Slashdot Mirror
First Worm with a EULA?
ErikRed1488 writes "There is a new virtual postcard from Friend Greetings, owned by Permissioned Media that prompts you to install their software to view the card. You are then presented with a EULA granting them permission to e-mail all the Contacts in your Outlook Address Book. Those people are presented with an e-mail from you telling them they have a greeting card to pick up. So, this thing spreads like a worm, but includes a EULA that 95% of users won't take the time to read. Symantec isn't detecting this as a virus, but does have information about it on their site. In addition to the worm-like way it spreads, it also installs spyware designed to deliver ads to your computer. You also give them permission to install further software any time they want. In my opinion this is completely nasty, but it's all clearly in the EULA that you must agree to before it installs the software."
Just beautiful. The more insane EULAs get, the more people will start taking a harder look at all of the ones they currently sign their souls over to.
This can only be good for Open Source.
This may be a cynical thing to say, but I think it was only a matter of time before some shady software like this was made.
I would remark "How could the makers of such a thing sleep at night?" - but I already know the answer: they sleep just fine. People like that don't believe that they're doing anything wrong.
Experts agree: everything is fine.
to help force the govt to evaluate the merits of EULAs. While it can be argued..."you shouldve read the license before you agreed"
I would rather say "There shouldn't exist any such licensing format. And we as the people should not allow it to ever exist."
This points out the absolute absurdity of click-through EULAs. Hopefully, a case against them could be used as a legal defense against other badly-licensed software.
John
Eulas like these should be regulated by the government. It is pretty common in contract law that unreasonable provisions are not enforceable and illegal. Like for example a credit card agreement cannot mention it deep in the fineprint that if you default they own your house or are allowed to enter your home and steal your pants. This kind of EULAs are a consumer protection issue.
If the AV vendors are going to be able to keep any credibility that they have left, they are going to have to detect and block this type of software.
SM MBL-VIR looking 4 SIG 4 LTR. must be DDF, no 420, SD ok.
This to me is a primary example of the sometimes dichtomous nature between was is legal and what is ethical.
Is what these business professionals done legal? Probably.
Is it ethical? Absolutely not. Otherwise, why hide the email's worm nature in the EULA?
I know there are those that are going to say, "Hey, you had the opportunity to read the EULA, you didn't, and you clicked it anyway."
But caveat emptor, though a fact of life, does not exempt the screwer from his reponsibility of what he did to the screwee.
May be legal. But in my mind, definitely not ethical.
"We're sorry, but the website you're trying to reach has been disconnected."
This could make a good legal test, since many people have questioned the legal validity of click-through EULA's. If you could successfully argue that this EULA wasn't valid, then the others would be on very shaky ground.
Some may scream that the law should enforce morality, but then you must wonder "Who's Morality?".
I read a very interesting book recently, called Human Action, by a lovely looking grey haired man called Ludwig von Mises. It was left by my old boyfriend in the bathroom, and I picked it up and smelled it unhappily one evening, but before long found myself readin Mises' interesting take on the fundamental sovereignty of man.
Mises would warn us all against enforcing a common morality, for that is a sure way to tyranny, in the end. This company should not be legislated against. We should instead encourage people to read EULAs and to take responsibility over themselves, over their own bodies, over their computers. Anything else is slavery to government.
I thought I had left slavery to the state behind in my native Scotland. As a Catholic girl, I understand only too well the attractions of worshipping an idol like the state. But we are better to resist laws that seem fair and moral, and instead trust in common deceny and responsibility.
Thanks,
Margot. XXX
--Anticipation of a New Lover's Arrival, The
How many of you have read the Slashdot EULA?
This just describes what the program does, and by placing it in the license, they hope that you don't read it. Kinda like saying something in 4pt-font fine print: ("note: Happy Fun Toy will explode into sharp shards, killing your child"). Shady practice, but not directly related to the real problems with EULAs ("you may not use this program unless...").
Just nitpicking.. But it's true, you should always read your EULAs (prounounced EWWWWWWW-lahz).
This thing which automatically sends itself to everyone in your mailbox is saving a lot of people a lot of time. It's only slightly worse than the emails which end, "Send this to everyone you know." Most people believe the crap in them and forward to everyone they know.
Never: EVER, have I recieved an email which read "Forward to everyone you know" that should actually have been forwarded to anyone.
NEVER NEVER NEVER NEVER NEVER send to everyone you know! How many times must I say this? There is *NOTHING* that needs to be sent to everyoen you know.
Execpt this excellent cookie recipie...
M@
Krispy Cream is people
This is a great example of the type of virus that could affect any OS including Linux. If people are dumb enough to install this application with all caps telling you what it is going to do what is to stop somebody from writing a virus that says - "go to a bash prompt and type su and enter your password." Once you have the users permission you can pretty much do whatever you want. That's why education is so much more important than just saying it is a Microsoft only problem.
This really is not a Microsoft virus. If a person is stupid enough to install an application would be stupid enough to install an application on any platform. They would even be stupid enough to log in as root first if needed. Take a look at the EULA. What the application does is not hidden. It repeats itself several times and even puts it in all uppercase letters.
speaking of lawyers... are eula's treated like contracts, legally speaking? if so (and i'm pulling from a business law class from several years ago), illegal or unethical points of a contract are null and unenforcable by default, regardless of what you sign. i.e. - if you sign a contract to mow my lawn, and it states that if you cut down my roses, i get to kill your firstborn in a satanic ritual - well, that's just not enforcable.
too bad online legislation moves so slowly... i think i'm going to register for every spam list i can with my representatives' email addresses, and see if that gets things moving along... umm.. just kidding, secret service guy reading this over my shoulder.
a
It's unfortunate that it has to be this way, but unless people get burned by EULAs they're not going to take EULA's seriously. Discovering that they've agreed to let this software spam their boss, coworkers, and business contacts will hopefully encourage people to seriously read EULAs in the future. I expect that when people start seriously reading EULAs, they'll discover they don't actually agree with many of the terms. (Or at least they'll discover that they can't make heads or tails over the thing.) A little backlash would be help restore balance to EULAs and make the work a more fair place.
Search 2010 Gen Con events
Isn't the GPL a EULA? I mean they both have that L in them.
Well, yes. But then so does "asshole".
-=Maggie Leber=-
"Hi, could you add the following term to your EULA?..."
Third parties: You agree not to reverse engineer or exploit Microsoft Outlook in such a way as to create "worms" [define to your lawyers hearts' content] on penalty of $1trillion US, to be paid to [add deserving fund].
Now they can make their worms as legal as they like and, by expecting others to live to their EULA, they have to abide by Microsoft's and file for bankruptcy.
Never thought I'd like Microsoft having EULAs.
Nobody has time to read EULA's. They are frequently long and always in lawyer-lingo. You might as well blame people for not reading all of their mail when they get 20+ spams per day.
Anybody that thinks that 5% of people read a EULA obviously gives a lot more credit to humanity than I do.
-Waldo Jaquith
well after that first eula do you still have the right to give away control again?
- important items in the EULA are often hidden or hard to find. EULAs should be ordered in chronological order of what will happen when the software is installed. also, items should be ordered in order of probability of happening, i.e. any actions the program is written to do (like spam your mailbox's email addies) would have to come before the 15 pages of lawyer-speak about how we can't sue the developer in the case that the software malfunctions (which, hopefully, it wasn't programmed to do) and your house burns down.
- 90% of EULA content is the same. when software is released under the GPL or Apache or Artistic licenses, the user (assuming they've reviewed the license once before) has a reasonable idea of what they can or cannot do. common EULA sections, such as "you can't sue us, even if our program blows your machine up" (and the pages of related wording afterwards) can be summarized, or pointed to hyperlink-style. i.e. "this software is covered under the 'You Cannot Sue Us' clause, which could be a link to a standardized, common document that explains all the ugly details. the actual EULA could contain this statement, as well as any modifications the developers have made... that way, there's hopefully less to look at ("ah, they support the 'We Won't Ever Touch Any Non-Directly-Related Files on Your Computer', but they do take a snapshot of my entire filesystem and send it back to the mothership every night. *clicks 'NO'*
i think there are alot of very reasonable ways to standardize and govern EULAs. of course, I'm just a programmer, so what do i know.If the greeting card popped up with a dialog that said "I will spam everyone in your contacts, and I will install spy-ware on your machine" when you tried to execute it, then nobody in their right mind would. The problem is, that the vendor buried what the application really does, in a bunch of legalese that they *know* end-users never read. And packaged the whole mess up as an innocuous greeting card.
I have yet to see ANY GPL software that is distributed this way.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Actually, Wellstone was in favor of freedom on the internet, and he did not support the RIAA/MPAA. I personally talked to him about this, and he was, obviously, not a huge supporter of big business, and the RIAA/MPAA are a pretty big proponent of big business.
Why is it that people assume that censorship and the shutting down of the internet at the request of the industry is a liberal idea? Wellstone was the most liberal man in Washington, and he was against the above. Censorship does not fly along partisan lines, but if it did, it would not be a liberal idea.
The death of a senator probably won't affect the outcome of a national election two years down the road. The only way Bush gets elected in 2004 is if he is successful in keeping the voting public blind to the fact that the economy is more important than foreign policy, and that his failing policies both at home and overseas are, well, failing. Thus far he has been successful in keeping his blatant domestic failures a secret by focusing on foreign policy, and it is very ominous for the future of the republic if he is able to do it for an entire term and into another.
Either way, the death of Wellstone is not a political issue, and it should be looked at as the tragedy that it is. If anyone criticizes Wellstone as a man, they don't know who he was and are not qualified to talk about him. You can disagree with his views, but if you dislike him as a man, you are simply wrong.
Lack of eloquence does not denote lack of intelligence, though they often coincide.
(no one's going to read through 50 page agreements before clicking on "yes"). ... and IMO, if you aren't willing to even read the license, you have no business running the software. Likewise, if you aren't willing to read the GPL you have no business using code from GPL-licensed software.
And, if you don't read the warning labels/user manual on a product, and are injured as a result of its use, you certainly deserve what you get. I bet you read the manual next time. Or not.
As long as a reasonable effort was made to warn you (be it a warning label, or a license for which you have to click "I AGREE" before installation), it is your fault for not taking precautions.
Do I feel these people are doing wrong? Absolutely. Do I think it should be regulated/outlawed? Hell no.
NGWave - Fast Sound Editor for Windows
Judging from the amount of e-card software/webpage links I get in email (and promptly ignore), I bet that this thing spreads fairly quickly - and there won't be much that can be done about it automatically. It technically isn't a virus doing something without a users consent (So I don't see antivirus companies blocking it ever, despite having some very virus like properties.... not since the user has to agree to have it do what it does!) Mind you I don't think the company will get any good will out of this, but I (add the usual IANAL) don't see any potential legal challenge in this - instead of exploiting security bugs or software flaws it's strictly using user stupidity against themselves. (And if you outlaw stupidity, half the internet would be gone overnight.... ok maybe far more than half if you include AOL in that bundle of non-working grey matter) Makes you realize how important it is to read the EULA these days before doing anything - since it seems free software has gone WAY beyond being simply financed by an ad banner.
McAfee are smart to treat it just like a regular virus and Symantic is just shooting themselves in the foot by not.
Sure Symantic say that since you have to agree, it is not their concern, but how many Corporations out their using Outlook want their Joe ignorant desktop user agreeing to this thing and getting all of their clients spammed. This would be a corporate nightmare.
If Symantic has any brains they will make their software capable of removing this or risk losing all of their corporate clients.
It seems like a lot of you guys are really down on Symantec and McAfee for not filtering this with their AntiVirus software, but consider this.
By clicking "I agree" on the EULA you are telling your computer "I want to do X". If you tell your computer you want to do X and Symantec's software tells your computer "he can't" how is that any different from all the DRM crap like Paladium?
I know the intention in this case would be to protect the user, but then again isn't that the tack that Microsoft is taking as well?
Of course, if the contract is null and void, you are still bound to the standard law regarding copyrighted material with respect to a GPL work. In other words, you can look at it, but you don't have any right to redistribute, modify, etc. etc. etc., all the nice rights that the GPL grants you THROUGH your acceptance of a contract, IN EXCHANGE FOR consideration. So it is clearly only possible as a result of BOTH copyright law and contract law that the GPL can exist. An EULA generally refers to a consumer good (a piece of binary software), that is also admittedly under copyright protection, and there is generally no "contract" that I think should be legally acceptable, because, as you point out, it restricts what you can do and offers you no consideration in return (though click-through licenses apparently offer you the consideration of being able to use software you already paid for - ROFL).
Summary: GPL depends on a combination of contract law and copyright law. Shrinkwrap EULAs depend on a serious misinterpretation of contract law to restrict rights that you have as a result of common law and copyright law (i.e. first sale doctrine, etc.). Clearly we can all agree that EULAs restrict freedoms, and most Free/Open Source Licenses, GPL included, grant rights you wouldn't otherwise have.
Ignorance is not an excuse for stupidity.
No, but taking advantage of others' ignorance isn't the height of morality either.
There's a current practice in Hollywood to write script contracts containing some really egregious clauses that automatically get thrown out if the writer has a lawyer. They are there solely to see if they can get away with them. Essentially, if you don't know any better, you get screwed.
Yes, people should take steps to protect themselves and they should read the fine print, but writing clauses in specifically to take advantage of those who don't isn't ethical. It's the difference between ignorance and malice. Ignorance just doesn't know any better. Malice is intentional.
I'm not holding the people who blindly agreed to the EULA blameless, but you have to place a large part of the blame on the people who wrote the thing in the first place. You can castigate the person who forgot to lock his door but the person responsible for the theft is still the thief.
Simply because some people allow themselves to be taken advantage of doesn't mean they should be.
People's desire to believe they are right is much stronger than their desire to be right.
But see, they're supposed to - that's the point. Just because people will sign any paper that crosses their desk doesn't make that signature any less binding.
I know I would be caught by this (except that I never install software without specifically wanting it), and it is downright nasty.
But it's all nice and legal.
I remember when I used to read EULAs. These days I don't even read my email.