EULAlyzer 1.0 -- A Review

Discussion in 'EULAlyzer Forum' started by Corrine, Sep 13, 2005.

Thread Status:
Not open for further replies.
  1. Corrine

    Corrine Spyware Fighter

    Joined:
    Jan 10, 2005
    Posts:
    106
    Location:
    Upstate NY
    Why are so many unsuspecting users infected when downloading software? They do not read the EULA (End User License Agreement). As members of the security community, we are well aware of the dangers of not reading the EULA, yet how many of us see all the red flags in the fine print?

    If you have read any of Webhelper's (Patrick Jordan) articles, you are well aware of the hidden dangers in a EULA. For example, Webhelper wrote here:

    • "Throughout the Direct-Revenue Transponder Gangs history, they have made constant changes to their MANY EULAs (End User License Agreement). What this means is that a user had better read very carefully any EULA that comes from this adware marketing group as there are some important items that may change your mind about installing their adware."
    Another example is presented by Ben Edleman in his article Gator's EULA Gone Bad.

    Now there is a tool to help this process. Javacool Software has released EULAlyzer 1.0. Using the EULAlyzer does not release users from the need to read the EULA. Rather, it flags questionable wording, providing a "Goto" link examine the wording in context more closely.

    I ran the Registration Agreement for LandzDown Forum through the EULAlyzer. The EULAlyzer picked up "e copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes," as advertisement. However, when following the "Goto" link, I discovered that in context there was no problem with that wording:
    • "You also agree not to post any copyrighted material unless you own the copyright or you have written consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also forbidden on this forum."
    In another test, I used the EULAlyzer on the ABI Ceres software EULA linked in Webhelper's review above. An example of one of the many instances of Flagged Text in the ABI EULA, was "repair or reinstall the Software if any third party application attempts to delete". Clicking on the "Goto" link showed that text in context:
    • "ABI may store a cookie, computer file or other unique identifier on your computer to identify you and may automatically repair or reinstall the Software if any third party application attempts to delete, disable or modify the Software."
    [​IMG]


    Although EULAlyzer does not release the end user from the obligation of reading the EULA, it certainly simplifies the process. If we, as members of the security community, encourage the use of the EULAlyzer, perhaps users will be not only become better educated, but will think twice before they X the "I agree" box.


    Disclaimer: This is an unsolicited, independent review of Javacool Software's EULAlyzer. I have no connection whatsoever with Javacool Software.
     
Thread Status:
Not open for further replies.