed. And since they were in a hurry to get it to market...

After they realized all of the holes in their code and the amount of work required to fix it...

Data mining and AV were born. Two more lucrative industries that bright-but-too-busy end users could subsidize.

The reason why linux and open source hasn't taken over is because people really do need to make a living. Maybe they could live with less, but who would do that willingly? And certainly not if they have a family to provide for.

Now, if the world, collectively, more or less, stopped and asked themselves: "Why are we making all of these widgets and who exactly is benefitting from them?"

The answer to that question might provide some progress as a civilization because if you weren't born in the back seat of a Rolls Royce then you will probably never own one.

Since M$ has clearly overstepped their legal rights, why not file a class action lawsuit? Count me in.

WU?

So is this how the worldwide deployment of Vista will begin?

Slowly slowly updating XP until you suddenly realise your on booting Vista haha!!

OMG.... get real...

Personally I think most of the comments are pathetic.

First of all, you don’t own Windows, you don’t own any of the files, you are LICENCED to use it. Nothing more nothing less….

Second the EULA that comes with SP2… you are given the option to accept the terms that they can modify or alter any of the files MICROSOFT own, the ones they let you use. If you don’t want to accept the terms, you don’t have to. But equally, Microsoft does not have to let you use the service pack if you don’t accept. The terms are not unreasonable, so they have nothing to do with the unfair contracts laws.

Third... If you have installed SP2 or WMP9 you already have agreed to let Microsoft alter or change any of the files they own. They have already notified you, you have already given permission. So they have broken no laws. Bitching about it later is no good.

The only leg you have to stand on is if its legal for them to attach additional terms, for updates to fix problems that were there when you bought the license for Windows. Although I think you still will not have a leg to stand on, as most fixes are to patch security holes. I can’t see how Microsoft can be held liable for some third party code which compromises your OS…

Title

I've just found this old thread, written a few few hours before Skynet goes online on Judgement Day.

It probably warrants further investigation, it may hold a pointer to one of the early causes of the rise of the machines.

Regards

Luitenant George, TechCom, 2020

Automatic Updates - a two-edged sword in any case.

On networked computers (with other means of applying updates) I tend to stop the updater service itself, and I imagine this would prevent any behind-the-scenes activity.

Automatic updates are in any case a two-edged sword; While they may patch vulnerabilities, they also 'condition' users into saying 'Yes' to any popups the computer produces. That in itself is a security problem, as update-prompts can be spoofed by malicious websites as a means of getting Trojans onto the computer. . If the user understands that the computer should NOT normally produce such popups, then security is greatly enhanced.

Another point, what would you say If you invited me into your house, and I promptly picked-up a phone I spotted lying-around, and dialled my friend in Beijing while you weren't looking? Would you conside that ethical, or dishonest? Yet, the same questions of ethics apply to any software which 'Phones Home' without permission. The 'call' might be free, but it might also be an Inmarsat link at seven pounds a megabyte. If the latter, then the software-writer is stealing.

Signing rights away

At least in the UK you cannot sign your rights away, and can void contracts (i remember this very clearly from my courses about contract law), so technically speaking you can agree with the EULA, then complain like a mofo about them intruding into your system.

Shame that most UK residents don't know this.