US-CERT Cyber Security Tip ST05-005 -- Reviewing End-User License Agreements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST05-005
                    Reviewing End-User License Agreements

   Before accepting an end-user license agreement, make sure you understand and
   are comfortable with the terms of the agreement.

What is an end-user license agreement?

   An end-user license agreement (EULA) is a contract between you and the
   software's vendor or developer. Some software packages state that by simply
   removing the shrink-wrap on the package, you agree to the contract. However,
   you may be more familiar with the type of EULA that is presented as a dialog
   box that appears the first time you open the software. It usually requires
   you  to  accept the conditions of the contract before you can proceed.
   Software updates and patches may also include new or updated EULAs that have
   different terms than the original. Some EULAs only apply to certain features
   of the software, so you may only encounter them when you attempt to use
   those features.

   Unfortunately, many users don't read EULAs before accepting them. The terms
   of each contract differ, and you may be agreeing to conditions that you
   later  consider unfair or that expose you to security risks you didn't
   expect.

What terms may be included?

   EULAs are legal contracts, and the vendor or developer may include almost
   any conditions. These conditions are often designed to protect the developer
   or vendor against liability, but they may also include additional terms that
   give the vendor some control over your computer. The following topics are
   often covered in EULAs:
     * Distribution - There are often limitations placed on the number of times
       you  are  allowed  to  install the software and restrictions about
       reproducing  the software for distribution (see Avoiding Copyright
       Infringement for more information about copyright issues).
     * Warranty - Developers or vendors often include disclaimers that they are
       not liable for any problem that results from the software being used
       incorrectly.  They  may also protect themselves from liability for
       software flaws, software failure, or incompatibility with other programs
       on your computer.

   The following topics, while not standard, are examples of other conditions
   that have been included in EULAs. They present security implications that
   you should consider before accepting the agreement.
     * Monitoring - Agreeing to the EULA may give the vendor permission to
       monitor your computer activity and communicate the information back to
       the vendor or to another third party. Depending on what information is
       being collected, this type of monitoring could have both security and
       privacy implications.
     * Software installation - Some agreements allow the vendor to install
       additional software on your computer. This may include updated versions
       of  the software program you installed (the determination of which
       version you are running may be a result of the monitoring described
       above). Vendors may also incorporate statements that allow them or other
       third parties to install additional software programs on your computer.
       This software may be unnecessary, may affect the functionality of other
       programs on your computer, and may introduce security risks.
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-005.html

     For instructions on subscribing to or unsubscribing from this mailing list, visit

     http://www.us-cert.gov/cas/signup.html.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS+HAAz6pPKYJORa3AQKQ+Qf7BwvtKcHQjh3/0kqOsP9A2/pRy9uwhRYM
4tEo0j1yshOdE36FtsS//iucSOV+q3UYTgP6ptuySsogGFe13iz57jklcq144VQ8
URlJHAkAZic5DwtmlUBREswDJHX4HssJkVDEQiElk4udLotzeU7P9IpRKbVk/oMK
uaTDVRhfo0c+oFDFMIaSeqE346txexQI/uptezN2nJ/M4hFHB/l+1eA/KEHKykyx
JMtdj550R8Hd7k4o8SlPCKWICPs3gs9XEE9yynalY2n76k5xrbv/b3Lax4n5Colh
nCfusjYTvLOHIgw2OmzhbXIj/1dOGR8Xph1Bmob5tXqgxNwbrqXuhA==
=R+bW
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux