In last month's commentary, I wrote that I had installed Microsoft Software Update Services (SUS) on one of my servers. Because SUS is a new program on my network, I watched it closely for several weeks, so I was more aware of new Microsoft security fixes than I typically would be. That increased attention is probably the only reason I noticed a little poison pill in a recent patch.
Late last month, three potentially scary bugs surfaced in Windows Media Player (WMP). One of the most serious bugs could let someone sit down at your computer and assume Administrator-like powers, so Microsoft made a downloadable patch available for each of the three WMP versions. I imagine that millions of people have downloaded and installed this patch, but I wonder how many noticed the following text in the software license:
"Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ('Secure Content'), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update."
I didn't take that quote out of context; I copied the quoted paragraph directly from the license agreement. (I wonder when Microsoft will disable the Copy feature in its licenses—the content is always such a good source of journalistic fodder.) To paraphrase the quoted material: When Microsoft sold you a copy of Windows XP, the bundle included WMP, which has defects that the company judges to be severe enough that everyone should fix them as soon as possible. Microsoft has repaired the defect, but you can't have the fix unless you give the company the right to control the software you use on your computer.
By accepting this agreement, you're saying that Microsoft can include new code in WMP that lets the company remotely control your copy of WMP. With that control, Microsoft can direct WMP to download new software that will "disable your ability to ... use other software on your computer." Microsoft won't send you an email message warning you that it's installing spyware—a program that acts as Microsoft's "software cop"—on your computer, but the company will post a warning on a Web site—somewhere. It wouldn't be that much of a leap to say that one way to disable your ability to run illegal software would be to tell Microsoft that you're doing it so that the company can sic the software anti-piracy dogs on you. Yikes.
But that's not all. Read the software license a bit further, and you'll see an old bit of silliness that I've often commented on: The second half of the license is in French. As far as I know, I downloaded the English version of WMP, so I'm puzzled why I have to consent to an agreement, half of which is written in another language. Yes, I know, Microsoft uses this approach for the convenience of Canada, where English and French are both official languages (and for any other country with English and French as its two official languages, although I don't know of any that fit that description besides Canada); I have no complaint with that. But why can't Microsoft amend the language of the agreement to say that if I'm not a Francophone, I'm not bound by half of an agreement that I can't understand? (I hope I didn't agree in French to mow Bill's lawn for the rest of my life.)
Don't get me wrong: I'm a fanatic about copyrights, and people who steal music, software, books, or the like are pathetic thieves in my opinion. So I understand Microsoft's desire to protect its copyrights. But I believe the company has crossed a line here by including text that basically means "let us install any software that we deem necessary whenever we deem it necessary ... or live without security fixes."
Maybe I'll live without that patch after all. Apple Computer's QuickTime player plays MPEGs, if I remember right ...
If you're concerned about giving Microsoft this kind of control over your software use, let the company know how you feel. Visit Microsoft's home page and click Contact Us.