62% of the Top 50 Download.com applications bundle toolbars and other PUPs

[MrXidus]

Content source

http://blog.emsisoft.com/2015/02/26/62-of-the-top-50-download-com-applications-bundle-toolbars-and-other-pups/

62% of the Top 50 Download.com applications bundle toolbars and other PUPs

CNET’s Download.com is considered to be one of, if not, the most popular download portal(s) hosting a conglomerate of different software (free and paid). We recently discussed the top ten methods of how toolbars, adware, homepage hijackers and other potentially unwanted programs (PUPs) can sneak onto your computer. Potentially unwanted programs are becoming a new epidemic that users must learn face to overcome on a regular basis. In fact, a recent Panda Security study shows that potentially unwanted programs are on the rise resulting in PUPs now comprising 24.77% of total malware infections.

A lot of potentially unwanted programs are delivered by installers hosted on download portals such as Download.com. But what kind of programs are frequently bundled and should you look out for? And how many of Download.com’s apps actually contain PUPs?

We researched both. First, here is a list of the most commonly bundled PUPs we see through Download.com:

Read more: http://blog.emsisoft.com/2015/02/26...-applications-bundle-toolbars-and-other-pups/

 

[frogboy]

That is why i only use MajorGeeks at least there is a big warning and sometimes Softpedia but not often.

 

[yigido]

Are you worry about PUPs?
Things you should do:
- Open your eyes widely while installing something
- Learn how to use "Portable Softwares"
- Use Unchecky
Enjoy

 

[Petrovic]

Things you should do:
- Use Unchecky

Things you should do:
Use brain

 

[Cain]

The instigator of this lucrative practice in its modern form is OpenCandy. It was first developed for DivX, which bundled the Yahoo Toolbar. DivX received nearly $16 Million in the first nine months of downloads!

On one hand, it's an understandable method that developers turn to, to generate income for their work and still be able to provide it to users for free... but on the other hand, when there is privacy concern or sneaky methods involved, the practice is arguably unacceptable.

Developers generating income in this way, have the choice of leaving the check-boxes 'Checked' or 'Unchecked' by default when bundling their software with the installers. They generally also have options of the type of advertising content that will be displayed to the user when installing. Obviously, they will receive higher commissions from the advertiser by selecting to have check-boxes 'Checked' by default. There are some more respectable developers who leave check-boxes 'Unchecked' by default, but it's rarely the case.

According to the OpenCandy website, it "does not permanently install anything on your computer, there is nothing to uninstall." It apparently only runs temporarily in the download. However, they do go on to state; "If you are concerned that something extraordinary resulted in any remnant traces being left on your computer, you may download and run our small clean-up utility to ensure all OpenCandy traces which are regularly self-deleted, are in fact gone."

The utility can be downloaded here: http://oclink.us/occleanup

 

[Chromatinfish 123]

Safe:

-Softpedia
-MajorGeeks
-SourceForge (Usually)

Unsafe:

-CNET Download.com
- Softonic
- Brothersoft

It's usually better just to download on the website of the product you want, instead of searching these sites. I usually turn to Softpedia or MajorGeeks to download if not available.

Update: CNET Downloads are not always bundled with PUP:

In this case, CNET "Secure Download" doesn't bundle with PUP, unless the item's installer has it (in this case, like Ashampoo, it asks for PUP installation inside the actual install file, not the CNET "Installer" file):

However, downloader beware, this is the warning sign for adware/PUP!:

Note the "Installer Enabled" symbol. That means that CNET wraps an installer package of its own around the base package. In other words:


Cnet Package{
Adware and stuff
Base Package{
The Program
}
Adware and Stuff
}
(anything inside {} are enclosed in the package name before it)

Hope this helps

 

[yigido]

It's usually better just to download on the website of the product you want, instead of searching these sites.

The weird thing is, the official sites direct to these unsafe sites

 

[Cain]

The weird thing is, the official sites direct to these unsafe sites

...keeps the commission dollars rolling in
I like when they at least give the option to download it from their own site.

 

[LabZero]

I accidentally installed delta search, and I used the MalwareTips Uninstall Guide (thanks!)

 

[yigido]

...keeps the commission dollars rolling in
I like when they at least give the option to download it from their own site.

Yes, I like it too. Even security company do this direction.. See :http://i.imgur.com/NWIljAa.png
Even search engines.. See :https://twitter.com/howtogeek/status/570994585238937600

Almost every piece of crapware in those Yahoo ads hijacks your browser to point to Yahoo. Suspicious? Unethical? Yes.

 

[Chromatinfish 123]

The weird thing is, the official sites direct to these unsafe sites

Ohhh... Yep. Just see this and learn (luckily the CNET Download link is "Secure Download", not the PUP overloaded "Installer Enabled"):

http://www.andyroid.net/

This is Andy, and android emulator I was testing this morning. When I downloaded it, it redirected to CNET download site.

Bluestacks is better than Andy anyways... plus you need to download from CNET Download.

 

[jamescv7]

Very easy, once you downloaded try to turn off the internet and install, suppose no any bundled notification to be appeared as most are came via internet connection to retrieve them.

 

[songoku316]

majorgeeks the best for me

 

[Piteko21]

Very easy, once you downloaded try to turn off the internet and install, suppose no any bundled notification to be appeared as most are came via internet connection to retrieve them.

yes, turn off the internet or ESET helps remove some garbage, happens when install ccleaner

advice: avoid downloading software on third party websites.

 

[Azure]

...keeps the commission dollars rolling in
I like when they at least give the option to download it from their own site.

That's nice. Perhaps it would be better if they don't put that link last.

For example when downloading ccleaner free they give you three options
1. Filehippo.con
2. Download.com
3. Piriform.com

Spywareblaster also puts their site last
1. Download.com
2. MajorGeeks
3. Brightfort.net

Even if the user goes to the official site, if there are multiple download links, they have to be careful picking what download to pick. Though the average would most likely pick the first one, thinking all of them are the same and it wouldn't matter which one you pick. The user wants to simply download a software, not enter into a russian roulette of which one is better or not.