While spyware and adware are bad enough, there is actually a worse problem to worry about. Back doors left in programs that allow the software vendor complete access, if not complete control of a user's computer.
Microsoft is at the forefront of this movement.
When a user installs Windows XP on their system, upgrades their Windows 2000 to Service Pack 3, or even just upgrades their Windows Media Player to version 9, they all agree-- through a clickable http://www.microsoft.com/licensing/resources-- to let Microsoft have unrestricted access to their computer's hard drive. This isn't just for seeing what is on the drives, either; Microsoft has every right to change the user's hard drive contents as it sees fit, and with no liability to themselves for any damages this may cause to an end user's computer.
Part of the license agreement reads, emphasis mine: "You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer." http://www.infoworld.com/article/02/02/08/020211opfoster_1.html
Many businesses are refusing to upgrade to Service Pack 3 precisely for this reason. Businesses, however, are really the only users that read software licenses, especially clickable ones. They fear that Microsoft may use this ability to harm their business in some way, especially if they put forth a possibly competing product to one Microsoft makes (such as web browsers, email clients, user authentication software, media players, etc.)
Some businesses are actively looking for alternative networking solutions to Microsoft's products. They do not want Microsoft to have access to their networks, and as a result, their IP, customer database, and financial records. Others are just going to stay at Service Pack 2, even though SP3 fixes many possible security threats in Windows 2000.
General consumer end users, however, normally don't read these clickable licenses. It is the general consumer end user who is at most risk from Microsoft, and any other company that decides to add such a term to their license (as well as a back door into their programs).
Clickable Licenses
At this point, we've all seen them. Generally from downloads of updates from Microsoft, but also upon the instillation of many types of software from office suites to games.
Most of the consumers, however, don't read them. They simply click the "I Agree", or whatever term is used for the license in question (varies from publisher to publisher). However, this is why consumers stand to lose the most freedom and personal privacy.
So far, clickable licenses have held up in court as valid. No signature is required, but the licenses stand as long as you click the appropriate agreeing choice. Most software with such licenses will not install itself if the licenses are refused.
Even console games have similar licenses, but they are printed in the back of the instruction manual. These are considered binding as soon as you open the package.
Because most consumers don't read the licenses they are legally agreeing to, software vendors can put many things within these licenses that the consumer would most likely object to if they had read them. Back doors in programs (Windows XP, Windows 2000 SP3, Windows Media Player 9 for all versions of Windows), spyware (Kazaa, download accelerators, etc.), and adware (Kazaa, download accelerators, etc.) would normally not be agreed upon should these licenses be read.
Of course, being as the licenses are often written in legal terms, they may be somewhat hard for the average user to understand, even if they did read them.
Microsoft has stated that these wordings are purely to comply with future DRM agreements and to protect the IP of whoever owns it. The possibilities, however, are far more onerous.
Digital Rights Management
DRM is the new buzzword around corporate headquarters around the world. With the popularity of file sharing not dwindling down, content owners are ever increasing their desire to strictly control their property. And end user be damned if necessary.
The Recording Industry Association of America, or the RIAA for short, recently tried to get a proposal passed that would allow them to do almost anything short of sending computer viruses to users computers, to try and stop the use of file sharing programs. The proposal asked for the right to send Denial of Service attacks against file sharing networks (DoS); posting false MP3 files with no sound, or corrupted data, with the hopes that people would end up downloading them instead of the real MP3s of the songs; or even programs that would allow the RIAA access to people's computers to erase the traded MP3s.
Microsoft has been another leader in arguing that DRM protocols must be put in place in order to allow copyright holders the ability to control who uses their copyrighted content, where, and when.
The Windows Media Player has, since version 7, stored a file that it periodically sends to Microsoft's servers informing Microsoft of what DVDs, and CDs an end user uses with the program. It also uses an early form of DRM protocols which disable the use of WMA files ripped with the player to work on another computer (files may be re-burned onto CD for use in audio CD players, however).
With the release of Windows XP, Microsoft went a few steps further.
Using the new Product Activation feature in Windows XP, Microsoft has the ability to deny users the right to even boot up their own computer. Should you make a certain amount of hardware changes to your computer (for the purpose of upgrades, for example), then Windows XP will simply not boot up. Instead, you must contact Microsoft and get a new product activation code to allow the software to work. The stated reason for this is to keep users bound to the 1 machine per license Microsoft strongly enforces; if you make too many hardware changes, Windows XP assumes you have tried to put it on a second computer without buying a new license.
If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you open a file or program. The purpose of this is to allow Microsoft to see what files or programs you are opening. It doesn't send a copy of the file, but it informs Microsoft of the file name and extension (.exe, .jpg, .mov, .mp3, etc.).
Adding this to their back door, and Microsoft now has the ability to enforce DRM upon consumers. Whether the consumer wants it or not.
Using their proprietary DRM protocol, http://www.microsoft.com/presspass/features/2002/jul02/07-01palladium.asp [Palladium], Microsoft hopes to entrench all users in the use of DRM signed media. This has content holders overjoyed, while privacy and fair use rights, and other civil rights activists outraged.
Part of the problem comes from the potential for Palladium to be used to further Microsoft's own agenda. Through the use of Palladium, it has been theorized that Microsoft could lock users out of their own created content. And Microsoft wouldn't be the only ones doing so.
Possible harmful uses for Palladium include:
In other words, the theory is that Microsoft has basically sold the federal government the ability to spy on its citizenry whenever it wishes, and in a way they might not have easily been able to do before.
Other countries have also theorized this, hence the apparent large undertaking by many foreign governments to remove all versions of Windows from their official computers and networks. These governments include Peru, China, Germany, and France. They figure that if the US government can use Windows to spy on its own citizens, then surely the US government could do the same to them? They also aren't exactly excited at the prospect of Microsoft also having free access to their governments' official computers.
Microsoft's next operating system, currently code named Longhorn, will be a fully Palladium compliant OS. In order to utilize this OS, businesses and consumers must purchase Palladium compliant motherboards, which contain an extra chip to utilize Palladium, currently called "Fritz".
Microsoft is also heavily lobbying for a bill called the UCITA (The Uniform Computer Information Transactions Act), which would make software licenses binding, even if the end user is not allowed to see them. The UCITA could then be used to allow program vendors to insert clauses in the license making it a violation of the license to even criticize the program or company in print or in public; allow vendors to change the terms of the license and make it retroactively take effect; or install backdoors into programs that would allow the vendor to be able to seize control of the end users computer whenever they wish. See links at the bottom of this article for more information on the UCITA.
It should be noted, however, that many groups oppose the UCITA, including the American Bar Association, The American Library Association, and the Computer Professionals for Social Responsibility. The bill has also failed to pass in many states; only Virginia and Maryland have passed versions of it. 26 State Attourney Generals also oppose the bill.
Possible Solutions