Idea for new security program

Discussion in 'other security issues & news' started by timnicebutdim, Feb 25, 2005.

Thread Status:
Not open for further replies.
  1. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I have an idea for a new security program which wouldnt be too hard to code that could be given away for free or as an add on to other security programs.

    Basically the program would sit resident on the computer until the user tryed to install a program, it would then come alive and scan the programs install for a End User License Agreement. Once found it would scan the text for carefully hidden words that may be used by spyware, scumware.. companies to carefully conceal the programs intentions, ie - pop ups, redirects, installing other programs.

    I mean how many different words could they use to describe such things and lets be honest, knowbody reads the long End User License Agreement to see what they are agreeing to.

    If any words were found that could indicate spyware, scumware... the program would simply alert the user to be careful about what they are agreeing to and a basic run down on how these companies get their rubbish onto peoples computers. An advanced version could show extracts of the text around the suspect words... giving the user a better chance to decide.

    Would be a very useful program and not too hard to code.

    Any comments?
     
  2. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Comments ? Geez . EXCELLENT idea . Where have you been my whole life ? lol . It truly is a great idea . Wow . Now , can someone make it ?
     
  3. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I think that is a good idea, I always try to scan the user agreement but am usually too lazy. If something could do it for me that would be nice. Although I always reseach anything I download pretty heavily, so the chances of it having spyware are slim.
     
  4. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Good idea, too bad there are so many possibilites of wording :D They could say something like:

    "You agree to everything located at www.blaha.com/TOS"

    or use lawyer-type slang :(
     
  5. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    I guess that would involve some artificial intelligence challenges :D
     
  6. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Great idea Tim, and not too dim at all!
     
  7. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    The program should at least be able to warn the end-user of suspicious words/sentences in any program's EULA. Most users don't bother to read the EULA at all. Your program seems most helpful in reminding end-users to read the EULA.
    For example, this is a random line extracted from a spyware EULA. :
    By installing this program, you agree to give it full admin-level privileges to your system and allow it to install other unspecified programs on this computer. You also agree to let this program transmit unspecified personal information to a site on the web. If you do not wish to have any malware installed on your system, quit and exit this installer immediately.
     
  8. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I don't think they could use something like you agree to everything located at www.somesite.com because i am sure that would make the agreement void. An agreement made has to have the details in the text on the agreement and not at third partys.
    As far as lawyer slang is concerned there poses a small problem but not massive, since they are still limited to the type of wording needed. Sure the program might have some problems but it could update its suspect words list online every few weeks if needed. If it caught 50% of the bad agreements it would still be a sucsess.

    A more advanced version could count how many suspect words are in an agreement and how many times the words repeat, it could then give a message alert.
    "Danger, Very suspect", "Caution required... may be suspect", "Found a few words that may be suspecious..".

    Then... clicking on a link next to them ( found out more ) would explain about what could be consequence of agreeing to it with examples of past sites and another link would show the text around the most suspect words... letting the user decide.

    A sensible description informing the person that if its from a trusted source like microsoft it is likely to be fine, unknown sources with lots of suspect words would need the user to look more carefully at the agreement.

    I am not a programmer, so i can't code this - but if anyone is interested then go ahead. I am sure the people at wilders would make something like this in a breeze, would be nice to get some credit for the idea but i am not really that bothered.
     
  9. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I also thought about a name for it...

    Error Guard - protecting computer users from misunderstanding software agreements and installing errorware as a result.

    What do you think?
     
  10. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Name already taken by some garbageware. Sorry to rain on the parade though :p
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The difficulty here is that English is a flexible enough language to make analysis a hard task for a human let alone a program (see Eric Howes' Dissection of Yahoo's Privacy Policy for an example). Even if "key" words could be found, the authors could simply substitute other words or phrases to confound future analysis. Finally, care would have to be taken to ensure that any such analysis could be legally justified for those adware/spyware vendors with trigger-happy lawyers.

    A useful alternative however would be a program that allowed you to resize EULA windows (saving having to hit Page Down 100+ times due to a tiny window) and gave you an indication of how long the policy was (knowing that an EULA was 100+ screens long in advance could then suggest that your time would be better spent installing something else). This should be far simpler to implement.
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    As usual, I agree with P2K. Good thinking though!
     
  13. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    regardless of the different opinions of how it would work , it seems we all agree in principle . very good idea indeed . Glad I thought of it . lol . Only teasing Tim . Excellent idea !
     
  14. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Good idea but with a few problems. Plus if you wanted it to work for languages other than english as well, you would need additional language packs.

    Jimbob
     
  15. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I still think it could be done in such a way that it would catch most malicious End User License Agreement's regardless of the scope of the english language.

    Any coders out there fancy a shot at it?
     
  16. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    I suppose I could, assuming I have the time.

    Jimbob
     
  17. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    One way of programming it would be to list the various things that companies normally bundle with agreements like,

    Pop Ups
    Redirects
    Website restrictions
    Advertisments
    Eves dropping ( privacy exploits )
    Connecting to a computer system online to update or load new products

    Once the list is complete... start with each one and make a list of sentences that would likely describe that.

    For example: Pop ups

    Our software will occasionally produce pop ups, you agree to allow this.
    You agree to advertisments in the form of pop ups.
    Our software will produce advertisments that appear when browsing.

    And so on...

    Then you could mix up the common words used together.. like software, pop ups, agree, advertisments, browsing...

    Then set the program to scan for any of these words that are within 20 words of each other... then it would pick up such things.
    Also the more the words together the higher the warning... ( please check the following sentences as you may inadvertically be installing software which might produce unwanted pop ups or advertising onto your computer )... then show extracts of the sentences.

    So it would kind of be like making a program with AI to some extent but it doesnt need to be rocket science if broken down.

    Also... its not the same as removing things agreed to be installed on a system it is just advising someone to look closer at any agreements made ... it doesnt decide for them - not sure if there is anything a lawyer could do about it. I wouldnt have thought so but we would need a lawyer to confirm this.
     
  18. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    No i think it should be free... id like to hope that the coder will do this since it was my idea.

    One thing i would like is a charity link on the software. There is a cancer research thing somewhere ( i need to find the link ), it basically works the same as seti@home, but instead of searching for ET it uses everyones spare computer power to research new drugs in the search for better treatments and a cure for cancer. It just installs a screen saver and uses spare computer power when the screen saver appears to research the drugs, ect. The more people that download the program the more chance they have of finding a cure.
    With computer systems becoming more powerful, the combined use of computers around the world makes a very powerful system for anilyzing these things.

    It would be nice to be part of something big and meaningful.
     
    Last edited by a moderator: Sep 12, 2005
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Problems:

    "Pop Ups" could be replaced with information windows, sponsored prompts, consumer offers, etc. "Redirects" could be described as alternative destinations, priority addressing, etc. "Connecting to a computer system online to update or load new products" - virtually every product with an update feature does this already.

    The problem is that there are an infinite number of ways of describing activities and most malware vendors can be expected to craft their licences to sound as inocuous as possible. Only those aiming for "legitimacy" like WhenU, Claria, etc will be anything like upfront enough for their EULAs to be analysable by simple text-matching.

    Of course, the worst malware do not describe their effects in an EULA (and many do not offer an EULA, just installing silently) so this program could not even start to cover these.

    Ultimately, it is more likely to do harm (by giving users a false sense of security leading them to overlook other security precautions) than good. Just IMHO. ;)
     
  20. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Guys, sorry to throw a spanner in the works ( :D Sorry Spanner! :D ), but you might want to see Ron's thread here where companies are free to change the EULA without any notification! Interesting link there!
     
  21. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    They are only free to change the terms and conditions if that condition is agreed to in the EULA, its just another thing the program could scan for.

    I do agree with Paranoid though, it would be hard to implement this with all the terms used in their jargon, it's not impossible though but would require a lot of work.
     
Loading...
Thread Status:
Not open for further replies.