[Liverpool] Software freedom (problems at the University)

Wed Dec 16 18:27:34 UTC 2009

No, they won't. I even didn't expected them to, in a way. Here's a reply:

From: Ward, Rob
Sent: 16 December 2009 17:03:57
To: Jakubovskij, Vladimir
Cc: NetworkTeam
Subject: Anti-Virus for Macintosh
Auto forwarded by a Rule
Dear Vladimir, your email to the Helpdesk has been forwarded to me.

The clauses you highlight in the Sophos licensing agreement relate to the
Universities agreement with Sophos and not yours personally.

If you do not wish to use Sophos there are other anti-virus applications
that you may purchase at your own cost which will then allow you to pass our
security checks, these are; Norton, McAffee and Intigo Virus Barrier.

The University network security policy dictates that Macintosh systems must
have a recognised anti-virus software installed and this is enforced by our
Network Access Control system.

Whilst generally Unix based operating systems are less vulnerable to viruses
than Windows it does not mean there is no risk. There are viruses out there
that infect Macintosh systems and no doubt there are more in development.
Macintosh systems can also be carriers for Windows viruses.

The University will categorically not change its security policy to suit
your requirements.

Whether you decide to install a supported anti-virus application is up to
you but if you don’t our Network Access Control will continue to deny you
access to the network.

Yours sincerely

Rob Ward
CSD

and my reply to them (posted to my blog):

http://vovka-j.livejournal.com/46556.html

2009/12/16 oscillik <oscillik at gmail.com>

> *slow clap of appreciation*
>
> as much as i hate Apple and their self-riteous certification that they
> don't require AntiVirus (yet!), i am in TOTAL agreement with you
> regarding forcing people to install software just to gain access to the
> wireless network.
>
> i can see that you have spent a good deal of time disecting the EULA,
> and while i cannot read through it at work due to my break only being 15
> mins, i know i shall have great enjoyment reading through and seeing
> your comments on Sophos' EULA.
>
> yes Vlad, i am agreeing with you :D
>
> you'll have to keep us all posted on what happens, hopefully they will
> see some sense and at least put measures to stop this silly requirement.
>
> Vladimir wrote:
> > Hello, everyone!
> >
> > Once again I am shocked by the University's practices regarding the
> > software and standards. So will forward
> > my email that I just sent to them, looking for any comments and
> > suggestions (as I expect, this is going to go
> > far this time). The email is pretty much self-explanatory:
> >
> >
> >
> >
> >
> >
> > ----------------------------------
> > To whom it may concern:
> >
> > I am writing to report a problem which is preventing me from
> > connecting to a University wireless encrypted network,
> > so called "SuperRoamNet".
> >
> > I do not use Microsoft software neither do I run their OS on any of my
> > machines.
> > I have a macbook, running either latest OS X v 10.5.8 or Linux (kernel
> > 2.6.x)
> > which I was trying to connect to SuperRoamNet.
> >
> > The University computing services require students to download Sophos
> > anti-virus software
> > to be able to pass the "security check" of some sort, to "prove" that
> > their machine is not infected
> > by malicious software that could be potentially detected by Sophos
> > anti-virus application (or should I say
> > /could not be detected/ - will come back to this later).
> > Without coming back to the discussion I had at the computer helpdesk
> > with the people working there,
> > about the mathematical possibility for a Mac OS X or indeed any other
> > BSD based or *nix system, there are
> > reasons that prevent me from installing your proprietary Sophos
> > anti-virus application.
> > The reasons are hidden in EULA of Sophos. While 90+% or the general
> > public are not concerned with
> > what is being inside those licence agreements, I am one of those
> > people, who is very careful with software
> > licences.
> > I want you to read this letter carefully, as I have put a substantial
> > amount of my personal time to compose it.
> > So I can not agree to the following parts of the Sophos EULA:
> >
> >
> > *12.1.1 You expressly give Sophos permission to include and publish
> > Your name and logo on lists of Sophos’s customers for the Licensed
> > Products*
> >
> > No, I do not wish that my name/logo was published on the lists of
> > Sophos's customers, as I do not wish to be a customer of this company.
> >
> >
> > *13.4 You shall permit Sophos or an independent certified accountant
> > appointed by Sophos access on written notice to Your premises and Your
> > books of account and records at any time during normal business hours
> > for the purpose of inspecting, auditing, verifying or monitoring the
> > manner and performance of Your obligations under this End-User Licence
> > Agreement *
> >
> > This is ridiculous. No comments.
> >
> > *13.5 Sophos may at its sole discretion subcontract any of its rights
> > or obligations hereunder to any of its subsidiaries, resellers,
> > distributors or dealers, as applicable.*
> > *
> > *
> > Meaning that at "its sole discretion" they can drop their
> > responsibilities any time. What kind of a contract is this?
> >
> > *3.1** **Evaluation. You may use the Software for evaluation purposes
> > only in a test environment without payment of a fee for a maximum of
> > 30 days or such other duration as is specified by Sophos at its sole
> > discretion.  *
> >
> > Although I was assured by the staff at the support desk that the
> > application is 'free' (as in free beer), this seems not to be the
> > case. It seems that all the students at the University
> > are using the software illegaly [after 30 days of evaluation period].
> >
> > *3.4 Restrictions. You are not permitted to:*
> > *[...]*
> > *3.4.7 use the Licensed Products in or in association with safety
> > critical applications such as, without limitation, medical systems,
> > transport management systems, vehicle and power generation
> > applications including but not limited to nuclear power applications;*
> > *
> > *
> > I do run critical applications on my computer. That is ssh logins to
> > remote servers for example. Or transferring valuable and sensitive
> > personal data across the backup servers. And yes,
> > I am a performing musician and a sound-engineer. I do run critical
> > applications at the concerts and festivals. Sometimes it is a
> > EQ/limiter/compressor application through which the
> > main signal to the FOH is routed. These are critical applications,
> > which to my view fall under the definition of  "not limited to..." in
> > chapter 3.4.7
> > But even if I wasn't running these applications (rendering my portable
> > computer useless), agreeing to the EULA, I would still not be able to
> > install it, as the licence agreement
> > simply doesn't allow me to sign it on the basis of the following
> > paragraph:
> >
> > *3.4.8 use the Licensed Products for the purposes of competing with
> > Sophos, including without limitation competitive intelligence.*
> > *
> > *
> > You see: GNU/Linux operating systems are bullet-proof from the viruses
> > that might be invented in the future, by design. At the moment such
> > malicious
> > software, that would require a GNU/Linux system to add an extra layer
> > of security (i.e. anti-virus application), simply doesn't exist. So
> > GNU/Linux system may
> > be considered a product that is competing with Sophos, by the means of
> > developing a different kind of environment that doesn't need the type
> > of commercial
> > products of proprietary nature that Sophos provides. Being an active
> > Open Source society member, I do contribute to the developing
> > community on a regular
> > basis, and my constant efforts include improving the environment of
> > GNU/Linux operating systems. Therefore by using the Sophos software I
> > would gain
> > the /competitive intelligence, /which is forbidden by the chapter above.
> >
> > *5.4 You shall at Your own expense hold harmless, defend and fully and
> > effectively indemnify Sophos against any claims, proceedings, damages,
> > costs, expenses or other liability whatsoever arising out of,
> > resulting from or relating to Your use of the Licensed Products
> > (including without limitation breach of Your warranty in Clause 5.3)
> > and/or any Suggestions.*
> >
> > I don't know any person in a clear state of mind who could sign this
> > after reading this paragraph.
> >
> >
> > ------------------------------------------------------------
> >
> >
> > I think there's enough of the evidence, that I can't sign this EULA.
> > But that wouldn't be the whole picture if we didn't look at the
> > paragraph 6.1
> > which says:
> >
> > *6.1 [...] SOPHOS DOES NOT WARRANT THAT THE LICENSED PRODUCTS WILL
> > DETECT AND/OR CORRECTLY IDENTIFY AND/OR DISINFECT ALL THREATS,
> > APPLICATIONS (WHETHER MALICIOUS OR OTHERWISE) OR OTHER COMPONENTS.*
> > *
> > *
> > Yes, in BIG CAPITAL LETTERS, they say, that even after you agree to
> > "defend and fully and effectively indemnify" them against any damages,
> > claims, costs, proceedings "whatsoever" and allow them to publish your
> > name and logo somewhere publicly, and even after you allow them into
> > your home as described in paragraph 13.4, even after all that they do
> > not guarantee
> > that their software will do what it is intended to do.
> >
> > So coming back to the first lines of this email; it seems that the
> > model that the University computer services employ to "check" the
> > machines running Unix family operating systems (and in fact MS Windows
> > machines too) is useless. What is the point of requiring the
> > protection for a very very very theoretical threat (virtually
> > non-existent) by the means of the tool that
> > "doesn't warrant" any protection whatsoever?
> >
> >
> > I do ask you to register the hardware mac address of the my machine to
> > my MWS services username bypassing your normal procedures which are
> > useless, as I just showed you in this email.
> > Requiring the signing of this draconian licence agreement can be
> > considered as a discrimination on the grounds of my operating system
> > choice, my personal beliefs and political
> > views.
> >
> >
> > Looking forward to hear back from you as soon as possible,
> >
> >
> >
> >
> >
> >
> > Sincerely,
> >
> >
> > Vladimir J.
> > -------------------------------------
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Liverpool mailing list
> > Liverpool at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/liverpool
>
> _______________________________________________
> Liverpool mailing list
> Liverpool at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/liverpool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/liverpool/attachments/20091216/68625e71/attachment.htm 