Tuesday, March 10, 2015

Avoiding "Junkware"

"Third Party Software Offers", this is a never ending fight that most computer users aren't even aware of. They are not aware of it until they have problems with their computer and have to call their trusty computer geek to "fix" their PC. You might not be aware of it either, but in this blog entry, we are going to discuss Third Party Software Offers and how to avoid them.

What exactly are "Third Party Software Offers"? OK, follow me on this, it could get long.

Ask Toolbar installer
Java's "Ask Toolbar" Installer

Everyone uses free software of one type or another. Java, Adobe Reader, Adobe Flash Player, Skype plus a score of other packages. One way these software distributors generate income is to add, somewhere in the installation process, an option for you to install "other software" during the normal installation process. This software is usually something like the "Ask Toolbar", "McAfee Security Scan Plus" and many others. You probably have some of this junk on your computer right now. By default, this unwanted software is selected to install. So, if you do a standard install, without "deselecting" these options, this software WILL be installed on your computer. The image to the right shows how the Java Update Installer inserts the additional installation of the "Ask Toolbar" during the normal installation process. When updating Java, most people fly right by this screen leaving the "Ask Toolbar" installer option checked. If you simply click "Next" without first deselecting "Install the Ask Toolbar and make Ask my default search provider" then the installer will install the Ask toolbar AND make Ask.com your default search engine.

Another installer that comes to mind is the Adobe Flash installer:
Adobe Flash Installer with McAfee Security Scan Installed embedded
Most people will need the Adobe Flash Player installed on their computer. What you don't need is the "McAfee Security Scan Plus" installed. Not only is this a bad idea, it could actually interfere with your current antivirus software. Without user intervention, The McAfee Security Scan Plus will be installed with this version of Adobe Flash Player. You have to deselect the McAfee install option. 

The above are a couple of the many examples of installers that have optional "Third Party Software" installer built-in. The following examples are web sites that can cause the casual user to click where they shouldn't and get in trouble before you know it.

Many times when searching for web sites hosting free software, you will find yourself on a site that is very hard to navigate and doesn't have clear instructions on downloading the software you were intending to download. The following image shows just how confusing it can be:

I did a Google search for "Malwarebytes Anti-malware" a great program that does wonders on computers that have malware installed. They have a free version for personal use. The image above does have a download for Malwarebytes, however, look at the deception built into the site. You can clearly see three deceptive download prompts that are rather large and will certainly cause confusion. You see where I circled the actual download URL in blue. Even though this site contains a download for Malwarebytes, I would not download from this site. I want to be sure I have the safest version of software available. 
Now, look at the image below. I did a google search for "Malwarebytes Antimalware". As you can see, I get many hits, however the first two are from web sites that I personally wouldn't trust. Why would I when the third hit is the actual Malwarebytes website, https://www.malwarebytes.org. 


As you can see (if you take time to actually examine the search results) the third hit is the actual Malwarebytes site. This would be the proper site to visit and download the software. I'm not saying the first two hits are bad sites, however, why visit these sites when you can go straight to the source? 

In light of the above examples, what is a non-geek, casual computer user to do? 

  • If you think you need a certain software package or browser plugin, ask your tech specialist. They probably know just what you are looking for or they can do the research and find a safe alternative. 
  • Go to the source. When searching for software, do a little research and find out who distributes the software you are looking for. I did a google search for "malwarebytes anti-malware information" and found a wikipedia hit and several results from university tech sites. These sites had links to the original Malwarebytes download site.
  • When doing an installation, never do a default install. Use the custom install if available. That way, you can deselect and default third party software options.
  • Take your time and read each page of an installation. If unsure, cancel the installation. Be sure of what you are installing. 
So in review:
Beware of fake download buttons. Never click on a download link that you are not absolutely sure of. Go to the source for free software downloads. I'm not saying you can't download software from a site that has fake download buttons (since most sites have them) just be sure of what you are clicking. Be alert during the installation routine. Carefully read each page. Some of the installation instructions are very sneaky and worded to trick you. Any time you see an option for a "custom install" or "Advanced options" click on it and make sure additional installations aren't selected by default.

Last but not least, make sure you absolutely need the software BEFORE you install it. Many times people think they need a certain piece of software and, without giving it serious consideration, install it "just to try it out". Bad move! If you are that curious about software, maybe you need a test computer or a "virtual computer" with the express purpose of testing software on. 

If you think you have inadvertently installed junkware on your computer, put a plan together to get it uninstalled ASAP!