Microsoft Stretching The Definition Of Critical Patch

from the caveat-patcher dept

Microsoft is known for putting out a prodigious number of security patches each month, which is a result of the high number of vulnerabilities constantly being found in its software. Typically, the company releases all of its patches on one day, so as to give it time to test patches and ease the burden of installation; the downside is that sometimes users have to wait several weeks before a known hole gets fixed. But whether it does a good job at patching or not, at least a patch is typically something that businesses and users want. However, the company is now pushing patches that serve its own purposes, as opposed to that of its users. When a circumvention technique was discovered for its PlaysForSure DRM, the company immediately rushed out a patch, which it labelled as 'critical', not even waiting for Patch Tuesday. Of course, most people wouldn't be inclined to install a patch that prevented them from enjoying their music as they saw fit, but most people wouldn't question Microsoft when it says a patch is critical, either. This isn't the first time that Microsoft seems to be abusing the definition of a security update. In July, it announced that the forthcoming version of Internet Explorer would be pushed upon users as a High Priority security update. Again, it's good for Microsoft that users download the new browser -- which comes with a default MSN searchbox for the first time -- but it doesn't seem like it should be labelled as a security update. If the company insists on using this channel as a way to protect its own interests, as opposed to its users, it could impair its ambitions to improve its standing with respect to security issues.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 7 Sep 2006 @ 1:14pm

    MS Monster?

    If people are going to download patches indiscriminantly, then they get what they get.

    The IE7 update is a much needed patch. Everyone's been clamoring for it. So they push it out, and now people whine that they had it pushed on them.

    Microsoft is not a public utility. They are a public company. Protecting their investment in OS development should be a high priority.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Sep 2006 @ 1:58pm

      Re: MS Monster?

      If people are going to download patches indiscriminantly, then they get what they get.

      Agreed.

      The IE7 update is a much needed patch.

      BS. IE7 is new browser software, not a patch, and I resent M$ for misleading people to believe it is something it's not. Apparantly you've bought it hook, line & sinker.

      Everyone's been clamoring for it.

      *Everyone* is a pretty general statement and a false one at that. Sure, it's anticipated by many but that isn't the same thing so pull your head out of the clouds.

      So they push it out, and now people whine that they had it pushed on them.

      Of course they whine when something is forced on them you dolt. Nobody asked to be forced to do something - they asked for the option.

      Microsoft is not a public utility. They are a public company. Protecting their investment in OS development should be a high priority.

      Absolutely they should but they should do so ethically. And the last time M$ did anything based on ethics... well, I can't remember the last time M$ did anything based on ethics... since before their antitrust case perhaps? Who knows. The point is M$ is a large company that uses their corporate and political power to bully and force users, who don't know any better unfortunately, to accept everything they're spoon fed.

      I suggest you stop complaining about people complaining when M$ forces people to comply with things they don't want. It's understandable and the fact that it bothers you says your priorities are in the wrong place.

      reply to this | link to this | view in chronology ]

    • identicon
      Zealot, 7 Sep 2006 @ 2:23pm

      MSN Search

      MSN default search is nothing new. In IE6, if you typed in a web address incorrectly (or anything else)
      it would take you to a MSN search for it.

      The new IE7 has a separate search bar. Sure, it defaults to searching MSN, but Microsoft has a special website set up just to add/remove a few dozen search engines. (You click the search button -> find more providers.)

      In other words, the NEW search lets you choose a DIFFERENT engine. The OLD search is the one that forces you to use Microsoft's.

      reply to this | link to this | view in chronology ]

    • identicon
      Lyzrd, 7 Sep 2006 @ 5:10pm

      Re: MS Monster?

      Come on... IE is a "patch"? It's a browser update, not an OS patch.

      reply to this | link to this | view in chronology ]

      • identicon
        Frank Thynne, 5 Dec 2006 @ 5:13pm

        Re: Re: MS Monster?

        Judging by the adverse side effects on other programs it's an OS patch as well - and a very unwelcome one.

        reply to this | link to this | view in chronology ]

    • identicon
      Frank Thynne, 5 Dec 2006 @ 4:51pm

      Re: MS Monster?

      You are clearly quite wrong. Releasing IE7 by the critical update mechanism is clearly a marketing ploy. Microsoft has effectively admitted that it isn't critical by releasing a "disable automatic installation of IE7 patch". This is probably in response to users who have found that IE7 has adverse effects to pograms other than IE.

      For many years I didn't trust MS to release reliable patches - with considerable justification because many patches were released without adequate testing.

      Microsoft has recently been taking much more care with its fixes, and for the last year or so I have advised clients to apply critical updates automatically on the basis that, on balance, the fixes were likely to be less harmful tnan the vulnerabilities they fixed.

      Now, by pushing out IE7 as a critical update without first testing for adverse side effects, they have destroyed that trust and shown themselves once again to be cynical and untrustworthy. A total disgrace - but I don't suppose they will feel ashamed.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 1:16pm

    YAY

    more anti-microsoft tripe.

    shocking.

    reply to this | link to this | view in chronology ]

    • identicon
      Wizard Prang, 8 Sep 2006 @ 9:47am

      The point, in case you missed it...

      ...is that MS is using their "Critical Security Patch" mechanism to roll out updates that are not critical, not security-related and in some cases, not patches.

      That's three lies for the price of one.

      I'm not anti-MS, but I am Anti-DRM and anti-WGA. That's why I have Automatic Updates running in "download but do not install" more.

      And that's why I run Win2k and will not "upgrade" to XP.

      reply to this | link to this | view in chronology ]

  • identicon
    DittoBox, 7 Sep 2006 @ 1:21pm

    IE as critical patch is good

    As web designer I find IE6 to be one of the biggest headaches. It generally makes development time 2 or 3 times longer because it either has a buggy or non-existent implementation of standards. If it doesn't take longer it certainly restricts creativity.

    IE7 is better, and a near-forced (but not forced!) upgrade is a Good Thing because of better standards and better security.

    I still think microsoft has/had a monopoly. I also think it abused it. But now they're trying to gimp it, mainly because competition is finally knocking on their door but also because the IE devs are honestly trying to fix mistakes and wrong-doings from the past. Microsoft could simply say something along the lines of "hey, we screwed up, try firefox or opera or something..." but they won't. I'll take what I can get and let the free market fix the rest, as it's been doing (Safari and FF alone take nearly 20% of the US market now).

    IE7 is going to be the last dominant or largely dominant version of IE anyway. IE7 is ugly and hard to use. People will notice this and go elsewhere. Yes, even Joe Sixpack is going to figure this one out. The free market -no matter how many people out there disagree- will prevail.

    reply to this | link to this | view in chronology ]

    • identicon
      Big Huge Dave, 7 Sep 2006 @ 1:41pm

      Re: IE as critical patch is good

      I find it interesting that you are so "free market", which I am too by the way, yet you think Microsoft has/had a monopoly.

      Anyone who studies the benefits of the free market knows that the only monopolies are those given by the government (water department, electricity, public schools, etc).

      I'm glad that several of you though have stated that Microsoft is a private company and can do whatever it feels right for its product. If you disagree with them or don't like it, don't use their product.

      reply to this | link to this | view in chronology ]

      • identicon
        RoyalPeasantry, 7 Sep 2006 @ 8:45pm

        Re: Re: IE as critical patch is good

        Anyone who studies the benefits of the free market knows that the only monopolies are those given by the government (water department, electricity, public schools, etc).

        I'm glad that several of you though have stated that Microsoft is a private company and can do whatever it feels right for its product. If you disagree with them or don't like it, don't use their product.

        You really don't seem to get the picture... Yeah sure, just don't use thier product. Ignore the fact that 90% of the world RUNS on it and most of the services and software available to you only run on windows, especially the ones most popular in the business enviroment. Not to mention the problems you can have trying to get differen't operating systems working together.
        Also not to mention of course that more than 80% of the world is incapable of installing and running linux..
        No it doesn't fit the strict definition of monopoly... But it essentially is one.


        On other subjects

        And yes, the IE patch SHOULD roll out as a high priority security update. Because for every person out there who uses IE (still 80% of the world I believe) it damn well IS a high priority security patch. For that matter it still is people who don't use it because the holes are still there despite the fact that you don't use it..


        I don't terribly mind M$ releasing the DRM update as a critical security patch.. Yes its misleading.. but thats technically what it is. what I do mind is that they manged to patch it in three days when actual security holes can wait till patch Tuesday...


        and ONE of these days microsoft is going to realise that just because a service is set the MANUAL doesn't mean its not STARTED. I'm getting tdamn tired of resetting that every time I want to get updates.

        reply to this | link to this | view in chronology ]

    • identicon
      Frank Thynne, 5 Dec 2006 @ 4:55pm

      Re: IE as critical patch is good

      Even if I could excuse MS for releasing a brand new version through the critical path route (which I don't - it's just cynical marketing) I can't forgive releasing a product which has adverse effects on other programs - even MS programs.

      It's just not been properly tested.

      reply to this | link to this | view in chronology ]

  • identicon
    unonomous (I flunked skooowl), 7 Sep 2006 @ 1:23pm

    tiny typo

    "...it could impair its ambitions to improve it standing with respect to security issues."

    I assume "...improve it's standing"

    reply to this | link to this | view in chronology ]

  • identicon
    Monarch, 7 Sep 2006 @ 1:23pm

    Hey ACoward and ACoward, yeah it's more anti-microsoft hype, but that hype is all over the tech news right now.
    Guess what, it also shows that M$ is more concerned about how they are perceived by the Media companies than how they are perceived by their own customers.
    That in itself is the news Cowards.

    reply to this | link to this | view in chronology ]

  • identicon
    CHRISMGTIS, 7 Sep 2006 @ 1:26pm

    IE7 not a security update? What is your real profession? Bat Poo Shoveler? Think about what you just said. That made no sense whatsoever.

    I guess companies also don't have the right to protect their own investments and products anymore? That argument against Microsoft is getting pretty tiresome. It's their product they have every right to do what they are doing.

    reply to this | link to this | view in chronology ]

    • identicon
      Aaron, 8 Sep 2006 @ 9:31am

      Re:

      You really think of IE 7 as a security update? That's pretty scarey to say the least - as with any new release of a product, it will fix some issues and also introduce others.

      reply to this | link to this | view in chronology ]

    • identicon
      Frank Thynne, 5 Dec 2006 @ 4:59pm

      IE7 breaks other programs.

      IE7 is known to cause problems with other programs - even Microsoft's own. It's unforgivable to force it on users by the critical patch mechanism. How can we ever trust automatic updates again?

      reply to this | link to this | view in chronology ]

  • identicon
    Dash, 7 Sep 2006 @ 1:26pm

    Logical

    IE7 does supposedly offer better security than IE6. At any rate, I don't think anyone would argue that IE6 is in any way better than IE7, security and otherwise, so I think it is reasonable to offer it as critical.

    reply to this | link to this | view in chronology ]

  • identicon
    CHRISMGTIS, 7 Sep 2006 @ 1:28pm

    "Microsoft could simply say something along the lines of "hey, we screwed up, try firefox or opera or something..." but they won't."

    Wow. That is mind blowing. Recommend a competitors product. You should run for President with that kind of innovative thinking.

    reply to this | link to this | view in chronology ]

  • identicon
    oohhhgezzz, 7 Sep 2006 @ 1:30pm

    The great pach work OS

    Any OS that is widely used as windows are going to have secuirty holes in them. The patches are for best in the long run, but thats all. If some one doesn't want IE7 then they should have a choice. I user Opera and firefox and work and home, but I got IE7 because of the update. I wasn't happy about it eather. They shoud leave it as a option because 90% of the new programs they send need security patches in the frist place.

    reply to this | link to this | view in chronology ]

    • identicon
      Monsuco, 7 Sep 2006 @ 2:59pm

      Re: The great pach work OS

      "Any OS that is widely used as windows are going to have secuirty holes in them. The patches are for best in the long run, but thats all. If some one doesn't want IE7 then they should have a choice. I user Opera and firefox and work and home, but I got IE7 because of the update. I wasn't happy about it eather. They shoud leave it as a option because 90% of the new programs they send need security patches in the frist place."
      It isn't the large Windows user base that causes security problems. That contributes too, but it is because Windows is closed source. Look at Apache, which I am pretty sure is one of the most popular server apps in the world, it beats it's competitor MS IIS by a long run in popularity and security issues are typically fixed quicker. Look at linux and BSD on servers. Both are typically far more secure than Windows server, and together the two far outnumber Windows Server and both are far more secure. Look at the "Ping of Death" incident. MS and Apple took far longer to patch their OS's than Linux and BSD. The only reason Apple is more secure than Windows is because Apple used BSD code in their software and the very core of their OS is FOSS (darwin) even though most of the OS is not FOSS.

      The only reason MS patched this one quickly was because they feel it is far more important to support their allies in the media than their customers. That is the ONLY reason, no excuse.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Sep 2006 @ 3:27pm

        Re: Re: The great pach work OS


        "Look at Apache, which I am pretty sure is one of the most popular server apps in the world, it beats it's competitor MS IIS by a long run in popularity and security issues are typically fixed quicker. Look at linux and BSD on servers. Both are typically far more secure than Windows server, and together the two far outnumber Windows Server and both are far more secure"

        I guess that since MS is so unpopular it will be out of business soon. Oh wait...the patch was for WinXP client machines...not servers or MS IIS. How are those open source OSs doing vs MS? vs IE?

        Kind of sad that everyone complains about MS, and then apparently has MS running on their desktops. Oh, I'm sure the 'company' makes you use it, right?

        When a truly better OS comes along (and it will) it will gain popularity and it will unseat MS. However, it won't be free/open source by the time it unseats MS. No open source software will ever be more popular (read: widely distributed, not well-liked) than its pay-to-play counterpart.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Sep 2006 @ 6:50am

        Re: Re: The great pach work OS


        "Look at Apache, which I am pretty sure is one of the most popular server apps in the world, it beats it's competitor MS IIS by a long run in popularity and security issues are typically fixed quicker. Look at linux and BSD on servers. Both are typically far more secure than Windows server, and together the two far outnumber Windows Server and both are far more secure"

        I guess that since MS is so unpopular it will be out of business soon. Oh wait...the patch was for WinXP client machines...not servers or MS IIS. How are those open source OSs doing vs MS? vs IE?

        Kind of sad that everyone complains about MS, and then apparently has MS running on their desktops. Oh, I'm sure the 'company' makes you use it, right?

        When a truly better OS comes along (and it will) it will gain popularity and it will unseat MS. However, it won't be free/open source by the time it unseats MS. No open source software will ever be more popular (read: widely distributed, not well-liked) than its pay-to-play counterpart.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 1:47pm

    ummm

    Hey there oohhhgezzz,

    I don't think the IE7 patch has been released yet, so not sure if you're just jumping on the bandwagon or what.

    As for a choice, MS does offer a tool to block the download. As was said above, if users are going to blindly download these patches, then they get what they deserve. 2 minutes of research and a 1 minute download can stop the IE7 Critical patch from automatically downloading.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 2:09pm

    RE #14

    Again, someone complaining about software that they're not required to use.

    You: Waah...I need software to run my computer
    MS: Here you go little fellah.
    You: Waah...it doesn't work they way I want it to.
    MS: Well, we wrote it, use it or use something else.
    You: Waah...ummm...waaah...Linux is too hard.
    MS: Well, it's your choice but quit crying you little brat.

    And if you are a Linux user, then what the hell do you care about MS? Oh, that's right...I forgot 98% of Linux users don't have a life.

    reply to this | link to this | view in chronology ]

    • identicon
      Blitze, 7 Sep 2006 @ 3:42pm

      Re: RE #14

      Flames already? pathetic, truly pathetic

      Most users that have linux are what we call SMARTER. It is faster better and free, not to mention if they have it they probably know programming and have a good paying job. You call this no life?

      atleast 50% of the windows users have it for these reasons:
      1. porn
      2. "myspace"
      3. music

      You call that a life?

      MS just needs to be kept around for morons, if some one is complaining about their wording use linux or mac or just rtfm and shut up.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 7 Sep 2006 @ 4:49pm

        Re: Re: RE #14

        Linux users smarter... nope sorry don’t think so... you just happen to be educated on something that someone else is not... this does not make you smarter nope. Maybe more safe in the computer world as there are less bugs, viruses or KNOWN holes in the software but that’s about it... its like saying because I can swim faster away from the sharks than the other guy I am smarter; kind of a silly idea. If Linux had the user base that MS has Linux would be a mess just MS is now. Imagine if all the people who write viruses and hack MS turned on Linux and attacked; it would almost be amusing. The true fact here is user base numbers. Why attack X number of Linux machines or FF or Safari when you can attack X to the power of 100 MS machines and IE and outlook its just a numbers game and these hackers spammers and virus writers are out to win not lose....

        On another note how many versions of the Linux os's be it BSD or any other have been released in the last 5 years hmm say maybe 8-10 how many versions of windows hmm say 1. And in every release there are security advisory’s and changes posted... damn so many holes why use it when in the install instructions it states a update has the real possibility of wiping my machine... when all XP does is patch..

        I am not for or against either OS I use both at work and home but don't sit on the high horse and shout how smart you are because you use Linux... it just makes you look the fool..

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 2:42pm

    No one is required to use Microsoft products, but we are supposed to pay for it. Furthermore, if it happens in my computer, I have a right to know what it is and opt out. Just because I am a customer doesn't mean they own my computer. As a paying cutsomer, I have a right to express my wants to the comany (even though they don't care).

    It's not the IE update that's the problem, its the pirority given the DRM "patch". I will never buy anything with that kind of DRM, but they way this was handled stinks. If the "update" is sent out as if it were a security patch, then I care. Microsoft at least owes me accurate information on what they are sending me so I can decide if I want it on my computer.

    Also, as a consumer, I care about their priorities. Maybe you are right and I should switch to Linux, but just because I try to continue to give MS my business doesn't mean I can't be concerned. What ever happened to "the customer is always right"?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 2:50pm

    ohhh...the DRM patch

    So they patched software to prevent bypassing security, so thaaaat's what you're upset about. Umm...wait...prevented bypassing security....hmmm...seems like a security patch to me. And if bypassing it by unscrupulous media thieves means they'll lose money...then yeah, it does seem critical.

    And once again...ALL UPDATES ARE OPTIONAL. Is today your first day on the internet?? First day on MS update??? Sheesh

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 2:52pm

    BTW

    I'm pretty sure you bought the license to use the software, not the software itself. Sure, it's you're computer, but it's still their software.

    reply to this | link to this | view in chronology ]

  • identicon
    TheBigSarge, 7 Sep 2006 @ 3:36pm

    If you don't want Microsoft to "force" updates to you, it's as simple as turning off the Automatic Updates. If you'd rather use IE6 than be "forced" to use IE7, than do it. Just don't start bawlin' when an exploit in IE6 cripples your PC someday and then you find out IE7 was unaffected.

    reply to this | link to this | view in chronology ]

  • identicon
    AJ, 7 Sep 2006 @ 3:43pm

    fix it already

    I understand that windows is a huge program, and I can see that they may need to patch this or plug that on occasion, but the volume of udates has me so confused that I really don't trust them anymore. If ford made a car and recalled it for "patching" ever other week, eventually I would find another brand of car. I really do get the fact that it takes a while to work out the bugs, but why release it untill these bugs have been found and removed? Why give your customers a faulty product, knowing its faulty, and think there just going to have to live with the fact that its going to take patch after patch to fix it? I like windows, I don't like all the stress involved with keeping it up, its almost to the point that I just dont want to buy the new stuff they put out because it turnes my computer into swiss cheese with all the security holes. Im not bashing em, I'm just a little fustrated.

    reply to this | link to this | view in chronology ]

  • identicon
    oberonix, 7 Sep 2006 @ 4:05pm

    Security Focus

    Microsoft can do whatever they want with their update service, as many of you have noted, since it is their software. The problem that is being pointed out though is that if Microsoft wants to be taken seriously as offering a secure OS with a great update service then it has to hold itself to it's own standards. By pushing out a critical security update that actually isn't that at all somewhat undermines this effort. That's what the real complaint here is as I see it. Sure they can do whatever they want, but it is a bad choice to do this if they want to be taken seriously.

    reply to this | link to this | view in chronology ]

  • identicon
    For the love of pete, 7 Sep 2006 @ 4:28pm

    Are you guys just morons?

    First off, Everyone stop your freakin whining.

    There is a little icon that pops up on your systray, you know the one that looks like a little yellow shield with a cross in the center (Yeah, that one, for those of you playin our home game), That's the automatic update button, when you first run windows it asks you how you want the updates installed. Microsoft is NOT FLIPPIN Pushin IE7 on Anybody.

    You go into that wizard and tell it YOU want to CHOOSE what updates you want D/L'd and Installed. Have ANY OF YOU ever thought to TRY that? Or, are you all just basic Run of the MIll Users?

    I strongly suggest that you all STFU about how MS is "Shoving software" Down everybody's throats.

    There is an Old adage goin around it's something like, "RTFM!" Every hear it before? It means, "Read the F***ing Manual"

    STFU!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Sep 2006 @ 5:26pm

      Re: Are you guys just morons?

      You go into that wizard and tell it YOU want to CHOOSE what updates you want D/L'd and Installed. Have ANY OF YOU ever thought to TRY that? Or, are you all just basic Run of the MIll Users?

      Thank you oh so much. Please tell me which of the updates labeled "hotfix" includes the DRM sO I can remove it, and I promise to STFU. Oh, it's not labeled? I have choice as long as I'm psychic? Thanks!

      reply to this | link to this | view in chronology ]

    • identicon
      Frank Thynne, 5 Dec 2006 @ 5:11pm

      Re: Are you guys just morons?

      If the choice is between leaving users to decide which updates are good and having them install updates automatically even if they have adverse side effects, then they should do neither and use another product. But MS has used its monopoly strength to see off most of the opposition. However, by such dishonest and damaging practices Microsoft might well leave the field clear for more reliable rivals and thereby destroy itself.

      Would you trust a drug company to behave like this?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Sep 2006 @ 4:51pm

    DRM is not IE7

    Why are all the Microsoft lovers going on about IE7 when the issue is the DRM update being given piroity and mislabeld as a critical patch? If it was labeled as "critical" instead of a "DRM update" how would I know not to choose this update? I do choose which updates I want, but MS bundles things and mislabels them. I have a right to complain about DRM being called a critical update.

    Also, I understand I don't own the software. If you read the posts, no one ever said anythng about owning software, just about paying for software. I am a paying customer. I have a right to say what I want about the products and services I pay for.

    As perviously noted, I own my computer. I do know how to chose which updates I want, and I do choose them. Again, I don't care about IE7. I care about labeling a DRM update as a critical patch. I also care about priorities, where my security can wait a month till the next Tuesday update and the "PlaysforSure" drm gets a 3 day turn around after people find a way to hack it.

    Why do you assume I don't know how to do those things and focus on IE7 when my posts clearly focus on the DRM issue? It's about prioriies and it's about giving correct information.

    Why do you put words n my mouth instead of reading what I said? You create non issues by throwing up strawmen and then call end-users babies instead of even trying to see our point of view. How much are they paying you?

    Since you obviously work for MS, please tell me why you bundle weird things for tablet and other things I don't need into the operating system and make these processes start automatically? Yes, I can edit the registry, but why put that crap there in the first place? And when we question such joys you add, why get mad in stead of explaining it?

    The end user has a right to tell you what we want. You don't have to listen, but we are the people who use your software. You may want to hear some of what we say in stead of putting words in our mouths and making fun of us.

    reply to this | link to this | view in chronology ]

  • identicon
    Jeremy, 7 Sep 2006 @ 5:15pm

    This is lame.

    reply to this | link to this | view in chronology ]

  • identicon
    Tyshaun, 7 Sep 2006 @ 5:25pm

    WHAT?

    No on bought up the "MAC" is better arguement?

    How weird!

    reply to this | link to this | view in chronology ]

  • identicon
    Kerry, 7 Sep 2006 @ 5:35pm

    Warm in here

    This has to be one of the best flame wars I've had the privilege to read. It has everything. Knowers, not-knowers, don't carer's (which is strange for a flame war), don't know enough to carers (which just don't belong here), and end users (which make statements like... "'I assume "...improve it's standing"'

    Just like I assume you meant "...improve its standing") who think this is their English 101 class.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Sep 2006 @ 6:21pm

      Re: Warm in here

      Hee hee. I guess it is a little warm. I'm guilty of being an end user, and I guess the only one who saw the DRM part of the article. However, and I ask this nicely, when you say," 'and end users (which make statements like... " 'I assume "...improve it's standing' Just like I assume you meant '...improve its standing') who think this is their English 101 class." what makes you think that post came from an end-user? I use AC because I'm lazy. That person had a screen name.

      reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 7 Sep 2006 @ 8:19pm

    Definition of a "Critical Update"

    WITNESS: You release a piece of software that is the basis for licensed content holders to distribute their content in a manner they feel "protects" their interests.

    FLASHPOINT: A third party creates a tool that invalidates the entire business model for your software (threatens to breach your content license agreements and those agreements of your platform's developers).

    PRESS: This tool begins to gain a storm of popular attention due to the fact that many of your high profile developers/clients have begun launching new services into a very speculative and nascent market for commercial product.

    RAMIFICATIONS: If your tool is NOT patched (dynamic updatability being something you built into your software for these reasons), then your developers risk losing their content licensees for breech of contract, and their customers begin losing quality of service as more content begins to pull out of the "leaky boat" platform you've created.

    RESULT: The same people that believe they are gaining "freedom" with the content they downloaded, will be soon losing the very access they've been appreciating, and no doubt, when it all hits the fan, the lawsuits will be numerous.

    "CRITICAL"? Um... Yeah, your damn straight. "Stretched definition"? Not in the slightest eensy teensy bit. If a patch is intended to directly protect the stability of a platform users are subscribing to? Yes, it's pretty much "critical".

    No one has to like DRM to understand basic logic. Should people be able to buy DRM free content? Yes. Is cracking DRM the way to get it? Logically, with so much money being poured into it... its like asking America to pull out of Iraq. It should never have happened in the first place, but now that it has, the catch-22 screw-job is all over the details.

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 7 Sep 2006 @ 11:13pm

      Re: Definition of a "Critical Update"

      "CRITICAL"? Um... Yeah, your damn straight. "Stretched definition"? Not in the slightest eensy teensy bit. If a patch is intended to directly protect the stability of a platform users are subscribing to? Yes, it's pretty much "critical".

      Hmm. There are a few pretty serious holes in your analysis.

      By your reasoning, "critical" efforts to stop market changes are more important the giving the customer what they want. Markets change all the time, and trying to prevent the customer from doing what they want is a strategy for failure.

      It's already been shown why leaving this tool as is would increase the value of Windows media files -- so much of the rest of your argument doesn't hold much water either.

      However, the very biggest problem is that this is a security patch. A security patch people think of as a way of protecting *themselves*. In this case, the security patch is a way of protecting *Microsoft* at the *expense* of the user. That's not a critical security patch at all. It's false advertising and trying to stuff the cat back in the bag.

      So, yes, it's a stretch to call this a critical security patch, just as much as it's a BAD BUSINESS DECISION for Microsoft to try to stop this software from working.

      reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 7 Sep 2006 @ 9:00pm

    Another Splash of Sober Perspective

    Cracking DRM... is for suckers. I can respect the intentions and talent (I can), but here's the real deal... because the people that would WANT to crack DRM content are by definition "customers"... people who have already purchased the DRM content in the first place, we've got problemo, numero uno. Just stop and think about this.

    The first and foremost war against DRM is NOT buying DRM content in the first place! If people are BUYING DRM content and then complaining that its got DRM, that's gotta be the stupidest scenario for self-fulfilling disatisfaction (I remember the smart people that made lists of all the CDs containing Sony's nefarious rootkit, so ppl could avoid buying them... awesome!) By buying the stuff... all you're doing is PAYING Microsoft and Apple to employ professional programmers to continue a DRM arms battle with a bunch of hackers working for free. Hm. Tastes kind of like... futility perhaps? "We want it! No, we don't. We want it! No, we don't. Our mouths say NAY, but our wallets say YAY!"

    This notion that the simple gnashing and grinding of teeth and "counter-FUD" will foment DRM revolution while people keep *buying* it is a pipedream. For all they know, the critics aren't their customers, while their customers remain happy. Trust me, that's how it occurs for them. This isn't like boycotting gas due to high prices (raise your hand if you can trace the burden of the net effect). With DRM, it's much more simple. Stop fucking buying it. If you're not buying it, keep recommending others do the same. Cheering for hacks? Futility, thy name is FairUse4WM.

    On the brighter side, I cannot IMAGINE how Amazon Unboxed will not be a stunning commercial failure. Mark one for the "revolution".

    reply to this | link to this | view in chronology ]

    • identicon
      RoyalPeasantry, 7 Sep 2006 @ 10:12pm

      Re: Another Splash of Sober Perspective

      Uh, you seem to be forgetting that media protected by DRM generally does not let the user play it whenever/wherever they want.
      Yeah, sure they bought it. But the DRM puts so many restrictions on it its almost pointless. When I buy music (and I do) I want to be able to use it in any way I want. I want to be able to make multiple copies of it and have it at work, at home on all three of my computers so I don't have to go to that specific computer in order to listen to music. I want to be able to copy it to CD or to an mp3 player so I can listen to it on the go.

      THIS is what consumers are trying to circumvent.


      I also get sick and tired of all the people who keep saying "If you don't like it, DON'T BUY IT." Its F***ing retarded. I dunno about you but I wouldn't BUY the music if I didn't like it. I LIKE the music, I DON'T like being limited in the way I can listen to it because some rich studio exec is worried about someone listening to *gasp* music they didn't pay him for.
      And if one more person tells me to go out and listen to alternative bands that sell thier music themselves.. I'm going to find out I'll... I happen to WANT to listen to a particular song you dumba** and I don't believe that some idiot studio exec should be able to tell me how I have to listen to it.


      When you buy music, you should be able to do what you want with it. I can respect the music companies desire to make a profit. That is why we have copyright laws. That is why it is illegal to share copyrighted music.
      Sooner or later the music studios are going to realize that the only people they are punishing by using DRM are the people who are paying for the music in the first place. Its completely impossible to make a foolproof DRM unless somehow you manage to remove all analog to digital converters from the public domain. Which will never happen.

      reply to this | link to this | view in chronology ]

      • identicon
        eb, 8 Sep 2006 @ 8:23am

        Re: Re: Another Splash of Sober Perspective

        Why on earth should music producers stop using DRM when their customers buy anyway? Hey, it's your choice, but by continuing to buy you're supporting the problem and it will never go away.

        reply to this | link to this | view in chronology ]

  • identicon
    it's worse thatn that!, 7 Sep 2006 @ 11:36pm


    I DON'T like being limited in the way I can listen to it because some rich studio exec is worried about someone listening to *gasp* music they didn't pay him for.


    No, Sorry, it's WORSE that that, He's worried that you might listen to music you PAID FOR in a way that you DID NOT pay for.

    Truly, if they could get pay per listen, they would!

    reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 8 Sep 2006 @ 2:54am

    Oh, Dear

    "No, Sorry, it's WORSE that that, He's worried that you might listen to music you PAID FOR in a way that you DID NOT pay for."

    Ok, this is silly. It's like everyone's suddenly become an infant and can't read anything before they buy.

    NEWFLASH. DRM doesn't prevent your unlimited usage of the music you buy, it just creates a barrier that making it more difficult to transfer music between formats. The recording companies know this, yet people (usually non-customers) feel compelled to do the following ritual, like a voodoo chicken dance:

    1. Insist that DRM restricts their rights to use what they bought, asserting that DRM assumes you're a criminal before you even do anything.
    2. Laugh at the RIAA because DRM doesn't actually prevent people from moving their song out of that DRM format if they really wanted to. It just annoys customers who know and feel strongly, that it should be easier.

    The more people make this about "removing DRM" and not simply "How do I move my music to...", the more of a problem this will all be. DRM actually works as "prevention" and not "deterrant". This is the simple, unpolitical truth of it.

    Off the top of my head, I can think of a number of clear and easy ways to move ANY music (DRM or not) off of my PC and into any format. I remember listening to a cool story read on NPR once. It was a story about shape note singing. I searched the web, and found the story streaming as a Real Audio feed. I thought... "I want that on my iPod so I can play it in my car."

    So, what'd I do...? First... I searched for the story in iTunes and online, and couldn't find it anywhere. Then I whipped out a simple cord, and plugged my computer's speaker jack into its microphone jack, and opened up Audacity. Recorded. Saved it out to Mp3. Labelled it (reminds me of cassettes here...) Done.

    iTunes is so unrestrictive, I've never had to peel the DRM off of anything I bought, but if I did I know I can always do one of two things... 1.) Burn to a CD and re-rip 2.) Use the optical jack USB jack on my mini-disc player to re-record the audio digitally to mini-disc, and then re-record the song back to my computer.

    And of source... 3.) Worst case, I can use the same speaker-to-microphone cable I used to record a stream. --But, people are such sound premadonnas now, anything other than pure digital music purity threatens their enjoyment, so its best avoid analog transfers when possible.

    Does the music industry care about my fair use rights? Not really. They'll attempt to crush them if they threaten to bleed over into theft, which is the only catch 22. The day I see a story in the paper where the music industry sues someone for making personal use of music they purchased... is a day that will never come and everyone knows it. Some people think they've already seen it. Sorry. Hasn't happened.

    We still see news stories debating whether leaving a trove of music on your iPod when you sell it on eBay is "wrong". We're a long ways off from crazy town, people. Why everyone is turning into Fox Mulder, I can't rightly say.

    reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 8 Sep 2006 @ 4:13am

    Ain't So

    "Hmm. There are a few pretty serious holes in your analysis." - Mike

    No there isn't.

    "By your reasoning, "critical" efforts to stop market changes are more important the giving the customer what they want." - Mike

    Listen to yourself. Microsoft created a platform to sell rights protected music. Customers are using that platform to buy and rent music. If a hole is found in that platform, and stays open... the platform will be in breech of its contractual obligations.

    Do you disagree? If not... next point...

    If by leaving a "hole" open, the "customer" will inevitably begin losing access to music and/or video content, and new songs/videos will not be added by those implementing the platform (Napster, Yahoo, Vongo, Guba, Amazon) this is a threat to the Microsoft customer. This isn't rocket science. It may not be what you wish to believe, but its the God's honest truth.

    How is this fairy tale world where Microsoft ignores articles about how their platform has been "broken", when they begin appearing in major trade publications across the country... and then simply smiles and says "It's all good" as the developer complains begin pouring in?

    "Markets change all the time, and trying to prevent the customer from doing what they want is a strategy for failure." - Mike

    I understand that. You're making the wrong assertions though. Instead of allowing Microsoft to create a platform based on DRM, and then supporting it as a customer by subscribing to platforms that use it... and then... COMPLAINING that the platform isn't fliexible in its inflexibility. Don't subscribe to the platform and whatch it burst into flames and fail. Consumers desperately need to understand that.

    "It's already been shown why leaving this tool as is would increase the value of Windows media files -- so much of the rest of your argument doesn't hold much water either." - Mike

    No such thing has been "shown". Unfortunately, this is a fairy tale. As I've stated before, and above... broken "No DRM WMA"="Unstable platform". You know this... its basic logic. If Apple did this, its a little more possible, and if the changes to their publishing tool are to be watched, Apple seems like they may well offer it in the future. Unfortunately, Microsoft's platform is based off of the "rental" model.

    If you're implication is that "renting" music is MUCH more valuable to consumers if they can keep it... Wow. I can't disagree with you. Problem is... the platform evaporates because suddenly you're SELLING music, and not RENTING it. The whole business model needs to change. --If your assertion is that the business model is junk, then let's always begin and end on that (I can't agree more!), instead of this "look at how removing DRM from your platform makes it more valuable" hogwash.

    reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 8 Sep 2006 @ 4:46am

    Mapping an Imaginary Future

    "However, the very biggest problem is that this is a security patch. A security patch people think of as a way of protecting *themselves*. In this case, the security patch is a way of protecting *Microsoft* at the *expense* of the user." - Mike

    Again... an UNSTABLE platform is a problem for the user. Ok, I had to do this. I can to some interesting revelations in this exercise and I want to share.

    Play this scenario out, and tell me if its impossible or if it is simply (as I believe) "bloody unlikely"...

    a.) Now. Hole is discovered in Microsoft DRM and published to the public.

    b.) 2 Weeks later. Microsoft remains silent, to see what will happen if they simply leave the hole unpatched.

    c.) 1 Month later, platfrom developers Napster and Yahoo have begun seeing a surge of new users. Some are users that have heard more about the platform due to news about the DRM hole, others are users that simply want to exploit the security hole to download hordes of music for monthly service.

    d.) 1 Month 1 week, recording companies begin expressing strong statements regarding the viability of doing business on Microsoft's platform. Given that many customers are finding it better to "subscribe" and strip the DRM off their music, than to "buy" it companies like Yahoo and Napster have seen their "purchase" numbers drop to almost nothing despite new subscribers.

    e.) 2 Months, Microsoft is feeling pressure as legal threats begin to appear in press releases and commentary from platform developers. Napster CEO is quoted as saying, "We're having record growth, but our `pay to burn [a CD]`part of the business has gone flat. Much worse than that, our content licensees are close to breech of contract right now. We have at least 2 major labels that have lost faith in us, and have stated that they will be terminating our contract. Bottomline is, we're costing them money."

    f.) 2 Months, 1 week. Software developer begin releasing "agregators". Tools that spider platforms like Napster and Yahoo for music and download in bulk. In recent weeks, Napster and Yahoo have begun seeing highly irrattic subscription behavior. Many new sign ups would take advantage of free trial, simply to quit before free trial is up, though usage indicates high use of the service. Other new customers simply stay for 1 month and then cancel, after downloading thousands of songs.

    g.) 3 Months. Yahoo, Real Rhapsody, and Napster have both filed lawsuits against Microsoft. Smaller licensees have begun pooling together into class action lawsuit. URGE has seemingly lost steam and remains an unfullfilled promise.

    h.) 4 Months. Customers begin noticing that major PlaysForSure vendors are not posting the latest music. In fact, some music has begun disappearing from the service, and unexpectantly, many "purchased" files (for CD burning) that were not immediately stripped of DRM have stopped working entirely. Notice goes out to customers regarding contract disputes between the record companies.

    i.) 5 Months. Customers begin organizing a class action lawsuit against Yahoo and Napster. People complain that having their content stop working is unacceptable and that the devices that were purchased to use with the services are useless if the services simply do not have the latest new music that they signed up for. The growing dispute between developers and content providers due to the platform hole has turned into a mainstream joke. Even shows like the Tonight Show and the Conan O'Brien show have begun quipping takes on the name "PlaysForSure".

    j.) 5 Months, 2 weeks. Microsoft finally makes a statement regarding the DRM removal tool. "Since the launch of the PlaysForSure platform, we have been pleased with the level of adoption amongst our licensees. However, due to recent market changes, we have decided against updating the platform to circumvent software than removes our rights management. We will continue to support the software platform as originally designed, but we have determined that it is the best interests of all involved to abandon DRM as a technology. To that end, we have begun reducing our rights management staff as we concentrate on..."

    k.) 6 Months. iTunes music store is more popular than ever. As consumers discover that the Microsoft platform is in essence whithering on the vine, by-and-large, iTunes has continued to secure its foothold as the defacto standard for online music downloads. In a controversial move, Apple, in recent weeks has released non-protected content from publishers. With its unimaginable clout, Apple has pulled another power move to the chagrin of the recording industry. Having made the tools available many months prior, recent additions mark the first usage of DRM-free content on iTMS. While none of the major labels haved signed up, Independant artists are enjoying a surge of popularity as Apple iTunes affiliates begin highlighting and supporting labels that move to this strategy. This trend is exactly the form of platform pressure the studios did not want to deal with. DRM-free content only plays to Apple's strengths, as the iTunes music store continues to only support iPods.

    l.) 7 Months. Legal wrangling continues as Napster/Yahoo/Real lawsuits bring enhanced public scrutiny to the failure of the PlaysForSure platform. Rumors surface that large Mp3 player manufacturers like Creative and San Disk are preparing lawsuits. Due to the shrinking service support for such players, they are experiencing marked instability in their numbers. What was an initial spike in popularity, is now reversing direction, as manufacturers note that their products have lost the viability of their best and only music platform. While Yahoo and Napster still tout their large music libraries, news reports have been unkind in pointing out that they lack new content, and that smaller companies like eMusic continues to gain marketshare, and that the music subscription model is losing hundreds of thousands each month for the companies running them. Compared to the wealth of content flooding into iTunes, their future looks bleak.

    m.) Free software began to appear months prior, allowing users to convert "PlaysForSure" WMAs to Mp3s or AACs. Many users begin openly discussing the mass-moving their collections to other environments such as Firefox-based XUL runner SongBird and other open platforms. Assorted tutorials on how to leave the "PlaysForSure" platform show up, and some have started selling conversion tools.

    n.) 12 Months. Settlements in amounts of over hundreds of millions of dollars have been awarded to Yahoo, Rhapsody, and Napster in separate cases involving breech of contract with Microsoft. Napster continues to work with Microsoft in hoping for relief. Yahoo however, has changed its model to something similar to eMusic (subscription/limit/mp3). Rhapsody has chosen to suspend operatons of its music store pending further developments. Customers can still use their downloaded songs, but a visit to the store reveals a message that says, "Stay Tuned! Rhapsody will be back!" This message will stay in place for 4 more months, until Real Software is purchased by Apple in early 2008. Consumer class action suits against Microsoft are consolidated by a judge as the billion dollar consumer negligence case moves to trial.

    o.) Leaving its DRM hole open is heralded as one of the most deterimental company decisions in history, even beating the worldwind of problems Sony has endured (MiniDisc, CDRootKit, UMD, BlueRay, PS3).

    reply to this | link to this | view in chronology ]

    • identicon
      Wizard Prang, 8 Sep 2006 @ 10:17am

      Re: Mapping an Imaginary Future

      The problem is not that MS patched the DRM hole. THat was expected, and I have no problem with it.

      The problem is that they did it in a matter of days (as opposed to weeks or months for browser exploits), and distributed it as a Critical Security Patch (which it isn't), on its own special express lane (as opposed to waiting for Patch Tuesday).

      Fixing an exploit that will corrupt your system and wipe your data - weeks.
      Fixing an exploit that allows users to enjoy DRM-free content - days
      Keeping your friends in the **AA happy - priceless.

      reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 8 Sep 2006 @ 7:47am

    Re: Re: The great pach work OS

    "No open source software will ever be more popular (read: widely distributed, not well-liked) than its pay-to-play counterpart." - Anonymous Coward

    Eek. Sorry to say, on that note, you couldn't be more wrong. You should define your statement if you wish to be "right". Web server software. Open source web server software. Just one example.

    http://news.netcraft.com/archives/web_server_survey.html

    Do your research. WWWWIIIIIDDDEEEE distribution, my friend.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Sep 2006 @ 12:56pm

      Re: Re: Re: The great pach work OS


      Eek. Sorry to say, on that note, you couldn't be more wrong. You should define your statement if you wish to be "right". Web server software. Open source web server software. Just one example.

      http://news.netcraft.com/archives/web_server_survey.html

      Do your research. WWWWIIIIIDDDEEEE distribution, my friend.


      Seriously? THAT'S your source?? Netcraft?? HAHAHAHAHAHAHAHHAHAHAHAHAHAHAHHAHAHA!

      You, my friend, are living in a bizarro world.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Sep 2006 @ 10:30am

    Anyone else notice cleverboy is an idiot?

    dear god, the lies and one-sided arguments he puts forth.. he's either an idiot, or an industry insider on a grassroots campaign to get people to like drm.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Sep 2006 @ 12:21pm

    Wow. M$'s trolls are workin' overtime here. Must be a pretty good job.

    reply to this | link to this | view in chronology ]

  • identicon
    CHRISMGTIS, 8 Sep 2006 @ 1:00pm

    Linux users = only a nuisance to the I.T. world. Do something productive for I.T. for once, like for instance actually having an opinion that makes sense, has a tiny bit of truth to it, or take your own advice a single moment of your life. Or you could actually admit that Linux is not the product that you claim it to be.

    reply to this | link to this | view in chronology ]

  • identicon
    Cleverboy, 8 Sep 2006 @ 6:01pm

    Re:

    "Linux users = only a nuisance to the I.T. world." - CHRISMGTIS

    Half the time, I hear "nuissance" being substituted for the phrase "requirement to know more about my field". Often its used by lazy webmasters that say, "Firefox is a nuisance, why do I need to support that? Everyone should just use IE!" If a platform offers ADVANTAGE and is not simply a crutch for a user that doesn't want to standardize to an equally capable universal platform, then I think there's a good case for giving it the respect and credit it deserves.

    Looking at my server error logs, it would seem that Windows is a nuissance to the IT world. What with the armies of zombie machines trying to run IIS exploits on your port 80 24/7. Hello... the devil u know, is still a devil.

    reply to this | link to this | view in chronology ]

  • identicon
    pulin, 21 Sep 2006 @ 8:10pm

    link plz.........

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.