From US-CERT | Oct 19, 2009
By now you've heard all about computer viruses, Trojan horses, worms, identity
theft, and phishing scams, and you're taking the necessary steps to secure your
computer and privacy when using the internet. One boring little item, however, can undo
your good work if you're not careful. That item is the end-user license agreement
(EULA) covering the software you use.
These agreements themselves can't harm you or your computer. In fact, EULAs
can do just the opposite: they highlight things that can put you at risk. The harm
comes from ignoring EULAs—and the subtle warnings they might contain—by
blindly agreeing to their terms. Ignoring EULAs can expose your computer to security
risks and put your privacy at risk.
For instance, a EULA might require you to allow the software publisher or a third
party to collect information about your internet activity in exchange for use of the
software. This information could include not only the web sites you visit, but also
information you supply in online transactions, such as your name, address, credit card
number, and items purchased. Once collected, the security of this information is out of
your control (a fact highlighted by the number of recent, high-profile database
attacks).
By carefully reading and understanding the EULA covering software before you install
it, you can make an informed decision that takes into account any privacy and security
issues. This research guide takes a closer look at EULAs.
The attached Zip file includes:
- Intro Page.doc
- Cover Sheet and Terms.pdf
- Software License Agreements Guide.pdf
