Re: BEWARE: New EULA lets MS ADMIN YOUR Systems!
From: Jerry Bryant [MS] (jbryant@online.microsoft.com)
Date: 07/03/02
- Next message: jen: "cache"
- Previous message: Michael Howard [MS]: "Re: CryptoAPI and Unicode"
- In reply to: Brett Goodman: "BEWARE: New EULA lets MS ADMIN YOUR Systems!"
- Next in thread: Arnt Karlsen: "Re: BEWARE: New EULA lets MS ADMIN YOUR Systems!"
- Reply: Arnt Karlsen: "Re: BEWARE: New EULA lets MS ADMIN YOUR Systems!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jerry Bryant [MS]" <jbryant@online.microsoft.com> Date: Tue, 2 Jul 2002 16:34:12 -0700
Thank you everyone for your concern on this issue. It would appear that some
clarification is in order.
For in-depth information on how this process works, please see: Managing
Automatic Updating and Download Technologies in Windows XP:
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/manageautoupd
ate/default.asp
For this particular issue, it is important to point out the following:
> To ensure resilience of the DRM system that protects digital content,
Windows Media DRM is designed so that content owners can quickly contain the
impact should a breach of their secure content occur.
> The language in the EULA for this security update is an agreement to allow
Microsoft and owners of content secured with Windows Media DRM to limit the
damage to the content owner in the rare case where a player application is
compromised - meaning it would play back protected content in an
unauthorized way.
> If a player application is found to be compromised, Microsoft would work
with the effected parties (i.e. content providers and ISVs) to understand
the breach and determine the best of course of action. Revoking the
application's right to playback protected content is one possible outcome.
If so, that application is placed on an exclusion list, which contains a
list of compromised applications that should not be allowed to play back
secure content.
> Whenever a user's DRM-capable player application acquires a license from a
license server, the DRM revocation list on the user's system will be
updated. .
> When a known compromised application attempts to access protected content,
the access will fail and a user will be informed of the situation and
directed to a web site for upgrading their player. Users make the decision
whether or not to upgrade their player; it is not automatically updated.
> If users decide not to upgrade to a new version of the compromised player,
they can use a different player to play the protected files, because their
license to those files is preserved. They can also continue to use the
revoked application for content not protected by DRM.
> For the ISV, this process is somewhat similar to the situation of a
consumer losing her credit card. After verifying the credentials of the
consumer, the credit card company revokes the old credit card and issues a
new card to her. This language in the EULA is used to let users know that
this kind of system to protect legitimately purchased digital content is in
place.
Here is the EULA excerpt in question:
Digital Rights Management (Security). You agree that in order to protect
the integrity of content and software protected by digital rights management
("Secure Content"), Microsoft may provide security related updates to the OS
Components that will be automatically downloaded onto your computer. These
security related updates may disable your ability to copy and/or play Secure
Content and use other software on your computer. If we provide such a
security update, we will use reasonable efforts to post notices on a web
site explaining the update.
Q & A
Q. Why is this EULA just now showing up in this security update if this has
been a capability of Windows Media DRM for a long time?
A. The same EULA text is in Windows Media 7.1 and an expanded version is in
the Windows XP EULA.
Q. What's to keep Microsoft from simply placing any application it wishes on
the revocation list that is downloaded to users' machines? Couldn't
Microsoft simply put the RealPlayer on that list?
A. Microsoft has developed this capability of Windows Media DRM for the
benefit of the entire DRM ecosystem, which includes content providers, ISVs
and consumers alike. Microsoft always works closely with the ISV whose
application is compromised per the terms of the DRM licensing agreement to
remedy any breach. .
Q. What steps does Microsoft go through before it determines to add an
application to that revocation list?
A. The last thing anybody wants to do is to revoke an application. All
other options are investigated first.
Q. Do other ISVs or application providers know that their application is at
risk of being essentially shut down by Microsoft?
A. Absolutely. This is part of the Windows Media SDK licensing process
Please let me know if I can help to clarify this any further.
-- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. "Brett Goodman" <bmgoodman99@99bigfoot.com> wrote in message news:#ZOtfoPICHA.2612@tkmsftngp08... > The Register reports in 30 June that "MS security patch EULA gives Billg > admin privileges on your box". Read it at > http://www.theregister.co.uk/content/4/25956.html. As they say, if you > download this patch from Windows Update, the EULA omits the following > "Digital Rights Management (Security)" clause. If you download the patch > from the link in the security bulletin, however, it states: > > * Digital Rights Management (Security). You agree that in order to protect > the integrity of content and software protected by digital rights management > ("Secure Content"), Microsoft may provide security related updates to the OS > Components that will be automatically downloaded onto your computer. These > security related updates may disable your ability to copy and/or play Secure > Content and use other software on your computer. If we provide such a > security update, we will use reasonable efforts to post notices on a web > site explaining the update. > > So, let me get this straight: to fix the critical holes in WMP, I'm > supposed to grant MS rights to install future "fixes" that will be > "automatically downloaded" to my computer? You mean that I no longer have a > say in what MS installs because I agree to install this one patch? > > This is scarier than the old EULA at Hotmail that granted MS full ownership > of everything sent or received via Hotmail! > >
- Next message: jen: "cache"
- Previous message: Michael Howard [MS]: "Re: CryptoAPI and Unicode"
- In reply to: Brett Goodman: "BEWARE: New EULA lets MS ADMIN YOUR Systems!"
- Next in thread: Arnt Karlsen: "Re: BEWARE: New EULA lets MS ADMIN YOUR Systems!"
- Reply: Arnt Karlsen: "Re: BEWARE: New EULA lets MS ADMIN YOUR Systems!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
