Sure you too are ignoring your software security! That is, unless you are one of the 0.1 percent of users who do read the End User License Agreement (EULA, also known as software license). Else, well, then you sign contracts blindfolded because that box full of legal mumbo-jumbo when you install a program… yes, it is a contract!

Software security wouldn’t really be an issue, if all software licenses were simple agreements setting out reasonable terms of use. Unfortunately, most are lengthy texts with legal slang that leave those few who do read them bedeviled and thwarted. Some enclose terms to which the ordinary user would object if he acknowledged what he was agreeing to. For example, in extension to protection against cracking, many software licenses now contribute the software company the right to gather information about your computer and have it automatically sent to the software marketer. Some, in particular software licenses for freeware, hold clauses whereby you agree to the installation of added software you do not want, some of it conspicuous spyware or adware ignore. As a result, one might assume that the freeware is to blame for all the bad things that have happened, however, isn’t it the end user who doesn’t read the legal material, who is to blame?

Either way, people do not read the EULA. When downloading and installing software, we are usually curious about what the new software will bring. That EULA is just one more thing to drop time on because it is usually not readable in a short amount of time, hence not read at all. But indeed, the next thought that then arises is: what have you agreed to when you clicked I agree?

Especially with freeware, there can be an even greater problem. Freeware is not always free. Sure, it is not free to reverse engineer, modify, or redistribute freeware, but there is also the kind of freeware that is disguised as adware or even as spyware.

An example.

Remember from about 5 years ago when Gator created a storm of protest. Its GAIN Publishing End User License Agreement stated the user was automatically agreeing with also installing the GAIN AdServer software when accepting the EULA. So, the software license gave the company permission to install software that collected certain identifiable information about web surfing and computer usage. This software came immediately along with the freeware and was installed in the same process. At the end, this resulted in a display of all types of ads on the user’s computer.

Next the EULA mentioned that Gator even unauthorized the use of popular uninstallers for their own tools on which countless people trusted to remove this unwanted stuff from their machines. But also, users were prohibited from using devices like web monitoring programs or similar on the GAIN AdServer and its messages, thus eliminating all possible control. Obviously, such clauses are no longer related to software protection against cracking and were more than a bridge too far for many users.

So, if all is specified in the product’s software license, then it is also what can help decide about what you want to have installed, or not! Indeed, especially the software balancing at the edge of legal boundaries will try to straighten out what is not completely right. And you guessed it correctly: that is most frequently revealed in the EULA.

Lawyers.

In lawyer terms, an End User License Agreement is a legal contract between a software application author and the software user. It is a license that grants the user the right to use a computer software in a specific and well determined way. Usually, a EULA specifies the number of computers a user can use the software on, that reverse engineering or cracking or any other form of illegal piracy is prohibited, and any legal rights they are forfeiting by agreeing to the EULA. The user is usually asked to check a button to accept the terms of the EULA, or is supposed consenting it by opening the shrink wrap on the application package, or even just by simply using the application. The user can refuse to enter into the agreement by returning the software product for a refund or by clicking I do not accept when prompted to accept the EULA during an install in which case the software installation is usually ended. By the way, for websites, the TOS (terms of service) is the legal counterpart from the End User License Agreement for software.

secuity
security

 

So far, all may seem quite normal, however, the software license is infamous for containing stealthy clauses maintaining preposterous restrictions on the behaviour of software users whilst providing the software developer or vendor with highly intruding powers. For example, Microsoft software licenses give the company the right to gather information about the user’s system and its use and to provide this information to other organizations. They also grant Microsoft the right to make changes to the user’s computer without requesting permission. Now, don’t be mistaken by thinking this is a Microsoft-only affair, software licenses frequently have a clause that allows vendors to make changes to users’ systems without asking or notifying the user.

Remark that adding the bad things to software have mostly happened with freeware, however, there seems a trend lately to shift those same bad habits towards shareware and trialware, yes also the terms of service of some well-known companies have been under fire.

Possibilities.

One might get the feeling that little can be done to fight a bad EULA or TOS. Well, that is not entirely true, recently there have been cases where popular services have changed their terms of service because of the user’s aversion for a few too flagrant terms within them. Hence, complaining does work indeed!

An example is Facebook who changed its TOS back to the old one after people complained in mass that the terms of use suddenly said that Facebook kept all rights to the user’s content, even if he deleted his account. Another example is Google’s Chrome browser’s terms of service which gave Google a non-exclusive right to display and distribute all content transmitted through the browser.

In fact, a basic idea behind the EULA is quite reasonable: to protect the vendor from software piracy. But the worry is that software licenses are getting more and more restricting all the time. e.g. Microsoft started in vista’s EULA to prohibit the installment in virtual machines though this is exactly what researchers and reviewers are using all the time.

Recently, the trend to include more and more limitations on what users can do with the software they pay for becomes quite distressing. Certain license agreements now disallow users from releasing or publishing information about the functioning of the software. That effectively prevents reviewers as well as software security experts from reporting about their experiences with a specific piece of software. Such determinations are way past protection against illegal practices.

The solution.

It is attorney material but you may wonder whether these licenses are legal. According to lawyers though, most of them do hold up in court, the exception being if the text is not reasonably understandable. Another exception has to do with minors who are mostly liberated for the agreements made this way.

Either way, the fact that a EULA might not be lawfully enforceable is of little comfort because it is being enforced on you whether you like it or not. Once the program is installed on your PC, the damage is done and it doesn’t even matter if the signed contract were legally invalid. Already simply by using the computer, the user is confirming his part of the contract.

The primary idea behind the software license – creating a clear legal defense against illegal software piracy – has long been bypassed indeed. Well, be warned, a click of the computer mouse could produce a good deal of trouble. Hence, only one advice can be given: throw away that blindfold, do read the EULA, and that does not apply to freeware only!

Jose Sogiros is a developer with 5 years of experience in the software protection business but he is also a developer creating smart, renovating and user-friendly developer tools to help efficiently produce better protection software. See more info on software protection [http://www.larp64.com] or for more information about anti cracking software [http://www.larp64.com/cracking.html], hacking and software piracy.