Why do most computer users ignore what happens when they install new software?It's an occupational hazard for me to be installing more than the normal amount of software onto PCs, sometimes the same package multiple times. While doing so recently, a thought struck me. I'm remarkably ignorant -- and so are you, or at least that's remarkably likely. I'm not intending to be offensive here, however. I'm simply making an assertion that most of us (me included) ignore an awful lot of what goes on in our PCs when we install software.
In the minor leagues of this ignorance would have to be those little statements that tell you to disable any anti-virus software before proceeding with installation. Those statements scare the living heck out of me, for a couple of reasons. Firstly, I'm a somewhat cautious type, and it strikes me as a perfect socially engineered cover to spread an actual virus; I'd be stunned if someone hasn't already tried to go down this particular route. I know this is something of a legacy issue where some applications would be picked up as viral false positives while they installed, but to be honest I'd rather make that call while installing an application than just leaving it all to chance. In this age of downloaded as well as CD/DVD delivered software, there's also the worry that an installation package might just possibly be virus-infected in any case.
The larger area of ignorance for most users -- and remember, I'm guilty too -- is in the end user licence agreements (EULAs) that you just can't quite dodge when installing packages. I've never read one beginning to end, but I've certainly ticked a few boxes to indicate that I have. For a start, most EULAs run longer than the software they're protecting, and they're written in terribly obscure legalese; most of us don't have the time to bother with such things. It's probably for the best that we don't read EULAs -- from what I understand of reading analyses of existing popular EULAs most of them boil down to something like this:
"Look, there's this code on this disc. We're not entirely sure what it does, and you're explicitly not allowed to find out what it does. Anything it may or may not do is entirely coincidental and we take no responsibility in any case, although if you do pay us $50 a minute, our highly trained technicians will laugh at you down the phone. If you're lucky, they may remember to mute it first. By ticking the box below, you agree that this is in our best interest. We may or may not have installed applications that will track your credit card numbers, secret stash of 'naughty' images and anything else we like the look of in the background, and you agree that you're happy with this too."
I'm not a lawyer (although I'm willing to play one on TV for the right money), but I'm also at a loss to see how a company would prove that it was in fact me that ticked the 'OK' box, and not in fact my friend, relative or family pet that did so. Who becomes liable in that kind of scenario, and how do companies in fact prove this kind of stuff? How exactly do those software boxes with the EULA inside and the sticker outside saying you agree to the EULA by opening the box (without being able to read it, unless you happen to be Superman) work?
I'm sure there's a few Linux users sitting out there nodding to themselves that this kind of dilemma never faces them, but I suspect there's a similar but different challenge open to that community. Sure, the code may be open for you to inspect, but who has the time to do so? Isn't that the same thing as the EULA that nobody reads?
At the end of the day, it's not only probably safer to be ignorant, it's also a lot easier on your brain, and I suspect that's why so many of us choose the click, tick and ignore route.
What do you think? Have you ever curled up on the sofa with a cup of coffee and a warming EULA? Does the idea of disabling anti-virus protection make you shiver too? Talkback to me below!
16%
7%
Totally Agree with the article.
The closest thing you can prove (without catching someone in the act of installing it) is to say it was installed under a particular users account. Most people I know either
1. Have their computers automatically log in to administrator (shudder)
2. Have a different account for each family member with no password, the same password, or a really obvious password
Add to this the number of PCs that have been infected by the various forms of recent viruses that leave their own back door, and you can't prove who did what.
In any case, most software that plays with the registry seems to prefer the LOCAL_MACHINE key to the CURRENT_USER.
Perhaps it doesn't matter. Perhaps under Australian law it is the computer owners responsibility but im not a lawyer (and that is very dangerous territory).