CNET’s Download.com is considered to be one of, if not, the most popular download portal(s) hosting a conglomerate of different software (free and paid). We recently discussed the top ten methods of how toolbars, adware, homepage hijackers and other potentially unwanted programs (PUPs) can sneak onto your computer. Potentially unwanted programs are becoming a new epidemic that users must learn face to overcome on a regular basis. In fact, a recent Panda Security study shows that potentially unwanted programs are on the rise resulting in PUPs now comprising 24.77% of total malware infections.
A lot of potentially unwanted programs are delivered by installers hosted on download portals such as Download.com. But what kind of programs are frequently bundled and should you look out for? And how many of Download.com’s apps actually contain PUPs?
We researched both. First, here is a list of the most commonly bundled PUPs we see through Download.com:
Example 1: MyPC Backup – free trial with pop-ups
MyPC Backup is a commonly distributed potentially unwanted program that can often be found bundled with a wide variety of freeware applications. Once installed, MyPC Backup will nag the user to try and coax them into signing up for a “free account”. Afterwards, it will urge the user to back up their files and folders.
The con then comes into play stating that you need to purchase the full version in order to perform the backup. Please, never let appearances fool you: if it seems too good to be true, it most likely is. Also, expect to be inundated with pop-ups during your free trial period.
Example 2: IObit Products – are IObit products “useful” or “useless”?
Most users have more than likely used one or more of IObit’s free software offerings. Some users may wonder how IObit products are considered to be possibly unwanted. Well, IObit’s clever tactics of bundling one or more of their free software offerings within other similar freeware products is considered to be potentially unwanted. An example of this is: Advanced System Care will install IObit Uninstaller, while IObit Driver Booster may offer to install IObit Malware Fighter.
Plus, do you know if IObit’s privacy policy is one that you want to comply with? IObit has been accused in the past of using shady software development methods. Please be cautious when installing related IObit applications. Consider this: if an application that you may never use is unknowingly installed along with another application, why do you need it on your PC? IObit is also notorious for pushing their paid products by using “in program ad’s” (Activate Now) and questionable promotional and marketing tactics.
Example 3: Pro PC Cleaner – finds fake issues that you need to pay for to fix
Pro PC Cleaner has made its presence known and tagging along with it are its fake results. Pro PC Cleaner uses cleverly deceitful tactics and a colorful user interface in order to give the user a false sense of confidence and security.
Once installed, this “professional” application will pester the user with a conglomerate of bogus errors and misleading display results. Afterwards, Pro PC Cleaner will “claim” that you need to pay money to register the application in order to repair the found “issues”. This software is a definitely unwanted program. If you find yourself facing this rogue like application, removal is highly recommended or you will continue to be plagued by its annoying presence.
Example 4: Skype – frequently bundled with freeware applications
Skype is a very popular application. One might ask: how can Skype be considered potentially unwanted? Skype as an independent application is not potentially unwanted at all. However, the situation with Skype is similar to that as mentioned above with IObit products.
Skype is bundled with a multitude of freeware installers. If a user happens to accidentally overlook the “I do not accept” or the check box to opt out of installing Skype: it can be considered just as unwanted as Pro PC Cleaner.
Example 5: YTD Video Downloader – more browser modifications than you’d want
Last, but not least, Spigot can be considered the most common potentially unwanted offer that is bundled with the vast majority of Download.com freeware. Spigot is rather nasty because it makes a plethora of browser modifications.
Spigot modifies a user’s browser homepage, startup page, search engine and tab settings. As shown in the image above, Spigot also installs various browser add ons. If a user is not installing cautiously, a massive amount of junkware and unwanted changes could befall their browser(s). An offering such as this is definitely unwanted; however, avoiding it is as easy as clicking to decline. Please use definite caution when facing an installer such as this.
Download.com’s Top 50 downloads: what comes with them?
We looked into the top 50 most downloaded applications on Download.com and the various potentially unwanted programs installed with each. Shown below is the list of 50 applications and the bundled PUPs listed next to them. As of February 2015, these programs contain PUPs:
1. Avast Free Antivirus - Dropbox
2. KMPlayer - Spigot browser extensions – shopping aid, newtab Aid, slick savings, Ebay shopping assistant, search protect, offers to change homepage and search engine to Yahoo during installation, Pro PC Cleaner, and Wajam
3. AVG Free Antivirus - AVG SafeGuard – changes homepage and search engine to AVG secure search, web tuneup
4. YAC (Yet Another Cleaner) - Considered to be a PUP itself
5. CCleaner - Chrome
6. Advanced System Care - Driver Booster, IObit Uninstaller
7. Free Youtube Download - Skype, PC Reviver
8. YTD Video Downloader - Spigot browser extensions – slick savings, browser Error assistant, Ebay shopping assistant, search protect, offers to change home and startup pages to Yahoo during installation, and GeniusBox
9. IObit Uninstaller - Advanced System Care
10. Download App - Spigot browser extensions – shopping new tab aid, slick savings, Ebay shopping assistant, search protect, offers to change homepage and search engine to Yahoo during installation, and Pro PC Cleaner
11. 3DP Chip - nProtect, SpeedUpMyPC 2015
12. GOM Media Player - Skype, Clean Water
13. Virtual DJ 8 - NO PUPs
14. Malwarebytes Anti-Malware - NO PUPs
15. PhotoScape - Google Drive, PC Mechanic
16. Start Menu 8 - NO PUPs
17. Driver Booster - IObit Malware Fighter
18. VLC Media Player - NO PUPs
19. Ad Aware Free Antivirus - Ad Aware Web Companion – changes home page and search engine to secure search
20. Minitool Partition Wizard - NO PUPs
21. Irfan View – NO PUPs
22. mHotspot - Tuneup Utilities, PC Mechanic, Safer Browser, Clean Water, Driver Max
23. Panda Free Antivirus - Panda Security Toolbar – changes default homepage and search engine to Yahoo
24. Hotspot Shield – changes default homepage and search engine to HotSpot web search, installs Hotspot shield toolbar during installation
25. Mozilla Firefox - NO PUPs
26. SlimDrivers – MyPC Backup
27. uTorrent - OWSLA Bundle , Skype
28. Virtual DJ 7 - NO PUPs
29. Any Video Converter - offers to change homepage and search engine to Yahoo during installation, Spigot browser extensions – shopping aid, new tab aid, slick savings, Ebay shopping assistant, search protect, and Pro PC Cleaner
30. AdwCleaner - NO PUPs
31. PrimoPDF - Open Candy
32. DriverMax - Open Candy, Safer Browser, Tuneup Utilities
33. Daemon Tools Lite - Spigot browser extensions – shopping aid, new tab aid, slick savings, Ebay shopping assistant, search protect, offers to change homepage and search engine to Yahoo during installation, Pro PC Cleaner, iCinema, and Bo Browser
34. UMPlayer - NO PUPs
35. Screencast – O – Matic - NO PUPs
36. IObit Malware Fighter - MyPC Backup, Advanced System Care Ultimate
37. Spybot Search and Destroy - NO PUPs
38. FastStone Imager Viewer – NO PUPs
39. Google Chrome - NO PUPs
40. VLC Media Player (64 Bit) - NO PUPs
41. 7Zip - NO PUPs
42. Kingo Android Root - Spigot browser extensions – shopping aid, new tab, slick savings, Ebay shopping assistant , search protect, offers to change homepage and search engine to Yahoo during installation, and Pro PC Cleaner
43. Format Factory - Spigot browser extensions – shopping aid, new tab, slick savings, Ebay shopping assistant, search protect, and Pro PC Cleaner
44. Media Player Codec Pack – NO PUPs
45. Macrium Reflect Free - NO PUPs
46. AOMEI Partition Assistant Standard Edition – NO PUPs
47. Youtube Music Downloader - Spigot browser extensions – shopping aid, new tab, slick savings, Ebay shopping assistant, search protect, offers to change homepage and search engine to Yahoo during installation, and Pro PC Cleaner
48. JetAudio Basic - offers to change homepage and search engine to Yahoo during installation, Spigot browser extensions – shopping aid, new tab, slick savings, Ebay shopping assistant, search protect, Pro PC Cleaner, and AVG Toolbar – offers to change homepage and tabs to AVG Secure Search
49. Pandora Recovery - offers to change homepage and search engine to Yahoo during installation, Spigot browser extensions – shopping aid, new tab, slick savings, Ebay shopping assistant, search protect, Pro PC Cleaner
50. Grand Theft Auto: Vice City Ultimate Vice City Mod - offers to change homepage and search engine to Yahoo, Spigot browser extensions – shopping aid, new tab, slick savings, Ebay shopping assistant, search protect, and Pro PC Cleaner
To share and download the above research easily, we created a PDF file with our findings. Get it here. Feel free to share!
Conclusion: 31 out of 50 tested Download.com applications bundle PUPs
In conclusion: out of the top 50 freeware applications on Download.com, 31 out of 50 are being bundled with potentially unwanted programs. This means that 62% of the freeware applications on Download.com contain potentially unwanted software. Be sure to use this download portal with extreme caution or else you may risk the possibility of facing a potentially unwanted outbreak.
Here are several reminders on how to stay PUP free:
- Instead of using download portals, go to the direct vendor website and download the desired software from there. Use caution here as well, because direct vendors can bundle PUPs themselves as well but at least it reduces the risk a little.
- Read over the terms of agreement carefully.
- Moreover, read the privacy policy of each bundled program carefully: what do they do with your data?
- Avoid seemingly suspicious software (free and paid).
- Uncheck boxes during installation since most PUPs use an opt-out approach.
- Use an antivirus program that comes with PUP detection, such as Emsisoft Anti-Malware.
- Do periodic scans for malware and PUPs with the free Emsisoft Emergency Kit, which scans and cleans your computer.
Download and share a summary of the findings here. Have a great (PUP-free) day!
Related Posts:
- Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid…
- Has The Antivirus Industry Gone Mad?!
- A Typical Day at Emsisoft’s Headquarters
- A Typical Day at Emsisoft’s Headquarters
- Stable Scan Engine Update Identifies Over 6000 New PUPs
62% of the Top 50 Download.com applications bundle toolbars and other PUPs
Superfish, the adware that was being distributed by Lenovo sounded bad enough, right? Well, here’s worse: PrivDog, a tool that tampers with SSL certificates is being promoted by Comodo, a security company. PrivDog has a massive vulnerability that basically allows the same man-in-the-middle attack as the adware, Superfish. However, it is important to note that the version of PrivDog with the problem was never directly distributed by Comodo. It seems the version with the vulnerability was avoided and the previous version of the software was bundled with Comodo Internet Security. In any case association with such an incident is bound to be questionable.
The NSA has made the news headlines a lot lately with frequent attempts to infringe on people’s privacy, but the US is not the only player in the game. French service DGSE is responsible for creating a spyware called Babar which was recently leaked by Edward Snowden. More details on the leak can be found here. This so called monitoring program was used against Iranian nuclear research institutes and universities, European financial institutions, former French colonies and a media organization in Canada.
It’s a known fact that most consumer desktop and laptop manufacturers like to add bloatware to their machines. Most new laptops come with plenty of unwanted software including lots of trials and add-ons. Computer manufacturer Lenovo seems to have taken it to a new level by pre-loading active adware on new consumer laptops. Adware is usually just advertising software but there is a thin line between being just opportunistic and actually shady and malicious. SuperFish, the adware pre-installed in this case comes dangerously close to that boundary and also has some major security holes.
Users report that the adware installs its own self-signed certificate authority which effectively allows it to spy on secure connections, like the ones used in banking websites. This malicious technique is known as man-in-the-middle attack, similar to those used in Heartbleed. Superfish bypasses SSL security, and it has been reported that users who have Superfish installed are now vulnerable to hacking and spying attacks due to it’s cracked certificate. It is surprising and disturbing that a major computer manufacturer like Lenovo is distributing such shady software.
Kaspersky Lab revealed on Saturday that a multinational gang of cyber criminals has stolen up to $1 billion from as many as 100 financial institutions around the world in a few years time. Attacks on ATM machines or individual bank accounts are quite common nowadays. This time the criminals took the unusual approach of stealing directly from banks by targeting bank employee’s computers. The hackers sent emails to hundreds of bank employees that included a malicious link. Once clicked on, a malware program called Carbanak would install which allowed the hackers to get onto the bank’s internal network and spy on the staff’s activities. The malware program recorded keystrokes and took screen shots of the bank’s computers, so that hackers could learn bank procedures and get access to the bank’s administrative system.
Facebook has recently launched a new, dedicated social platform called ThreatExchange. It aims to allow security experts to come together, collaborate and benefit from each other’s information. With cybercrime on the rise, this is a welcome step and could help prevent several large scale attacks in the future.
The latest/updated version of Internet Explorer seems to have a serious security glitch that makes it possible for hackers to inject malicious code into a user’s browsing session and steal their login credentials. The bug is present in IE 11 and affects users on both Windows 7 and Windows 8.1.