VMware Prevents Some Perpetual License Holders From Downloading Patches

An anonymous reader quotes a report from The Register: Some customers of Broadcom's VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for software subscriptions. Yet many customers in this situation run products that Broadcom continues to support with patches and updates.

In April 2024, Broadcom CEO Hock Tan promised "free access to zero-day security patches for supported versions of vSphere" so customers "are able to use perpetual licenses in a safe and secure fashion." VMware patches aren't freely available; users must log on to Broadcom's support portal to access the software. Some VMware users in this situation have told The Register that when they enter the portal they cannot download patches, and that VMware support staff have told them it may be 90 days before the software fixes become available. "Because our support portal requires validation of customer entitlements for software patches, only entitled customers have access to the patches at this time," a VMware spokesperson said. "A separate patch delivery cycle will also be available for non-entitled customers and will follow at a later date."

The timing of that "later date" remains uncertain. The Register also notes that "users haven't had access to patches since May."

Flee the boat

[courteaudotbiz]

Flee the VMWare boat if you haven't done it yet. It's not as if there weren't any alternatives, ranging in price from free to less expensive than what these bums offer.

Re:

[Anonymous Coward]

grammar and capital letters are tools of systemic oppression, fascist.

Re:

[Z00L00K]

We have a few servers with perpetual licenses at work, but they are so old that there aren't any patches for them anymore.

At least they are behind a few firewalls.

Sue you over it

[EvilSS]

And they will threaten to sue you over it if they think you got the patches through other means: https://arstechnica.com/gadget... [arstechnica.com]

The letter: https://cdn.arstechnica.net/wp... [arstechnica.net]

The only good thing(quite possibly a mistake)

[fuzzyfuzzyfungus]

The only nice thing I can say about Broadcom's support portal(which is shit regardless of what 'entitlements' it thinks your account has) is that it treats the SHA hashes as being on the public side of the paywall for any downloads that require a signed in account and specific blessings of that account; rather than putting the SHA and the download link on the same paywalled page.

This makes getting the binary from someone more competent and then checking its legitimacy considerably easier.

Updates?

[anonymouscoward52236]

Oh, you wanted updates with that? Yeah, we're only offering immediately available updates now with our Ultra Plus Premium Prime subscribers. Please talk to one of our sales sharks that can craft you a price if you need that.

Re:

[omnichad]

Correct me if I'm wrong but it seems like the subscription they require would include the software they already own perpetually. Or at least that might be the cheapest option for an eligible subscription.

Re:

[HiThere]

Depends on how you count the cost. To me it seems the cheapest option is to switch vendors. (OTOH, it's been decades since I used VMWare.)

Remind me again

[phantomfive]

Remind me again why people use VMWare, and not any of the much cheaper/better alternatives?

Re:Remind me again

[omnichad]

That's the cycle, though. The cheaper/better alternatives get a bunch of subscribers, then they get a bunch of capital through investors, and then the investors cash out by going public before it is later sold out to private equity and they go into the extortion phase. That's when people look for cheaper/better again.

Re:

[drinkypoo]

Hence why you go looking for the FOSS alternative. Libvirt does most of what vmware does (migrations and such) so unless you need performant graphics for Windows guests most orgs could switch to it.

Re:Remind me again

[Chris Mattern]

Because they got it when it was pretty much the best alternative, and wasn't much more expensive. Then Broadcom bought it, leaving them staring at a massive migration project to get out.

Re:

[Ritz_Just_Ritz]

There are companies out there that have decided (in the short run) that it's cheaper to pay the extortion money than it is to migrate their environments to another software stack. Broadcom will keep turning the screws on renewal and subscription prices and bundle in "shelf ware" to somehow justify the rent-seeking behavior.

Eventually, even the hold outs will cut and run as they notice they are not getting the same level of support they got prior to the acquisition.

Re: Remind me again

[dj245]

My understanding of the situation is that a lot of shops didn't have time to migrate and the shortest support contract was 2-3 years. A lot of customers will be using that time to implement something else.

Re:

[phantomfive]

My understanding of the situation is that a lot of shops didn't have time to migrate and the shortest support contract was 2-3 years.

What value does a support contract from VMWare have?

Re:

[omnichad]

Previously, I'm sure it meant access to security updates.

Re:

[gweihir]

People are generally stupid and cannot do fact-checking or long-term planning or react competently to changed circumstances.

Some organizations moved off VMWare after having one look at Broadcom and these organizations seem to be doing fine.

Re:

[wonky_admin]

There are some products out there that are only certified to run on VMWare if you're virtualizing.

Re:

[phoenix321]

Corporate culture x boomer mindset.

Boomers usually buy the cheapest thing if it is generic, but boomers recoil in existential horror from dropping a trusted brand name.

Corporate culture amplifies that risk aversion 100x so that even other gen people fear making a switch like this somewhere.

Try getting a person over 60-65 to change their phone or ISP contract, drop cable or landline, buy a car from a different brand or whatever. They will protest loudly and probably refuse to do that.

And that generation curr

Enforcing the 2nd law of thermodynamics

[registrations_suck]

Broadcom is just enforcing the SLoTD and not allowing those customers to get something for nothing.

Use your perpetual license to the software to have. You want updates? Fuck you, pay me.

Meanwhile

[Neeko110]

All of my previous vmware customers that are using Proxmox couldn't be happier.

Hey Broadcom

[FudRucker]

What part of "perpetual" dont you understand? It means the EULA licence does not ever expire so VMWare should be obligated to keep it patch indefinitely for free, the customer paid for the software now support your software or get sued.

Re:

[Coopjust]

Perpetual licensing and software maintenance (particularly in enterprise software) have never been the same thing. You can take the Windows 95 or Windows XP Pro license you bought decades ago and you have the right to perpetually use the software, even today (and some places still do due to niche incompatible hardware/software), and the EULA you have with Microsoft gives you that right. But Microsoft is not developing new security patches for Win95/XP today.

You are not automatically entitled to support/m

Also known as

[Unpopular Opinions]

Ransom.

Indistinguishable from Sabotage

[bill_mcgonigle]

If Proxmox et. al. had a mole inside Broadcomm they couldn't do much better.

Perpetual License?

[cresdon]

Shouldn't these customers be able to sue VMWare for damages and for VMWare to comply with the terms of the license? It seems really stupid that a company can enforce the terms of a license that a customer agreed but then a customer cannot. Aren't these licenses supposed to be a binding contract between vendor and customer?
What's so special about these VMWare licenses that allow them to renege on providing perpetual license holders with security updates simply because they want them to sign up for subscrip