Faisal Mateen & Irfan Hussain MCS-2011-06, pp. 38. COM/School of Computing, 2011.
Spyware is “computer software that obtains information from a user's computer without the user's knowledge or consent” . Spyware is often embedded in another application and is usually stated in End User License Agreement (EULA) . However it is quite common to accept the EULA without even reading it. Therefore beside the traditional spyware analysis techniques, automated EULA analysis can be helpful for common users in order to identify the spyware .
The techniques of automated EULA analysis do exist however the process of taking a binary application, analyze it, and prepare it in order to extract the EULA has not been studied in existing research. There is a need for such a tool that can extract and analyze the EULA text from an installer binary without executing it. Objectives of this research are to investigate the techniques to unpack the binary file, extract the EULA, analyze it and present the analysis results to the end user.
In order to establish basic understanding of the related concepts preliminary study is done. In this study a number of article sources are used, including ACM Digital Library, Compendex, Inspec, IEEE Xplore, and Springer Link. Material has been selected after reading titles and summaries.
Prototype of an open source tool is designed and developed. This tool extracts the EULA from executable binary installers, analyzes the extracted text and gives suggestions about legitimate level of the software.
To evaluate our application we downloaded 150 executables from different web sites, which were already classified as bad or good by . We used our tool to extract EULA text from executables. We were able to extract EULA from 48 percent of selected binary files. Analysis of extracted EULAs was also done to classify the software as good or bad. This analysis assists the user to make a decision to accept or reject the installation of software without reading even a single word of EULA. During the extraction and analysis process there was no significant impact on performance of the host system.
We conclude that EULA can be extracted from a binary file without executing it. However because of limited time it was not possible to extract EULA from all installer binaries. The rate of EULA extraction can be improved in future research.