|
|
|
|
Windows Secrets Newsletter • Issue 230 • 2010-02-04 • Circulation: over 400,000 |
|
Table of contents TOP STORY: The EULA you click may not be the one in effect KNOWN ISSUES: Even well-guarded PCs may get infected WACKY WEB WEEK: Make music on the cheap with soda bottles LANGALIST PLUS: MS Security Essentials: right-sized protection? BEST SOFTWARE: Two free photo editors anyone can use |
|
ADS
|
|
TOP STORY The EULA you click may not be the one in effect 
By
Woody Leonhard
When you accept Microsoft's end-user license agreement as part of Windows' installation, that click is considered by many people to be as enforceable as a wet-ink signature — at least in the U.S. But I've found that the terms in the EULA you agree to during an installation may vary from the license that's posted at Microsoft's Web site. In my Dec. 3 Top Story, I tore into the entire Windows 7 licensing debacle. In particular, the Win7 EULA makes certain kinds of Win7 upgrades a violation — even when you follow the instructions in Microsoft's own installation programs. Adding to the confusion are conflicting legal decisions about whether "click wrap" licenses constitute fair, legally binding agreements. E-SIGN, the Electronic Signatures in Global and National Commerce Act of 2000 (as shown in a PDF from the U.S. Government Printing Office), makes clear that clicking Accept is as binding as a signature. But in some cases the terms of the license may change — and your obligations remain open to debate. After an exhaustive search of case law, I could find no example of a Microsoft EULA prevailing in a dispute with a regular, everyday PC user. Sure, Microsoft and other companies have pursued counterfeiters and others who make money by violating a EULA. Stealing is stealing, and software companies have every right to prosecute people who use their products without paying. However, even though you may pay for Windows fair and square and use the program as it was designed to be used, you could still violate the EULA. No agreement on what you're actually agreeing to When you click a EULA's "I Accept" button, what exactly are you accepting? That's the source of considerable debate among people who get paid to fret over such legal questions. Microsoft's current EULAs run to more than a dozen pages. Unless you print one, you're unlikely to see a hard copy of a EULA. Certainly, you didn't see the complete text of the Windows EULA prior to buying Windows in a shrink-wrapped box or before buying a new PC with Windows preinstalled. So when you click "I Accept," you're agreeing to a license you didn't have a chance to review before you bought the product. You can scroll through the agreement while you're in the process of installing the program and call your attorney to get an instant opinion on reams of dense legalese. That much almost everyone agrees on. Most lawyers also concur that the Windows EULA amounts to a "contract of adhesion" — a boilerplate contract over which a consumer has no sway. Take it or leave it. There's nothing illegal or immoral about boilerplate contracts. However, courts in most countries don't consider such agreements to be as binding as contracts in which both sides are on an equal footing. Here's where things get sticky. I'm not a lawyer — and have no intention of becoming one — but to my layman's eyes, EULA enforceability is a wide-open question with more wrinkles than a prize Shar-Pei. In legal decisions, U.S. courts sometimes have sided with consumers and other times with vendors. Most famously — some would say "notoriously" — in the 1996 case ProCD, Inc. v. Zeidenberg, the U.S. 7th Circuit Court overturned a lower court's decision, finding that a ProCD product's shrink-wrap license was an enforceable contract. Details of the case are available on the FindLaw site. Contrariwise, a lower-court case — Klocek v. Gateway, Inc. — found against the enforceability of EULAs. Find more about this case in a Lawnix brief. Unfortunately, these and similar cases — such as the more-recent Feldman v. Google, Bragg v. Linden Research Inc., Specht v. Netscape Communications Corp., and many others — don't involve click-to-accept EULAs for purchased software. Last November, the U.S. courts had an opportunity to clarify the EULA question but chose instead to dodge the matter. As a Yale Law & Technology article explains, the federal case Apple v. Psystar could've unmuddled the situation. However, the judge granted Apple a summary judgment without looking into the EULA aspects of the case. The situation outside the U.S. is just as cloudy. Until there's specific legislation or clear guidance from the courts, the status of software EULAs remains unresolved. If Microsoft truly considers the Windows EULA enforceable, you'd think the company would've taken at least one of the tens of millions of licensees to court. No doubt Microsoft has many reasons why it has avoided putting its putative contract to the test, but one in particular occurs to me. Imagine the consequences if a U.S. court found — for whatever reason — that the Windows EULA isn't enforceable against an individual Microsoft customer. In a future column, I'll delve deeper into how Microsoft benefits from the legal limbo on the matter of enforceability. More than one EULA in your copy of Windows Want to know what your Windows EULA looks like? Windows XP's EULA is stored in a file located here: C:\Windows\System32\eula.txt XP also has a help file associated with the EULA. The help file is located at: C:\Windows\Help\license.chm In Vista and Windows 7, one version of the EULA is stored in the following location: C:\Windows\System32\license.rtf But Vista and Win7 also store other EULAs on the system. For example, Win7's license library for the US-English version of the software is at this location: C:\Windows\System32\en-US\Licenses In fact, my test PC has 54 separate Win7 EULAs in that folder! The date stamp on the EULA file in the machine's System32 folder shows the file was updated the day you installed Windows. Most likely, the Windows installer grabbed the appropriate EULA, displayed that version on the "I agree" screen, and then saved that specific EULA in your PC's System32 folder. That may prove to Microsoft that you saw and agreed to the EULA. But what if the file has been changed? Microsoft's site is a grand repository of EULAs. But those versions of the licenses vary significantly from the EULAs stored on the hard disks of the PCs I tested. To test this for yourself, hop over to Microsoft's End User License Terms download page, choose your product, and compare the EULA stored on your PC with the latest corresponding version online. Microsoft's EULA-download site, however, doesn't actually offer all Windows EULAs. For example, the original Windows XP Retail EULA isn't there. To find it, you must visit a different page on Microsoft's site. Sound confusing? It is. Years ago, I installed a copy of Windows XP Professional Service Pack 1 on a laptop that was subsequently upgraded to SP2 and then SP3. The EULA stored on the machine has the following line at the bottom of the document: EULAID:XPSP1_RM.1_PRO_RTL_EN Presumably, this translates to XP SP1 Revision 1 Professional Retail English. But when I go to the EULA download site, there's no XP SP1 Professional Retail option. I can get the EULA for XP SP1 Professional OEM version or the original XP Professional Retail version, but those EULAs are significantly different from the license stored on my laptop. Is Microsoft trying to hide something? That's hard to say, but the company certainly hasn't made it easy to find and compare the various Windows EULAs. Which EULA did you agree to? Who really knows? I asked Microsoft for clarification on EULA prohibitions and enforceability, but a spokesman responded that the company had declined to comment. Yes, I do expect a phone call from Microsoft's lawyers in the morning!
Woody Leonhard's latest books — Windows 7 All-In-One For Dummies and Green Home Computing For Dummies — deliver the straight story — hold the sugar coating — in a way that won't put you to sleep. |
|
ADS
|
|
KNOWN ISSUES Even well-guarded PCs may get infected 
By
Dennis O'Reilly
There's a window of vulnerability between the appearance of new malware and the updating of anti-malware tools against the new threat; you may fall victim in that interim. That's what happened to one Windows Secrets Lounge member, whose well-protected system appears to have been subjected to a questionable download in his browser. Malware can enter a machine through the recently discovered IE hole that Yardena Arar described in her Jan. 21 Top Story. Windows Secrets Lounge member Cris Wadlooper experienced a different kind of threat, which he explained in the comment thread for Yardena's story:
One of the best tools for clearing a PC of malware is the free Malwarebytes Anti-Malware (more info). Note that only the paid version of the program provides real-time scanning for malware. Most of the major antivirus vendors also offer free online scans you can employ without having to purchase the full product. For example, Symantec offers Security Check, Kapersky provides Free Virus Scan, Trend Micro has House Call, McAfee offers FreeScan, and so on. Running several of these may uncover infections that any one tool might miss by itself. And of course, you also need to patch whatever hole let the malware in. For sure, replace IE 6 (even if you never surf using IE 6) with IE 7 or 8, both of which provide security features that IE 6 will never have. In the case of the IE Aurora vulnerability, apply the new Cumulative Security Update for Internet Explorer explained in Susan Bradley's Jan. 28 Patch Watch column (paid content) and in MS security bulletin MS10-002. Senders may unwittingly spread infection One of the precautions mentioned in Yardena's story is to contact the sender of a suspicious e-mail to verify its authenticity. WS Lounger Hans Bool expands on this point:
The Lounge Life column brings you posts from the WS Lounge threads for our recent articles. Dennis O'Reilly is technical editor of WindowsSecrets.com. |
|
WACKY WEB WEEK Make music on the cheap with soda bottles
|
|
ADS
|
|
PERMALINKS Use these permalinks to share info with friends We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam," and corporate filters start blocking our e-mails.) The following link includes all articles this week: http://WindowsSecrets.com/comp/100204 Free content posted on Feb. 4, 2010:
You get all of the following in our paid content:
Thanks in advance for your support! |
|
YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008. Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial director: Brian Livingston. Senior editors: Fred Langa, Woody Leonhard, Ian Richards. Technical editor: Dennis O'Reilly. Program director: Tony Johnston. Web Developer: Damian Wadley. Research director: Stephanie Small. Copyeditor: Roberta Scholz. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Ryan Russell, Robert Vamosi, Becky Waring. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
|
