Reading EULAs Can Help Prevent Spyware Infiltration

Peruse license agreements and privacy statements before you download any software, so you know what you're getting.

ITPro Today

September 27, 2005

3 Min Read
ITPro Today logo in a gray background | ITPro Today

Does anybody (except lawyers) really like reading End User License Agreements (EULAs)? For that matter, does anybody like reading privacy statements? I doubt it. But it's something we all should do because if we don't, we can eventually wind up with all kinds of spyware on our networks that could lead to serious problems.

For example, you might download a slick-looking desktop tool, click to accept the EULA without reading it, then later find out that the tool has been recording all your Web and email activity and sending that information to someone's data collection center. In another scenario, you might install the latest IM and chat tool. If you don't read the privacy policy, you might not know that the company providing the tool reserves the right to track who you contact, how often you transfer data, and more.

That's just the tip of iceberg. In fact, poorly written EULAs and privacy statements, along with people's unwillingness to read them carefully, have spawned an entire multimillion- (if not billion-) dollar industry that now focuses exclusively on the elimination of spyware.

When surfing the Web last week, I came across an interesting story at Techdirt that points out just how lackadaisical people can be when it comes to reading EULAs. Techdirt pointed out an experiment conducted by PC Pitstop (at the URL below). The company embedded in one of its EULAs an offer of $1000 to the first person who simply asked for it! More than 3000 people downloaded the software before somebody actually asked for the check!

http://www.pcpitstop.com/spycheck/eula.asp

A few weeks ago, I learned about a new tool, EULAlyzer from Javacool Software (at the URL below), which as the name implies is designed to help you analyze EULAs to look for areas that might need extra attention. It works by scanning for keywords. It then links to areas that contain those keywords so that you can review those spots. I tested EULAlyzer on a EULA and found that it did point me to some key phrases that I needed to read more closely, but it certainly didn't eliminate the need for me to read the entire EULA carefully.

http://www.javacoolsoftware.com/eulalyzer.html

Last week, I learned about another tool, currently called Project Truth Serum (read about it at the first URL below), that will help analyze EULAs. That tool is being developed by Facetime Communications (at the second URL below) and is currently in closed beta testing, so I didn't have a chance to try it. But based on the sample output, which you can view at the third URL below, the tool provides similar functionality to EULAlyzer.

http://www.revenews.com/wayneporter/archives/000984.html

http://www.facetime.com

http://www.spywareguide.com/articles/eula_dissection_what_to_look_f_83.html

I don't see any reason why EULA analyzers couldn't be made to analyze privacy statements. But when I tried EULAlyzer on a tool's privacy statement, it didn't flag anything as suspect, even though the statement did indicate that my use of the tool would be tracked. But maybe at some point, Javacool and/or Facetime will upgrade their analyzers to also work on privacy statements.

At any rate, both of these tools are essentially designed to help guard against spyware. Although they're useful to some extent, they certainly aren't replacements for careful reading, nor are they designed to offer you legal advice. They are simply helper applications that might prevent you from overlooking something in a given EULA. If you're interested in this sort of helper application, try EULAlyzer and keep an eye out for Facetime's eventual product release.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like