Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Proposal to fight deceptive software - making sense of EULAs

from [Crawley, Jim] Network Security [Permanent Link]
Subject: RE: Proposal to fight deceptive software - making sense of EULAs
Date: Wed, 30 Aug 2006 08:37:58 +1000 
        I think it's a brilliant idea, but getting companies to adopt it
without being forced to by regulation I can't see happening.

 

-----Original Message-----
From: brian.erdelyi@gmail.com [mailto:brian.erdelyi@gmail.com] On Behalf
Of Brian Erdelyi
Sent: Tuesday, 29 August 2006 6:11 AM
To: focus-virus@securityfocus.com
Subject: Proposal to fight deceptive software - making sense of EULAs

I'm working on a personal project, http://www.clearware.org, and would
appreciate feedback and suggestions from others on this list.

My idea is similar in concept to nutrition facts on food, care labels on
clothing and warnings on hazardous materials.  A "software use" label,
if
you will, that summarizes terms and conditions of an end-user license
agreement (EULA) that impacts control over the users experience, system
security and privacy.

My initial research shows that almost 80% of people never or rarely read
EULAs.  This isn't suprising as I believe EULAs are too long, ambiguous
and
inconspicuous for the average user to understand anyways.  Regardless, I
believe that users need to be informed about the software they install
and
simple labels to depict characteristics of a EULA will help.

How can a vendor obtain meaningful and informed consent to a EULA if
the user doesn't read or understand it?  I hope this will help provide
more awareness of EULAs and allow consumers to truly understand the
nature of software before purchasing and installing it.  The lack of
informed consent is what constitutes malware or badware.

While researching various EULAs and following work done by Creative
Commons,
these characteristics can be grouped as permissions, requirements,
restrictions and functions.  For each characteristic I have also created
a
symbol at
http://www.clearware.org/index.php?option=com_content&task=view&id=13&It
emid=30

I believe this will aloow regular users to better protect themselves
against software that may impact their user experience, system
security and privacy without their consent.

Any thoughts?
Brian Erdelyi

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----



----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box 
giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Proposal to fight deceptive software - making sense of EULAs, Brian Erdelyi
Next by Date:  Re: Proposal to fight deceptive software - making sense of EULAs, Paul Kassal
Previous by Thread:  Proposal to fight deceptive software - making sense of EULAs, Brian Erdelyi
Next by Thread:  Re: Proposal to fight deceptive software - making sense of EULAs, Paul Kassal
Indexes:  [Date] [Thread] [Top] [All Lists]