lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: Re: Computer Sabotage by Microsoft

Hi,

I think that this thread has done a lot to point out how *little* the
technical community understands the business and legal aspects of 
security :-)

IANAL, however I have studied contract law in America. In America, EULA 
is construed as a contract by the American courts. It is not part of a
separate contract, it is its own contract. Courts consider contracts to
be valid if, among other things, there is "bargain for legal detriment".
In this case, the court would likely construe the payment for the software
in exchange for the rights, as defined in the EULA, to be a contract,
and would consider "opening the package and using the software" as tacit
acceptance of the EULA terms and conditions. In order to win a case where
the software user was arguing the terms and conditions of the EULA, the
users would have to abstain from opening and using the software, or else
would have to *write* back to the company that made the software and
say something like "I will consider your offer, and in the meantime would
you accept *my* terms and conditions", and then enumerate those. That
action keeps the original contract *alive* as opposed to "no I won't accept
your terms and conditions", which renders the contract dead (and also 
makes it illegal for the user to use the software.

Remember, I am talking straight American law (as *I* understand it) here,
not "common sense" or "reasonable" or anything else intellectually, just
what the lawyers and the courts would say and do in a case such as this.

AFA security, I'd say that this mechanism offers t he software company a
tremendous amount of security, as long as they are willing to pay their
attorneys to fight all the people who will invariably attempt to circumvent
the EULA.

Bottom line - if you don't like the EULA, *write* them as explained above
and *don't* open or use the software, otherwise when you get dragged into
court you are not going to last very long.

G

On or about 2003.09.13 05:31:40 +0000, Ansgar Wiechers (bugtraq@...netcobalt.net) said:

> On 2003-09-12 Connor, Ethan M. W wrote:
> > If I understand things correctly,
> 
> To put it short: you don't.
> 
> > the EULA is PART of the sales contract. If you do not agree to the
> > license agreement, than the purchase never was legitimized, and
> > therefore there is no sales contract - which by the way is what
> > entitles you to a complete refund if you desire it (since legally the
> > sale never happened).
> 
> The sale *is* legal and the EULA is *not* part of it. An EULA could be
> part of the sales contract, if the contract was closed directly with
> Microsoft *and* the customer had the chance to read the EULA *before*
> closing the contract. Neither of these conditions is true.
> Microsoft sells their Product to wholesellers, they sell it to retailers
> and those sell it to customers. So Microsoft has a contract with the
> wholeseller, the wholeseller with the retailer and the retailer with the
> customer. There is _no_contract_ between Microsoft and the customer.
> Plus, german law states, that a manufacturer cannot stipulate how their
> product should be used, once they have sold it. This is called
> "Erschoepfungsgrundsatz".
> 
> > So, you can't say that the terms of the license agreement modify the
> > sales contract or prevent you from using something that is yours,
> > because there is no contract and it isn't yours.  Once you agree to
> > the EULA it is yours, but only under those conditions that you agreed
> > to.  There is no modifying of anything, and that is the rub.
> 
> You are wrong.
> 
> [...]
> > Unfortunately, like the last post says, the argument over allowing or not
> > allowing signed code to run on the Xbox is something we can all waste lots
> > of time with, and it would be really nice to do...
> 
> Right now I am not wasting my time argueing over this.
> 
> > But the future holds code updates as a regular part of a vendors
> > obligation to the end user to keep their product performing the
> > function it was sold to do.  After all, when they sold it to you they
> > have entered into the contract with you to make a product that works
> > as advertised - and I'm sure you would hold them to it. 
> 
> Please correct me, if I'm wrong, but isn't that exactly what Microsoft
> (as well as almost any other software vendor) try to rule out by their
> EULAs?
> 
> Regards
> Ansgar Wiechers
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
Gregory A. Gilliss                                    Telephone: 1 650 872 2420
Computer Engineering                                   E-mail: greg@...liss.com
Computer Security                                                ICQ: 123710561
Software Development                          WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

Powered by blists - more mailing lists