Focus on Virus
RE: Proposal to fight deceptive software - making sense of EULAs Aug 29 2006 10:37PM
Crawley, Jim (Jim Crawley yrbrands com) (1 replies)
I think it's a brilliant idea, but getting companies to adopt it
without being forced to by regulation I can't see happening.

-----Original Message-----
From: brian.erdelyi (at) gmail (dot) com [email concealed] [mailto:brian.erdelyi (at) gmail (dot) com [email concealed]] On Behalf
Of Brian Erdelyi
Sent: Tuesday, 29 August 2006 6:11 AM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Proposal to fight deceptive software - making sense of EULAs

I'm working on a personal project, http://www.clearware.org, and would
appreciate feedback and suggestions from others on this list.

My idea is similar in concept to nutrition facts on food, care labels on
clothing and warnings on hazardous materials. A "software use" label,
if
you will, that summarizes terms and conditions of an end-user license
agreement (EULA) that impacts control over the users experience, system
security and privacy.

My initial research shows that almost 80% of people never or rarely read
EULAs. This isn't suprising as I believe EULAs are too long, ambiguous
and
inconspicuous for the average user to understand anyways. Regardless, I
believe that users need to be informed about the software they install
and
simple labels to depict characteristics of a EULA will help.

How can a vendor obtain meaningful and informed consent to a EULA if
the user doesn't read or understand it? I hope this will help provide
more awareness of EULAs and allow consumers to truly understand the
nature of software before purchasing and installing it. The lack of
informed consent is what constitutes malware or badware.

While researching various EULAs and following work done by Creative
Commons,
these characteristics can be grouped as permissions, requirements,
restrictions and functions. For each characteristic I have also created
a
symbol at
http://www.clearware.org/index.php?option=com_content&task=view&id=13&It

emid=30

I believe this will aloow regular users to better protect themselves
against software that may impact their user experience, system
security and privacy without their consent.

Any thoughts?
Brian Erdelyi

------------------------------------------------------------------------

----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW

l
------------------------------------------------------------------------

----

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]
Re: Proposal to fight deceptive software - making sense of EULAs Aug 30 2006 02:49PM
Paul Kassal (pkassal gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus