ESS collect personal information

ESS's EULA:

https://www.wilderssecurity.com/showpost.php?p=980581&postcount=9

Explanation is needed , please ! Plans to include such thing in the final product?!

 

We need a clarification!

Thanks Stem and HiTech_boy.

 

Very curious.

 

you can disable threatsense if you do not want to send suspicious files and related data.

 

This is not ThreatSense , IBK . ThreatSense in NOD32 (according to NOD32's EULA) does not collect personal information . ThreatSense.NET collects only info about infected files/time ,etc . According to this EULA they can collect any information they want (it isn't written what the Software sends) . Written in that way , one can never be sure about their privacy . Written in that way it sounds like spyware , something that ESS shoud not be!

 

Is this not Threatsense.Net? Is this not just Eset covering themselves in case personal info happens to be included in the submitted data? On that assumption I have disabled Threatsense.Net but, as you say, Eset should clarify this.

 

Almost 12 hours have passed and still no reply . I am really concerned about this "not very well written EULA" and curious to have clarification about that "spy affair" . Thanks in advance.

 

You do not consider a temporary folder name with a user name personal data? It may be included in ThreatSense reports if an infected files is found in, for instance, "C:\Documents and Settings\Smith\Local Settings\Temp" folder.

 

Looks like they are just covering their behind...
It states "may contain" there's nothing that says "does contain".
I guess that's ok when you submit samples - They need to know file versions etc. to see if you are up-to-date and whatnot.
They also need to verify files that *may* be affected if you have some nasty installed...

I don't see any problem currently.

 

We in Slovakia are celebrating Easter, the most important feast for a majority of people, perhaps it's not so in Bulgaria if you want people from Eset to respond here immediately

 

It's over in 1 hour over here in Denmark Just to let everyone know! woohoo

 

So this is ThreatSense.NET (but more advanced) ? Thanks for your answer - as always , any word from ESET is much appreaciated!

Sorry , Happy Easters ! It's still the second day of Eastern here

 

Well , Brian , after all the posts here , it seems so . However , if it is really , I think they should change the EULA (add some more details) . On a first read it sounds differently , like I wrote "spy affair" .

 

Well, the underlined sentence actually means that Eset will also receive information about an application/process that created a malicious file that was subsequently submitted for analysis.

 

You have to read EULAS very carefully, most of the time they can be very tricky to understand - The company behind must also write the EULA carefully to comply with international laws (and some do not comply).

So far it looks good to me. "Personal info" is their way of saying "Hey, if you submit a personal document that's infected, we can't do anything about it".

Current NOD has the option to ignore certain types of documents so you don't submit them by mistake (if they should contain any secret data), and I'm sure some users already made that mistake, so by typing that in the EULA they are covered.

My view on the matter, you may see it on another perspective.

 

Yes , my first tough was , after I install ESS , it automatically submits all the content of my "My documents" or "Program files"

Generally I am really paranoid person and written in this way , it really worries me and that's why I posted (for some kind of clarification)

 

Clarifications are good thing but what matters is document, and yes, it states that Eset can collect anything from the infected computer, where "infected" means they suspected (cannot be otherwise if we are talking about new infections).

Actually, underlined sentence does not mean that. Maybe who wrote it did mean that, but failed to phrase it so. Sentence means - any files from the computer with ESS.

So, it is very reasonable to think that theoretically, if Eset found you writing for example a patch to increase number of half opened connections (which at present it considers infiltration), it could start to review what actually you are doing and "legally" collect more files and information than necessary for analysis of suspected file.
Different comments that they are not going to do so are useless until the document is changed to reflect that properly.

 

Basically, if you send any data to anyone from your machine there is a risk of some level of personal data being sent, even if it's just your user name. They have to cover themselves in that event, in the same way that good 'ol Microsoft did when they released Windows Defender. It was a similarly worded 'warning' from them...

 

and this is something that interferes with our privacy and something that I definitely don't like . As cerBer said , written in that way it can only mean that any files , not just the (name of the) application that created an infected file or infected files' path or infected document or ... If you meant something else , as you claim , this will only mean that the End User License Agreement needs changing . Otherwise... ... ...

 

Marcos , may we be given the whole EULA of ESET Smart Security Public beta 1 in the so called printable version , just like Aryeh posts the NOD32 2.51's EULA here

 

I agree. This EULA is very badly written. If the intention is innocent there is no harm in expanding it so it is clear to the average reader.

In all seriousness ESET should revise the wording in future releases if they want customers (like myself) to have any confidence in their business ethics.

 

Well , I reinstalled Eset Smart Security . The point was to be able to read and print the whole EULA . This is what I did .

After that , I continued installation in Advanced mode where one is able to change settings . Then it came ThreatSense.NET settings . You read ... and then it comes , you'll be able to have more information after the installation is finished , in the help file.

I temporary disabled ThreatSense.NET , installation finished .
I first opened the help file and found info about ThreatSense.NET where everything is made clearer !


Conclusion :
Badly written End User License Agreement . I do think you should include more information about what the software is going to do , a lot more information before the installation is done ! Thanks !

 

Not a peep from ESET after the last batch of comments. No reassuring the customer that the wording would be changed in future releases.

 

You should pay attention to sentence "The Provider shall use the obtained Information and Infiltration only to review the the Infiltration and shall take reasonable measures to keep the obtained Information confidential."

 

My 'pennyworth'...

Firstly, anyone can get a full copy of the EULA by asking the Beta support team. They sent me a full copy by return e-mail. Personally I don't think they need to change anything. I've studied the wording and, on balance, I don't believe there's anything to cause real concern.

I'm also surprised about the questions relating to Eset's business ethics. I've known Eset for about 7 years and never had a reason to question their 'ethics' at any level. It also would not make a lot of sense for them to take any risks - they are now a well known, well respected and closely observed security software vendor. It would be commercial suicide for them to be careless in the way they handle customer submitted data.

For what it's worth (and I think it's quite cool...) you might like to try this: http://www.javacoolsoftware.com/eulalyzer.html This utility comes from the same stable as the well-respected 'SpywareBlaster'. If you run it and analyse the Eset EULA, you'll find that nothing much is flagged as 'interesting' (Javacool speak for suspicious). You can even submit the Eula for further analysis if you really want to, but I won't be going to those lengths.