Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Win2K SP3 EULA Legalities

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Win2K SP3 EULA Legalities

    I have seen mention by a few people in various threads that they are not going to implement Windows 2000 SP3 due to the wording of the EULA.

    I believe the same wording applies to Windows XP SP1 and the crux of the issue seems to be that by agreeing to the EULA you are agreeing that Microsoft can make updates to your system without your knowledge or consent.

    Most companies have extensive patch testing and implementation policies designed to protect business-critical systems from crashing. Obviously, having Microsoft update your system at their discretion goes against this and could make for a very unstable system.

    This also seems to violate certain requirements of laws like HIPAA and GLBA that require systems be secure.

    Here is my question though- does anyone know on what port or through what service Microsoft intends to perform these updates? If you have your systems locked down and you are protected by a perimeter firewall wouldn't you be able to block Microsoft from entering your network whether you agreed to the EULA or not?

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    After using AntiSPY on XP...

    The only traffic that I see trying to contact m$ is the windows update.
    Since I have disabled that service, I haven't seen any unrequested taffic since.

    I periodically fire up ethereal to see what is going on. All of the traffic I have seen is legitimate.

    I have win2ksp3 installed on a win2k pro workstation and I also have WinXPsp1 installed on a XPpro workstation.

  3. #3
    Senior Member
    Join Date
    Mar 2002
    Posts
    137
    phishphreek is absolutly correct, you should be able to stop it any unwanted traffic.

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    AntiSPY is a good way of tweaking a lot of WinXP's settings, and preventing unauthorised access to your server/PC by MS. You can disable services that you don't need (like Windows Update).

    However, if you have a decent firewall, you will be able to detect this anyway, and disable the unwonted traffic. Even if you don't get it quite right to start off with you should have traffic & packet logs from your firewall to see exactly what happened, which means you can then adjust your firewall to prevent unauthorised access by MS.

    And no, as I understand this, it does not violate the EULA - it's up to you which services you run, and which you choose to disable/block.

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    A good firewall should be able to take car e of the unwanted traffic for now which is what we are doing.... the issues is not what is Microsoft doing now (windows update that you can turn off) but what are they going to do in the next few versions of windows that has us worried. We don't know...but it would be trivial to create the system in such a way that if it didn't talk to MS consistently it would stop working (XP home) forcing you to keep the port open. We se the EUAL as the prep for this type of system they have already expressed an interest in turning windows into a web service. this would just be the first act.

  6. #6
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    yeah, sounds like it won't be too long before they start making ms office run from the internet only and make buisnesses subscribe to it monthly to keep it running, I'm about certain it's gonna happen.

  7. #7
    I think all of us can accept that the M$ or anyone software can have bugs and things like that, but i also think no one of us will permit them to make "..upgrades.." when they think we need it .....

    xDrack.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by XDrack
    I think all of us can accept that the M$ or anyone software can have bugs and things like that, but i also think no one of us will permit them to make "..upgrades.." when they think we need it .....

    xDrack.
    But thats the issue they can force upgrades on us the EULA that you agreed to says so, if you are in the US that EULA has the backing of the DCMA. But they don't need legal backing look at XP home or Office XP "connect to a MS server or the program wont work" it wouldn't be that hard to change the code into "stay connected to a MS server or the program wont work"

  9. #9
    Junior Member
    Join Date
    Feb 2003
    Posts
    16
    Originally posted here by UpperCell
    yeah, sounds like it won't be too long before they start making ms office run from the internet only and make buisnesses subscribe to it monthly to keep it running, I'm about certain it's gonna happen.
    We need ALTERNATIVES!

    Does anyone really believe that a web-based subscription model for apps like Office will actually work or has ANY benefit for anyone but M$? I will fight this in every way possible, including refusing to purchase the upgrade that forces me to run the application software off the Internet.

    M$ can only force us into it if there are no alternatives or if there are alternatives but we don't take advantage of them.

    Director

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    Originally posted here by bballad
    A good firewall should be able to take car e of the unwanted traffic for now which is what we are doing.... the issues is not what is Microsoft doing now (windows update that you can turn off) but what are they going to do in the next few versions of windows that has us worried. We don't know...but it would be trivial to create the system in such a way that if it didn't talk to MS consistently it would stop working (XP home) forcing you to keep the port open. We se the EUAL as the prep for this type of system they have already expressed an interest in turning windows into a web service. this would just be the first act.
    I think you are being a bit paranoid with regards XP home (or XP pro come to that), as the vast majority of users across the world do not have a permanent net connection
    There is no way MS could get that to work .... lets say they try and do it via IE - well what's wrong with Netscape, Opera etc ??

    Office is a different kettle of fish, as it is likely that new versions may require you to 'pay as you go', but if that happens maybe you should be looking elsewhere for your software?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •