17

Lets think there is a virus that acts like a software. Its acting like a regular software. It's installation is visible to user and again like a regular software, it asks user to accept its End-user License Agreement.

Everyday, we all install softwares to our computers but none of us actually read that seven page long and legalized agreement. We all just accept that without reading it to enable installation process. I see a great opportunity for malicious guys here. Someone create an adware or some kind of spyware, maybe a botnet client, and publish it as a regular software or maybe embed it to a software itself. That guy writes a complete detailed EULA that explains what that virus can do (send some data to third-parties), what virus allowed to do (download and run its so called 'updates'), what virus won't do and adds its disclaimer says any damage that this system or data take is something that software is not responsible.

Can a spyware or a virus act legally with EULA?

Is this a valid against court of law? Can a virus harm our computers and costs us money and effort, or just send our computer data to third-parties, is this agreement restricts us to sue that software or its owner and make this actions legal? Are parental control softwares, observation systems and remote access softwares do something like this?

unor
  • 1,154
  • 9
  • 22
Batuhan
  • 273
  • 2
  • 7

1 Answers1

11

An EULA, or "End User License Agreement", is a contract between the software user and the software publisher. It usually protects the interest of the software publisher, e.g. you can only use it on one computer; you may not alter it or distribute it without written agreement etc.

In this case, the EULA specifies that:

  1. The software may be harmful to the user's computer
  2. The user's personal data may be sent to third parties
  3. The software may used to aid or perform illegal activities
  4. The software publisher is not responsible for any damage caused by using this software

First thing first, is this a valid contract? Let's take a look at the essential elements of a contract:

  1. Offer and Acceptance
  2. Intention
  3. Consideration
  4. Capacity
  5. Consent
  6. Legality
  7. Possibility of performance

The Legality element specifies that the contract must not be something disapproved by law. Botnets are used for attacking other computers, i.e. an unlawful act. Installing botnets may violate the Section 3A of the Computer Misuse Act 1990 in the UK.

Sharing user's personal data may also violate data privacy laws.

Let us, for the moment, assume the contract is valid. Item number 4 still causes a problem: an overly broad liability waiver. While liability waivers are common and normal, one can argue that the said waiver in this case seems to cover intentional or reckless acts. Such items in a contract are deemed as unenforceable.

Parental control systems and remote observation systems are different. They can be used legally, and this legal use is common. Thus, distribution of these systems is legal. Needless to say, it is very difficult to argue that virus and botnets share the same. Of course, one can still use a remote observation system in an illegal way. In this case, the software user is liable, but the software publisher is not liable because the user's behavior is beyond their control.

kevin
  • 1,773
  • 1
  • 18
  • 32