Do You Ignore Your Software Security? Yes You Do!

Sure, you too are ignoring your software security! That is unless you are one of the 0.1 percent of users who do read the End User License Agreement (EULA, also known as software license). Otherwise, well, you sign contracts blindfolded because that box is full of legal mumbo-jumbo when you install a program… yes, it is a contract! Software security wouldn’t really be an issue if all software licenses were simple agreements setting out reasonable terms of use. Unfortunately, most are lengthy texts with legal slang that leave those few who read them bedeviled and thwarted. Some enclose terms to which the ordinary user would object if he acknowledged what he agreed to.

For example, in extension to protect against cracking, many software licenses now contribute the software company the right to gather information about your computer and have it automatically sent to the software marketer. Some, in particular software licenses for freeware, hold clauses whereby you agree to install added software you do not want, some of which conspicuous spyware or adware are ignored. As a result, one might assume that the freeware is to blame for all the bad things that have happened; however, isn’t it the end-user who doesn’t read the legal material? Who is to blame?

Either way, people do not read the EULA. When downloading and installing software, we are usually curious about what the new software will bring. That EULA is just one more thing to drop time on because it is usually not readable in a short amount of time, hence not read at all. But indeed, the next thought that then arises is: what have you agreed to when you clicked I agree? Especially with freeware, there can be an even greater problem. Freeware is not always free. Sure, it is not free to reverse engineer, modify, or redistribute freeware, but there is also the kind of freeware disguised as adware or even as spyware.

An example. Remember from about 5 years ago when Gator created a storm of protest. Its GAIN Publishing End User License Agreement stated that the user was automatically agreeing to install the GAIN AdServer software when accepting the EULA. So, the software license gave the company permission to install software that collected certain identifiable information about web surfing and computer usage. This software came immediately along with the freeware and was installed in the same process. In the end, this resulted in a display of all types of ads on the user’s computer.

Next, the EULA mentioned that Gator even unauthorized the use of popular uninstallers for their own tools on which countless people trusted to remove this unwanted stuff from their machines. But also, users were prohibited from using devices like web monitoring programs or similar on the GAIN AdServer and its messages, thus eliminating all possible control. Obviously, such clauses are no longer related to software protection against cracking and were more than a bridge too far for many users. So, if all is specified in the product’s software license, it is also what can help decide what you want to have installed or not! Indeed, especially the software balancing at the edge of legal boundaries will try to straighten out what is not completely right. And you guessed it correctly: that is most frequently revealed in the EULA.

Software

READ MORE :

Lawyers.

In lawyer terms, an End User License Agreement is a legal contract between a software application author and the software user. A license grants the user the right to use computer software in a specific and well-determined way. Usually, a EULA specifies the number of computers a user can use the software on, that reverse engineering or cracking or any other form of illegal piracy is prohibited, and any legal rights they are forfeiting by agreeing to the EULA.

The user is usually asked to check a button to accept the EULA terms or consent to it by opening the shrink-wrap on the application package or just by simply using the application. The user can refuse to agree by returning the software product for a refund or clicking I do not accept when prompted to accept the EULA during an install. The software installation is usually ended. By the way, for websites, the TOS (terms of service) is the legal counterpart from the End User License Agreement for software.

So far, all may seem quite normal. However, the software license is infamous for containing stealthy clauses maintaining preposterous restrictions on the behavior of software users whilst providing the software developer or vendor with highly intruding powers. For example, Microsoft software licenses give the company the right to gather information about the user’s system and its use and provide this information to other organizations.

They also grant Microsoft the right to make changes to the user’s computer without requesting permission. Now, don’t be mistaken by thinking this is a Microsoft-only affair; software licenses frequently have a clause that allows vendors to make changes to users’ systems without asking or notifying the user. Remark that is adding the bad things to software has mostly happened with freeware. However, lately, there seems to be a trend to shift those same bad habits towards shareware and trialware. Yes, the terms of service of some well-known companies have been under fire.

Possibilities.

One might get the feeling that little can be done to fight a bad EULA or TOS. Well, that is not entirely true; recently, there have been cases where popular services have changed their terms of service because of the user’s aversion for a few too flagrant terms within them. Hence, complaining does work indeed!

An example is Facebook who changed its TOS back to the old one after people complained that the terms of use suddenly said that Facebook kept all rights to the user’s content, even if he deleted his account. Another example is Google’s Chrome browser’s terms of service, which gave Google a non-exclusive right to display and distribute all content transmitted through the browser.

In fact, a basic idea behind the EULA is quite reasonable: to protect the vendor from software piracy. But the worry is that software licenses are getting more and more restricting all the time. e.g., Microsoft started in vista’s EULA to prohibit the installment in virtual machines though this is exactly what researchers and reviewers are using all the time.

Recently, the trend to include more and more limitations on what users can do with the software they pay for has become quite distressing. Certain license agreements now disallow users from releasing or publishing information about the functioning of the software. That effectively prevents reviewers and software security experts from reporting about their experiences with a specific piece of software. Such determinations are way past protection against illegal practices.

The solution.

It is attorney material, but you may wonder whether these licenses are legal. According to lawyers, though, most of them hold up in court, the exception being if the text is not reasonably understandable. Another exception has to do with minors who are mostly liberated from the agreements made this way.

Either way, the fact that a EULA might not be lawfully enforceable is of little comfort because it is being enforced on you whether you like it or not. Once the program is installed on your PC, the damage is done, and it doesn’t even matter if the signed contract were legally invalid. Already simply by using the computer, the user is confirming his part of the contract.

The primary idea behind the software license – creating a clear legal defense against illegal software piracy – has long been bypassed indeed. Hence, only one piece of advice can be given: throw away that blindfold, do read the EULA, and that does not apply to freeware only! Well, be warned, a click of the computer mouse could produce a good deal of trouble.

Jose Sogiros is a developer with 5 years of experience in the software protection business. Still, he is also a developer creating smart, renovating, and user-friendly developer tools to help efficiently produce better protection software. See more info on software protection [http://www.larp64.com] or for more information about anti-cracking software [http://www.larp64.com/cracking.html], hacking, and software piracy.