Patch Licenses Pose Hard Choices

With its new focus on security, Microsoft has been encouraging customers to install service packs, security roll-ups, and patches to fix Windows security bugs. But before customers can install these updates, they must agree to their supplemental End User License Agreements (EULAs), which often place new terms and conditions on the use of the software being patched. These Supplemental EULAs increasingly pose a dilemma for customers: agree to a contract that they may not fully understand, that removes rights that they previously had, and that they might not be able to comply with or continue to live with a security vulnerability. While Microsoft cannot wholly eliminate Supplemental EULAs, the company could take several steps to ease the dilemma they pose.

A Contract for Rights to Software

At the core of the dilemma is the EULA, a contract between the customer or user and Microsoft that governs the customer’s use of Microsoft software. The fundamental task of the EULA is to protect Microsoft’s intellectual property, which in turn is central to its ability to do business. For example, every Microsoft operating system (OS) includes a base or initial Product EULA covering the OS—typically, Microsoft includes a notice on the box or with the distribution media (such as the CD-ROM or diskette) indicating that customers must accept the enclosed license agreement (the Product EULA) before using the OS. There is also typically a written copy of this Product EULA in the box or accompanying the distribution media.