CERT, the world-renowned Carnegie Mellon University computer security team has issued a warning about software end-user licence agreements (EULA), which virtually all of us sign without reading. EULAs are legal contracts, and the vendor or developer may include almost any conditions.
Some EULAs, it seems, are less than standard. For example, in ticking the “I agree” box, you may be agreeing to:
Giving the vendor permission to monitor your computer activity and communicate the information back to the vendor or to another third party. This may put sensitive corporate and ID-related data at risk of security breach.
Allowing vendors to install, or allow 3rd parties to install, additional software programs on your computer. This software may be unnecessary, may affect the functionality of other programs on your computer, and may introduce security risks.
The need has never been greater for somebody within your organisations to take control of
a) What software employees are downloading onto their laptops, and
b) What work related data is stored and processed on home PCs.
In the case of the latter, the majority of home PCs are compromised in some way by peer-to-peer software, spyware or botnets and therefore should never be used to store any company data, the disclosure of which would cause embarrassment to your company – and in the UK, possibly result in a huge fine.
