Case Study: How even the most experienced users can install third party crapware (like toolbars) and how to protect yourself from such offerings

While I may not have as many years under my belt as other people, I consider myself to be a moderately experienced and knowledgeable techie. Yes, some people can disagree about my level of knowledge/experience, but I think we can all agree I know enough to be able to dodge some of the crapware that come with software, like third party toolbars.

Recently, FormatFactory – a name that is often appreciated on dotTech – started coming bundled with two third party toolbars, Ask.com and QuickScore toolbars. I know about these toolbars (many FormatFactory fans were quick to inform me about it) so one would think that I would easily dodge their install (i.e. Tell FormatFactory not to install them by unchecking their respective checkboxes). Well ladies and gents, the nature of how these third party software are bundled into installers make it very easy for people to be duped into installing the third party software – I am a perfect example. Yesterday I was (re)installing FormatFactory; I quickly clicked “Next” on all the installer screens totally forgetting the fact that FormatFactory will install Ask.com and QuickScore toolbars unless I tell it not to. Next thing I know, I have two new toolbars sitting in my browsers.

Of course as soon as I realized what I had done, I quickly uninstalled both toolbars (using RevoUninstaller to force uninstall Ask.com toolbar and using QuickScore’s built-in uninstaller to uninstall that one) and even restored my computer to a recent restore point to ensure the toolbars were totally gone. However, my point of this post is not to tell you about my recent experience so you can pity (or praise, depending on what you prefer) me. Rather, it is it highlight the fact that regardless of a person’s level of computer knowledge, these third party software are bundled into installers in a very clever manner; one has to be extremely careful and mindful of installers in order to avoid installing undesired third party software/allowing undesired changes to one’s computer. Of course there is a level of computer knowledge necessary to recognize a third party offer in an installer when they show up, but attentiveness is the key method to protection when it comes to crapware, not technical knowledge.

So, then, what are the takeaways from this (short) case study?

  1. Be sure to always carefully read all the options presented to you while installing a program. Unfortunately third-party-software-bundles are becoming more and more common (they are a way to generate revenue for developers, hence many freeware developers use them) and even your most trusted program may decide to introduce a third party toolbar/software in its installer. Be careful. Read everything, even if you think it is a legitimate option. The payoffs for the sacrifice of a few minutes of your time spent to carefully monitor an installation are instant… in the form of a crapware-free computer.
  2. When possible, always download software from Softpedia.com as opposed to other sources. While many other file hosting websites may check for malware in a software, Softpedia (usually) makes sure that software do not come with third party crapware also. That is not to say you shouldn’t be attentive while installing software you downloaded from Softpedia; you should always be very attentive. Rather, that means typically a download from Softpedia won’t include anything like third party toolbars. Take note that a software maybe hosted on Softpedia, the developer’s website, and Download.com, for example; the software that is hosted on Softpedia may be clean of third party bundles, but that does not necessarily mean the download from the developer’s website or Download.com are. Softpedia (usually) specifically makes developer remove third party bundles, so often other sources of download for the same software may include third party bundles while the download from Softpedia does not.
    1. Update: If a software is listed as “Ad-supported” on Softpedia (under “License”) then it will most likely include third-party software with it. If not, then it is probably clean.
  3. Download and install some sort of system monitor security software. WinPatrol is one such a system monitor (probably one of the best system monitors). In fact it was WinPatrol that alerted me to the new toolbars being installed on my computer; and I used WinPatrol to block them before I even took any of the removal steps I mentioned earlier in this post. (Note: WinPatrol only blocks/monitors Internet Explorer addons – not the addons for other browsers like Firefox. However, if a new toolbar is installed in Internet Explorer, for example, you can rest assured it will probably have tried to install itself in other browsers, such as Firefox.) To top it off, WinPatrol has a freeware version if you can’t afford the Pro version.

Good luck to everyone and hopefully we can all be vigilant and avoid such problems in the future.

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

29 comments

  1. Mike

    How humorously timed this article is:

    Just yesterday, I noticed, for the first time, the Ask toolbar on my IE browser. I had no idea how it got there. My homepage also was switched to the ask.com homepage. Again, no idea how. I uninstalled and set back to my original homepage, only slightly perturbed. Still didn’t know how it had happened.

    Reading today’s article, I recalled: I, too, had just installed Format Factory on that particular computer this week. Although I am fairly careful with the default check-boxes during the installation process, I assume that I had missed something and that Format Factory had “gifted me” with ask.com (and that Format Factory was fairly tricky about this; or, that it simply installed the Ask gifts without regard to user preference).

    Luckily, easily repaired. But, as always with things computer, a bit scary as to what might have been.

  2. Bob Mason

    I also use Startup Monitor. Between that and AnVir, I’ve been able to make progress with controlling my system. It requires constant attention! When a MBR virus managed a successful attack, I was almost relieved to have been forced to reinstall Windows. I learned some new techniques to ease the pain, but knew I’d get a nice new, clean install at the end of it. I now not only created a system image of the new install, but put the new Windows on a small hard drive, then cloned it to another identical small drive. No data on that drive; just system. So if I get something weird happening again, all I have to do is swap out the drives and I’m back in business. It’s a crime that we have to be so defense oriented. You’d think Microsoft would be more attentive to helping it’s more ambitious users protect themselves, but that is wishful thinking!

  3. TechLogon

    Nice article, Avira antivirus has gone down this route with the Ask toolbar (you are given the option to postpone the toolbar installation but can’t choose to permanently avoid it). They lost my recommendation because of this (swapped to Avast).

  4. Godel

    Yes, Foxit Reader is another culprit. What’s more it did it (I think) from within a “check for updates” in an existing Foxit install, not a new installation.

    If there was any warning, I didn’t see it.

  5. FreebieHound

    @captcha: Why does anyone need a TOOLBAR?
    A toolbar is a toolbar, and there is NO SUCH THING AS A  CLEAN  TOOLBAR.

     At best, they all collect data on your surfing habits, and route your activity through their chosen path.

  6. FreebieHound

    Today I downloaded the free Nero light or whatever it’s called, directly from their website.
    Allergic as I am to these “world class search assist” Toolbars, I proceeded with the usual caution.

    The only option was to uncheck making  Ask.com my default search toolbar. However, HOWEVER, I could not continue with the installation of the free Nero light unless I agreed to install Ask.com
    and other 3 extra programs.
    … and now  FormatFactory????
    Donations are not good enough anymore. Who can you trust?

  7. RobCr

    I was recently checking out (Installing), some alternate PDF viewers, as many do not protect against a new hidden exploit. (YELL OUT if anyone is not aware of this. I have sent Ashraf a link)
    Luckily I had a tiny program running that detects new start up programs, and asks my permission. Thus I prevented quite a few start ups.
    That program also detected some other stuff, recently.

    The program is called  StartupMonitor
    http://www.mlin.net/StartupMonitor.shtml

    PS He (Mike Lin), has other goodies on his site.
    His clipboard Clipomatic is a bit flaky(not dangerous), so skip that one.
    (I may build some clip capability into CapslockWarning, one day)

  8. Josh

    I can understand companies trying to make money by including add-ons in their freeware packages, but it’s definitely unethical when they do so without your knowledge/consent or when they offer it in a way that creates the impression that it is essential, or when they “hide” it in long,  confusing and cleverly worded EULAs. It’s very worrying that so many software distributors are starting to follow this practice. I think it ruins their brand image and make people distrust them when they resort to these underhand tactics. Whenever I run into something like this, I immediately uninstall the whole application and I never download any of their “free” offers again.

  9. Ashraf
    Author/Mr. Boss

    @karen: Yeah =(. I blame DivX and Yahoo. I believe DivX set the standard by making millions by including Yahoo toolbar in their download. Hence everyone started doing it.

    (I think, I may be wrong.)

  10. Ashraf
    Author/Mr. Boss

    @Everyone: I don’t know – I made that Softpedia statement based on experience. Maybe Softpedia is changing their ways? It could be that too many companies are suing them and hence they can’t enforce any such action anymore.

  11. mukhi

    really hate to have a toolbar, they are good for nothing. i have liked site security features of LinkExtend and this is the only reason why i had to have this toolbar. winpatrol does nice job in identifying a toolbar installation w/o your knowledge, however, as Ashraf said, watch it out while installing any software!

  12. redmaledeer

    Interesting comment about Softpedia.   I always used to download from the developer’s website,  figuring that would surely be accurate and current.   I went to the Softpedia website to see what they said about their filtering and vetting policies.   I couldn’t find anything.   It would be interesting to get this straight from the source.

  13. AlanR

    Thanks #9 Thomas for link to EULA analyser – could save a lot of reading time and help stay secure. Will check it out.
    ASHRAF – Your advice about Softpedia was news to me – the only routine I did not already follow, but will from henceforth. Thanks BOSS. :)

  14. o(o.o)o

    I usually try softwares first by installing it first using Sandboxie or while under Returnil’s protection. If I see upon installation that it prompts for toolbars or other extra stuff, I opt out of those then check the reg hive later for references to such toolbars.
     
    Only when I’m assured that I’m only getting what I opted for will I reboot and install the software on my system. I understand the developers’ need to bundle toolbars etc for their product but I really hope that they would also include an option to get a non-bundled installer much like what Piriform did with their softwares, offering slim versions with no toolbars included.

  15. Mags

    @alan: “Installation appeared very simple.  I did not skip anything.  There were no “extras” to uncheck – but immediately after doing the DIVX etc. thing the installer continued, without any hesitation or permission,  to download and install Chrome.  I uninstalled Chrome and also evil Google Map.”
     
    No wonder I missed the Chrome installation.  I thought it was my fault that I’d missed it, even though I’d paid attention to the installation.
     

  16. Joji

    I was once doing my weekly/monthly system clean up, and I found an odd looking application on my list of programs. It was called “dealio”. So I’m like ohh a toolbar, what ever, but I googled it anyways. Then I figured “dealio”  toolbar was a rogue, virus, err… everyone said different things about it. Finally, I deleted since I want to conserve space on my laptop. :)
     
    ~Joji~

  17. Sujay

    Sometimes there is no way to deny installation of crapware. For example, while trying installting free Nero. It forced me to install nero askbar and otherwise installation was terminating. It was about 5/6 months ago. I don’t know whether latest version does that or not. But I no longer use Nero. I switched to Ashampoo Office 2010.

  18. alan

    I have not used Google Earth map for 2 years.
    2 months ago I tried to do the revisit the same area,  and it insisted it needed a DIVX upgrade.  I assented.
    Installation appeared very simple.  I did not skip anything.  There were no “extras” to uncheck – but immediately after doing the DIVX etc. thing the installer continued, without any hesitation or permission,  to download and install Chrome.  I uninstalled Chrome and also evil Google Map.
    I think perhaps I need to get a solicitor to examine every EULA that I agree to in case it gives them and their partners both now and in the future to install future software and also the rights to trawl through my computer and share any information with one another.
    If  you do not know what I am talking about you have not seen the EULA that comes with Silverlight.
    Actually, they claim that right by planting that EULA as part of a Patch Tuesday SECURITY Update when Silverlight is one of the pre-ticked option.  Even though I UN-ticked at the notification stage and the Silverlight privacy violator was not downloaded, I still got the EULA.  This actually happened on two separate security update days.
    For all I know, every web-site that has content accessible  by Silverlight is another “partner” that is pre-authorised to install additional malware.
    Good hint about Softpedia – I did not know their supremacy.
    When searching for software I am always wary of clicking on any result pointing to a site I am not aware of in case I am being lured into something deliberately destructive,  if I could get what I wanted from Download.com or Softpedia I was happy to accept that it came with good intentions.  I did not realise that Softpedia goes that little bit further to sanitise what it offers.
     

  19. Ron

    It’s amazing how more and more familiar, trusted software comes bundled with these “additional” features. It makes me look for portable versions that can’t do this, or find the “slim” builds that don’t install extras. I haven’t been caught yet, but it might be due to the fact I install slowly; I even read the EULAs. I won’t even download something if I don’t like their Privacy Policy!
    Still, it’s a good thing to remind your readers about; thanks as always.

  20. Mark

    After twenty something years in this business it time to change the acronym RTFM to RTFI  or RTFPDF as most software today don’t come with manuals anymore. Rather they come with instructions in the form of  a PDF.

  21. Bruce

    Thanks for the reminder.  If I accepted every toolbar I’ve been offered, I’d have no room left for the browser window itself!

    I got nailed by Software Reporter that came along with a GOTD installation on Tuesday.  And I thought I had unchecked it.  I had to go to SysInternals / Autoruns to find the registry item that started it up.

  22. Mags

    Woot I’m first for a change.
     
    Anyway, yes, even us knowledgeable one still get caught off guard.  Just the other day I was updating Divx on my pc.   I wasn’t paying close attention and ended up with Chrome on my pc.   So I uninstalled it!
     
    Generally I pay attention when installing due to the scumware/crapware installations, but this time I missed it completely.
     
    Guess it happens to most of us at one time or another.