Vista's EULA
Monday 30th October, 2006 10:38 Comments: 24
I was reading "Surprises Inside Microsoft Vista's EULA" by Scott Granneman, and he normally writes some good stuff, but he's clearly shot himself in the foot at one point in this article:
If you're like many security professionals, you may not run Windows as your main OS, but you have to use it for testing purposes. In cases such as that, virtualization is the perfect answer. Fire up VMWare or Parallels, open up your image of Windows XP, and let 'er rip. In cases like that, the Home edition of XP was perfect: a lot cheaper than XP Pro, and still close enough that your testing was valid.
Things will be different with Vista. Buried deep in the back of the EULA, in the sections titled "MICROSOFT WINDOWS VISTA HOME BASIC" and "MICROSOFT WINDOWS VISTA HOME PREMIUM," are two identical clauses:
4. USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.
So you can't create a virtual image using Home Basic ($199) or Home Premium ($239). However, the EULA does allow you to use Vista Business ($299) or Vista Ultimate ($399). Hmmm... I wonder why? It couldn't possibly be because those editions cost more, could it? Wanna bet? The fact that there aren't any technical restrictions in place to prevent users from loading Home editions into VMWare, only legal and support barriers, sure lends credence to that supposition.
Well hang on a minute, you can install them under a virtual machine. It says "You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system" but Scott said at the top "If you're like many security professionals, you may not run Windows as your main OS, but you have to use it for testing purposes. In cases such as that, virtualization is the perfect answer." Well if you're not using that version of Windows Vista as your main OS (perhaps you're using Slackware Linux and VMWare Server as they're both free and legal?) then you won't be installing the software on the licensed device, you'll be doing a single install within a virtual hardware system (i.e. using the license once). Therefore it's fine. It's only if you install Vista Home Basic and then try to install it again in a virtual machine that it's an issue. What people don't seem to realise is that the new EULA allows an additional installation of Windows under a virtual machine; the old one would have insisted on your paying for a second copy of Windows XP.
If you're like many security professionals, you may not run Windows as your main OS, but you have to use it for testing purposes. In cases such as that, virtualization is the perfect answer. Fire up VMWare or Parallels, open up your image of Windows XP, and let 'er rip. In cases like that, the Home edition of XP was perfect: a lot cheaper than XP Pro, and still close enough that your testing was valid.
Things will be different with Vista. Buried deep in the back of the EULA, in the sections titled "MICROSOFT WINDOWS VISTA HOME BASIC" and "MICROSOFT WINDOWS VISTA HOME PREMIUM," are two identical clauses:
4. USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system.
So you can't create a virtual image using Home Basic ($199) or Home Premium ($239). However, the EULA does allow you to use Vista Business ($299) or Vista Ultimate ($399). Hmmm... I wonder why? It couldn't possibly be because those editions cost more, could it? Wanna bet? The fact that there aren't any technical restrictions in place to prevent users from loading Home editions into VMWare, only legal and support barriers, sure lends credence to that supposition.
Well hang on a minute, you can install them under a virtual machine. It says "You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system" but Scott said at the top "If you're like many security professionals, you may not run Windows as your main OS, but you have to use it for testing purposes. In cases such as that, virtualization is the perfect answer." Well if you're not using that version of Windows Vista as your main OS (perhaps you're using Slackware Linux and VMWare Server as they're both free and legal?) then you won't be installing the software on the licensed device, you'll be doing a single install within a virtual hardware system (i.e. using the license once). Therefore it's fine. It's only if you install Vista Home Basic and then try to install it again in a virtual machine that it's an issue. What people don't seem to realise is that the new EULA allows an additional installation of Windows under a virtual machine; the old one would have insisted on your paying for a second copy of Windows XP.
Yamahito - Monday 30th October, 2006 12:18 I don't know, Rob - what does that phrase 'licensed device' mean... It does SOUND like they're saying that you can only install windows on the licensed device, and that virtual machines are NOT licensed devices...
If this guy Scott is right, microsoft are being bastards. If you are, it comes back to innaccurate legalese, and that's pretty much as bad; if I were consulting a company who used virtualisation I would be advising them to err on the side of caution on this one.
If this guy Scott is right, microsoft are being bastards. If you are, it comes back to innaccurate legalese, and that's pretty much as bad; if I were consulting a company who used virtualisation I would be advising them to err on the side of caution on this one.
Any chance of an edit link, btw? That should have read 'only install windows on a licensed device' rather than 'the'
I've also spotted (when I saw the article on The Register just now), he mentions:
Note: Another group that's going to suffer under these outrageous restrictions on virtualization? Web developers, who just want to test their work under IE. Gee, thanks, Microsoft!
Well why would you need a virtual installation to test work on IE? IE7 is available natively on XP, you don't gain anything by using Vista and its new EULA.
Maybe he's talking about IIS? Aside from Starter or Home Basic, Vista brings in a proper version of IIS7, the only restriction for Pro/Ultimate compared to Longhorn Server's IIS7 is the number of simultaneous requests: http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=1100
That might not sound like a lot, but bear in mind that's requests (and they queue!), not concurrent connections. Bill Staples got nearly 4000 requests per second when testing an application with WCat (from the IIS6 reskit) using IIS 7 on Vista: http://blogs.iis.net/bills/archive/2006/10/23/How-I-fell-in-love-with-Vista-this-weekend-_2800_or-why-you_2700_re-gonna-love-IIS7_2F00_Vista-for-Web-development_2900_.aspx
This is a lot better than before, where the only way to test IIS6 applications was to run them on Windows Server 2003 (Web Edition is cheapest), which is quite expensive to purchase.
Note: Another group that's going to suffer under these outrageous restrictions on virtualization? Web developers, who just want to test their work under IE. Gee, thanks, Microsoft!
Well why would you need a virtual installation to test work on IE? IE7 is available natively on XP, you don't gain anything by using Vista and its new EULA.
Maybe he's talking about IIS? Aside from Starter or Home Basic, Vista brings in a proper version of IIS7, the only restriction for Pro/Ultimate compared to Longhorn Server's IIS7 is the number of simultaneous requests: http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=1100
That might not sound like a lot, but bear in mind that's requests (and they queue!), not concurrent connections. Bill Staples got nearly 4000 requests per second when testing an application with WCat (from the IIS6 reskit) using IIS 7 on Vista: http://blogs.iis.net/bills/archive/2006/10/23/How-I-fell-in-love-with-Vista-this-weekend-_2800_or-why-you_2700_re-gonna-love-IIS7_2F00_Vista-for-Web-development_2900_.aspx
This is a lot better than before, where the only way to test IIS6 applications was to run them on Windows Server 2003 (Web Edition is cheapest), which is quite expensive to purchase.
//Well why would you need a virtual installation to test work on IE?//
If you were developing on a non windows platform?
If you were developing on a non windows platform?
I don't know, Rob - what does that phrase 'licensed device' mean... It does SOUND like they're saying that you can only install windows on the licensed device, and that virtual machines are NOT licensed devices...
The way I read it, you can install Windows Vista Home Basic and Premium (with a valid license) on a device (as in real computer, no virtual/emulated hardware), but you may not use the same software (and product key) to install it again within a virtual machine on that device. If that weren't the case, why not explicitly say something like "You may not use or install the software within a virtual (or otherwise emulated) hardware system"? You have to allow it to be legally installed in some form in a virtual machine, so researchers can safely test malware.
The way I read it, you can install Windows Vista Home Basic and Premium (with a valid license) on a device (as in real computer, no virtual/emulated hardware), but you may not use the same software (and product key) to install it again within a virtual machine on that device. If that weren't the case, why not explicitly say something like "You may not use or install the software within a virtual (or otherwise emulated) hardware system"? You have to allow it to be legally installed in some form in a virtual machine, so researchers can safely test malware.
//but you may not use the same software (and product key) to install it again within a virtual machine **on that device**// (my emphasis)
I may be missing something, but where does it say that? It talks about 'the software installed on the licensed device' but I think that's just legalese for 'this copy of windows' - it doesn't refer to where you run the virtualisation at all...
I may be missing something, but where does it say that? It talks about 'the software installed on the licensed device' but I think that's just legalese for 'this copy of windows' - it doesn't refer to where you run the virtualisation at all...
//Well why would you need a virtual installation to test work on IE?//
If you were developing on a non windows platform?
Assuming my assumption is wrong, you could still legally install XP and IE7 under a virtual machine to perform testing. But if I'm right, then you'd be installing Windows in a virtual machine that isn't running that copy anywhere else, which is allowed. It seems like a lot of hassle to give each developer a full copy of Windows, instead of access to a Terminal Server box or even a single Windows XP Pro PC on the domain (and let Linux users use rdesktop).
If a site is well designed (doesn't use poorly-supported stuff, isn't overly complex) it shouldn't have any trouble with IE; the only sites I see that seem to have trouble with different browsers tend to be designed with things like Microsoft products (i.e. Visual Studio, a Windows only product).
If you were developing on a non windows platform?
Assuming my assumption is wrong, you could still legally install XP and IE7 under a virtual machine to perform testing. But if I'm right, then you'd be installing Windows in a virtual machine that isn't running that copy anywhere else, which is allowed. It seems like a lot of hassle to give each developer a full copy of Windows, instead of access to a Terminal Server box or even a single Windows XP Pro PC on the domain (and let Linux users use rdesktop).
If a site is well designed (doesn't use poorly-supported stuff, isn't overly complex) it shouldn't have any trouble with IE; the only sites I see that seem to have trouble with different browsers tend to be designed with things like Microsoft products (i.e. Visual Studio, a Windows only product).
I may be missing something, but where does it say that? It talks about 'the software installed on the licensed device' but I think that's just legalese for 'this copy of windows' - it doesn't refer to where you run the virtualisation at all...
A Windows license restricts you to one device (basically, one motherboard), but with certain versions of Vista you're now allowed to install additional copies under virtual/emulated hardware on the same device. This is why you can't get around it by installing Windows on one box, installing Windows on another, and then installing each other's copy in virtual machines.
A Windows license restricts you to one device (basically, one motherboard), but with certain versions of Vista you're now allowed to install additional copies under virtual/emulated hardware on the same device. This is why you can't get around it by installing Windows on one box, installing Windows on another, and then installing each other's copy in virtual machines.
You also neatly avoided answering my question: If that weren't the case, why not explicitly say something like "You may not use or install the software within a virtual (or otherwise emulated) hardware system"? ;)
I find the whole thing very odd personally. As you know I have two PCs (which I built myself OEM) thus my question is why the **** should I have to buy two copies of Vista rather than use one copy legit for two machines? It is like selling someone a music CD and telling them they can only use it on the hi fi in the living, not in a car, PC or walkman. Beyond piracy, copyright or code hacking, Microsoft should have no right to tell me how I use what I purchased (subject to national law and safety considerations)
Er, because you've got a license to use one copy of Windows on one PC?
You are allowed to use your one CD in the hifi, in the car, or on a PC, because you can't use it on all of them at the same time as you have one physical item - copying that CD so you can simultaneously play it on more than one device is typically (depending on the licence) illegal, and you're not usually technically allowed to rip it to MP3 either.
That is what a licence does, it tells you exactly how you're allowed to use what you have "purchased". If you don't like the licence then don't buy it, vote with your feet. It's the same reason why you're granted things like a non-exclusive licence to reproduce stock photos, and why you have to pay more for an exclusive licence.
If the licence wasn't there you could do whatever you like with it, and Microsoft would not make money. Businesses like to make money. Without money they can't pay wages. And most people like having well paid jobs. You have to protect your intellectual property somehow, and that's why you have licences.
You are allowed to use your one CD in the hifi, in the car, or on a PC, because you can't use it on all of them at the same time as you have one physical item - copying that CD so you can simultaneously play it on more than one device is typically (depending on the licence) illegal, and you're not usually technically allowed to rip it to MP3 either.
That is what a licence does, it tells you exactly how you're allowed to use what you have "purchased". If you don't like the licence then don't buy it, vote with your feet. It's the same reason why you're granted things like a non-exclusive licence to reproduce stock photos, and why you have to pay more for an exclusive licence.
If the licence wasn't there you could do whatever you like with it, and Microsoft would not make money. Businesses like to make money. Without money they can't pay wages. And most people like having well paid jobs. You have to protect your intellectual property somehow, and that's why you have licences.
Sure I understand the protecting money thing, but surely Microsoft are just taking it too far? Even Valve had a better approach for playing CSS while protecting their game - you could install the game on as many machines as you wanted, but only one could go online at any one time except for those who ran a dedicated server on a licence key. M$ want you to buy brand new PCs and pay more than once for the same product, it is just too greedy! Yama is right to be thinking about a Mac, it is becoming more and more tempting, I would certainly think about it if I get a laptop.
Valve also insists on an internet connection and the installation of updates before you can play a game (remember how we couldn't play CS:S that bank holiday weekend?). Are you really advocating that Microsoft stop you from using your computer until you've downloaded and installed all their updates? Are you going to insist on all Microsoft PCs being connected to the net at all times, so they can keep track? I can see why people think they are taking it a shade too far, especially with Office Genuine Advantage coming out etc., but there is a lot of piracy going on and this is the only way to reduce it.
For legitimate users none of this is really an issue, home users don't typically need virtualisation, business users can write it off as an expense that is a fraction of their other operating costs. For geeks that build their own and have more than one PC it may be annoying not to be able to reuse a licence, but that's just the way it is. It stops someone buying one copy and installing it on 4-5 PCs so they can use it on their laptop, their computer and their kid's computers. The alternative is they increase the cost of the OS to compensate for piracy.
For legitimate users none of this is really an issue, home users don't typically need virtualisation, business users can write it off as an expense that is a fraction of their other operating costs. For geeks that build their own and have more than one PC it may be annoying not to be able to reuse a licence, but that's just the way it is. It stops someone buying one copy and installing it on 4-5 PCs so they can use it on their laptop, their computer and their kid's computers. The alternative is they increase the cost of the OS to compensate for piracy.
//You also neatly avoided answering my question: If that weren't the case, why not explicitly say something like "You may not use or install the software within a virtual (or otherwise emulated) hardware system"? ;)//
Well, thanks for the 'neatly' ;)
Actually I don't think I was avoiding it - I was trying to say that that's what it *was* saying... I think the whole 'licensed device' thing is legalese to help MS bundle windows with pre-made machines; I don't think it's in their game plan for people like you or me (i.e. IT pro types who build their own (virtual)machines) to *ever* buy one of these licenses.
As for the being explicit thing, I've been asking myself the same question of MS since these EULAs were announced... :op
Well, thanks for the 'neatly' ;)
Actually I don't think I was avoiding it - I was trying to say that that's what it *was* saying... I think the whole 'licensed device' thing is legalese to help MS bundle windows with pre-made machines; I don't think it's in their game plan for people like you or me (i.e. IT pro types who build their own (virtual)machines) to *ever* buy one of these licenses.
As for the being explicit thing, I've been asking myself the same question of MS since these EULAs were announced... :op
Perhaps people are being too paranoid? The rest of their licence (or at least most of it) is written in pretty clear English. If they didn't want people installing those versions in a virtual machine then they probably would have said that, I think they would otherwise have omitted "installed on the licensed device" from the sentence.
Until that EULA appeared, users were forced to purchase additional licences for use in virtual machines, so rather than restrict Windows to pre-made machines, they're now allowing users to install a second copy of their OS within a virtual machine running inside the first copy. I can understand why Microsoft's generosity may be misunderstood, people aren't used to them "being nice". But they're only doing it to help get into the virtualisation market.
Until that EULA appeared, users were forced to purchase additional licences for use in virtual machines, so rather than restrict Windows to pre-made machines, they're now allowing users to install a second copy of their OS within a virtual machine running inside the first copy. I can understand why Microsoft's generosity may be misunderstood, people aren't used to them "being nice". But they're only doing it to help get into the virtualisation market.
Perhaps we are being a little paranoid, but there is room in that vaguity for us to be paranoid about it, and you can't deny that that's not an ideal situation, and one that MS should deal with before Vista goes live, can you?
I also don't see how what you were saying at the beginning of the thread means that they're letting people run a second copy of their OS - is this part of the EULA that hasn't been quoted here yet?
I also don't see how what you were saying at the beginning of the thread means that they're letting people run a second copy of their OS - is this part of the EULA that hasn't been quoted here yet?
I haven't quoted it yet, or double checked this fact, but I was under the impression that you could run a certain number of copies on a single system. The number I seem to recall reading a while back was a total of 4 copies using a single licence, although I believe this was for the top Business version. Whether this varies depending on the OS is another matter.
Ooh, here it is: http://msmvps.com/blogs/bradley/archive/2006/07/14/104738.aspx
Longhorn will be licensed by processor - not CAL. Longhorn will allow you to run Virtual Servers which you can load as many of as you have the horsepower to run on your processor.
Nice, eh? :D
Longhorn will be licensed by processor - not CAL. Longhorn will allow you to run Virtual Servers which you can load as many of as you have the horsepower to run on your processor.
Nice, eh? :D
Very, Very nice. But that's old news - pre the vista naming scheme, and I wouldn't regard it as gospel.
I think what MS are doing here is making the high end server editions of vista attractive to the virtual server market, not being nice to the end user. I think that's the reason they may have added this clause that we've been arguing about for the two low-end home-market versions of vista, and I think their motive is commercial. At the end of the day it's petty, but they're also still giving the public quite nice at the high-end scale, and it hardly seems illegal, so I can't say that I totally blame them.
But they still need to write clearer legalese.
I think what MS are doing here is making the high end server editions of vista attractive to the virtual server market, not being nice to the end user. I think that's the reason they may have added this clause that we've been arguing about for the two low-end home-market versions of vista, and I think their motive is commercial. At the end of the day it's petty, but they're also still giving the public quite nice at the high-end scale, and it hardly seems illegal, so I can't say that I totally blame them.
But they still need to write clearer legalese.
damn, it's obviously after the vista naming scheme on closer inspection... but it can't be much after, if they're still referring to it as longhorn...
I still prefer the name Longhorn to Vista, but that's just me. Longhorn server is basically going to be Vista without all the flashy things enabled by default (and fewer restrictions). Once Longhorn ships, they'll release Vista SP1, and then probably Longhorn Server SP1 shortly after that.
If you read The Register's letters page, another reader has noticed that it's okay to run these versions within Parallels on a Mac (for example). I suspect they thought they'd struck the right balance, but if enough people act so confused, maybe they'll rewrite it?
If you read The Register's letters page, another reader has noticed that it's okay to run these versions within Parallels on a Mac (for example). I suspect they thought they'd struck the right balance, but if enough people act so confused, maybe they'll rewrite it?
They've updated another part of the Vista EULA: http://blogs.zdnet.com/Bott/?p=166
The new license terms say: You may uninstall the software and install it on another device for your use. You may not do so to share this license between devices.
:)
The new license terms say: You may uninstall the software and install it on another device for your use. You may not do so to share this license between devices.
:)
And as for virtualisation: http://blogs.technet.com/windowsserver/archive/2006/10/17/Virtual-Hard-Disk-format-becomes-open.aspx
There were some inaccurate interpretations of the EULA in regards to was is/isn't allowed when it comes to virtualization technologies. If you read the EULA - and you're not an attorney like me or many of us out there - it's not hard to misinterpret the language. An anonymous comment to Alessandro's post shared the correct interpretation:
This does not limit your use of the software in a virtual environment. It is intended to limit your use of the same license for multiple installations. For instance, if you buy a new desktop with a copy of windows installed, you can't take that same license of Windows and install it in a virtual machine. This would be similar to not allowing you to install the same license on another machine. Ultimate edition opens up licensing and allows you to use the same license inside a virtual machine, even though the license is already installed on the physical machine.
I hope to see an official clarification from the Windows Vista team on this topic.
I've also read this somewhere:
The second bit of news here is that MSDN subscribers will have the right to run any version of Windows Vista, including Home Basic and Home Premium, in a virtual machine for development purposes. They will also be allowed to make as many copies of those virtual machines as they like, again for development purposes. That certainly makes the $699 MSDN Operating Systems subscription an attractive option for anyone whose work involves development and testing.
There were some inaccurate interpretations of the EULA in regards to was is/isn't allowed when it comes to virtualization technologies. If you read the EULA - and you're not an attorney like me or many of us out there - it's not hard to misinterpret the language. An anonymous comment to Alessandro's post shared the correct interpretation:
This does not limit your use of the software in a virtual environment. It is intended to limit your use of the same license for multiple installations. For instance, if you buy a new desktop with a copy of windows installed, you can't take that same license of Windows and install it in a virtual machine. This would be similar to not allowing you to install the same license on another machine. Ultimate edition opens up licensing and allows you to use the same license inside a virtual machine, even though the license is already installed on the physical machine.
I hope to see an official clarification from the Windows Vista team on this topic.
I've also read this somewhere:
The second bit of news here is that MSDN subscribers will have the right to run any version of Windows Vista, including Home Basic and Home Premium, in a virtual machine for development purposes. They will also be allowed to make as many copies of those virtual machines as they like, again for development purposes. That certainly makes the $699 MSDN Operating Systems subscription an attractive option for anyone whose work involves development and testing.