Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
News

Financial Institutions Balk at MS Licensing 567

mmol_6453 writes "Now, not only are hospitals groaning under the combination of Microsoft and the HIPAA, but banks are having issues relating to federal privacy laws. Favorite line: 'Microsoft has told...that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.'"
This discussion has been archived. No new comments can be posted.

Financial Institutions Balk at MS Licensing

Comments Filter:
  • Trojan Horse? (Score:5, Insightful)

    by mdechene ( 607874 ) on Wednesday October 23, 2002 @01:21AM (#4510715)
    And in other news, Microsoft becomes the first fortune 500 company to trogan horse an operating system.
  • from the article.. (Score:5, Interesting)

    by \\ ( 118555 ) on Wednesday October 23, 2002 @01:22AM (#4510723) Homepage
    "That makes Warby nervous. "Microsoft is definitely not known for their internal security," he says, citing undocumented macros in some Microsoft programs, which can be accessed by those who know the right combination of keystrokes. "The idea of Microsoft coming into a server, creates a potentially huge security risk," he says."

    has anyone got any examples of this anywhere? i'd be curious to see some of these macros..
    • by 0x0d0a ( 568518 ) on Wednesday October 23, 2002 @01:32AM (#4510770) Journal
      Notice that everything he's directly quoted on in the article is straightforward...and then a completely bizarre indirect quote.

      Most likely he gave a bunch of examples of macro viruses or undocumented APIs and the reporter decided to "condense" things a bit.
      • by Dynedain ( 141758 ) <slashdot2&anthonymclin,com> on Wednesday October 23, 2002 @03:03AM (#4511033) Homepage
        Exactly.

        When a reporter was writing an article on my company, we were asked what software packages we use (we mentioned both 3D Studio and Maya).

        When we go the first draft of the article passed by us, the reporter had written that we used Maya on a certain major project for a whole slew of reasons, when in reality, we had been working exclusively in 3DStudio for that project.

        What we had said was that Maya and 3DStudio were both good programs for all those reasons. We never mentioned what package we were using on that project but the writer had 'condensed' the quotes, to the point where it was false.

        Its like condensing this quote from the Bible: "Thou shalt not kill." to this: "Thou shalt ... kill."
        • by Zeinfeld ( 263942 ) on Wednesday October 23, 2002 @08:04AM (#4511818) Homepage
          What we had said was that Maya and 3DStudio were both good programs for all those reasons. We never mentioned what package we were using on that project but the writer had 'condensed' the quotes, to the point where it was false.

          It is not only the journalist. I was recently asked how long it would take to get a specification agreed as a standard. Since the group had not met I gave a range of 6 months to 2 years but said I expected it to be done within a year. The headline writer wrote 'xxx to take 2 years'.

          I don't quite see the point of the story beyond the obligatory pandering to the slashdot editors predjudices. The guy only restated the anti-Microsoft sentiment on this issue that had already been reported on slashdot. This is not really a new story, it is simply a journalist recycling slashblather as a news story.

          Extrapolation from legal wording to company policy is a ludicrous exercise. It should be fairly obvious that the Windows update facility modifies the machine and thus requires the permission of the user. The 'auto-update' without intervention requires ongoing permission.

          It is not difficult to block windows update using network security measures. Just block access to the update site, same way you would block access to Yahoo or AOL instant messanger - which are also contrary to HIPPA and Financial regulations.

          The claim that Microsoft intends to require the ability to modify the machine in the future is pure speculation and contrary to any business logic for Microsoft.

          • Zeinfeld [slashdot.org] wrote: [slashdot.org]
            I don't quite see the point of the story beyond the obligatory pandering to the slashdot editors predjudices.
            I'm glad to see /. follow up on this on going issue. I work in a Fortune 500 company that has gone almost exclusivley Microsoft. When I bring up issues about vendor lock-in or Microsoft adding additional terms to their end user license agreement (EULA) for service packs, the problem is generally swept under the rug. I've been told by the higher ups that "we've had meetings with Microsoft representatives, and they said the EULA is just being misinterpretted. Besides, Microsoft would get a lot of egg on their face if it was discovered that they are accessing customers' computers in an unauthorized manner."

            It is funny how my company has not gotten this in writing, though. I also find it funny how Microsoft doesn't put out a press release or change the terms in the EULA to make it more clear. It is obvious a lot of companies are finding this hard to swallow, yet Microsoft does nothing to explain itself.

            So, hearing of other companies' experiences in this area helps me know what to expect for my company, and hopefully will provide enough evidence that my higher ups will do something about it.

    • Easter Eggs? (Score:3, Interesting)

      by MyHair ( 589485 )
      has anyone got any examples of this anywhere? i'd be curious to see some of these macros..

      Perhaps he's referring to many of Microsoft's easter eggs in the OS and apps.

      Isn't there a web browsing easter egg in some program? Don't recall if that was MS or not.
    • by djupedal ( 584558 ) on Wednesday October 23, 2002 @01:57AM (#4510872)
      ...have you taken the time to study Excel & Word macros, lately? Break out a VB editor and crack open any of the stock templates that ship with Office....Project, ACCESS, etc. Look in the macros for strings that contain:
      • pwd...container...host....logon...restart...data source
      ....you get the idea.

      If you are looking for specific troublemaking 'poison-pill' macros, I'm sorry, I don't have those handy, but if you want, I can send you a Word document you can fill out to request them :)
  • by Zakabog ( 603757 ) <john@NoSPam.jmaug.com> on Wednesday October 23, 2002 @01:24AM (#4510733)
    Microsoft does provide users with a high level of control over the auto update feature. Windows XP ships with the feature turned off, for example, so users must choose to activate it. And Microsoft notifies users of any updates, requiring them to agree to install them.

    Microsoft: This is our highest level of control on anything we've ever included in windows! You can turn it on AND off!!!! AND you have to agree to install the updates, come on how can you hate us now, we give you so much control!
    • Hell, Windows Update is one of the few things that should probably be ON by default!
  • Hrmm (Score:5, Interesting)

    by acehole ( 174372 ) on Wednesday October 23, 2002 @01:26AM (#4510744) Homepage
    And what about if I decide to live in a area where I dont have Internet Access?

    They going to send in the MS strike team to check I've got a legal version of windows?
  • bizzare. (Score:5, Insightful)

    by Find love Online ( 619756 ) on Wednesday October 23, 2002 @01:27AM (#4510747) Homepage
    I really can't imagine anyone being willing to simply give up their privacy rights like that, In fact, I find it rather hard to believe that Microsoft's click-through agreement would be enforceable. Which is to say, I doubt MS could force you to turn over your files if you fire walled them or something. And while it is possible that this is just a 'cover your ass' type of thing (I.E don't sue us for inadvertently seeing what version of windows you're running, for example, sun's java license allows them to download code to your machine to run. But, after all that's the whole point of java, isn't it...) I don't think MS would really put it in there if they didn't intend to use it somehow.

    I think most people are just clicking through without thinking about it, or assuming it won't ever matter.

    There is a simple solution, though, to the 'illegal not to install, illegal to install' problem. Just stop running windows :P

    If a lot of people go with this option, Microsoft could be hurt. It's really a confusing play on their part, like their more interested in power then money.
    • Re:bizzare. (Score:5, Insightful)

      by SaraSmith ( 602197 ) on Wednesday October 23, 2002 @01:39AM (#4510801)
      YOU wouldn't no, you know better. All this crap is accepted by the incredible ammount of computer illiterate masses who don't know any better. You can tell them anything, just throw a couple buzzwords in, and they won't have a clue. They greatly outnumber us, and they're very ignorant about these things.
    • Re:bizzare. (Score:5, Insightful)

      by Anonymous Coward on Wednesday October 23, 2002 @01:47AM (#4510825)
      I firewalled Microsoft when this issue first broke. The boss simply said whatever.....
      If I ever get something to replace the desktop I am set. He doesn't care what is doing the job as long as it gets done. I suspect as I stated then that this is be fantastic to every one else. Microsoft is shooting themselves in the foot in their weakest market (servers) and giving many non-technical people pause with there licensing.
      Say whatever you want about Microsoft having the right to put anything they want on the EULA. The more they hurt themselves the happier I am. Just like when the "software police" were going through town last year. Who are you ??? No I don't have site licenses for Microsoft and don't use it......ok.....buh bye...click.
      Honestly if you include all this kind of garbage in the Total Cost of Ownership heh...

      !!!!GO MICE!!!
    • Re:bizzare. (Score:5, Insightful)

      by Chris Johnson ( 580 ) on Wednesday October 23, 2002 @06:25AM (#4511451) Homepage Journal
      Ever read 'Reflections on Trusting Trust'? Think back on what you said- you're gonna use Microsoft's operating system to run firewall software to block Microsoft connecting to your machine. Do we see a conceptual problem here? The cleverness of hackers cuts both ways. Sure, hackers can get through any sort of copyprotection and encryption, such as the X-Box thing. By the same token, Microsoft can get access to your box anytime it wants, if it really wants to. They control the underlying operating system, for crying out loud- supposing APIs used by firewalls return 'special' results if it's a Microsoft connection being made? Read 'Reflections on Trusting Trust', and reflect.
  • by darkov ( 261309 ) on Wednesday October 23, 2002 @01:28AM (#4510750)
    I dunno what they're going to do with 62 gigabytes of pr0n, though.
  • Trust (Score:5, Insightful)

    by DoctorFrog ( 556179 ) on Wednesday October 23, 2002 @01:30AM (#4510760)
    Trusting the bank != trusting Microsoft. A bank that takes customer privacy seriously and switches away from using Microsoft products has a better chance of getting my business. Pity my account is so small... :(
  • This blows. (Score:4, Interesting)

    by rmadmin ( 532701 ) <rmalek@@@homecode...org> on Wednesday October 23, 2002 @01:33AM (#4510774) Homepage
    that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.

    Ok, this sucks to start with. Why the hell does MS need access to banking systems? Besides to rape accounts that belong to companies that cheat licensing. (sorry, conspiracy theory again) The other thing here the TOTALLY bugs me is that this effects me! I've put alot of effort into removing MS products from my life. But, if banks are running MS, and they have access to those systems, then my efforts seem to be useless. "I'm sure Microsoft wouldn't do anything bad with that kind of power". PFFT.

    Here comes another conspiracy theory:
    MSFT: Hrm, rmAdmin has $0.34 in his checking account, must be having money problems, lets see, we'll sell his contact info to every 'debt consolidation' service on earth.
    Ring ring
    rmAdmin: Hello?
    StupidTelemarketter: Hello Mr AIDmen...
    rmAdmin: ACK!! DIE DIE DIE
    click

    Ok, maybe not that bad, but who knows...
  • Some corrections (Score:4, Informative)

    by Ryu2 ( 89645 ) on Wednesday October 23, 2002 @01:36AM (#4510789) Homepage Journal
    The article says about SP1: Solely for the purpose of preventing unlicensed use of the applicable OS Software, the OS Components will include installation on your computer of technological measures that are designed to prevent unlicensed use, and Microsoft may use this technology to confirm that you have a licensed copy of the OS Software.

    This is done through a product key that is sent to Microsoft over the Internet. That means Microsoft must send an authorization back to your system, says Warby, requiring it to have access to your system.


    While I'm no Microsoft licensing fan, I would like to dispel some FUD presented here. The product activation has always been a part of XP, and your system sends the product key number to MS, and not MS going to your system first. After it's activated, MS is not contacted, unless your hardware changes significantly, or you use Windows Update (which does not enforce product key restructions, although the product key is being sent). But in any case, MS never initiates contact with any system.

    For SP1 upgrade, the authorization merely checks to see if your product key is one of two that have been widely pirated. It doesn't contact any server at all for this step.
    • by Anonymous Coward
      I think the problem here is the wide discrepancy between what the licensing agreement allows and what Microsoft says they actually do. I'd be scared shitless too if I were some yokel credit union administrator and I didn't have any way of verifying what Microsoft (and you) says they do to my system.
    • by rseuhs ( 322520 ) on Wednesday October 23, 2002 @05:44AM (#4511346)
      You quietly assume that

      • Microsoft actually does what they say they do. Last time I checked Microsoft didn't give any guarantees of what they do, just a bunch of webpages. (And even IF they would issue some kind of guarantee or agreement. They have broken such things in the past often enough)
      • Microsoft installed the new EULA just for kicks and will never ever use the power to access YOUR system.

      If lying to yourself makes you comfortable, well just keep lying to yourself.

    • by pmz ( 462998 )
      But in any case, MS never initiates contact with any system.

      A Microsoft operating system initiating contact with the Microsoft home base is Microsoft initiating contact with the system. They are just automating the process from the client side of things. Going either way without the end user's explicit consent (click-through/shrink-wrap EULA isn't sufficient) is simply wrong.
  • by SexyKellyOsbourne ( 606860 ) on Wednesday October 23, 2002 @01:38AM (#4510794) Journal
    Solely to prevent piracy?

    What a joke -- Microsoft could never stop piracy, as the devilsown copy of XP was out months before the release, and service pack 1 for it, fully cracked, was out in an integrated ISO weeks before the release of SP1.

    Microsoft doesn't have a chance at stopping piracy, and it's just another lame excuse for Microsoft to follow the logical course of big business and try to control everything.

    If Microsoft turns a deaf ear to angry consumers on the issue of collecting data, the federal government has every right to nail them to the wall for it, especially if it interferes with our health and banking privacy.
    • by marauder404 ( 553310 ) <marauder404 @ y a h o o.com> on Wednesday October 23, 2002 @02:41AM (#4510983)
      Piracy hasn't been eliminated, but it's way down. No longer can the office secretary pass the copy of XP that she got with her computer around the office. She has to go find a warez group on IRC or on Usenet, download the ISO, and then burn it to disc, which are skills beyond the average Windows user. Microsoft's activation policy solved what it set out to do: prevent casual piracy.
    • by Analysis Paralysis ( 175834 ) on Wednesday October 23, 2002 @05:21AM (#4511311)
      By requiring a key to activate XP, Microsoft has the ability to force an OS upgrade simply by no longer issuing them. Therefore if (say) Windows YP is released and sells abysmally, MS can announce the withdrawal of keys for XP, forcing users to get YP should they need to reactivate. Instant sales boost, instant share price surge.
      • by weave ( 48069 ) on Wednesday October 23, 2002 @07:21AM (#4511631) Journal
        This is a damn interesting point. Will there be a point in time when Microsoft will cease to issue re-activation keys for XP? Will it be the same date as when they stop supporting it? Does your software have a ticking time bomb inside it waiting to go off?

        You know, we *just* deactivated a computer lab running Windows 3.1 connected to a Novell 3.11 server that was running some special client software that required those OSes. It ran just fine and did its job. Windows 3.1 has been unsupported for ages now. I can imagine the hell we'd have gone through if the decision to upgrade was forced upon us earlier. We also still have numerous Windows 95 clients out there, and a boatload of NT.

        So saying XP will be supported for years and years is hardly a comforting fact.

  • Hard to fathom (Score:5, Insightful)

    by SgtChaireBourne ( 457691 ) on Wednesday October 23, 2002 @01:39AM (#4510799) Homepage
    I can see reasons for and against (mostly against) running Win2000 on workstations. But given the licensing and security problems to date with WinXP and various service packs, I still find it hard to believe that anyone requiring privacy of data or security would consider istaying with MS-Windows even for the workstations. There are neither technical reasons nor financial reasons to use it on any of the infrastructure, at least none that stand scrutiny.

    Arguments against using Macintosh or Linux usually center on retraining issues. However, heavy retraining occurred when migrating between Win3.11, WinNT, Win2000, and - for the chumps - WinXP. So if you have to retrain anyway, then why not go with something easier to both use and maintain like Macintosh OS X or Mandrake/Redhat?

    When you consider the bizarre nature of the service pack EULAs, the migration to Macintosh or Linux should be the obvious choice to anyone that can read English.

    • Re:Hard to fathom (Score:5, Insightful)

      by Dynedain ( 141758 ) <slashdot2&anthonymclin,com> on Wednesday October 23, 2002 @01:49AM (#4510831) Homepage
      its not retraining....

      its software, software, software

      Find a *nix based CAD package that compares to AutoCAD. In terms of 3D, Maya is as usable as 3D Studio, but costs twice as much. And Gimp has absolutely nothing on Photoshop (I use both). Music Editing/Sound Engineering? forget it. Tax and Accounting packages (QuickBooks, TurboTax, etc.) - not there.

      Although the training is a big issue (hint, its training end users in new software thats expensive, not the OS training), the big concern is software availability. What good does having the option of 30 different email clients if you cant do the major task that your company pays you to do.
      • Re:Hard to fathom (Score:3, Insightful)

        by CharlieG ( 34950 )
        More specific, and even more important than things like autocad - How about 10 years woth of investment in custom developed inhouse software? I've been in places where there are LOTS of business critical apps that have 10-15 man years of development EACH. Now figure a fully loaded man year of development is well over $250,000 and your looking at apps that cost 2.5mil and UP - EACH. Plus the fact that if you said "we need to switch", it's still going to take 2+ years to develop each replacement for the new platform

        I figure there is 30mil+ worth of development that the small group I'm in is responsible for, and a port to a new desktop will take 3 years for the 10 of us - 30 man years - 7.5 million bucks, and no new software for 3 years. And that's just our group!
      • Re:Hard to fathom (Score:3, Insightful)

        by pmz ( 462998 )
        Find a *nix based CAD package that compares to AutoCAD.

        There are many UNIX-based CAD packages, most of which bury AutoCAD in capability. Their prices are coming down to; e.g., Pro/E's basic package is under 6 or 7 thousand dollars for full-blown feature-based 3D modeling. Also, Pro/E will be available for Linux soon.

        And Gimp has absolutely nothing on Photoshop

        Photoshop is available for UNIX (at least when I last used it on Solaris).

        Music Editing/Sound Engineering? forget it. Tax and Accounting packages (QuickBooks, TurboTax, etc.) - not there.

        Soon, but not today. GNUCash is very good for personal accounting, and spreadsheets like Gnumeric are also very useful. There just aren't the drool-covered packages like Quicken available for Linux. For UNIX, however, I'm sure some research would turn up good options.

        You spout the current most popular argument against Linux, and that is fine. However, please understand that things are changing. Microsoft is declining slowly (this is a fact--it is a cultural phenomenon), and, probably in five years or so, the applications argument will be bunk.
    • Re:Hard to fathom (Score:5, Informative)

      by PhreakinPenguin ( 454482 ) on Wednesday October 23, 2002 @01:50AM (#4510837) Homepage Journal
      Don't take offense to this, but your comment sounds like someone who doesn't know alot about businesses that require specific apps to stay in business.

      Our office does a ton of work for medical centers and family practices that use software to manage their patient flow and medical records. These programs will ONLY run on Windows using SQL. Sure, there are 2 or 3 out there that run off SCO but the quality of program is inferior to the Windows versions.

      NextGen, Alteer, Practice Partner, and Medical Manager our all Windows only apps. These 4 are the the most widely used systems in family practice offices around our area. They don't run on a *nix platform, and they never will.

      It's not a case of having to replace workstations, hell that's the easy part. It's a case of the software only running on a specific platform and the server requires it.

  • by Dynedain ( 141758 ) <slashdot2&anthonymclin,com> on Wednesday October 23, 2002 @01:42AM (#4510811) Homepage
    has told...that it plans eventually to eliminate users' ability to disable Microsoft's access to their systems.'

    Of course, if you are willing to pay just a little more, Microsoft will sell you security [slashdot.org]. Coincidence? I think not.
  • by Polo ( 30659 ) on Wednesday October 23, 2002 @01:50AM (#4510835) Homepage
    Heck, EVERYONE Balks at MS Licensing.

    How many people have passed on XP because of the licensing crap? I'll bet a LOT of people have.

    I have, and it has nothing to do with piracy.
  • by astrashe ( 7452 ) on Wednesday October 23, 2002 @01:52AM (#4510847) Journal
    I think that MS is going to back off on a lot of this stuff, probably even Palladium in its most extreme form.

    Their strategy at the highest level seems to be two pronged. On one hand they want to gather up all of the power and control of the monopolist, and on the other hand, they try to respond to customers as if they had to compete.

    I know that a lot of people are skeptical about the last part of that, but I believe it. They backed off of the passport nightmare to a large extent.

    There are lots of smaller things they've backed off on as well -- their first incarnation of their anti-piracy measures would have made it impossible for corporate users to roll out systems using software like ghost, but they backed down on that, and that concession has had a real effect on the ease with which one can pirate their software.

    The banks have a real problem, and MS is going to have to address it or lose the business. I think they're going to address it.

    The big conceptual problem, I think, is to consider MS to be a monolith. There are people who are pushing for this stuff, and there are others who are talking to the customers who are screaming bloody murder.

    In the end, they will have to listen to their customers.
    • by Verteiron ( 224042 ) on Wednesday October 23, 2002 @05:36AM (#4511333) Homepage
      This is how you make horrible things happen: propose something truly nasty, and let users and techies make a huge fuss about it. Then back down from the worst practice due to "customer input" and simply go forward without the top 5% of the bad stuff. Now MS has implemented 95% of their bad stuff, but techies and consumers don't mind because they've now Made a Difference.

      Lather, rinse, repeat...
  • breaking the law (Score:5, Informative)

    by agurkan ( 523320 ) on Wednesday October 23, 2002 @01:57AM (#4510871) Homepage

    himm... there is something I can't understand here. a contract is void by default if it violates a law, so doesn't this invalidate the appropiate part of the EULA, if the purchaser makes it clear that the software will be used in an environment where privacy is mandated by the law?

    i wonder if some sort of equal oppurtunity law would mandate microsoft to provide the software and updates with a licence and a method suitable for banks, hospitals etc.

    • Re:breaking the law (Score:4, Interesting)

      by ctr2sprt ( 574731 ) on Wednesday October 23, 2002 @02:27AM (#4510938)
      I'm no lawyer, but my understanding is that you're right: if a contract is illegal, it's voided. But remember that with all software (even free as in speech software), if you don't accept the license you can't use the software. So if a bank bought 20,000 licenses for Windows XP and it later turned out the bank cannot legally abide by the terms of those licenses, the bank would have to destroy all 20,000 copies (and MS would have to refund them their money).

      This would obviously be a horrible disaster for MS, because not only would they not make any money but it'd also make the news. ("We're sorry, but we can't process your transaction today, as we had to erase Windows XP from all our computers thanks to a supplementary EULA from Microsoft. Please call back in two to three weeks when we have completed our rollout of Windows 3.1.")

    • Re:breaking the law (Score:3, Interesting)

      by guybarr ( 447727 )

      a contract is void by default if it violates a law

      IANAL, this is more complicated. The problem here is that there are two (possibly) mutually exclusive constraints on the client , so that he may be screwed in any case: if he complies with the law his user agreement his void and microsoft can refuse giving support, or worse, sue.
      Of course if the client violates the law he is vulnerable to suits from the government or, much worse, his own clients or third parties damaged by possible exploits.

      so this seems like a real concern. If I were a bank's lawyer (which again, IANAL) I'd be scared shitless, I'd recomend just to forget about it all.
    • Re:breaking the law (Score:4, Interesting)

      by rseuhs ( 322520 ) on Wednesday October 23, 2002 @06:05AM (#4511387)
      So?

      So the EULA is invalid. Will Windows care? Will Windows behave any different because of that? Can you feel secure because of that?

      I don't think so.

      It's amazing how many things Windows users are willing to do.

  • by krazyninja ( 447747 ) on Wednesday October 23, 2002 @01:58AM (#4510874)
    We are all missing the point. The point is, where is Warby, and others like him going to go? The moment he takes his eyes off Microsoft, there is *no* other singly unified system, that can provide both ease of use, and integration. He has to worry about retraining his staff. That is why most admins think that "a known devil is better". Unless other backend server vendors like Novell/oracle come up with a better, unified proposition, it is going to be a tough sell.

    • give me a break (Score:5, Interesting)

      by djupedal ( 584558 ) on Wednesday October 23, 2002 @02:48AM (#4510999)
      Why am I having a hard time believing that business as we know it will come to a complete halt if MS isn't allowed in the door?

      Commerce in one form or another, from bartering coconuts to brokering used RAM, will find a way to continue, regardless if the transaction is on limestone, paper or bubble-ether crystals. Unified...disparate...co-mingled...far-stepped or translucid....who cares. The point is supply and demand, not demand by MS.
    • by Corrado ( 64013 ) <rnhurt@gma[ ]com ['il.' in gap]> on Wednesday October 23, 2002 @03:46AM (#4511131) Homepage Journal
      I think Apple should step up and fill the gap. They have very capable machines and could support almost any business. Besides the power of the machines, the user experience is like no other. I love Linux, but I wouldnt give up my Mac for every day use.

      They even have servers [apple.com]. With no license fees!!!

      It's kinda funny; when we accuired a well known pizza chain they were using Macs. We "converted" them from those hethen machines. Now, it looks like they might have been right going with the Macintosh. At least from a legal/licensing point-of-view.
      • by IamTheRealMike ( 537420 ) on Wednesday October 23, 2002 @07:53AM (#4511763)
        Hmmm, perhaps, but Apple sell hardware primarily, and there's nothing wrong with the hardware most business has - the issue is with software.

        A medium sized company can easily have 5000 desktops. The average price of a Mac is I'd guess about £1000, so that's a cool £5,000,000 (about $7,500,000) just to replace hardware that already worked? You might as well pay the fees to Microsoft, that's almost certainly cheaper. And don't forget that most businesses have at least 1 or 2 custom apps.

        The obvious solution is Linux - with a decent set of administators Linux is within a year of being just great on the corporate desktop. The final usability problems are being hammered at a truly astonishing rate, and with tricks like CrossOver Office Server you can pay for 1 copy of Office (I guess it'd work with other programs too) but have it serve hundreds of desktops. Wine is so critical in these areas, for custom business apps, and the Mac has no equivalent, probably won't for some time, if ever.

  • This is a non-issue! (Score:5, Interesting)

    by arb ( 452787 ) <amosba@[ ]il.com ['gma' in gap]> on Wednesday October 23, 2002 @02:09AM (#4510895) Homepage
    I don't use Windows Update, but my understanding is that the "let Microsoft dig through your system" stuff is only if you do use Windows Update. If this is correct, then there is no problem - don't use it!

    Surely someone managing machines in a business critical environment would have the nous to turn off the auto-update? Don't use it. Install patches and hot-fixes manually after fully testing them to make sure they don't kill your system. Do not rely on Microsoft (or any third party vendor for that matter) to automatically update your servers without you knowing exactly what is going on!

    The XP-related stuff though, is a bit of a worry. Then again, the solution is pretty straight-forward - DON'T USE XP. If you need Windows, use Windows 2000. If Microsoft bring the same checks in to 2000 via future service packs, then configure your firewall properly and stop it happening.
    • Re:This is an issue! (Score:3, Informative)

      by Lucretian ( 136335 )
      Sadly though, this is also in windows2000 sp3. So, you'd have to move back to NT 4.0 to be completely safe.

      While you may be correct in their intentions, the EULA doesn't specifically state this. Going by just the wording of the EULA, they can do whatever they want, if you have auto-update enabled or not. This is where the problem is. If they specified a clause that would state something to the effect of "unless the user turns off auto-update" or have this EULA addendum pop up when they user enables auto-update with a yes/no box, it would be much, much better. This wording of the EULA in current form of not mentioning any change based on auto-updates being enabled is what is keeping SP3 off of our rdesktop Terminal Server.

      Another interesting note is that the EULA for SP3 with the bad text is only there when you install the update, the original Win2k eula.txt is still left unchanged on your hard drive. Makes it kind of confusing, if you ever want to review what you actually agreed to at a later date.
    • Did Micorsoft issue a guarantee not to dig through your system when you turn off Windows Update?

      Actually the new EULA gives them the right, regardless of some config setting.

  • My mom. (Score:5, Interesting)

    by miffo.swe ( 547642 ) <daniel...hedblom@@@gmail...com> on Wednesday October 23, 2002 @02:22AM (#4510923) Homepage Journal
    My mom phones me weekly yapping about some new virus that has slipped into her computer. She is 50+ and i think she is doing a nice job learning her WinXP. What she is frustrated with is the fact that she has a firewall, a antivirus program and she updates often even if she is on a modem. Still she have gotten successful attacks into her machine and even viruses has slipped past her antivirus system. She is getting real paranoid and feels that its not fun anymore when you have to be a fully fledged sysadmin to surf and write mails. She is going for linux and i will try to install it as safe as possible for her. No services open and a default drop on incoming connections should keep her safe for a while. That is what i would call proactive security.

    Security must be proactive and not reactive. MS is simplifying reactive security instead of focusing on proactive security. The old vuln ??? patch treadmill is stupid. I think some dists should stop making their default installs wide open aswell. Close all ports and code a nice simple app that makes it easy to open the ones you need to be open.
    • by FreeUser ( 11483 ) on Wednesday October 23, 2002 @07:21AM (#4511630)
      My mom phones me weekly yapping about some new virus that has slipped into her computer.

      My mom has been running Debian for almost two years, and aside from a few calls early on of the "how do I do X under Linux" type, I haven't had to field any calls at all (none within the last year. None). Indeed, I havent had to fix her computer once since I installed it nearly two years ago.

      Not once.

      Now that Applix has grown a little staid, I'm probably going to upgrade her to Gentoo 1.4 when it is released, with Open Office.

      She works with Microsoft every day at work, and has been agitating her employer to let her use GNU/Linux instead. My mom, who, like yours, is 50+.

      However, even if her employer doesn't let her switch, she has no trouble importing and exporting to Microsoft Word and Excel formats using her GNU/Linux box ... in fact she loves the fact that it is quick and stable, unlike the much more expensive machine she uses at work, which is down for software repairs quite frequently.

      Most especially, she likes not having to worry about the latest Klez worm or misc. virus, something that is steadilly stressing out all her friends.

      My mother, who is computer competent but certainly not computer savvy, has become a stronger propoent of Linux and free software than I have. All the Microsoft-funded astroturfers keep harping about how the consumers wants this or that slick or shiny feature, when in truth all of the computer illiterate and computer competent (but not necessarilly savvy) people I've exposed to GNU/Linux haven't ever wanted to go back. Why?

      Because in truth people don't care all that much about shiny feature X or slick feature Y, they care far more about stability, predictability, and the ability to simply get their work done. And that is where GNU/Linux truly excells ... unlike Windows, it does not change its behavior for no apparent reason, nor does it break mysteriously simply because you've added a new piece of software.

      What is interesting is how few people realize they have a viable choice, and once they do realize it, how many (of the people I know, at least, of various walks of life) end up dumping Windows like a bad habit.
  • "Of equal concern, says Warby, is that by agreeing to the Windows 2000 SP3 licensing terms, the credit union is potentially granting access not just to Microsoft, but to its "designated agents" The Microsoft license offers no assurances about who those companies might be, says Warby. "What if the designated agent is some small company overseas," he says, "in a country with a lax legal system?""

    that's right, what happens when M$ decides to go kazaa all over your system. there's nothing you can do about it. face it, its just your hardware, the OS (i use the term lightly for windoze) belongs to them, 100%. You're just borrowing it. That's not good enough to pass muster for private information. If M$ wasn't so large, a bill to make them post surety bond for every financial house would be an ideal restraint for the mighty beast

    oh well, chances of legislation unsupportive of m$ are about as likely as me giving birth.

  • Think bigger... (Score:5, Interesting)

    by djupedal ( 584558 ) on Wednesday October 23, 2002 @02:32AM (#4510960)
    MS wants to be a bank, remember? How better to throttle back competition than by tossing a smoke bomb or two into their home office...

    "While other banking institutions are suffering from network slowdowns and corrupted databases, MS First Union can provide you with reliable access to your funds around the clock. Bank with MSFU....we keep an eye on your money!"
  • by RestiffBard ( 110729 ) on Wednesday October 23, 2002 @02:54AM (#4511012) Homepage
    oh.. another eula thing... snooze...
  • M$ America (Score:3, Insightful)

    by Ektanoor ( 9949 ) on Wednesday October 23, 2002 @02:56AM (#4511019) Journal
    There was Corporate America. And people enjoyed to remark this. And there was a company that claimed that Linux, Open Source, GPL and Co. were a treat to Capitalism... And there was a lot of FUD, among some people, that all this was the same thing as Communism, if not worst. And they raised Corporate America in a crusade against the Spectrum. And they said: buy only true corporate software. And Corporate America felt that it would be easier to deal with a corporation, rather than risking its health and wealth with something that sounded like some old enemies calls.

    Now Corporate America is eating the fruits of its short vision and its lack of support to venture capitalists, small developers and a little more freedom for people. Soon, we may see that Corporate America is no more. Welcome to M$ America.
  • One thing to note (Score:5, Interesting)

    by Mr_Silver ( 213637 ) on Wednesday October 23, 2002 @03:53AM (#4511145)
    Time and time again, people, organisations and institutions have complained about Microsofts tactics, stability, security and licencing issues.

    Yet, so far, the reports of them actually doing something about it and moving away from MS are very thin on the ground.

    It would appear that however much MS wishes to shoot itself in the foot, or deny users specific rights, people are still unwilling to move to a different OS.

    The fact Linux is free didn't compell them, the fact Linux doesn't "phone home" didn't compell them, the fact Linux is easier to maintain within an organisation didn't compell them, the fact Linux doesn't come with arcane restrictions on what you can and can't do with your PC didn't compell them, the fact Linux doesn't suffer so many virus attacks didn't compell them, the fact Linux is more secure and robust didn't compell them and the fact that Linux applications can read and write Word documents didn't compell them to move.

    So the question is, what on earth will compell them to drop Windows on the desktop? Because it's sure as hell not any of the issues we've seen so far.

    (and here i'm talking about the masses, not the odd special case)

    • by Asprin ( 545477 ) <gsarnoldNO@SPAMyahoo.com> on Wednesday October 23, 2002 @08:57AM (#4512169) Homepage Journal

      So the question is, what on earth will compell them to drop Windows on the desktop? Because it's sure as hell not any of the issues we've seen so far.

      When I can buy LeasePlus, Smart.alx and Great Plains Dynamics as ELF binaries.

      Seriously, the reason small-medium businesses buy MS servers and workstations in the first place is because they need to run that one application that runs their business, and it only runs on MS because the vendor doesn't have the resources to devote to multiple platforms. For us, it's a combination of the apps I mentioned (and a couple of other minor ones).

      There are hundreds (if not thousands) of small software companies that write, manage and maintain ONE niche-software app to run the businesses in their specific industry. They use MS tools and platforms because they are easy, cheap*** and ubiquitous. There is some competition, but it is limited by huge barriers to entry -- mostly, up-front capital and specific in-depth industry experience (for example: in order to write effective lease management and accounting software, you first have to know the leasing industry inside and out.)

      Oh, and did I mention that we hate the software we're using, but so does everyone else. We're stuck with it because the only alternatives are either prohibitively expensive to switch or crummier or both. We're too small to pay someone develop custom software in-house, and our industry is too small to generate enough free-developer interest for a non-propretary/open-source solution to be practical.

      There is only one way Linux is going to **REPLACE** the MS servers in our storage/mopcloset/utility/telco room: Our vendors need to start developing for Linux, or at least on an open platform like LAMP or WAMP that allows us to pick one or the other.

      Why do you think monkeyboy gets so jacked up about DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! ?

      Until then, Linux is going to have to run our web site and our email and be happy with that. There aren't enough open-source developers in equipment leasing.



      *** "cheap" in a relative sense. Consider that we're going to send the equivalent of a small automobile to each of our two or three software vendors every year for the priviledge of being able to call them when their shitty, crappy, slow and bug-infested software takes a dump after an update all the while frustrated that we can't get working features we were promised three years ago when we bought the software for the price of a good-sized house.

      But, you know what? Our business couldn't function without it.

  • New Coke (Score:4, Insightful)

    by tlambert ( 566799 ) on Wednesday October 23, 2002 @03:56AM (#4511151)
    New Coke.

    New Coke was a means of converting the bottling plants over from powdered supplies (sugar) to liquid supplies (high fructose corn syrup).

    The way it worked was to make something that tasted sufficiently bad, compared to the original, that when they "switched back" to the old formula (actually, the old formula, minus sugar, plus corn syrup), they were sufficiently close to the old formula that people didn't complain about the switch (they just got fat off the new stuff).

    The best way to get something small and distasteful past someone is to try for something very large and distasteful, and when people complain, back off to the small distasteful thing you wanted in the first place.

    To get unimpeded weapons inspections, ask for a "regime change" and an OK to invade. To switch over to cheaper, easier indistrial process supplies, like corn syrup instead of sugar, change everything, and then change "almost all the way back".

    If you don't think Microsoft knows about this technique, you are fooling yourself. You should be much more worried about the consequences of whatever they pick as their "backed down" position.

    -- Terry
    • Re:New Coke (Score:4, Informative)

      by dvdeug ( 5033 ) <dvdeug AT email DOT ro> on Wednesday October 23, 2002 @05:46AM (#4511349)
      The way it worked was to make something that tasted sufficiently bad, compared to the original, that when they "switched back" to the old formula (actually, the old formula, minus sugar, plus corn syrup), they were sufficiently close to the old formula that people didn't complain about the switch .

      Of course, the minor problem with this theory is that Coke was all corn syrup before the switch.

      http://www.snopes.com/cokelore/newcoke.asp
    • Re:New Coke (Score:4, Informative)

      by darien ( 180561 ) <{darien} {at} {gmail.com}> on Wednesday October 23, 2002 @06:05AM (#4511388)
      Not arguing with your conclusions, but just on a point of information: corn syrup replaced cane sugar in 1980-1. New Coke wasn't conceived until late 1984. (Source: Mark Pendergrast, For God, Country and Coca Cola, London: Orion 1993, pp. 331; 349.)
  • by PhilHibbs ( 4537 ) <snarks@gmail.com> on Wednesday October 23, 2002 @04:28AM (#4511217) Journal
    then hand back what the courts tell you to.
  • by g4dget ( 579145 ) on Wednesday October 23, 2002 @04:47AM (#4511252)
    One of my machines is running Windows XP, and it is calling home to various Microsoft machines, frequently. Part of it is probably auto-updating, but there are apparently other things it does as well. And many major Windows programs check their own home server whether there is an update, and many of them don't take "No" for an answer.

    Corporate security officers really should be concerned about this. From a security and privacy point of view, Windows XP is already out of control, and it looks like it's getting worse. Even if all those connections were harmless, it's hard to even identify a real trojan horse with all that junk going on.

    Software updates and contacts to other services are much more sensible under Linux: nothing happens unless you explicitly enable it, you have the option of updating via media or mirrors, and all software updates can happen through a single server.

  • I work at major bank (Score:5, Informative)

    by crovira ( 10242 ) on Wednesday October 23, 2002 @06:27AM (#4511457) Homepage
    and Linux is knocking at the door of the MIS. That would mean rooms full of servers and thousands of NT desktops.

    Tellers and staff run custom apps, don't have multi-media or ever web browsers on their machines and definitely aren't playing with their machines so M$ latest geegaws are of absolutely no interest.

    A usage study has shown that only a small percentage of the features of the Office Suite are actually used and a great deal of the features that M$ wants to reverse engineer into their products (in direct violation of the DMCA they pushed for, which will come back and bite them some day) are already available in other products from vendors with better market focus.

    In the second-rate, also-ran, pursuit of Apple's flash and style, M$ has lost focus of their customers, the same boring old desktops that didn't want a computer with a funny name back in 1980.
  • by ebcdic ( 39948 ) on Wednesday October 23, 2002 @06:34AM (#4511476)
    An obvious solution - suggested in other comments - is to configure your firewall to prevent your computer from connecting to Microsoft. But Microsoft have a plan for that: UPnP. Universal Plug'n'Play is a protocol supported by an increasing number of "broadband routers" that allows applications to punch holes in your firewall by installing NAT rules. This is attractive for things like chat and video conferencing programs, but it will also allow Microsoft to override any rules you have to prevent unauthorized connections.

    Though UPnP works by sending SOAP messages to a small web-server in the router (also used for user configuration), on my router (Alcatel ST510 v4) it bypasses the password protection that you can set for user access to the web server.
    • Hence the reason Microsoft is now selling broadband hardware? To ensure that a percentage of their installed userbase won't ever be able to cut them off, even with evil-linux-savvy-friends who come over and try.

      Fear the day some joker installs an M$-router in something important (like an ISP, or as a gateway to a bank).
  • Foot bullet (Score:4, Interesting)

    by Casualposter ( 572489 ) on Wednesday October 23, 2002 @07:45AM (#4511724) Journal
    Microsoft is shooting themselves in the foot.

    The climate that created microsoft was one of ignorance about computers among the various business managers. The cry was "Nobody ever got fired for buying IBM." Microsoft built on IBM's reputation.

    Going to the much more technically knowledgable business people today and opening them up to vast leagal liabilities for using MS software is going to force these businesses to do something drastic. That something drastic is to find another OS.

    Legal liability in this lawsuit crazy era is something that CEO's and management understands because they pay a lot of money to their lawyers to make them understand. And if Jack Lawyer says if you buy MS you could go to jail or be sued out of business for violating the law; Joe CEO is gonna tell the boys and girls to FIND ANOTHER SOLUTION.

    The lack of security and MS's complete evasion of responsiblity for the functioning of the updates (or even the OS) is less of a worry, but there are many who look at the security of the data that runs the business who are not going to allow Automatic updates from MS or some unknown "Agent." Businessess have lawyers to help them protect their IP and if that IP is going out the gates of the Automatic Update, then guess what is going to happen.

    Most business types are risk averse and a little bit of FUD will get MS out of the important areas. (Sure we can use MS, but then we'll have to let them look at our data. Nope, they don't sign secrecy agreements to protect our data from this process. Oh yeah, we have to let any "agent" that they hire into our computers as well.)

    Hospitals and the medical field goes first, then banks.

    If there was ever a clear, concise, demonstration that MS is still acting like an unrepentant monopoly, then this is it. No serious business in a competitive market would require its current customers to chose between violating Federal Laws and Regulations or violating a software liscence. The fact that this choice is being forced upon those customers to PROTECT Microsoft's interest in preventing piracy of its software is a crystal clear indication of Microsoft's nature.

    Microsoft NEEDS to be busted into a billion little companies. But, I guess that they'll have to do that to themselves.

    No, I don't hate Microsoft, I happen to like Office. I just don't like the monopoly: bad service, poor quality, and god only knows how many lost manhours arguing with windows.

    Creatively spelled words are copyrighted (2002) May be used without persimmons.
  • by sheldon ( 2322 ) on Wednesday October 23, 2002 @09:15AM (#4512301)
    Just seems rather odd, doesn't it?

    All these articles from journalists complaining about Windows EULA, and quoting people at hospitals, financial institutions and so forth and asking them if they are afraid. But not once do they ever actually quote a lawyer who can interpret the real legal language.

    I work for a Fortune 30 company, we're moving to XP. We're also a financial institution. Our lawyers looked over the licensing and saw nothing to be concerned with.

    I've spoken to other people in this industry who are in the same situation.

    It almost seems like the media is trying to promote FUD concerning Windows. Of course we all know that /. would never do something that hypocritical, right? I mean promoting FUD about Windows to further some weird Linux agenda.
  • Hrm?!? (Score:3, Insightful)

    by Cervantes ( 612861 ) on Wednesday October 23, 2002 @11:18AM (#4513436) Journal
    Microsoft is definitely not known for their internal security," he says, citing undocumented macros in some Microsoft programs, which can be accessed by those who know the right combination of keystrokes.

    So, let me get this straight. Easter eggs are now security threats? Whats next, a law to protect us from the evils of hidden credits or secret photos of the programmers?

"I am, therefore I am." -- Akira

Working...