Focus on Virus
Proposal to fight deceptive software - making sense of EULAs Aug 28 2006 08:11PM
Brian Erdelyi (brian clearware org)
I'm working on a personal project, http://www.clearware.org, and would
appreciate feedback and suggestions from others on this list.

My idea is similar in concept to nutrition facts on food, care labels on
clothing and warnings on hazardous materials. A "software use" label, if
you will, that summarizes terms and conditions of an end-user license
agreement (EULA) that impacts control over the users experience, system
security and privacy.

My initial research shows that almost 80% of people never or rarely read
EULAs. This isn't suprising as I believe EULAs are too long, ambiguous and
inconspicuous for the average user to understand anyways. Regardless, I
believe that users need to be informed about the software they install and
simple labels to depict characteristics of a EULA will help.

How can a vendor obtain meaningful and informed consent to a EULA if
the user doesn't read or understand it? I hope this will help provide
more awareness of EULAs and allow consumers to truly understand the
nature of software before purchasing and installing it. The lack of
informed consent is what constitutes malware or badware.

While researching various EULAs and following work done by Creative Commons,
these characteristics can be grouped as permissions, requirements,
restrictions and functions. For each characteristic I have also created a
symbol at http://www.clearware.org/index.php?option=com_content&task=view&id=13&It
emid=30

I believe this will aloow regular users to better protect themselves
against software that may impact their user experience, system
security and privacy without their consent.

Any thoughts?
Brian Erdelyi

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus