US-CERT Cyber Security Tip ST05-005 -- Reviewing End-User License Agreements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     Cyber Security Tip ST05-005 archive
                    Reviewing End-User License Agreements

   Before accepting an end-user license agreement, make sure you
   understand and are comfortable with the terms of the agreement.

What is an end-user license agreement?

   An end-user license agreement (EULA) is a contract between you and the
   software's vendor or developer. Some software packages state that by
   simply removing the shrink-wrap on the package, you agree to the
   contract. However, you may be more familiar with the type of EULA that
   is presented as a dialog box that appears the first time you open the
   software. It usually requires you to accept the conditions of the
   contract before you can proceed. Some EULAs only apply to certain
   features of the software, so you may only encounter them when you
   attempt to use those features.

   Unfortunately, many users don't read EULAs before accepting them. The
   terms of each contract differ, and you may be agreeing to conditions
   that you later consider unfair or that expose you to security risks
   you didn't expect.

What terms may be included?

   EULAs are legal contracts, and the vendor or developer may include
   almost any conditions. These conditions are often designed to protect
   the developer or vendor against liability, but they may also include
   additional terms that give the vendor some control over your computer.
   The following topics are often covered in EULAs:
     * Distribution - There are often limitations placed on the number of
       times you are allowed to install the software and restrictions
       about reproducing the software for distribution (see Avoiding
       Copyright Infringement for more information about copyright
       issues).
     * Warranty - Developers or vendors often include disclaimers that
       they are not liable for any problem that results from the software
       being used incorrectly. They may also protect themselves from
       liability for software flaws, software failure, or incompatibility
       with other programs on your computer.

   The following topics, while not standard, are examples of other
   conditions that have been included in EULAs. They present security
   implications that you should consider before accepting the agreement.
     * Monitoring - Agreeing to the EULA may give the vendor permission
       to monitor your computer activity and communicate the information
       back to the vendor or to another third party. Depending on what
       information is being collected, this type of monitoring could have
       both security and privacy implications.
     * Software installation - Some agreements allow the vendor to
       install additional software on your computer. This may include
       updated versions of the software program you installed (the
       determination of which version you are running may be a result of
       the monitoring described above). Vendors may also incorporate
       statements that allow them or other third parties to install
       additional software programs on your computer. This software may
       be unnecessary, may affect the functionality of other programs on
       your computer, and may introduce security risks.
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     This document can also be found at
 
    <http://www.us-cert.gov/cas/tips/ST05-005.html>

    Copyright 2005 Carnegie Mellon University

    Terms of use

    <http://www.us-cert.gov/legal.html>



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQiYk4BhoSezw4YfQAQJRSAf/YwwTiDH7BQGooVDw8PhlzzP64nMIvSAB
rwFJaBzCUzj1e1+m8TGYh3aT1uP5tT1tH9FlNFAD2RKCBlxht0xrtYPPu6AcXBRv
xJgebw2hRNdjqqe8zlGIGadSyHNpt6U0EiUuKQYMLNi2hTgv5A0gA6wvsKOfSu7L
66kdRyFKv4ljj0aAzAd/jgQXJtkykqynlQ4jm/HbJSVDPz0XUIO4z/k4yEB935xt
fpoU49TpQd1Aj+DpITK3AwrhNP63cJHGR8v68+1jAsEamkGmOyuQFXh8KPy2ozVR
O0U9089yQBfQnsU6jjnwOdzVqq8gwIfScFdHOvh3LgMNiRu8Yhj8xw==
=t3K9
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux