The recent uproar over Sony BMG's ''rootkit-like'' software, Microsoft's WMF defect and such got me thinking about the software on my computers. The audacity of these companies to put such unwanted filth on my computers!

But truth be told, I've probably inadvertently allowed them to do so by the fine print in their End User License Agreement (EULA), right?

So what recourse do I have? That's when I was hit with a ''wouldn't it be cool if'' moment that I want to share with you all in the form of an open letter to software producers, whether they be open or closed source, commercial or freeware.

Dear Software Producer:

First and foremost, this is my computer, and the data on it belongs to me.
I purchased (or freely and legally downloaded) your software to use on my computer. But make no mistake about it... it is my computer and your software is a digital guest here. As such, I have a few basic and fair rules of conduct I require you to follow. They are as follows:
  • Your software may be installed in the location(s) I designate and nowhere else. All of the components of your software must remain completely visible to me. That also means you may not install anything without my permission, including ''rootkit-type'' software technologies to hide your software or any component of it, making it difficult for me to remove;
  • When and if I remove your software, I want to remove every single digital remnant of it, but not my own data. My computer should be essentially identical before I install your software as after I remove it. Every file, every environment variable, every registry key, etc., must be removed when I remove your software;
  • Your software may not open pop-up windows, advertisements, etc., without my permission. Any and all advertising needs to be ''opt in'' and not ''opt out'';
  • My data belongs to me. It is not yours to peruse, include in debug dumps, etc. You will treat my data with the respect a good guest would treat my belongings in my home;
  • You may not ''phone home''. If you have a requirement to connect to the mother ship for some reason, then I want to be informed and explicitly consent to it. And even then, I want to have visibility into and veto authority over every single byte that goes between your software and your company's computers. If I haven't explicitly allowed it, then consider it forbidden;
  • If you have an on-line software registration form to fill out, you may only provide the information I voluntarily enter for you. You may not provide any system configuration information, etc., unless you've shown me what you want to send back and I've explicitly approved it;
  • Updates and security patches are fine (thank you), but I want to be fully informed and asked if it's OK to proceed. In the event of a security or functionality patch, I want to be provided with detailed information on the nature of the problem and how it may impact me before I approve its installation. If a patch then causes me grief -- for whatever reason -- I need to be able to quickly and painlessly uninstall the patch;
  • If I choose to not install your patch, I need to be able to easily isolate and disable the affected component(s) of your software, and you need to let me know what impact that decision will have on the operation of your software;
  • When you find out about a security defect in your product, I require timely notification of the problem, how it may impact me, what I need to do to protect myself in the interim between my notification and your producing a patch, and when I should expect the patch.
    In exchange for abiding by these rules of decent and honorable behavior, I agree to use only legally licensed copies of your software in compliance with your customary terms.
    This is, after all, my computer and my data.
    Regards,
    Computer Owner

    Now, you're probably thinking I've gone completely nuts. Perhaps you're right, but are these terms and conditions really all that unreasonable? I don't think they are at all.

    If every software producer treated their customers' computers and data as though their products are in fact guests in the computer, then I firmly believe we'd have far fewer security problems.

    For starters, Sony BMG would never have considered using ''rootkit'' technologies to hide its code. Better still, software developers would consider these terms as they're designing their software, which is likely to have precluded Microsoft's design flaw in its WMF code. (Executable code would never have been allowed to be transmitted and run via an arbitrary image file.)

    Since we're pretty much forced to live with the vendors' EULAs, then they should have to live with ours. I'm reminded of Arlo Guthrie's Alice's Restaurant. If just one of us takes this letter to our software vendors, they'll think he's nuts. But if we all do it, then they may just think it's some kind of movement. (With due apologies to Arlo...)

    I, for one, think it's about time we stand up for our software consumer rights!