 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
Corrine
Malware Expert
Joined: 16 Feb 2005
Last Visit: 27 Jan 2010
Posts: 117
Location: Upstate, NY
|
 Posted: Tue Sep 13, 2005 8:22 am Post subject: Javacool Software's EULAlyzer 1.0 -- A Review |
 |
|
Why are so many unsuspecting users infected when downloading software? They do not read the EULA (End User License Agreement). As members of the security community, we are well aware of the dangers of not reading the EULA, yet how many of us see all the red flags in the fine print?
If you have read any of Webhelper's (Patrick Jordan) articles, you are well aware of the hidden dangers in a EULA. For example, Webhelper wrote here:
"Throughout the Direct-Revenue Transponder Gangs history, they have made constant changes to their MANY EULAs (End User License Agreement). What this means is that a user had better read very carefully any EULA that comes from this adware marketing group as there are some important items that may change your mind about installing their adware." Another example is presented by Ben Edleman in his article Gator's EULA Gone Bad.
Now there is a tool to help this process. Javacool Software has released EULAlyzer 1.0. Using the EULAlyzer does not release users from the need to read the EULA. Rather, it flags questionable wording, providing a "Goto" link examine the wording in context more closely.
I ran the Registration Agreement for LandzDown Forum through the EULAlyzer. The EULAlyzer picked up "e copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes," as advertisement. However, when following the "Goto" link, I discovered that in context there was no problem with that wording:"You also agree not to post any copyrighted material unless you own the copyright or you have written consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also forbidden on this forum."
In another test, I used the EULAlyzer on the ABI Ceres software EULA linked in Webhelper's review above. An example of one of the many instances of Flagged Text in the ABI EULA, was "repair or reinstall the Software if any third party application attempts to delete". Clicking on the "Goto" link showed that text in context:"ABI may store a cookie, computer file or other unique identifier on your computer to identify you and may automatically repair or reinstall the Software if any third party application attempts to delete, disable or modify the Software."
Although EULAlyzer does not release the end user from the obligation of reading the EULA, it certainly simplifies the process. If we, as members of the security community, encourage the use of the EULAlyzer, perhaps users will be not only become better educated, but will think twice before they X the "I agree" box.
From http://www.javacoolsoftware.com/eulalyzer.html
EULAlyzer 1.0
License agreements - a pain?
End user license agreements (EULAs) are the bane of most computer users.
No one wants to read through pages and pages of boring text before installing a program. And many programs put their license agreements in small windows that require lots of scrolling. So many people either skim them or skip reading them altogether.
But it can be dangerous not to read license agreements.
License agreements can provide information about the intentions of software, and other bundled components. Have you ever installed a program, only to have your desktop taken over by advertising? It may have been noted in the license agreement that you simply clicked past. If you aren't reading the license agreements, you have no idea what you could be agreeing to.
You should always read license agreements before agreeing to them.
But now there's a way of making that much easier.
EULAlyzer - Making it all easy
EULAlyzer can analyze license agreements in seconds, and provide a detailed listing of potentially interesting words and phrases. Discover if the software you're about to install displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much much more.
The Benefits
- Discover potentially hidden behavior about the software you're going to install
- Pick up on things you missed when reading license agreements
- Keep a saved database of the license agreements you view
- Instant results - super-fast analysis in just a second
And with additional features like the EULA Research Center, which optionally allows users to anonymously submit license agreements they scan to help us to further improve the program, everyone can be a part of the effort to make something that used to be so tedious, so easy.
When installing software, never just click past the license agreement. Pop it into EULAlyzer, and EULAlyze it!
*Note: This program does not provide legal advice. It can only highlight information that you may want to consider before making your own decision whether to agree to a license agreement or not. You should always consult a lawyer (or other authorized individual) for advice on legal issues.
Disclaimer: This is an unsolicited, independent review of Javacool Software's EULAlyzer. I have no connection whatsoever with Javacool Software.
_________________
 , 
Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
Remember - "A day without laughter is a day wasted".
May the wind sing to you and the sun rise in your heart . . . |
|
| Back to top |
|
 |
herbalist
Warrior Addict
Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 728
Location: northern Michigan
|
| Posted: Tue Sep 13, 2005 7:21 pm Post subject: |
|
|
That's one of the better ideas I've seen in a while. With some EULAs resembling books anymore, it's too easy for a user to miss something. Why didn't someone think of this long ago? Besides regular users, this could be a real benefit to adware/spyware researchers. If it proves to be reliable and effective, researchers can spend more time dealing with the adware itself and less time trying to stay awake while reading long winded EULAs designed to fry your eyes.
I gotta try this one.
Rick |
|
| Back to top |
|
|
wyrmrider
Warrior Addict
Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 754
|
| Posted: Tue Sep 13, 2005 7:31 pm Post subject: |
|
|
Thanks Corrine
Wyrmrider |
|
| Back to top |
|
|
Corrine
Malware Expert
Joined: 16 Feb 2005
Last Visit: 27 Jan 2010
Posts: 117
Location: Upstate, NY
|
| Posted: Wed Sep 14, 2005 2:55 am Post subject: |
|
|
Its well worth the try, Herbalist, and so much easier to read the EULA when key wordss & phrases are identified.
You're welcome wyrmrider. 
_________________
,
Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
Remember - "A day without laughter is a day wasted".
May the wind sing to you and the sun rise in your heart . . . |
|
| Back to top |
|
|
Nemesis6
Warrior
Joined: 03 Oct 2004
Last Visit: 30 Apr 2008
Posts: 247
Location: Copenhagen, Denmark.
|
| Posted: Fri Sep 16, 2005 8:15 am Post subject: |
|
|
Well, a non-firefox user would benefit greatly from Javacool's products. I think if the average user used SpywareBlaster, SpywareGuard, and EULAlyzer, spyware and adware would slowly spiral downward.
_________________
 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
