-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-005
Reviewing End-User License Agreements
Before accepting an end-user license agreement, make sure you
understand and are comfortable with the terms of the agreement.
What is an end-user license agreement?
An end-user license agreement (EULA) is a contract between you and the
software's vendor or developer. Some software packages state that by
simply removing the shrink-wrap on the package, you agree to the
contract. However, you may be more familiar with the type of EULA that
is presented as a dialog box that appears the first time you open the
software. It usually requires you to accept the conditions of the
contract before you can proceed. Some EULAs only apply to certain
features of the software, so you may only encounter them when you
attempt to use those features.
Unfortunately, many users don't read EULAs before accepting them. The
terms of each contract differ, and you may be agreeing to conditions
that you later consider unfair or that expose you to security risks
you didn't expect.
What terms may be included?
EULAs are legal contracts, and the vendor or developer may include
almost any conditions. These conditions are often designed to protect
the developer or vendor against liability, but they may also include
additional terms that give the vendor some control over your computer.
The following topics are often covered in EULAs:
* Distribution - There are often limitations placed on the number of
times you are allowed to install the software and restrictions
about reproducing the software for distribution (see Avoiding
Copyright Infringement for more information about copyright
issues).
* Warranty - Developers or vendors often include disclaimers that
they are not liable for any problem that results from the software
being used incorrectly. They may also protect themselves from
liability for software flaws, software failure, or incompatibility
with other programs on your computer.
The following topics, while not standard, are examples of other
conditions that have been included in EULAs. They present security
implications that you should consider before accepting the agreement.
* Monitoring - Agreeing to the EULA may give the vendor permission
to monitor your computer activity and communicate the information
back to the vendor or to another third party. Depending on what
information is being collected, this type of monitoring could have
both security and privacy implications.
* Software installation - Some agreements allow the vendor to
install additional software on your computer. This may include
updated versions of the software program you installed (the
determination of which version you are running may be a result of
the monitoring described above). Vendors may also incorporate
statements that allow them or other third parties to install
additional software programs on your computer. This software may
be unnecessary, may affect the functionality of other programs on
your computer, and may introduce security risks.
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-005.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR877m/RFkHkM87XOAQKHSggAi9vfljVt9zzndVmnVSZsJE9VJOAo4pjb
FwvKZYffzXBx5dJculb1J3m38+C7b/sCzE4U25PTq7iH8naGg3PyCWhO+Hp0F46y
xH+JZRHRUi9DobyWUrX5T23+9HJuOIoc5YN56+/Pe+wAoUX2Id/osvah8CjUHKUi
eXBKhd3GoXIq25AwdzhY+uAgWYovstFAeslp0iiaSCxNwvGkK+OHxLRROBMt7EQQ
41F4m+Qru829WqW2lF0ZkY5yDzCB9Jtkr8gSOdjWmZip8L/a+4A319BY7edUDqcF
sn2/hoCQmKPimkn2bS7moaxlQuqzbbHYGc/kDfvDqaY4+9EYOx9Bxg==
=ul05
-----END PGP SIGNATURE-----
