Field of the Invention
The present invention generally relates to computers and, more particularly, to techniques for protecting computers from undesirable software.
Description of the Background Art
The internet, local area networks, wide-area networks, wireless networks, and other distributed computer and database network systems are in wide-spread use throughout the world. These systems have many advantages as well as disadvantages and most users, when they have to, accept the disadvantages in order to benefit from the advantages. When the risk-benefit trade between advantages and disadvantages tilts to the disadvantageous, the market seeks to tilt the balance back toward the advantageous.
The computer user community has identified malware as one such disadvantage that users seek to eliminate from their computer environments. Unwanted or undesirable programs come in many types and are known by many names including viruses, spyware and adware. It is noted that the words spyware, adware, and malware are not precise terms in their usage and are used interchangeably throughout this disclosure. It is also noted that these terms relate to all undesirable software regardless how any given package operates on any given system.
Malware's general goal is to enter a user's computer and perform tasks that benefit the person or entity that created the malware or some other third party, not the computer's owner. Such benefits include collecting information about the user's internet habit by tracking the user's browsing habits and computer use and sending this information to the software provider's offices, sending unwanted pop-up advertisements, stealing passwords, or any number of other goals known in the art and inflicted on countless users daily. To the user however, these maiware characteristics mean a loss of personal privacy and risks to their computer data's integrity. It seems, in the market place, there are more and more malicious software programs infecting user's computers every day and this perception has lead to a demand for tools, such as virus scanners, that help users protect themselves from this malware.
Malware, alternatively known herein as unwanted software packages or u-ware, enters a user's computer using many routes. One well-known route is via the internet. A user, while browsing the internet, loads a given page from a given site. Another software package is loaded onto the user's computer and executed in the “background” unknown to the user and without their permission, during the page loading process. Once on the computer, the u-ware executes its instructions, typically in a manner that benefits a third party, not the user. To alleviate this problem, Anti Virus vendors have developed software packages that scan a computer's installed software to find u-ware components using signatures or behavioral blockers, well known techniques in the art. These scanning techniques involve scanning or running the executables themselves. Once the u-ware package is identified, the software quarantines or deletes the u-ware from the computer's memory and storage devices. This necessarily means that to find the u-ware with these techniques, the u-ware must first be installed on the computer.
When software is loaded onto a computer without the user's or installer's knowledge and agreement, removing the u-ware requires simply finding the code and deleting it using known techniques. There are circumstances when software with u-ware characteristics is installed on a computer with a user's permission. Removing this software then becomes a problem for Anti Virus software vendors because removing the u-ware may violate the license agreement the user accepted during the installation process.
In one illustrative example, the user acquires software that includes u-ware components hidden in the executable code. During installation, the user is presented with a End User's License Agreement or “EULA” and asked to accept the License terms before the program can be loaded onto their system. One commonly occurring problem is that users accept the EULA without completely reading or understanding the EULA text. Even though the EULA may contain information hinting at the presence of u-ware like behavior or terms permitting the program to load any other third party content, such indications are embedded deep in the typically very long and complicated EULA text. In other examples, the indication is so convoluted as to be difficult or impossible to understand by someone not familiar with these terms. Most users either do not attempt to completely study the EULA text or do not understand the fine print embedded in the text, but want the software, so they accept the terms. When the user later runs an anti-virus program, the program may find the u-ware components and remove them, possibly violating the EULA terms.
Anti Virus software vendors frequently receive objections and legal notices from software companies whose applications are cleaned as u-ware. The software companies point out that the user had agreed to the installation of the u-ware components during installation and point out the EULA terms that mention the u-ware or its behavior. All this may eventually lead to the users' systems being infected with spyware and adware programs because the u-ware cannot be removed, presenting a serious threat to the users' data privacy. Determining that u-ware characteristics may be present in an installable computer program before it is installed is a desirable goal, but doing so means that new techniques must be employed beyond signature recognition and behavioral blocking.
There is one software product in the industry, that attempts to solve the problem associated with deeply embedded EULA terms. The package is a trained classifier that, once installed on a computer and active, automatically detects and scans most license agreements when the license appears on the user's screen. The package scans the terms and phases that indicate the presence of u-ware like characteristics in the software package that the user is about to install. The package provides the scan results in a separate window so the user may review the suspect terms found during the scan. One significant concern with this software package is that it detects the EULA when it appears rather than intercepting the EULA prior to appearance. Many users accept EULA terms immediately upon the EULA window appearing because they just want the software loading to complete. Even with this product installed, the user might accept the EULA terms before the scan results are presented. There is a need and desire in the industry, therefore, to develop approaches to detecting u-ware terms embedded in EULAs, before the EULA is presented to the user for acceptance, and giving the user the option of stopping the installation before any u-ware can be added to their computer with their knowledge.
There may be other terms in a EULA that cause concern to Anti Virus software vendors, namely terms that restrict removal of individual components or third party components from an installed software package without removing the entire software package. In this example, an anti-virus scan is performed on a given computer system and the scan finds a component with u-ware characteristics, quarantining the u-ware component and deleting it from the computer even though the EULA had terms that restricted removing the single component. Anti Virus vendors frequently receive objections and legal notices from software companies about removing these single components because, in this case, the user agreed they would not remove single components.
There is a need, therefore, to automatically determine if restrictions on removing individual software components exists in an EULA before installation, and to take action when u-ware components are found, in such a manner that the accepted license agreements are not violated.