Insecure AVG search tool shoved down users' throats, says US CERT The US Computer Emergency Response Team (CERT) has warned users about software download sites' practice of including unasked-for downloads, after one such program - AVG's Secure Search toolbar - was found to be insecure. Known as "bloatware" or "foistware", unasked-for software is bundled into to the installation wrappers used …
doesn't just about everything from Download.com get packaged up with 'foistware'?
I stopped using them years ago because of the crap they seem to bundle with their downloads.
now it the likes of Foxit were to stop including the 'Ask' toolbar etc I might feel a little more inclined to contribute.
Download.com used to display two links for most packages. Their large green Download button often included their "installer", the other smaller text link was a direct one to the genuine download package.
Confusingly they didn't always offer the direct text link download option, and sometimes their official download link didin't contain their installer.
Checking the site this morning I couldn't see the text download link on any page, but some download links didn't contain their installer either. They seem to be messing about with what was once a perfectly good format.
Foxit was installing more than just the Ask toolbar recently - and to make it worse, it added the extra software (Open Candy - no idea what it is, but AVG alerted during the installation) as part of the update process.
That lead to an immediate removal of Foxit for me, which is a shame as I've championed it over Adobe Reader for years.
Seems there has been a trend of companies offering just enough to buy (either directly, or through offering funding support) the popular free programs. Then quickly adding or insisting the makers add bloatware/foist ware to it.
As other companies follow suit (Adobe being one of the biggest guilty right now) it becomes the "norm". :(
"It's not just foxit that installs open candy. Do a Google search and you will find a who's who of applications I used to recommend. It is really sad that so many otherwise brilliant applications stoop to installing this spyware."
A lot of my formerly trusted software venders and sources have become corrupted by these practices. It's started to feel like the whole Windows Universe™ is turning into a ghetto.
Browsers aught to have a 'Allow Tool Bars' option, which if not enabled, won't allow their use at all.
Have the option unselected by default on first install of the new browser. (Perhaps via a hot fix for IE).
If you do want/need to use tool bars, then tick the box to allow them during install of the alternate browser, (or in the settings afterwards if already installed).
"Browsers aught to have a 'Allow Tool Bars' option, which if not enabled, won't allow their use at all."
The difficulty there is writing such a browser in a way that lets the human make the decision but prevents a copycat program from automating exactly the same steps. Generally speaking, the programmers most willing to spend time and effort posting "raw input" messages are exactly the ones that sane users least want to be able to impersonate them.
Ninite has its' own problems.
1) It's not exactly exhaustive, although it does include some good software.
2) While the Ninite installation packages don't include adware etc, they also don't allow you to customise settings like file associations and whether or not another %^!"%^ icon gets added to your desktop.
So YMMV.
Are people *still* not using ninite.com?
Debian invented the Advanced Packaging Tool back in 1998. Why is it that 16 years later, we still don't have an equivalent for Windows?
Why can't I create a file (or have the system add a file), say, C:\WINDOWS\apt\sources.list.d\adobe.list, then a front-end just does an 'apt-get install adobe-flash'?
Windows update? Yeah sure, just 'apt-get dist-upgrade'. Done.
No, instead we have the old DOS-like system of everything having its own separate installer, bundling up lord knows what, which we have to go to separate download sites to download individually, and manage dependencies ourselves. C'mon Microsoft, if I wanted to do that, I'd use Slackware!
And before people bring up the Windows Store: show me where I can download a copy of the Windows Store for, say, Windows 7. How about downloading a copy of Firefox and LibreOffice via the Windows Store? Can they throw up a "Windows Store" repository like they do for YUM and APT, and just have us download a small text file that gets added to the "Windows Store" app's list of repositories like is presently done in APT/YUM?
"The problem is that you seem to want something for free when it actually costs something to build."
So we are supposed to pay for those little things that enable us to use thier products - little things that they give away for free? (and tell the world we can't exist without them)
These companies don't charge for the client, but they right royally fuck you over if you want to create content.
So no, they are providing nothing for free, the more "free" clients out there, the more demand for the software to create it with. Add a update to 20 million client = a need (read pay) for an update for the creation tools.
Ironically,
All of my best utilities, tools, and even to some extent OS's are similarly "free".
Freeware has been around for DECADES.
Shareware has been around for DECADES.
There's always been a difference between the two but neither stopped the other existing or made every programmer jump ship to earn cash.
And, believe it or not, in the old days everyone who gave stuff away didn't take over your computer in order to turn you into a cash cow just so they could claw back the 50p that the ZIP library they wrapped in a GUI cost them to make.
Nobody is obliged to pay for this stuff, because it's given away for free. And people will happily pay to NOT use software that tricks them into installing junk and costing them time and money to remove. They'll use your competitor instead.
Just because you give something away for free does NOT mean you're entitled to try to take over the computer of every person that downloaded it in order to pay your costs, and certainly not without the user's explicit permission.
And without free, truly free, software, there's an awful lot of stuff that would just fall over.
If you gave it away, I'm not obliged to pay you. Certainly not against my will by installing a toolbar that I don't want.
The problem is that you seem to want something for free when it actually costs something to build. Last I recall, Oracle, not my favourite company by any means, isn't a charity.
So you'd give a company who releases something "for free" permission to install say, a bitcoin miner on your computer on the grounds that they're not a charity?
Oracle make plenty of money gouging their database customers. If providing a clean Java runtime is too expensive, they should reconsider its "free" status.
I actually use a system that was built for freedom. Bloat has always been a Microsoft problem whether in thier code or pratices.
I have heard that Linux is for geeks and you have to be pretty savy to use it, but now in order to use a Windows system safely you have to know your system to an extreme amount. Check every update for malware scan your registery for unknown or strange keys.
All this from people who say 'TRUST US, WE'RE THE GOOD GUYS."
>you seem to want something for free when it actually costs something to build
Who held a gun to their head and asked them to release it for free? You are conveniently ignoring their bait and switch of claiming it is free but the cost is hidden by a EULA so long that no normal person could possibly comprehend it. Or another way to think of it is would the free* software have gained such market share if they charged for it all along? Did their decision to give it away make competitive products unprofitable?
*Free as in you can have this beer if you let me look through your fridge and note everything in there and then offer you advertisements based upon people with similar tastes)
Yeah, you've fallen for the new normal.
Adobe needs us to have Flash Player installed on our computers for their Flash creation tools to be worth buying. For years the deal was we downloaded the player for free _WITHOUT_ any crapware being snuck in along with it and they sold developer tools to make their coin. A few years ago some dimwit decided that Adobe could just shit on users and we'd put up with it or at least we'd not raise too much of a stink. So they have now "monetized" the download of their free player.
Absolutely
I classify Chrome as malware for exactly this reason. The only reason nobody rags on Google for this practice is because they're so big. Hopefully if CERT US have the authority or backing to take action on this underhanded and deceptive practice, that Google will also be targeted alongside the likes of Ask and Zango. They might even manage to get the practice made illegal. Hey, I can dream, can't I?
Shove junk that I don't want into your downloads?
I stop using your software.
At BEST, I remove the junk and keep a "clean" version someone on my network that I only ever use to install from (i.e. you not only lose your paid-for junk, but quite likely any future updates, and I'll start looking for alternatives).
It's things like this that force me to move towards software where I have a choice. I'm not a GNU/FSF fan at all, but to me open-software does precisely what I need to do and nothing more, especially where installation is concerned.
Don't even get me started on the places that take freeware like Irfanview and "bundle" it for no reason (surely against the EULA of a lot of this software, if it isn't and it was my software, it most certainly would be very quickly).
Honestly, a great way to turn off your customers. And you know what, a ZIP utility installing a browser toolbar is NOT something that ANYONE actually wants. Stop it. I'm looking at you IZArc, that I recommended and used personally for years until you started that nonsense.
And why do I get annoyed? Precisely because I want you doing NOTHING MORE than you absolutely need to do to do the job, because of problems like this. Especially when you want to insert yourself into my web-browsing path, redirect my searches, even change my proxy to something third-party. It's a massive security issue, even if things aren't written by a technically incompetent programmer, or maliciously intended.
Did we enter a time loop? Are we heading back to the days of clandestine spyware installations of the early 2000's? Will I need to start using Spybot - Search & Destroy again? Will we ever reach a point where we no longer have to lecture the average user and tell them to stop being so click happy and to read what's on the screen?
Those misleading advertisement download buttons are exactly why I now run AdBlock all the time. I've decided I'd rather feel mildly guilty about not supporting the web sites I visit than be constantly bombarded by crap that wastes my time and serves no purpose (because I'm not going to download their fake crap anyway). That and the talking ads, those should be illegal and if your site has them you'd better believe that 90%+ of your readers are running adblock right now.
The thing about websites complaining about advertising blocking... it's like the Mafia complaining about having their bats taken off them.
Some people fund their own websites out of their own pocket. Others fund them in other ways.
Once I know the adverts are SAFE, then I might turn off an adblocker. Until then, the only adds you get to show, are ones part of your content, not ones passed through dodgy Google algorithms with zero safety checks.
This stops if it's made into law that if given software A wants to install a given software B on which software A is not directly dependent, the opt out option is made to be the default one and the maker of software A is directly responsible for any damages caused by software B installation/usage.
1000000:1 as no developer will take on those hot potatoes anymore.
I'll get flammed for this, but Google is seriously dumb for not jumping on this opportunity. They'd need so little work to add this to their revenue stream it's dumbfounding how they never managed to get it going (properly)... Alas, our great advertising overlords are not as omni as we make them out to be...
(I have two XP Pro office pcs in a network that works well, which includes full silent Standby obtained by patching the register. Also have a big new Win7 gaming machine. Installed Avira to replace MSE on one old pc, but Avira crashed that very stable machine, so decided to try Avast.)
I installed Avast yesterday, which installed Chrome without my knoledge or permission. Today I uninstalled Google Chrome from that machine, as well as Earth, Talk, and Translate already there.
Got into System Information, found one Google service left, Google Software Updater, gusvc. I would like to have one Google free machine, so will now seek to uninstall this last Google service.
Message to AVAST: As you are installing Google Chrome without telling us or asking us, as Google pressured you to do, this means Google 'owns' you. And they 'own' the information you have access to on my pc. It is only a matter of time before they 'force' you to transfer any information you already have which they find interesting, as well as to collect and transfer information which they will want, which you have no reason to consider for your antivirus mission.
"Free software" is not free, unless built by volunteers. You pay for it by having to hand over your internet and internal pc usage information.
Is there an effective open source antivirus client available?
AVAST told me I had to upgrade this evening. I did so.
Then it told me to reboot to complete the installation. I did so.
The splash screen that appeared after reboot clearly asked me whether I wanted to install chrome and make it the default browser. I declined by unticking the pr-ticked boxes.
The pox on Google and their hordes, and a pox on software companies that keep trying to foist chrome on me - I don't want it -geddit?
Installing Chrome appears to be the only reason for this splash, and for all I know it was the only reason that an upgrade was required - though that may be a tad too cynical, or not!
I suspect that Avast is a commercial front for the NSA - fairly neat software, money clearly was (and is) being spent on it's development, yet no customer actually has to pay for the product ? Hmmm!?
It also proxies all channels of communication on your computer, even NNTP. Not sure I am OK with that.
In the end I decided to use "Microsoft Security Essentials", they probably have the same goals but they will not be as competent at "snitchin all your stuff", if MS keeps to form and I figure that the main threat these days are malware. I got some really sleazy stuff like Wajam and "NiceSearch" which was really hard to remove, hijacked the service management console, both left re-installers as "scheduled services" and "unkillable" guardian services too.
The point has come where any computer with access to the internet must be a VM, installed from a clean image on every use.
The companies doing this are doing it to your dear old mum and your friends and neighbours - people you care about and can't be there to protect. These companies are conning your granny and your kids and your spouse. They're wheedling and tricking and they don't ever stop, even when the computer can't cope any more and then there's the pain of fixing or the expense of replacing the computer.
Who would do that?
I find it rather fitting that the graphic shows KMPlayer
I keep having to remove it & all the associated garbage from family & friends computers (and any of my computers that I let family or friends use).
Pretty much simple action.. they click to install it, then no internet access from any browser till I go spend tons of time fixing it.
I really just need to convert all their computers to Linux and hope they take a bit longer to mess them up.
Yes you can put all the protection software on windows, but when they want to watch some stupid sports show and it comes up and says you must install this new virus loading player to see it, they suddenly become very technically adept!
"(and any of my computers that I let family or friends use)"
Easy peasy. Create an account without admin rights for your family and friends, and protect the admin accounts with a password only you know. That won't totally protect your important accounts from zero day exploits and/or some viruses, but it's a step in the right direction and will save you lots of sweat.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
