Considering some recent posts on PCSOFT regarding interference of unwanted software, acquired
by downloading and installing certain software, the following might be helpful to know what's going on.
The more advanced among you may well be aware of this, but for less "streetwise" users, it may give an insight.
There seems to be an ever increasing trend to bundle software with 3rd party add-on software.
Bundling is nothing new. It used to be (still is in most cases) that games and screensavers were bundled
with add-ons like toolbars etc. More malicious ones were/are bundled with worms, trojans and viruses.
However ,in the present economic environment, more prominent and reputable software sites
are bundling software with 3rd party software.
Examples of this are CNET ,ZD-NET ,Brothersoft and various others.
Even Adobe has started bundling their Flash Player downloads with things like Google Toolbar or even
McAfee Security Security Scan. (According to many reports ,it installed even if disallowed)
Many software authors are doing the same.
Let's not forget Microsoft either. While they may not bundle with 3rd party ,they will bundle with their own software.
Examples are Windows Essentials. If you just want eg just Windows Live Mail , you have to download the downloader
for SE and then make sure to only select WLM and un-tick the others ,but you still get some extras.
Another example is M$ Office Home and Student 2010. This came bundled with a trial version of Outlook.
This Office version does NOT come with Outlook -it was stripped out - so many users installed this suite thinking
it came with Outlook ,since Office always contains it.
Instead ,they find out it's only a trial version when the expiry notice pops up.
What to do or to watch out for:
1. Always try to get the software from the authors site if at all possible, even if you found the software
on another site. Trace it back to the author's website.
2. Before downloading take a note of the name and the file size.
3. Check the actual download URL - if there's mention of "secure download" or "downloader" ,
be aware of the fact that this may be a "web install" .
There is inherently nothing wrong with a web install. It's a downloader ,that when executed ,will download
the actual file from the server.
If properly coded, it will resume the download if interrupted for some reason and also check the integrity
of the downloaded file. IOW ,the file has a signature or "checksum" and this has to be the same
before- and after- the download.
Microsoft uses it for a lot of their files.
4. A web install will have a small file size, ( 200 -400 KB or so), much smaller than the actual software file.
If so ,be aware the subsequent download may be bundled with "extras".
5. If you still want the software ,check what is included and make sure you un-tick any of the add-ons.
Note: There is no guarantee that it won't be installed, but at least take a note of what is being offered
such as names or other identifiers. It may help to locate it if it's installed anyway, despite un-ticking it.
There is a whole range of these add-ons. Some don't install when un-ticked. Others will install regardless.
Some end up in Temp files. Of those , some are dormant and do no harm ,but should still be deleted.
However, some are not dormant ,but remain active and will try to install afterwards, very often silently.
Of course ,those are the malicious types and can be hard to get rid of.
Hopefully your AV or anti-malware programs will catch them.
6. If software is downloaded from an author's site ,but the download link redirects eg to CNET,
the file may well be ok ,but now you have to deal with CNET.
There will either be a clean link (no add-ons) or 2 download links.
One will be the big green download button (it will say secure download) ,
but that's the one that bundles the software with other extras.
It will also have a double .exe ending ,like ABC.exe.exe.
A lot of AV programs may reject it for this very reason.
The other is a link ( in small print) below the button and is the "unencumbered" one.
(BTW ,this 2nd link was only provided after numerous complaints about CNET practices about the bundling
and unauthorized bundling is removed if the software's author complained)
Always use discretion when downloading software.
If at all possible ,test it in a virtual environment.
Virtual PC, VM Ware or VirtualBox are examples for complete OS virtualization
Sandboxie or BufferZone , examples for browser and other programs virtualization.
Hopefully this gives a better idea about downloading and the pitfalls.
Peter E.
Do you want to signoff PCSOFT or just change to
Digest mode - visit our web site:
http://freepctech.com/pcbuild.shtml
|