[Liverpool] Software freedom (problems at the University)

[Vladimir]

Hello, everyone!

Once again I am shocked by the University's practices regarding the software
and standards. So will forward
my email that I just sent to them, looking for any comments and suggestions
(as I expect, this is going to go
far this time). The email is pretty much self-explanatory:






----------------------------------
To whom it may concern:

I am writing to report a problem which is preventing me from connecting to a
University wireless encrypted network,
so called "SuperRoamNet".

I do not use Microsoft software neither do I run their OS on any of my
machines.
I have a macbook, running either latest OS X v 10.5.8 or Linux (kernel
2.6.x)
which I was trying to connect to SuperRoamNet.

The University computing services require students to download Sophos
anti-virus software
to be able to pass the "security check" of some sort, to "prove" that their
machine is not infected
by malicious software that could be potentially detected by Sophos
anti-virus application (or should I say
*could not be detected* - will come back to this later).
Without coming back to the discussion I had at the computer helpdesk with
the people working there,
about the mathematical possibility for a Mac OS X or indeed any other BSD
based or *nix system, there are
reasons that prevent me from installing your proprietary Sophos anti-virus
application.
The reasons are hidden in EULA of Sophos. While 90+% or the general public
are not concerned with
what is being inside those licence agreements, I am one of those people, who
is very careful with software
licences.
I want you to read this letter carefully, as I have put a substantial amount
of my personal time to compose it.
So I can not agree to the following parts of the Sophos EULA:


*12.1.1 You expressly give Sophos permission to include and publish Your
name and logo on lists of Sophos’s customers for the Licensed Products*

No, I do not wish that my name/logo was published on the lists of Sophos's
customers, as I do not wish to be a customer of this company.


*13.4 You shall permit Sophos or an independent certified accountant
appointed by Sophos access on written notice to Your premises and Your books
of account and records at any time during normal business hours for the
purpose of inspecting, auditing, verifying or monitoring the manner and
performance of Your obligations under this End-User Licence Agreement *

This is ridiculous. No comments.

*13.5 Sophos may at its sole discretion subcontract any of its rights or
obligations hereunder to any of its subsidiaries, resellers, distributors or
dealers, as applicable.*
*
*
Meaning that at "its sole discretion" they can drop their responsibilities
any time. What kind of a contract is this?

*3.1** **Evaluation. You may use the Software for evaluation purposes only
in a test environment without payment of a fee for a maximum of 30 days or
such other duration as is specified by Sophos at its sole discretion.  *

Although I was assured by the staff at the support desk that the application
is 'free' (as in free beer), this seems not to be the case. It seems that
all the students at the University
are using the software illegaly [after 30 days of evaluation period].

*3.4 Restrictions. You are not permitted to:*
*[...]*
*3.4.7 use the Licensed Products in or in association with safety critical
applications such as, without limitation, medical systems, transport
management systems, vehicle and power generation applications including but
not limited to nuclear power applications;*
*
*
I do run critical applications on my computer. That is ssh logins to remote
servers for example. Or transferring valuable and sensitive personal data
across the backup servers. And yes,
I am a performing musician and a sound-engineer. I do run critical
applications at the concerts and festivals. Sometimes it is a
EQ/limiter/compressor application through which the
main signal to the FOH is routed. These are critical applications, which to
my view fall under the definition of  "not limited to..." in chapter 3.4.7
But even if I wasn't running these applications (rendering my portable
computer useless), agreeing to the EULA, I would still not be able to
install it, as the licence agreement
simply doesn't allow me to sign it on the basis of the following paragraph:

*3.4.8 use the Licensed Products for the purposes of competing with Sophos,
including without limitation competitive intelligence.*
*
*
You see: GNU/Linux operating systems are bullet-proof from the viruses that
might be invented in the future, by design. At the moment such malicious
software, that would require a GNU/Linux system to add an extra layer of
security (i.e. anti-virus application), simply doesn't exist. So GNU/Linux
system may
be considered a product that is competing with Sophos, by the means of
developing a different kind of environment that doesn't need the type of
commercial
products of proprietary nature that Sophos provides. Being an active Open
Source society member, I do contribute to the developing community on a
regular
basis, and my constant efforts include improving the environment of
GNU/Linux operating systems. Therefore by using the Sophos software I would
gain
the *competitive intelligence, *which is forbidden by the chapter above.

*5.4 You shall at Your own expense hold harmless, defend and fully and
effectively indemnify Sophos against any claims, proceedings, damages,
costs, expenses or other liability whatsoever arising out of, resulting from
or relating to Your use of the Licensed Products (including without
limitation breach of Your warranty in Clause 5.3) and/or any Suggestions.*

I don't know any person in a clear state of mind who could sign this after
reading this paragraph.


------------------------------------------------------------


I think there's enough of the evidence, that I can't sign this EULA. But
that wouldn't be the whole picture if we didn't look at the paragraph 6.1
which says:

*6.1 [...] SOPHOS DOES NOT WARRANT THAT THE LICENSED PRODUCTS WILL DETECT
AND/OR CORRECTLY IDENTIFY AND/OR DISINFECT ALL THREATS, APPLICATIONS
(WHETHER MALICIOUS OR OTHERWISE) OR OTHER COMPONENTS.*
*
*
Yes, in BIG CAPITAL LETTERS, they say, that even after you agree to "defend
and fully and effectively indemnify" them against any damages, claims,
costs, proceedings "whatsoever" and allow them to publish your name and logo
somewhere publicly, and even after you allow them into your home as
described in paragraph 13.4, even after all that they do not guarantee
that their software will do what it is intended to do.

So coming back to the first lines of this email; it seems that the model
that the University computer services employ to "check" the machines running
Unix family operating systems (and in fact MS Windows machines too) is
useless. What is the point of requiring the protection for a very very very
theoretical threat (virtually non-existent) by the means of the tool that
"doesn't warrant" any protection whatsoever?


I do ask you to register the hardware mac address of the my machine to my
MWS services username bypassing your normal procedures which are useless, as
I just showed you in this email.
Requiring the signing of this draconian licence agreement can be considered
as a discrimination on the grounds of my operating system choice, my
personal beliefs and political
views.


Looking forward to hear back from you as soon as possible,






Sincerely,


Vladimir J.
-------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/liverpool/attachments/20091216/7530f32d/attachment.htm