Re: Microsoft finally acknowledges the security drumbeats

From: Ken Ashe (
Date: 02/11/02

From: (Ken Ashe)
Date: 11 Feb 2002 02:54:19 GMT

In article <lkC98.36798$>, says...
>In article <tex98.18755$>, Roger Marquis
><> wrote:
>>It does, however, further illustrate microsoft's approach to security.
>>By granting themselves remote root-access to your system and
>>write-access to your hard drive, at any time and for any reason (that
>>they can remotely justify), they've created yet another fundamental
>>security vulnerability.
>It seems to me, from your quote, that this is language in a licence agreement,
>not a technical description of functioning program elements. Microsoft have
>previously claimed many rights and abilities in their licence agreements that
>are not enacted in the software.
>Since we're all familiar with attempts to produce automated updates being a
>security issue, perhaps you could simply wait until such time as the automated
>updates are a reality, rather than a lawyer's wet-dream, in order to sound the
>clarion call to arms?

        So you're of the opinion that we should wait for this to become a fait
accomplit than to object strenuously and early, thereby giving MS an
opportunity to point out that it's been policy for some time without objection?

        For another example of MS FUD-mongering (for once, not directed at
competitors) see
<> which
describes their policy of presenting different forms of EULAs for the same
product in different places and admitting, upon questioning, that "I agree that
we could certainly make that clearer, and I think we will. But there is nothing
in FrontPage or its EULA that limits free speech."

        Then consider the third-last paragraph which reads, "When Microsoft
included a term prohibiting disclosure of benchmarks without its permission in
the SQL Server license, it's pretty certain the intent was not to prevent
people from publishing benchmarks comparing Windows 2000 performance to Windows
NT. But that's exactly how it was used to block an independent lab from
releasing results of an OS comparison that used SQL Server as part of the test
bed (see The Gripe Line
<> ). If
SQL Server's license could be applied in that situation, the FrontPage EULA
could be used to limit free speech at least as easily."

        Based on the overreaching described in the above situations, I think
any grant of wait-until-we-see-how-it-plays-out is simply playing into MS's