Wednesday, January 28, 2015

AhelioTech VoIP Services Overview



AhelioTech VoIP Services Overview

Lizard Squad strikes again!

lizardsquad


According to this recent twitter post, Lizard Squad (Hacker group) have launched yet another attack. This time the victims were popular social networking sites including Facebook, Instagram, Tinder, AIM and Hipchat. Lizard Squad have made the headlines several times in the past and they seem to be in the limelight again, for the wrong reasons of course.






 


Previous Attacks:


Lizard Squad have been responsible for a series of hacks involving the Xbox and PlayStation networks last December. The internet outage in North Korea was caused by the same group. They were also behind the apparent hack of the Malaysia Airlines website. In that incident users were redirected to a page carrying the headline “Error 404 Plane not found” which was pretty appropriate given the circumstances.


So far the preferred weapon of Lizard Squad has been Distributed-Denial-of-Service or DDoS.


What is really going on?


A Facebook spokesperson recently reported:.


icon32_facebook“the problems occurred after we introduced a change that affected our configuration systems.”

“We moved quickly to fix the problem, and both services are back to 100% for everyone.”



The statement from Facebook seems to suggest that the problem was not caused by a third party. The simultaneous and global nature of the outage also reduces the possibility of it being another DDoS attack. As of now we can get back to our fully functional social networking websites. However, it is always a good idea to watch your back before another Lizard Squad attack!


Have a great (malware-free) day!



Related Posts:


  • PlayStation Network Back Online After “Lizard…

  • Playstation Network nach „Lizard Squad“-DDoS-Angriff…

  • e PlayStation Network de retour en ligne après…

  • Sony got hacked (again!) – no Playstation this…

  • China capable of massive DDoS attacks




Lizard Squad strikes again!

Monday, January 26, 2015

China capable of massive DDoS attacks

China, being the world’s most populous country has a lot of potential when it comes to DDoS attacks. Craig Hockenberry, author of furbo.org was a recent victim of such an onslaught. When he found out that both of their mail servers were down, he naturally looked at the server traffic. This was his reaction:


There was only one thing I could say: “Holy shit.”



This was his network graph. Usually the megabits/sec for requests is really low compared to the responses, but in this case, the peak of the request graph hit 52 Mbps which is insanely high and definitely not normal network activity.


Let’s put that number in perspective: Daring Fireball is notorious for taking down sites by sending them about 500 Kbps of traffic. What we had just experienced was roughly the equivalent of 100 fireballs.



What is a DDoS attack?


Distributed Denial-of-Service or DDoS is a term which refers to an attack which generally consists of efforts to temporarily or indefinitely interrupt or suspend the services provided by a host over the internet.


The most common type of Denial-of-Service attack involves flooding the target resource with external communication requests. This overload prevents the resource/server from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.


China and DDoS


On closer inspection it appeared that most of the traffic was coming from China, more specifically from Chinese BitTorrent clients who apparently thought that this particular server was a tracker. In this case, the only solution was blocking out ip addresses from china using a firewall.


China has been a major source of DDoS attacks in the past, one of the notable ones being the massive attack on Blizzard servers in North America.


More details on this incident can be found here.


Have a nice (DDoS free) day!


 



Related Posts:


  • DDoS Attacks Affect Cloudflare and Bitcoin Exchange

  • WordPress Sites Used for DDOS Attacks

  • Mysterious DDOS Attack Against Top 50 Website

  • Hacker group LizardSquad used home routers to attack Xbox…

  • Global Security Alert: China Bans Windows 8 on Government…




China capable of massive DDoS attacks

Thursday, January 22, 2015

iPhones having spyware built-in?

iphone-410324_640Most people seem to think that iPhones are immune to malware, which is partially true but the same cannot be said for security issues. The immensely popular iPhone may be having hidden spyware which could be used to secretly collect information about its users, without them having a clue of what’s going on. This adds to the several controversies that the iPhone has been subject to recently.









 


Another whistle from the deep?


The following words were spoken by Snowden’s lawyer Anatoly Kucherena during his interview with Russian news agency RIA Novosti:


“Edward never uses an iPhone; he’s got a simple phone, the iPhone has special software that can activate itself without the owner having to press a button and gather information about him; that’s why on security grounds he refused to have this phone.”



NSA whistleblower Edward Snowden seems to believe that the iPhone has some kind of spyware which can be activated automatically, without the user’s permission to collect sensitive data, which is why he refrains from using Apple’s bestselling device. He also recently published files he stole from the NSA which revealed that British agency GCHQ was indeed using Apple’s iPhone UDID system to track users.

The fact that Snowden uses a “simple” phone suggests that the security concern he is having may be common to all modern smartphones. Android phones would probably not be an alternative since they are prone to infection by all kinds of malware. As handy and useful as they are, smartphones are also a potential tool and weapon. This is yet another reminder for all users to secure their favorite devices.


 


There are also deeper questions on this topic. Will privacy even exist in the future? Are we moving towards a world that is so connected that it is impossible to keep your data truly yours? We don’t know, but we are committed to protecting each of our user’s privacy.


Is my iPhone safe?


As of now Apple’s involvement in this is uncertain. It could simply be that several agencies are using tools built into most smartphone devices to spy on the intended victims. Since the reports are unclear on the specifics as to what data can be retrieved, we don’t think it would be wise to push the panic button yet. However, this is another reason why security has become a huge concern in this era of technology.


Have a nice (spyware-free) day!



Related Posts:


  • No more nude selfies! (at least not on the cloud)

  • Watch out for this new iPhone infrared pin number hack

  • Alert: eBay iPhone Listings Redirecting to Phishing Pages

  • Fake WhatsApp emails, texts and voicemails spread malware to

  • Apps like StealthGenie make mobile spyware accessible to…




iPhones having spyware built-in?

Monday, January 19, 2015

Has The Antivirus Industry Gone Mad?!

We have seen a concerning trend that is about to spiral out of control: Potentially Unwanted Programs (PUPs) are further on the rise. What’s even more concerning is how they are spreading. After big vendors as Oracle (Java) and Microsoft (Bing and Skype) started bundling, now antivirus vendors have joined the game. We did research on some of the most popular PUP practices among the freeware antivirus vendors, and the results are quite disturbing.


PUPs want to get on your computer to make money off of you


First, lets quickly recap what PUPs are and why they’re spreading like wildfire. PUPs are programs in the form of toolbars, adware, plugins or other downloads that sneak onto your computer. PUPs are not classified as malware (yet?), since they’re not always harmful but pretty much always annoying, hence the name “potentially” unwanted. But, PUPs are getting more and more unwanted than ever: just the fact that you don’t know what you’re installing is undesired. If you notice a sudden change in your computer’s speed, notice your search engine changed, experience annoying pop-up ads, notice new toolbars in your browser menu bar or any other sudden change in your computer’s behavior or layout, chances are high that your computer has one or more PUPs installed.


pup-toolbars


PUPs come in many shapes and forms, but they all have a few things in common:


  • PUPs want to make money off of you. PUPs want to be on your computer for a reason, to make money off of you. The most common form is by hijacking your browser: they can then show you ads, monetize or sell your search and/or browser behavior or redirect your homepage.

  • PUPs use aggressive distribution methods to get on your computer: we specifically used the word “sneak” onto your computer, because in the large majority of the cases, the user is not aware that he/she is installing a PUP.

  • Most PUPs don’t have any significant value or advantages, so PUP producers have to get around this by paying other software vendors or distributors such as download portals $$$ per new installation that they get them.

  • PUPs are often brought to you by freeware vendors: they frequently get on your computer bundled with a freeware program. While you’re installing program A, you also install one or more PUPs, often without knowing you did. The freeware vendor gets money from the PUP producer to do this, up to $2 per install.

Danger! Do not try this at home: download the top 10 apps on Download.com


11248853_sPUPs are not new. But its a very alarming trend that more and more large freeware vendors and distributors, such as download portals, are distributing PUPs in high volume – all in exchange for quick cash. Even Sourceforge, a hosting platform for open source projects, started to add PUPs to their downloads, without the consent of the developers who run their projects there. Tech website HowtoGeek recently showed what happens when you download the top 10 listed apps at Download.com ranked by download volume:


“We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. We’ve been railing against freeware download recommendations for years, so we thought, why not have some fun and see what really happens if you download software like a regular clueless user might?”


The result of this test: ALL the top 10 apps on Download.com come with bundles or PUPs, some loaded with them. HowtoGeek even recommends users to not do this at home on your primary PC, unless you want to make your computer a “smoking pile of useless.”


Antivirus programs have joined this nasty game too


Now, here is the top 10 Download.com list that HowtoGeek used for their test:


Capture

Download.com top 10 downloads January 2015



Does anything stand out to you on this list? There are two antivirus programs on there! Ethics in the software industry seem to be lost completely when even antivirus vendors bundle PUPs with their software. Now look at the download amounts in the above screenshot: up to one million downloads a week. Add to that downloads from other sources, and the fact that PUP producers are willing to pay anything from a few pennies to USD$2 per install, and it can give a rough idea how much money there is involved in this business: thousands if not millions of $$$. We learned that before as well when Emsisoft got approached for a similar PUP bundle deal.


Fact: 7 out of 8 tested free antivirus suites bundle with PUPs


We decided to further look into this and do the same test with other free, full antivirus suites, and the results are pretty shocking:


All tested free Antivirus programs come with toolbars or PUPs of some sort – except Bitdefender Free. A lot of them have a “rebranded” Ask toolbar that generates considerable pay per install (PPI) revenues while they’re labeled as part of the vendors own security solution. Some disclose they use Ask (for example Avira), others like AVG go as far as adding pops with coupon deals.



Antivirus programs are supposed to protect your computer from viruses, yet many of them give you a questionable program during installation, without clear disclosure. Below is the list of 8 free antivirus programs and the type of PUPs they give you during installation at the time of posting. Please note that we only included full antivirus suites, not scanner-only products.


pro-icon Bitdefender Free: as mentioned before, Bitdefender Free is one of the only clean antivirus vendors that does not come with any PUPs.


contra-icon Comodo AV Free: changes home page and search engine provider to Yahoo during the installation process, unless the user unchecks the box.


Comodo-yahoo[1]


 


contra-icon Avast Free: offers Dropbox during installation by default, unless you uncheck the box. No toolbars are installed.


avast-dropbox[1]


contra-icon Panda AV free: installs Panda Security toolbar, yahoo search takeover and MyStart (powered by Yahoo) home page takeover. No product rebrands, at least the installer is clear that both are Yahoo products.


panda-yahoomystart[1]


contra-icon AdAware free: installs WebCompanion by default unless user unchecks the box. Also installs Bing Homepage takeover and Bing search takeover by default, unless opted out. Discloses that AdAware offers these programs to keep the software free.


AdAware-wcomp-bing[1]


contra-icon Avira free: offers Dropbox after installation. Takes over search with Avira Safe Search, which is a a white-labeled version of the Ask toolbar. Avira does disclose that it partners with Ask, and states that it “chose Ask.com to be our partner in bringing you the SearchFree Toolbar because Ask.com is one of many vendors whose products offer functionality which we believe our users will value”.


Avira-safesearchext[1]Avira-safesearchhome[1]


contra-icon ZoneAlarm free AV + Firewall: with Custom Install: Zonealarm homepage and search takeover.This is a rebranded Ask toolbar, which is not mentioned on ZoneAlarm’s website.


ZoneAlarm-search[1]


contra-icon AVG free: installs Web Tuneup, including AVG SafeGuard. Sets AVG Secure Search as homepage, new tab page and defaults search engine. Toolbar is Ask powered, although this is not explicitly stated. Also offers AVG Rewards, which displays popup advertisements with coupons and deals.


AVG-safeguard[1]
AVG-safeguardChrome[1]


Popular ways for free Antivirus programs to make money with PUPs


Looking at the above screenshots, we can see that the antivirus vendors have a few popular methods to make money with PUPs:


  • Search Engine Takeover: you now set your default search engine to the software vendor’s choice, there’s big money to make there. Just look at this company called Google.

  • Ask Toolbar: do a quick search on Google for the Ask toolbar, and you’ll learn quickly why the first results page is full of “How to remove the Ask toolbar” and “How to get rid of the Ask toolbar”.Ask_toolbar

  • Rebranded Ask Toolbar: even worse than the Ask toolbar, the rebranded version is a white-labeled Ask toolbar where the software vendor gives it a different name and look, while it’s just the Ask toolbar in disguise.

  • Homepage take-over or new tab: “free” guaranteed traffic to a website anyone?

  • Your data, search and browser behavior: it is not known what antivirus vendors do with your data. It is known that they are watching you and track you. Do you trust whether they do anything with this data? Tracking and selling browser data and other personal information has been a big business for years in the internet industry, so who knows.

What’s disturbing about all the methods these antivirus vendors use is that in the majority of the cases, the PUPs are included in the default intallation, unless a user opts out or reads the small fine print. Sometimes the PUP install is not disclosed at all, or hidden. It’s rarely explained what the installed PUP actually does, if anything. Questionable tactics to get onto computers of unknowing users. 


When the product is free the real product is YOU


As HowtoGeek states as well, it doesn’t matter what download site you use. The people that make the freeware are the ones bundling. Some download sites bundle on top of that but it’s not the root of the issue. They’re a player in the game. As HowtoGeek states it in their article: 


“There are also no safe freeware download sites… because as you can clearly see in the screenshots in this article, it isn’t just CNET Downloads that is doing the bundling… it’s EVERYBODY. The freeware authors are bundling crapware, and then lousy download sources are bundling even more on top of it. It’s a cavalcade of crapware. Each time we ran through this experiment over the last few months, different software would end up being bundled in a rotation, but every single software that bundles itself ends up bundling the same culprits: browser hijackers that redirect your search engine, home page, and put extra ads everywhere. Because when the product is free the real product is YOU.”



Do freeware users “enable” the PUP business?


Let’s clearly point out that not all freeware is bad and relies on PUPs, but the good ones have unfortunately become an exception to the rule. The few examples of good freeware are:


  1. Trimmed down versions of full products. where the free version gives an idea of the product and provides basic functionality while the vendor tries to sell a higher edition of the same software.

  2. The open source community. where people create software for fun or to help make the world a better place. Although this is a tricky one: sometimes others use open source projects to add PUPs by fake imitations.

  3. Projects that live of donations, although these have become rare.

alert_pupThe rest of the freeware vendors need to resort to software bundles to make money. Are people enabling the growth and distribution of PUPs by continuing to download this freeware? In a way yes, but you can’t blame them really. Most of them just think a free piece of software sounds like a sweet deal, but have no clue what it may come with. At most you can blame them for the fact for not looking into why a piece of software is offered at no cost.


PUP producers know that what they do is misleading, freeware vendors know PUPs are highly questionable and antivirus vendors for sure know that it’s unethical. Therefore, all these players will go great lengths to hide the fact that they are bundling PUPs. They will make sure that they fulfill the legal requirements sharp, but use any possible way to increase the spread of those unwanted programs. The fact that vendors are willing to put their ethics aside and their reputation at risk for quick cash, says a lot. PUP distributors are taking advantage of the average “unknowing” computer user. 


Conclusion: be careful with freeware, paid software usually doesn’t come with PUPs or bundles


The amount of PUPs will spread further and they will become nastier and sneakier in form if people don’t take action. The only way to make a change is collectively. Even if you are a PUP-free antivirus user, you are affected by the rapid growth of PUPs. You will hear about them more, see them blocked more, see more and more signatures updated to your antivirus program to detect all the different types of them. For example, Emsisoft’s malware analysis team now spends half of their overall analysis time on PUPs, while we could spend this time towards other resources and other types of malware to protect you from other internet threats. At least, users need to demand full disclosure so that they are given a chance to make a conscious choice whether they want to download a piece of software or not, and so that they know what they are downloading. Bottom line is, be careful with freeware, paid software usually doesn’t come with any PUPs or software bundles.


Did you ever find PUPs on your computer? Are you surprised by these PUP practices and the fact that freeware and antivirus vendors participate? Share your opinion and leave a comment below.


Have a great (PUP-free) day!



Related Posts:


  • Browser toolbars – once a blessing, now a curse

  • A Typical Day at Emsisoft’s Headquarters

  • A Typical Day at Emsisoft’s Headquarters

  • Secure download resources or a malware cesspool – How

  • Emsisoft Internet Security Pack with best result in COMSS…




Has The Antivirus Industry Gone Mad?!

Has The Antivirus Industry Gone Mad?!

We have seen a concerning trend that is about to spiral out of control: Potentially Unwanted Programs (PUPs) are further on the rise. What’s even more concerning is how they are spreading. After big vendors as Oracle (Java) and Microsoft (Bing and Skype) started bundling, now antivirus vendors have joined the game. We did research on some of the most popular PUP practices among the freeware antivirus vendors, and the results are quite disturbing.


PUPs want to get on your computer to make money off of you


First, lets quickly recap what PUPs are and why they’re spreading like wildfire. PUPs are programs in the form of toolbars, adware, plugins or other downloads that sneak onto your computer. PUPs are not classified as malware (yet?), since they’re not always harmful but pretty much always annoying, hence the name “potentially” unwanted. But, PUPs are getting more and more unwanted than ever: just the fact that you don’t know what you’re installing is undesired. If you notice a sudden change in your computer’s speed, notice your search engine changed, experience annoying pop-up ads, notice new toolbars in your browser menu bar or any other sudden change in your computer’s behavior or layout, chances are high that your computer has one or more PUPs installed.


pup-toolbars


PUPs come in many shapes and forms, but they all have a few things in common:


  • PUPs want to make money off of you. PUPs want to be on your computer for a reason, to make money off of you. The most common form is by hijacking your browser: they can then show you ads, monetize or sell your search and/or browser behavior or redirect your homepage.

  • PUPs use aggressive distribution methods to get on your computer: we specifically used the word “sneak” onto your computer, because in the large majority of the cases, the user is not aware that he/she is installing a PUP.

  • Most PUPs don’t have any significant value or advantages, so PUP producers have to get around this by paying other software vendors or distributors such as download portals $$$ per new installation that they get them.

  • PUPs are often brought to you by freeware vendors: they frequently get on your computer bundled with a freeware program. While you’re installing program A, you also install one or more PUPs, often without knowing you did. The freeware vendor gets money from the PUP producer to do this, up to $2 per install.

Danger! Do not try this at home: download the top 10 apps on Download.com


11248853_sPUPs are not new. But its a very alarming trend that more and more large freeware vendors and distributors, such as download portals, are distributing PUPs in high volume – all in exchange for quick cash. Even Sourceforge, a hosting platform for open source projects, started to add PUPs to their downloads, without the consent of the developers who run their projects there. Tech website HowtoGeek recently showed what happens when you download the top 10 listed apps at Download.com ranked by download volume:


“We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. We’ve been railing against freeware download recommendations for years, so we thought, why not have some fun and see what really happens if you download software like a regular clueless user might?”


The result of this test: ALL the top 10 apps on Download.com come with bundles or PUPs, some loaded with them. HowtoGeek even recommends users to not do this at home on your primary PC, unless you want to make your computer a “smoking pile of useless.”


Antivirus programs have joined this nasty game too


Now, here is the top 10 Download.com list that HowtoGeek used for their test:


Capture

Download.com top 10 downloads January 2015



Does anything stand out to you on this list? There are two antivirus programs on there! Ethics in the software industry seem to be lost completely when even antivirus vendors bundle PUPs with their software. Now look at the download amounts in the above screenshot: up to one million downloads a week. Add to that downloads from other sources, and the fact that PUP producers are willing to pay anything from a few pennies to USD$2 per install, and it can give a rough idea how much money there is involved in this business: thousands if not millions of $$$. We learned that before as well when Emsisoft got approached for a similar PUP bundle deal.


Fact: 7 out of 8 tested free antivirus suites bundle with PUPs


We decided to further look into this and do the same test with other free, full antivirus suites, and the results are pretty shocking:


All tested free Antivirus programs come with toolbars or PUPs of some sort – except Bitdefender Free. A lot of them have a “rebranded” Ask toolbar that generates considerable pay per install (PPI) revenues while they’re labeled as part of the vendors own security solution. Some disclose they use Ask (for example Avira), others like AVG go as far as adding pops with coupon deals.



Antivirus programs are supposed to protect your computer from viruses, yet many of them give you a questionable program during installation, without clear disclosure. Below is the list of 8 free antivirus programs and the type of PUPs they give you during installation at the time of posting. Please note that we only included full antivirus suites, not scanner-only products.


pro-icon Bitdefender Free: as mentioned before, Bitdefender Free is one of the only clean antivirus vendors that does not come with any PUPs.


contra-icon Comodo AV Free: changes home page and search engine provider to Yahoo during the installation process, unless the user unchecks the box.


Comodo-yahoo[1]


 


contra-icon Avast Free: offers Dropbox during installation by default, unless you uncheck the box. No toolbars are installed.


avast-dropbox[1]


contra-icon Panda AV free: installs Panda Security toolbar, yahoo search takeover and MyStart (powered by Yahoo) home page takeover. No product rebrands, at least the installer is clear that both are Yahoo products.


panda-yahoomystart[1]


contra-icon AdAware free: installs WebCompanion by default unless user unchecks the box. Also installs Bing Homepage takeover and Bing search takeover by default, unless opted out. Discloses that AdAware offers these programs to keep the software free.


AdAware-wcomp-bing[1]


contra-icon Avira free: offers Dropbox after installation. Takes over search with Avira Safe Search, which is a a white-labeled version of the Ask toolbar. Avira does disclose that it partners with Ask, and states that it “chose Ask.com to be our partner in bringing you the SearchFree Toolbar because Ask.com is one of many vendors whose products offer functionality which we believe our users will value”.


Avira-safesearchext[1]Avira-safesearchhome[1]


contra-icon ZoneAlarm free AV + Firewall: with Custom Install: Zonealarm homepage and search takeover.This is a rebranded Ask toolbar, which is not mentioned on ZoneAlarm’s website.


ZoneAlarm-search[1]


contra-icon AVG free: installs Web Tuneup, including AVG SafeGuard. Sets AVG Secure Search as homepage, new tab page and defaults search engine. Toolbar is Ask powered, although this is not explicitly stated. Also offers AVG Rewards, which displays popup advertisements with coupons and deals.


AVG-safeguard[1]
AVG-safeguardChrome[1]


Popular ways for free Antivirus programs to make money with PUPs


Looking at the above screenshots, we can see that the antivirus vendors have a few popular methods to make money with PUPs:


  • Search Engine Takeover: you now set your default search engine to the software vendor’s choice, there’s big money to make there. Just look at this company called Google.

  • Ask Toolbar: do a quick search on Google for the Ask toolbar, and you’ll learn quickly why the first results page is full of “How to remove the Ask toolbar” and “How to get rid of the Ask toolbar”.Ask_toolbar

  • Rebranded Ask Toolbar: even worse than the Ask toolbar, the rebranded version is a white-labeled Ask toolbar where the software vendor gives it a different name and look, while it’s just the Ask toolbar in disguise.

  • Homepage take-over or new tab: “free” guaranteed traffic to a website anyone?

  • Your data, search and browser behavior: it is not known what antivirus vendors do with your data. It is known that they are watching you and track you. Do you trust whether they do anything with this data? Tracking and selling browser data and other personal information has been a big business for years in the internet industry, so who knows.

What’s disturbing about all the methods these antivirus vendors use is that in the majority of the cases, the PUPs are included in the default intallation, unless a user opts out or reads the small fine print. Sometimes the PUP install is not disclosed at all, or hidden. It’s rarely explained what the installed PUP actually does, if anything. Questionable tactics to get onto computers of unknowing users. 


When the product is free the real product is YOU


As HowtoGeek states as well, it doesn’t matter what download site you use. The people that make the freeware are the ones bundling. Some download sites bundle on top of that but it’s not the root of the issue. They’re a player in the game. As HowtoGeek states it in their article: 


“There are also no safe freeware download sites… because as you can clearly see in the screenshots in this article, it isn’t just CNET Downloads that is doing the bundling… it’s EVERYBODY. The freeware authors are bundling crapware, and then lousy download sources are bundling even more on top of it. It’s a cavalcade of crapware. Each time we ran through this experiment over the last few months, different software would end up being bundled in a rotation, but every single software that bundles itself ends up bundling the same culprits: browser hijackers that redirect your search engine, home page, and put extra ads everywhere. Because when the product is free the real product is YOU.”



Do freeware users “enable” the PUP business?


Let’s clearly point out that not all freeware is bad and relies on PUPs, but the good ones have unfortunately become an exception to the rule. The few examples of good freeware are:


  1. Trimmed down versions of full products. where the free version gives an idea of the product and provides basic functionality while the vendor tries to sell a higher edition of the same software.

  2. The open source community. where people create software for fun or to help make the world a better place. Although this is a tricky one: sometimes others use open source projects to add PUPs by fake imitations.

  3. Projects that live of donations, although these have become rare.

alert_pupThe rest of the freeware vendors need to resort to software bundles to make money. Are people enabling the growth and distribution of PUPs by continuing to download this freeware? In a way yes, but you can’t blame them really. Most of them just think a free piece of software sounds like a sweet deal, but have no clue what it may come with. At most you can blame them for the fact for not looking into why a piece of software is offered at no cost.


PUP producers know that what they do is misleading, freeware vendors know PUPs are highly questionable and antivirus vendors for sure know that it’s unethical. Therefore, all these players will go great lengths to hide the fact that they are bundling PUPs. They will make sure that they fulfill the legal requirements sharp, but use any possible way to increase the spread of those unwanted programs. The fact that vendors are willing to put their ethics aside and their reputation at risk for quick cash, says a lot. PUP distributors are taking advantage of the average “unknowing” computer user. 


Conclusion: be careful with freeware, paid software usually doesn’t come with PUPs or bundles


The amount of PUPs will spread further and they will become nastier and sneakier in form if people don’t take action. The only way to make a change is collectively. Even if you are a PUP-free antivirus user, you are affected by the rapid growth of PUPs. You will hear about them more, see them blocked more, see more and more signatures updated to your antivirus program to detect all the different types of them. For example, Emsisoft’s malware analysis team now spends half of their overall analysis time on PUPs, while we could spend this time towards other resources and other types of malware to protect you from other internet threats. At least, users need to demand full disclosure so that they are given a chance to make a conscious choice whether they want to download a piece of software or not, and so that they know what they are downloading. Bottom line is, be careful with freeware, paid software usually doesn’t come with any PUPs or software bundles.


Did you ever find PUPs on your computer? Are you surprised by these PUP practices and the fact that freeware and antivirus vendors participate? Share your opinion and leave a comment below.


Have a great (PUP-free) day!



Related Posts:


  • Browser toolbars – once a blessing, now a curse

  • A Typical Day at Emsisoft’s Headquarters

  • A Typical Day at Emsisoft’s Headquarters

  • Secure download resources or a malware cesspool – How

  • Emsisoft Internet Security Pack with best result in COMSS…




Has The Antivirus Industry Gone Mad?!

Sunday, January 18, 2015

Has the antivirus industry gone mad?!

We have seen a concerning trend that is about to spiral out of control: Potentially Unwanted Programs (PUPs) are further on the rise. What’s even more concerning is how they are spreading. After big vendors as Oracle (Java) and Microsoft (Bing and Skype) started bundling, now antivirus vendors have joined the game. We did research on some of the most popular PUP practices among the freeware antivirus vendors, and the results are quite disturbing.


PUPs want to get on your computer to make money off of you


First, lets quickly recap what PUPs are and why they’re spreading like wildfire. PUPs are programs in the form of toolbars, adware, plugins or other downloads that sneak onto your computer. PUPs are not classified as malware (yet?), since they’re not always harmful but pretty much always annoying, hence the name “potentially” unwanted. But, PUPs are getting more and more unwanted than ever: just the fact that you don’t know what you’re installing is undesired. If you notice a sudden change in your computer’s speed, notice your search engine changed, experience annoying pop-up ads, notice new toolbars in your browser menu bar or any other sudden change in your computer’s behavior or layout, chances are high that your computer has one or more PUPs installed.


pup-toolbars


PUPs come in many shapes and forms, but they all have a few things in common:


  • PUPs want to make money off of you. PUPs want to be on your computer for a reason, to make money off of you. The most common form is by hijacking your browser: they can then show you ads, monetize or sell your search and/or browser behavior or redirect your homepage.

  • PUPs use aggressive distribution methods to get on your computer: we specifically used the word “sneak” onto your computer, because in the large majority of the cases, the user is not aware that he/she is installing a PUP.

  • Most PUPs don’t have any significant value or advantages, so PUP producers have to get around this by paying other software vendors or distributors such as download portals $$$ per new installation that they get them.

  • PUPs are often brought to you by freeware vendors: they frequently get on your computer bundled with a freeware program. While you’re installing program A, you also install one or more PUPs, often without knowing you did. The freeware vendor gets money from the PUP producer to do this, up to $2 per install.

Danger! Do not try this at home: download the top 10 apps on Download.com


11248853_sPUPs are not new. But its a very alarming trend that more and more large freeware vendors and distributors, such as download portals, are distributing PUPs in high volume – all in exchange for quick cash. Even Sourceforge, a hosting platform for open source projects, started to add PUPs to their downloads, without the consent of the developers who run their projects there. Tech website HowtoGeek recently showed what happens when you download the top 10 listed apps at Download.com ranked by download volume:


“We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. We’ve been railing against freeware download recommendations for years, so we thought, why not have some fun and see what really happens if you download software like a regular clueless user might?”


The result of this test: ALL the top 10 apps on Download.com come with bundles or PUPs, some loaded with them. HowtoGeek even recommends users to not do this at home on your primary PC, unless you want to make your computer a “smoking pile of useless.”


Antivirus programs have joined this nasty game too


Now, here is the top 10 Download.com list that HowtoGeek used for their test:


Capture

Download.com top 10 downloads January 2015



Does anything stand out to you on this list? There are two antivirus programs on there! Ethics in the software industry seem to be lost completely when even antivirus vendors bundle PUPs with their software. Now look at the download amounts in the above screenshot: up to one million downloads a week. Add to that downloads from other sources, and the fact that PUP producers are willing to pay anything from a few pennies to USD$2 per install, and it can give a rough idea how much money there is involved in this business: thousands if not millions of $$$. We learned that before as well when Emsisoft got approached for a similar PUP bundle deal.


Fact: 7 out of 8 free antivirus suites bundle with PUPs


We decided to further look into this and do the same test with all other free, full antivirus suites, and the results are pretty shocking:


ALL free Antivirus programs come with toolbars or PUPs of some sort – except Bitdefender Free. A lot of them have a “rebranded” Ask toolbar that generates considerable pay per install (PPI) revenues while they’re labeled as part of the vendors own security solution. Some disclose they use Ask (for example Avira), others like AVG go as far as adding pops with coupon deals.



Antivirus programs are supposed to protect your computer from viruses, yet many of them give you a questionable program during installation, without clear disclosure. Below is the list of 8 free antivirus programs and the type of PUPs they give you during installation at the time of posting. Please note that we only included full antivirus suites, not scanner-only products.


pro-icon Bitdefender Free: as mentioned before, Bitdefender Free is one of the only clean antivirus vendors that does not come with any PUPs.


contra-icon Comodo AV Free: changes home page and search engine provider to Yahoo during the installation process, unless the user unchecks the box.


Comodo-yahoo[1]


 


contra-icon Avast Free: offers Dropbox during installation by default, unless you uncheck the box. No toolbars are installed. Offers Software Informer when downloading, which gets very mixed reviews in terms of how clean the software is.


avast-dropbox[1]


Avast-download[2]


 


contra-icon Panda AV free: installs Panda Security toolbar, yahoo search takeover and MyStart (powered by Yahoo) home page takeover. No product rebrands, at least the installer is clear that both are Yahoo products.


panda-yahoomystart[1]


contra-icon AdAware free: installs WebCompanion by default unless user unchecks the box. Also installs Bing Homepage takeover and Bing search takeover by default, unless opted out. Discloses that AdAware offers these programs to keep the software free.


AdAware-wcomp-bing[1]


contra-icon Avira free: offers Dropbox after installation. Takes over search with Avira Safe Search, which is a a white-labeled version of the Ask toolbar. Avira does disclose that it partners with Ask, and states that it “chose Ask.com to be our partner in bringing you the SearchFree Toolbar because Ask.com is one of many vendors whose products offer functionality which we believe our users will value”.


Avira-safesearchext[1]Avira-safesearchhome[1]


contra-icon ZoneAlarm free AV + Firewall: with Custom Install: Zonealarm homepage and search takeover.This is a rebranded Ask toolbar, which is not mentioned on ZoneAlarm’s website.


ZoneAlarm-search[1]


contra-icon AVG free: installs Web Tuneup, including AVG SafeGuard. Sets AVG Secure Search as homepage, new tab page and defaults search engine. Toolbar is Ask powered, although this is not explicitly stated. Also offers AVG Rewards, which displays popup advertisements with coupons and deals.


AVG-safeguard[1]
AVG-safeguardChrome[1]


Popular ways for free Antivirus programs to make money with PUPs


Looking at the above screenshots, we can see that the antivirus vendors have a few popular methods to make money with PUPs:


  • Search Engine Takeover: you now set your default search engine to the software vendor’s choice, there’s big money to make there. Just look at this company called Google.

  • Ask Toolbar: do a quick search on Google for the Ask toolbar, and you’ll learn quickly why the first results page is full of “How to remove the Ask toolbar” and “How to get rid of the Ask toolbar”.Ask_toolbar

  • Rebranded Ask Toolbar: even worse than the Ask toolbar, the rebranded version is a white-labeled Ask toolbar where the software vendor gives it a different name and look, while it’s just the Ask toolbar in disguise.

  • Homepage take-over or new tab: “free” guaranteed traffic to a website anyone?

  • Your data, search and browser behavior: it is not known what antivirus vendors do with your data. It is known that they are watching you and track you. Do you trust whether they do anything with this data? Tracking and selling browser data and other personal information has been a big business for years in the internet industry, so who knows.

What’s disturbing about all the methods these antivirus vendors use is that in the majority of the cases, the PUPs are included in the default intallation, unless a user opts out or reads the small fine print. Sometimes the PUP install is not disclosed at all, or hidden. It’s rarely explained what the installed PUP actually does, if anything. Questionable tactics to get onto computers of unknowing users. 


When the product is free the real product is YOU


As HowtoGeek states as well, it doesn’t matter what download site you use. The people that make the freeware are the ones bundling. Some download sites bundle on top of that but it’s not the root of the issue. They’re a player in the game. As HowtoGeek states it in their article: 


“There are also no safe freeware download sites… because as you can clearly see in the screenshots in this article, it isn’t just CNET Downloads that is doing the bundling… it’s EVERYBODY. The freeware authors are bundling crapware, and then lousy download sources are bundling even more on top of it. It’s a cavalcade of crapware. Each time we ran through this experiment over the last few months, different software would end up being bundled in a rotation, but every single software that bundles itself ends up bundling the same culprits: browser hijackers that redirect your search engine, home page, and put extra ads everywhere. Because when the product is free the real product is YOU.”



Do freeware users “enable” the PUP business?


Let’s clearly point out that not all freeware is bad and relies on PUPs, but the good ones have unfortunately become an exception to the rule. The few examples of good freeware are:


  1. Trimmed down versions of full products. where the free version gives an idea of the product and provides basic functionality while the vendor tries to sell a higher edition of the same software.

  2. The open source community. where people create software for fun or to help make the world a better place. Although this is a tricky one: sometimes others use open source projects to add PUPs by fake imitations.

  3. Projects that live of donations, although these have become rare.

alert_pupThe rest of the freeware vendors need to resort to software bundles to make money. Are people enabling the growth and distribution of PUPs by continuing to download this freeware? In a way yes, but you can’t blame them really. Most of them just think a free piece of software sounds like a sweet deal, but have no clue what it may come with. At most you can blame them for the fact for not looking into why a piece of software is offered at no cost.


PUP producers know that what they do is misleading, freeware vendors know PUPs are highly questionable and antivirus vendors for sure know that it’s unethical. Therefore, all these players will go great lengths to hide the fact that they are bundling PUPs. They will make sure that they fulfill the legal requirements sharp, but use any possible way to increase the spread of those unwanted programs. The fact that vendors are willing to put their ethics aside and their reputation at risk for quick cash, says a lot. PUP distributors are taking advantage of the average “unknowing” computer user. 


Conclusion: be careful with freeware, paid software usually doesn’t come with PUPs or bundles


The amount of PUPs will spread further and they will become nastier and sneakier in form if people don’t take action. The only way to make a change is collectively. Even if you are a PUP-free antivirus user, you are affected by the rapid growth of PUPs. You will hear about them more, see them blocked more, see more and more signatures updated to your antivirus program to detect all the different types of them. For example, Emsisoft’s malware analysis team now spends half of their overall analysis time on PUPs, while we could spend this time towards other resources and other types of malware to protect you from other internet threats. At least, users need to demand full disclosure so that they are given a chance to make a conscious choice whether they want to download a piece of software or not, and so that they know what they are downloading. Bottom line is, be careful with freeware, paid software usually doesn’t come with any PUPs or software bundles.


Did you ever find PUPs on your computer? Are you surprised by these PUP practices and the fact that freeware and antivirus vendors participate? Share your opinion and leave a comment below.


Have a great (PUP-free) day!



Related Posts:


  • Browser toolbars – once a blessing, now a curse

  • A Typical Day at Emsisoft’s Headquarters

  • A Typical Day at Emsisoft’s Headquarters

  • Secure download resources or a malware cesspool – How

  • Emsisoft Internet Security Pack with best result in COMSS…




Has the antivirus industry gone mad?!