With the advent of very first stable enough releases of Windows operating system, the installation of various programs have reached nearly the most basic level ever. The necessity of editing numerous configuration files, altering system settings or installing specific memory drivers in order to properly setup a favorite text editor or computer game have irreversibly vanished. Today all you have to do (leastwise in most cases) is download a program from the Internet, double-click on a downloaded file, click the button, another button, yet another button and, voila, the installation is finished, your program is ready to use. However, numerous applications, even completely different unrelated programs, have very similar or even exactly the same setup wizard, which allows the user to install software without even reading setup instructions and wizard questions. But often a regular user misses the most important document that helps to learn how a program works, what actions it takes and what guarantees its vendor provides to the end user. This document is EULA, the End User License Agreement, or the license agreement, for short. Namely it contains everything one should know about a particular application, even a spyware parasite! Yes, indeed, hundreds of spyware and adware threats, browser hijackers, malicious plug-ins and corrupt anti-spyware tools come with own EULAs clearly explaining what the user should expect from the program, but unfortunately no-one ever reads it before accepting. It is the fact that thousands of users accidentally infect their systems with parasites tempted by promoted features that a particular program, actually a dangerous parasite, should offer.
If you never read EULAs and do not know why they are so important, please examine actual license agreements of popular and widely-spread software products provided below. You definitely might find a lot of pearls there.
Legitimate software EULAs
Let’s begin by analyzing a license agreement of one of the most popular software products ever – Microsoft Windows XP operating system. It implies that Microsoft is not responsible for any damage that your computer, software and valuable documents can take because of running Windows XP:
Except for any refund elected by Microsoft, YOU ARE NOT ENTITLED TO ANY DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, if the Software does not meet Microsoft’s Limited Warranty, and, to the maximum extent allowed by applicable law, even if any remedy fails of its essential purpose.
Well, that one still looks quite reasonable. But did you heard of this statement? I guess, not. Let’s continue with another EULA included in popular music player made by Apple – iTunes. It in no uncertain terms says that the publisher can make any changes to the agreement and the user will have to agree to all of them once he has agreed to the initial EULA variant:
Apple reserves the right, at any time and from time to time, to update, revise, supplement, and otherwise modify this Agreement and to impose new or additional rules, policies, terms, or conditions on your use of the Service. Such updates, revisions, supplements, modifications, and additional rules, policies, terms, and conditions (collectively referred to in this Agreement as “Additional Terms”) will be effective immediately and incorporated into this Agreement. Your continued use of the iTunes Music Store following will be deemed to constitute your acceptance of any and all such Additional Terms. All Additional Terms are hereby incorporated into this Agreement by this reference.
Musicmatch Jukebox, “world’s best music player” as it vendor claims, wants the user to contact every person involved in producing and publishing certain music compositions before burning them to CD or any other removable media just to be sure that the user has a right and got a necessary permission to do this:
It is your responsibility, not Musicmatch’s, to ensure that any material that you record on CDs using the Musicmatch Jukebox CD Recording function does not violate anyone’s copyright. Please note that there may be more than one copyright involved in any song – the lyrics, the music and the performance, for example, may each have a separate copyright. You are responsible for getting any necessary permission and paying any necessary licensing fees for the music or other material you choose to record. If you violate the copyright laws, there may be fines or criminal charges brought against you, even if you don’t get any commercial benefit from the illegal copies. You agree to hold Musicmatch harmless from your violation of copyright laws by your use of the CD Recorder.
Let’s revisit an excerpt from the EULA included in series of popular Microsoft products like SQL Server. Microsoft simply does not allow users to criticize its software and compare it with rival products:
[you] may not without Microsoft’s prior written approval disclose to any third party the results of any benchmark test.
Now is a turn of end user license agreements included in infamous security and privacy threats. Let’s begin with a well-known example of freeware programs implementing some unsolicited potentially harmful functions – Claria software. The following excerpts are from GAIN Privacy Statement and GAIN Publishing End User License Agreement (both are displayed during the installation process of DashBar, Precision Time, ScreenScenes and other Claria products):
GAIN Publishing offers some of the most popular software available on the Internet free of charge (“GAIN-Supported Software”) in exchange for your agreement to also install GAIN AdServer software (“GAIN”), which will display Pop-Up, Pop-Under, and other types of ads on your computer based on the information we collect as stated in this Privacy Statement. We refer to consumers who have GAIN on their system as “Subscribers.”
GAIN Is Designed to Collect and Use Non-Personal Information. GAIN collects certain non-personally identifiable information about your Web surfing and computer usage. This includes the URL addresses of the Web pages you view and how long you view Web pages; non-personally identifiable information on Web pages and forms including the searches you conduct on the Internet; your response to online ads; Zip code/postal code; country and city; standard web log information and system settings; what software is 7on the computer (but no information about the usage or data files associated with the software); software usage characteristics and preferences; and, for Gator® eWallet users, your first name and master password, if you choose to create one.
With Whom Do We Share Information?
Search Partners. We may transmit our Subscribers’ search queries to search partners, who use this information to provide us with search results and other information, which we then display to our Subscribers.
Third-Party Advertising Partners. We may share information we collect with our Third Party Advertising Partners. If we do so, we will require by contract that they treat this information in accordance with our privacy promises.
Other Limited Circumstances. We may also share information with third parties who help us perform a business function (their use of such information is limited by our internal policies and/or confidentiality agreements, as applicable); to protect our rights, or if under a legal obligation.
Now I want to ask thousands of users, who accidentally infected their computers with GAIN and Claria programs. Would you install any of these applications if you knew that each of them collects your confidential information, monitors your web surfing, tracks your computer usage, even steals your login credentials and passwords and transfers gathered data to its home servers and then to so-called “search partners”, “third-party advertising partners” and other suspicious companies and persons?
Here is another interesting fragment. This one says that by installing Claria products, the user agrees not to use any antivirus, spyware remover or other security-related tool capable of removing Claria software from the system. The user is allowed to use only the Add/Remove Programs feature of Microsoft Windows operating system, which unfortunately may leave intact numerous parasitical components.
You agree that you will not use, or encourage others to use, any method to uninstall the Licensed Materials other than through the use of the Add/Remove Programs feature of the Microsoft operating system. Use of any robot, spider, other automatic or non-automatic manual device or process intended to interfere or attempt to interfere with the proper working of the Licensed Materials is prohibited.
Corrupt anti-spyware EULAs
Now I would like to revisit license agreements of infamous corrupt anti-spyware tools. The latter are so vain that even well-thought-out EULAs cannot hide their obvious drawbacks and privacy violation issues. Just take a look on Spyware Slayer’s EULA. It states that the user attempting to download the program, not actually downloading or installing it, is already bound by its license:
BY DOWNLOADING, OR ATTEMPTING TO DOWNLOAD, AND/OR USING, OR ATTEMPTING TO USE, FREEPCSCAN™ (THE “SOFTWARE PRODUCT”), YOU EXPLICITLY AGREE TO THIS FREEPCSCAN™ END USER LICENSE AGREEMENT (THE “EULA”) AND THE FREEPCSCAN™ TERMS AND CONDITIONS IN THEIR ENTIRETY.
Another nice example is a license agreement of ElimiWare service that should “quickly and completely eliminate adware online”, but unfortunately is unable to find even a single pest and only deceives users with fake scan results:
Please note that photographs and descriptions of the products used on the website are for illustration purposes only and do not reflect actual products one will be able to find by using our services.
This one is very interesting. The user will never get services and tools that ElimiWare official web site promotes. Rephrasing well-known WYSIWYG abbreviation – what you see is not what you get.
One of the most outrageous corrupt anti-spyware EULAs is a license of infamous Privacy Tools 2004. Now this tool appears to be discontinued and I couldn’t find it on the Internet. However, anti-spyware experts still recall its EULA as well as discussion related to Privacy Tools 2004, after which the application’s vendor decided to make an attempt to silence criticism by disallowing users from taking and posting screenshots of the program and any related material and preventing Spyware Warrior members from using the program.
All title and copyrights in and to the software product (including but not limited to any images, photographs, animations, video, audio, music, text, and “applets” incorporated into the software product), the accompanying printed materials, and any copies of the software product are owned by the Author of this Software. The software product is protected by copyright laws and international treaty provisions. Therefore, you must treat the software product like any other copyrighted material except that you may install the software product on a single computer provided you keep the original solely for backup or archival purposes.
12. By using this software you agree not to take or use screenshots of the software and understand doing so will result in legal action being taken against you. You understand Screenshots are copyrighted protected material of the software owner.
13. By using this software you agree that you are not the owner of, affiliated with, or a member of spywarewarrior.com
So, as you can see, even your favorite legitimate program that you use every day may lay down nearly unacceptable terms, which may pose serious threat to your privacy, system security and confidential information. That is why you should ALWAYS READ EULA before installing a particular software product. Otherwise, one day something may go wrong and only you will be responsible, and the real culprits would simply wash their hands of it and help you to remember the license that you have accepted. Even if you didn’t read it, it still stands good.
Nevertheless, sometimes it is just a lack of patience and attention that makes it almost impossible to carefully read some huge licenses with numerous chapters. In such cases only special EULA analyzing software may help. One of the most popular programs is EULAlyzer, made by Javacool Software. This handy tool allows to “discover potentially hidden behavior about the software you’re going to install” and “pick up on things you missed when reading license agreements” (from the official description of EULAlyzer). However, even such utilities cannot find all the catches that software vendors leave.
There is only one way to avoid EULA-related problems. No matter how boring license agreements are, try to always read them from beginning to end. You know, it is much better to spend a half-hour today, than waste a whole day tomorrow.