US-CERT Cyber Security Tip ST05-005 -- Reviewing End-User License Agreements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      Cyber Security Tip ST05-005
                 Reviewing End-User License Agreements

   Before accepting an end-user license agreement, make sure you
   understand and are comfortable with the terms of the agreement.

What is an end-user license agreement?

   An end-user license agreement (EULA) is a contract between you and the
   software's  vendor  or developer. Some software packages state that by
   simply  removing  the  shrink-wrap  on  the  package, you agree to the
   contract. However, you may be more familiar with the type of EULA that
   is  presented as a dialog box that appears the first time you open the
   software.  It  usually  requires  you  to accept the conditions of the
   contract  before  you  can  proceed.  Some EULAs only apply to certain
   features  of  the  software,  so  you may only encounter them when you
   attempt to use those features.

   Unfortunately,  many users don't read EULAs before accepting them. The
   terms  of  each contract differ, and you may be agreeing to conditions
   that  you  later  consider unfair or that expose you to security risks
   you didn't expect.

What terms may be included?

   EULAs  are  legal  contracts,  and the vendor or developer may include
   almost  any conditions. These conditions are often designed to protect
   the  developer  or vendor against liability, but they may also include
   additional terms that give the vendor some control over your computer.
   The following topics are often covered in EULAs:
     * Distribution - There are often limitations placed on the number of
       times  you  are  allowed  to install the software and restrictions
       about  reproducing  the  software  for  distribution (see Avoiding
       Copyright   Infringement  for  more  information  about  copyright
       issues).
     * Warranty  -  Developers  or vendors often include disclaimers that
       they are not liable for any problem that results from the software
       being  used  incorrectly.  They  may  also protect themselves from
       liability for software flaws, software failure, or incompatibility
       with other programs on your computer.

   The  following  topics,  while  not  standard,  are  examples of other
   conditions  that  have  been  included in EULAs. They present security
   implications that you should consider before accepting the agreement.
     * Monitoring  -  Agreeing to the EULA may give the vendor permission
       to  monitor your computer activity and communicate the information
       back  to  the  vendor or to another third party. Depending on what
       information is being collected, this type of monitoring could have
       both security and privacy implications.
     * Software  installation  -  Some  agreements  allow  the  vendor to
       install  additional  software  on  your computer. This may include
       updated  versions  of  the  software  program  you  installed (the
       determination  of which version you are running may be a result of
       the  monitoring  described  above).  Vendors  may also incorporate
       statements  that  allow  them  or  other  third parties to install
       additional  software  programs on your computer. This software may
       be  unnecessary, may affect the functionality of other programs on
       your computer, and may introduce security risks.
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-005.html>
 

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR877m/RFkHkM87XOAQKHSggAi9vfljVt9zzndVmnVSZsJE9VJOAo4pjb
FwvKZYffzXBx5dJculb1J3m38+C7b/sCzE4U25PTq7iH8naGg3PyCWhO+Hp0F46y
xH+JZRHRUi9DobyWUrX5T23+9HJuOIoc5YN56+/Pe+wAoUX2Id/osvah8CjUHKUi
eXBKhd3GoXIq25AwdzhY+uAgWYovstFAeslp0iiaSCxNwvGkK+OHxLRROBMt7EQQ
41F4m+Qru829WqW2lF0ZkY5yDzCB9Jtkr8gSOdjWmZip8L/a+4A319BY7edUDqcF
sn2/hoCQmKPimkn2bS7moaxlQuqzbbHYGc/kDfvDqaY4+9EYOx9Bxg==
=ul05
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux