 |
Recent
Articles |
IDC: IM Market Growing In Enterprise
The market for enterprise instant messaging applications saw 37 percent growth from 2004 to 2005, and should more than double by 2009.
Check List for Linux Security
Linux is an amazing operating system considering how it was originally created. It was a modest program written for one person as a hobby - Linus Torvald of Finland.
How Will Your Network Be Compromised?
Every time I attend a "Security Guru's" meeting, I'm amazed by how much time and effort is spent on discussing the complex hacking and computer compromise of computer networks and systems.
Most People Unaware of IM Threats
IMLogic recently conducted a survey of 1,100 enterprise instant message users, and found that most people unknowingly expose their computers and company networks to security threats.
Crouching Trojan, Hidden Malware
Trojans are not just more dangerous than computer viruses, they're stealthier, too. Find out where they hide.
|
|
|
11.14.05
Spyware, EULAs And AntiSpyware Companies
 By
John Stith
One big issue working through the Internet world right is the limitations of End User License Agreements (EULA). The issue is part of the battle with Sony BMG and their rootkit problems and a number of companies who produce products used as adware or spyware are fighting with antispyware companies for listing them.
The issue at hand is a battle between antispyware Sunbelt is fighting versus RetroCoder, a company that makes a keylogging program called SpyMon. Sunbelt rated the program as spyware. They made the default action ignore so users can determine further action on the program.
RetroCoder didn't like being listed as spyware and specifically forbid antispyware companies from reviewing their product in the EULA. Alex Eckelberry, top dog at Sunbelt, reprinted a letter he received from RetroCoder on his blog:
If you read the copyright agreement when you downloaded or ran our program you will see that Anti-spyware publishers/software houses are NOT allowed to download, run or examine the software in any way. By doing so you are breaking EU copyright law, this is a criminal offence. Please remove our program from your detection list or we will be forced to take action against you.
Thank you,
Anthony Ball
In all fairness, SpyMon is a pay for play program so you don't get it generally unless you ask for it. But it is a keylogger program and as a rule, the nature of the beast is such that it is considered adware/spyware.
Eckelberry also reprinted the policy information from their website:
This software package is a copyrighted product. As such the owner of the copyright expressly forbids any use, disassembly, examination [sic] and/or modification by anyone who works for or has any relationship or link to an AntiSpy or AntiVirus software house or related company. If you do produce a program that will affect this software [sic] ability to perform its function then you may have to prove in criminal court that you have not infringed this warning.
Infringement [sic] of a copyright license is a criminal offense.
Now, the Sony BMG issue is similar in some ways. You agree to the EULA in order to listen to the CDs on your Windows-based computer. Keep in mind; if you drop it in a CD player or an Apple, there is no DRM. The EULA doesn't make mention of everything that goes into your computer when you agree to it. What exactly are the limits of the EULA?
For purposes of Sony BMG, it can be quite powerful regarding the copyright protection. It's protected by the DMCA and it's illegal to tamper with it. The fact that inserting a rootkit is illegal in some places isn't so much the issue; it's more examining the power of the EULA.
In the case of Sunbelt, their issue was regarding free speech. RetroCoder didn't want any connotations of spyware so they tried to protect themselves. Unfortunately, without being a judge, it seems like they've pushed the envelope a bit and Eckelberry seemed to think so. He said in the blog posts he checked with his lawyers and seemed to think he had no problems. He also mentioned Elliot Spitzer's case against Network Associates in which a New York judge said Network Associates can't stop people from talking about it's products.
The power of the EULA can vary a great deal depending on how it's used and the relevance of what's in there. In cases like RetroCoder or Network Associates, trying to restrict fair criticism is difficult to justify, regardless of what is said. In cases like Sony, well, the lawsuits will tell the answer to that one.
About the Author:
John is a staff writer for SecurityProNews covering cyber security. |
