Oops read the license & found some issues

Well probably shouldn't have read the license that came with my Nod32 AV. But I did and what I found seems to be way out of line.

If i read it correctly, by installing Nod32, you are giving Eset the right to gather any and all the information they might decide they want from your machine without limitation. That would sure seem to give them access to among anything else, my checking, by bookkeeping, any of my emails. Then Eset is allowed to retain this information without limitation or statement of security.

Additionally, that license requires you to allow Eset the right to do any infiltration. That sure sounds like you're asked to allow Eset to install any spyware they want?

Surely this can't be right. Aren't we buying a software package to protect us? So why would that program package demand the right to act just like malware? The paragraph #2 mentions "contains a function which collects" but it does not say that function can be turned off or blocked.

here is an extract from the license for Nod32 AV 4. at the end of paragraph2
=============================================
By accepting this Agreement and activating the Software
function described above, you are agreeing to
Infiltrations and Information being sent to the Provider
and you are also granting the Provider the necessary
approval, as specified under the relevant legal
regulations, for processing Information obtained.
=============================================

And paragraph19 extends the rights to allow transfer of any user information to third parties.

IS this right? I bought this program ( 4 licenses 2 years ) to protect me. I did not buy it to let anyone infiltrate my machines.

While it makes me mad, I would like to find out some way to resolve this apparent spying issue.

Tell me this is something that I can turn off and not let Eset into my files without specific permission for each malware incident that I choose to let them help with. And that I can monitor and review what info they want to collect.

Surprised & disappointed: This is convincing me that there are way too many lawyers and too few software license regulations.

Sam

 

You were given the opportunity to read the agreement before you installed, and to refuse it at that time. You apparently agreed to it, and finished installing it.

The way out now, is to uninstall it.

 

You can find an example information sent in the help files (press F1 in the ThreatSense.Net setup screen). User information should only mean the name of the user in the path to an infected file when found in the "Documents and settings" / "Users" folder as the path to infected/highly suspicious files is sent to ESET as well.

 

Nothing like an argumentative response. Apparently you didn't understand my post. I DID NOT INSTALL THE NOD32.

I am asking what they mean and why they would be so tyranical about that license. If we don't ask, how will anyone know that we don't like it? Too many people install without stopping to even ask why in the world would a legitimate company want to write a bad contract/license when a decent license would be so much better.

a mouse is a mouse.

 

Marcos,

Thanks for your reply. I do not have this NOD product installed at this point. I have used Nod products before and at that time Eset said by email that their Threat Sense item was what they were referring to in a similar but less intense paragraph. And I think at that time it even said the name of the "function" and that one could turn it off.

But I didn't see that in the current license.

And yes I do dislike draconian licenses. If people would read and object to these ridiculously lawyer written mono-tribes, me thinks we'd all be better off. But instead people skip them and "trust" or "hope" it never applies to them. That's kind of naive, as is the lawyer speak itself. A level playing field would be so much better.

I'll see if a friend has a current version installed and look at that threat sense option. And you say that "F1" will display the information sent? Still wonder if that paragraph 2 and #19 refer to only Threat Sense? And that the info collected is limited to what you said. Has Eset ever stated that?

Sam

 

Hello Sam,




Below is the relevant section from ESET Smart Security v4.2.64.12's online help (aside from the product name, it is identical to the text in ESET NOD32 Antivirus's online help). Perhaps this will help explain things.

Down Previous|Next
ThreatSense.Net​

The ThreatSense.Net Early Warning System is a tool that keeps ESET immediately and continuously informed about new infiltrations. The bidirectional ThreatSense.Net Early Warning System has a single purpose - to improve the protection that we can offer you. The best way to ensure that we see new threats as soon as they appear is to "link" to as many of our customers as possible and use them as our Threat Scouts. There are two options:

• You can decide not to enable the ThreatSense.Net Early Warning System. You won't lose any functionality in the software, and you'll still get the best protection that we can offer.
• You can configure the Early Warning System to submit anonymous information about new threats and where the new threatening code is contained, in a single file. This file can be sent to ESET for detailed analysis. Studying these threats will help ESET update its threat detection capabilities. The ThreatSense.Net Early Warning System will collect information about your computer related to newly-detected threats. This information may include a sample or copy of the file in which the threat appeared, the path to that file, the filename, information about the date and time, the process by which the threat appeared on your computer and information about your computer's operating system. Some of this information may include personal information about the user of the computer, such as usernames in a directory path, etc. An example of the file information submitted is available here.

​

While there is a chance that this may occasionally disclose some information about you or your computer to our threat lab at ESET, this information will not be used for ANY purpose other than to help us respond immediately to new threats.​

By default, ESET Smart Security is configured to ask before submitting suspicious files for detailed analysis to ESET's threat lab. It should be noted that files with certain extensions such as .doc or .xls are always excluded from sending, should a threat be detected in them. You can also add other extensions if there are particluar files that you or your company wants to avoid sending.​

The ThreatSense.Net setup is accessible from the advanced setup tree, in Tools → ThreatSense.Net. Select the check box Enable ThreatSense.Net Early Warning System. This will allow you to activate and then click the Advanced setup button.
Top Previous|Next​

ThreatSense.Net is the technology which submits malicious samples to ESET. You can read more about it in ESET Knowledgebase Article #531, "What is the ThreatSense.Net Early Warning System?." ThreatSense (no .Net at the end) is ESET's trade name for the heuristics portion of their scanning engine. For additional information, I would suggest this page on ESET's web site.

And, as a reminder, here's the text from the End User License Agreement:

2. Forwarding of infiltrations and information to the Provider. The Software contains a function which collects samples of new computer viruses, other similar harmful computer programs and suspicious or problematic files (hereinafter referred to as “Infiltrations”) and then sends them to the Provider, along with information about the computer and/or the platform on which the Software is installed (hereinafter referred to as “Information”). The Information may contain data (including personal data) about the End User and/or other users of the computer on which the Software is installed, information about the computer, the operating system and programs installed, files from the computer on which the Software is installed and files affected by an Infiltration and details about such files. The Provider shall only use Information and Infiltrations received for research into Infiltrations and shall take appropriate measures to ensure that the Information received remains confidential. By accepting this Agreement and activating the Software function described above, you are agreeing to Infiltrations and Information being sent to the Provider and you are also granting the Provider the necessary approval, as specified under the relevant legal regulations, for processing Information obtained.


​

As my colleague Marcos noted, it is possible that an ESET program (ESET NOD32 Antivirus, ESET Smart Security, ESET Cybersecurity for Mac OS X and so forth) could include the location (e.g., the path or directory name) in which malware was found on a computer. Because some locations contain the user's name, this is why that clause is in the End User License Agreement. In other words, here's a couple of hypothetical examples of the level of information which might be transmitted:

C:\Documents and Settings\Aryeh Goretsky\BadFile.DLL
C:\Users\Aryeh Goretsky\BadFile.EXE


​

If you disable this function (it is, after all, optional and not a requirement) than the information does not get sent to ESET.

Section 19 of the End User License Agreement authorizes ESET to do things like check the expiration date for your copy of the software so that it can be displayed in the user interface.

ESET has several offices around the world (Slovak Republic, United States, Argentina, Singapore, and so forth) which work together jointly to produce things like the Monthly Global Threat Reports. Each of these offices is set up as a separte legal corporate entity according to the laws of the country in which they reside, which is why ESET in the Slovak Republic refers to them as "third-parties" for purposes of sharing information with them.

At your end, it also allows you to do things like purchase additional software license or renew a license in that country instead of having to contact ESET headquarters directly in Bratislava to place your order because ESET in Slovakia can then provide the information needed to the local office to complete the transaction.

I know this seems like fairly complicated text and there's no desire to be tyranical or draconian. It is a legal document, after all, and those types of things tend to take on a life of their own depending upon the prevailing business climate, countries a company does business in and so forth. It would be even longer if it had to include a description or explanation of what each section meant.

If you would like to review the actual End User License Agreements, they can be found at http://www.eset.com/company/eula on ESET's web site. You can also email ESET's legal department at legal@eset.sk should you have a question about the licenses, but please keep in mind it may take some time to hear back from them as they are very busy.

Regards,

Aryeh Goretsky