Demystifying EULAs

Demystifying EULAs

Summary: End User License Agreements (EULAs) -- do you read them? You know you should but...

SHARE:
TOPICS: Malware
15

End User License Agreements (EULAs) -- do you read them?  You know you should but if you are like most people, you probably read the first paragraph or two, skim the rest, then your eyes glaze over and you click "I agree" to end the pain.  Indeed, its no small task to make sense of the Faster XP 11,000 word EULA dissected here by Paperghost of VitalSecurity.org.  Let's not forget the Claria 5,900 + word, 63 on-screen page license agreement described by Ben Edelman earlier this year.

Now there is help to analyze those complex, tedious, mystifying, verbose EULAs. Javacool Software has released EULAlyzer 1.0, a free tool which looks for "potentially interesting words and phrases" such as pop-up, unique identifiers, personally identifiable information.  EULAlyzer works in seconds and provides the user with needed details that could otherwise be overlooked.  (Javacool is also the author of SpywareBlaster and SpywareGuard, two great free apps to help prevent spyware infestation and homepage hijacking.)  A detailed review of EULAlyzer has been posted at Spyware Warrior by Corinne, a well known figure in anti-spyware forums.

A similar tool is on the horizon according to Wayne Porter of FaceTime.  In his ReveNews blog, Wayne mentions what he calls Project Truth Serum, a collaborative effort by Ben Edelman and FaceTime expected to debut in the near future.  Wayne posted a sample of the output from a 5,653 word EULA containing 145 sentences averaging 38.99 words per sentence at SpywareGuide.com. 

Why is understanding EULAs important?  If you knew the screensaver you were about to download was going to include software that would spawn pop-ups on your desktop every few minutes, track your online behavior, record sites you surf and send information, possibly even personally identifying information, back to its home server, you might think twice about installing it. Why are adware vendors not transparent in their license agreements?  Because they know that people would, indeed, hesitate and often refuse a "free" product that was going to slow their computer down and interfere with normal web browsing.

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • Pointless

    Why bother? Nobody with a clue agrees to a EULA for crap like screensavers, and the EULAs for purchased software are a case of "click here if you want more than a coaster for the $700 you already paid."

    In other words, you may well be better off [b]not[/b] reading them. At least then, there's an off-chance that the Court will buy the argument that you were coerced and/or didn't know the terms.
    Yagotta B. Kidding
    • Hear, hear!

      ["click here if you want more than a coaster for the $700 you already paid."]

      Not to mention that once you break the seal and load the CD and GET to the EULA screen - you have opened the product and it is non-returnable.
      Roger Ramjet
      • Not To Mention Also

        The software maker may try to sue you, especially if its Microsoft, if you try to sell it on Ebay- Just ask Zamos.
        Ed_Meyers
    • Since Screensavers are a major source of spyware...

      That's sad.
      BitTwiddler
    • So true!

      "and the EULAs for purchased software are a case of 'click here if you want more than a coaster for the $700 you already paid.'"

      [b]That is so true!![/b]
      CobraA1
  • Automated Legal Advice? No thanks.

    A program like this will miss critical issues in some agreements. There is no substitute for reading it very carefully, or much better, having an attorney who specializes in IT and intellectual property do it. EULAs can more often than people realize be negotiated - good advice in this process can be the difference between a product that works for you and one that doesn't, or worse.
    CommSoft
    • Point, Missed, One-Each...

      I think you missed the point.

      This is for people who would never read the EULA anyway.

      I think it's sole purpose is to _help_ catch those bastaad spyware installers.
      BitTwiddler
    • What about Average Joe?

      "There is no substitute for reading it very carefully, or much better, having an attorney who specializes in IT and intellectual property do it."

      What about the Average Joe, who may not understand legalese, and may not be able to afford a good lawyer?

      Sure, companies can afford it. They have the budgets to do so! But what about individuals??
      CobraA1
    • Noticed what lawyers receive per hour?

      If you rejected the software because of what the lawyer told you, you would have no software and a large legal bill. Maybe more than the software cost originally.

      I don't have cable TV because with it not watching television becomes too expensive. Similarly, with your plan the cost of not installing software becomes more than I want to pay.
      Anton Philidor
  • Talk about point missed...

    Alright lets review here.

    Most software that you purchase in a store comes bundled with nothing. If it does have additional software on it, they're clearly displayed prior to install. This isn't an application to be used to analyze that kind of EULA.

    This is for that free toolbar (hotbar anyone?) that states it doesn't track a user, then states 4000 words later, that it does. This is for that smilely face you HAVE TO have that states on line 3200 that it is installing Aurora. This tool is not to replace reading EULA's but it is to help an average person understand them and look for possible tracking/additional software that is installed additionally.

    As for the whole "I didn't know defence.". I agree, expecting an average user to read and understand an EULA (hell I get lost on half of them) is unrealistic. However, for us to start playing the "Ignorant little ol' me card." is worse than the "Rogue Affiliates" scam run by some of these companies. If tools are provided, use them. They will help keep your system and the web clean of useless garbage and traffic.
    aquias20009
  • EULAs

    "You know you should but if you are like most people, you probably read the first paragraph or two, skim the rest, then your eyes glaze over and you click 'I agree' to end the pain."

    Bah, I'd say 99% of users don't even do that. They just click on "I agree" and continue. Only businesses who hire their own lawyers pay much attention to EULAs.

    EULAs have been a problem for a while.

    Most people who use software aren't even lawyers, and may not even be able to understand their own EULAs!

    Not to mention the things are so long - and the larger the company, the larger the EULA, it seems. I could probably read a full-length novel in a shorter time.

    What they [i]should[/i] do is to provide a separate, easy to read explanation of the licence, much like Creative Commons does. They could even have standardized symbols to represent certain "rights" of the owner, much like Creative Commons does.

    I think Creative Commons is on the right track for making licenses easier to deal with. I think more companies should take their approach.

    Otherwise, people will always continue to click "I agree" without reading a thing.

    And no, those licenses that force the user to scroll through them are [b]not[/b] effective, and do not guaruntee that the user reads them. They only annoy the user more.

    Making the licenses easier to digest and understand is the [b]ONLY[/b] way they'll ever get them work.

    "(Javacool is also the author of SpywareBlaster and SpywareGuard, two great free apps to help prevent spyware infestation and homepage hijacking.)"

    Bah, stick with Adaware and Spybot S&D. Much higher quality IMHO. Both great free apps built by people who have been in the business for a long time and know all about spyware.
    CobraA1
    • Sp0ywareGuard is a blocker...

      ... unlike AdAware and Spybot, which remove spyware already installed. (Yes, AdAware has a plug-in, but I'm considering the primary purpose.)

      I don't use it myself, but another good (and free) program for blocking is IE SpyAd, which works only with the restricted sites list on IE.

      https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD

      Worthwhile for people who are spyware magnets.
      Anton Philidor
      • Actually, spybot blocks also

        "Sp0ywareGuard is a blocker..."

        What do you think "immunization" and "TeaTimer" are in Spybot?
        CobraA1
  • Demystifying EULAs

    How about a challange to the industry to provide a EULA summary which includes the essential information, limited to 2 paragraphs and confined to the display window. That I would read.
    lakester
  • I think EULA's should be outlawed... (NT)

    (NT)
    ju1ce