Beware what you download

[Maik]

Here’s What Happens When You Install the Top 10 Download.com Apps

We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. Join us for the fun!


Our story ends here, but hopefully we’ve all learned some important lessons from this quick journey through the world of crapware. Freeware software vendors make almost all of their money by bundling complete nonsense and scareware that tricks users into paying to clean up their PC, despite the fact that you could prevent the need to clean up your PC by just not installing the crappy freeware to begin with.

There are also no safe freeware download sites… because as you can clearly see in the screenshots in this article, it isn’t just CNET Downloads that is doing the bundling… it’s EVERYBODY. The freeware authors are bundling crapware, and then lousy download sources are bundling even more on top of it. It’s a cavalcade of crapware.

Because when the product is free the real product is YOU.

http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps

Maybe JMO but there is genuine freeware, with no crap attached, out there - it just needs a bit of time and effort to find it, and to find where to safely download it.

[TonyKath]

Thanks Maik - an essential warning.  Howtogeek recommends www.ninite.com for downloading basic free Windows apps - even with its very scarey Get Installer button.  Presumably anything else is dodgy.

Tony

[Maik]

Here's what HTG say:

Ninite is a free tool that automatically downloads, installs, and updates various Windows programs for you, skipping past the evil toolbar offers. For Windows users, Ninite is arguably the only really safe place to get freeware.

Of course, safe freeware is available elsewhere online... Download sites are uniformly terrible these days — even good old SourceForge is now bundling junkware.

If you want a safe place to get freeware without worrying about toolbars and other junkware, Ninite is the program to use.

http://www.howtogeek.com/201354/ninite-is-the-only-safe-place-to-get-windows-freeware


Not something that's much use to me but might be worth Windows users checking out 

[Mary]

Article on ghacks.net about a new(?) feature in Google Chrome that warns about dodgy downloads, except it seems to warn that all downloads are potentially dodgy:

It appears that Chrome warns before downloading any executable file regardless of origin. It even displays a warning when you try to download Google Chrome from Google.

http://www.ghacks.net/2015/02/26/this-type-of-file-can-harm-your-computer-warning-in-chrome/


Further down there's this:

So which sites are affected by the message? Sites that are known to wrap downloads in advertisement packages such as Sourceforge, Download.com, Filehippo and Softonic are but it may come as a surprise that other download sites such as Softpedia which don't wrap downloads in adware installers are also affected by this.

http://www.ghacks.net/2015/02/26/this-type-of-file-can-harm-your-computer-warning-in-chrome/


Pity about sourceforge but *looks like* Softpedia is still a safe download site. Just check the licence type before downloading and installing, e.g.:



Worth clicking on the icon(s) to see what you're getting (or not), e.g.

Freeware & Donationware / Trial, Demo & Commercialware / Ad-supported

Ad-supported isn't necessarily 'bad', just need to be careful about the optional extras, e.g. I've used the free version of Avast without any problems.


MajorGeeks *may* also be OK, gets the green light from WOT but a warning from Google search that it may be hacked:



Looks OK at virustotal.com

[Maik]

Follow-up article on HTG: Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof)

Might be worth considering Ninite, looks a good option for Windows users but *somewhat* limited as, for example, Adobe won't let them offer a crap-free download of Flash Player as Adobe want to stick foistware on peoples' PCs.

Otherwise, Softpedia and MajorGeeks look OK provided you check for the type of licence.

[TonyD]

Often, choosing "Custom" install will present tick boxes to NOT load the unwanted bloatware, which would be installed if you just clicked on default Install.

[TonyKath]

Thanks again Maik.  Helpful but very scary.  I do notice that the HTG page has scare/crapware links!!!

I recently recommended a friend to IrvanView which I used a number of years ago but not now having PhotoShop.  The download link on the homepage was straight to CNET and the download page gave a number of links some to definitely dodgy sites and a few others which might have been OK - all of which constituted a bit of a headache as to what to do.  Why not charge a few quid and give clean downloads??!

Tony

[Maik]

Why not charge a few quid and give clean downloads??!

I think a lot of people have come to expect freebies on the 'net. I know people - definitely not communists! - who would never dream of housebreaking or shoplifting but who are quite happy to illegally download 'free' films / music / software. They don't (want to) understand that a lot of free stuff is contaminated, one way or another. Given the choice of paying a quid for a program or getting a free one, they'd choose the freebie. After all, it's pretty easy for them to blame all their computer problems on Microsoft.

Can't say I noticed any scareware or crapware links on HTG, could be that's due to the blockers I use in Firefox.

Which brings us to another problem: it's great to be able to surf the 'net for free but, of course, the content isn't free to provide. A lot of websites rely on advertising to cover costs / run at a profit. Some will accept intrusive ('in your face') ads, some accept ads for snake oil products and tracking of users by advertisers is the norm.

Ad-blockers are increasingly popular but they decrease site revenue and some sites, such as ghacks (a reputable and useful source of info), are experiencing financial problems. So *some* sites become less choosy about ads/downloads.

When it comes to software, well, even if the program is free it costs to distribute it. Either the developer has to pay to run his/her own website or let e.g. download.com distribute it. Either way, it costs someone money to provide the website and give away free software. The money's got to come from somewhere and that's either through advertising or bundling foistware/crapware with the freebie (or both).

With some programs, such as Adobe Flash, the foistware is optional, just that it's pre-ticked for download as most people just click away happily without knowing or caring. With other programs the crapware/malware is carefully hidden away.

Knowing what's safe to install isn't easy. You can pretty reliably check out websites via the URL tab at virustotal.com but even if the site itself is safe it could still be offering dodgy downloads. So, after downloading and before installing, it's not a bad idea to check the download via virustotal. Problem here is that even the better anti-virus and anti-malware programs don't always detect crapwear, especially if it's not actually malicious (e.g. it might be agravating and unwanted, but not dangerous). And they won't detect software that is safe but not necessary / wanted, e.g. the McAfee Virus Scan that comes as a pre-ticked 'optional extra' when you download Adobe Flash Player.

So, a bit of research before downloading an unknown program is worthwhile (even if all your best mates do reckon it's the best thing since McDonalds). Just bear in mind that e.g. Google searches can throw up dodgy reviews on dodgy websites.

Not really any wonder that many people get their Windows PCs bogged down by malware / foistware. Not that Mac OS X is immune.

But you can cure all your computer problems just by clicking this link to this really good little free program....... 

[TonyKath]

Thanks Maik.

Virustotal looks very useful.  It does give one apparently clean download site for irfanview at PC-Intern.com.  But no guarantees from me!  When Virustotal says"no detection" it means that the 51 odd source sites haven't detected it, not that they have neccessarily scanned it.  In this instgance you can download the .exe without an installer and scan the file in your antivirus.

I get an ad for a "PC Cleaner" on HTG - perhaps it's a large brush!

Tony

[Maik]

Not sure I follow you, Tony. If you mean virustotal gives pc-intern.com a clean bill of health then try download.cnet.com on virustotal - 61/62 results come up as clean, only Sucuri doesn't rate it clean. Interesting to see the Sucuri Site Check for download.cnet.com. Could be that Sucuri have got it right and the other 61 haven't, but...

As I said, even if download.com / pc-intern.com themselves are clean, they could still be offering dodgy downloads, so it's best to upload the downloaded .exe file to VT then hit the Scan it! button... best to have it scanned by the 50+ AV/anti-malware engines at VT than *just* whatever AV you have on your PC (as none detect 100% of malware... and Sucuri doesn't guarantee 100% accuracy).

I never got to grips with IrfanView but found Faststone Image Viewer a great little free tool for image editing on Windows. Not as feature-filled as Photoshop but far easier to use, did nearly everything I need to do with images.

By the way, it's not just .exe files you can scan on VT, you can scan image files, etc, e.g. here's the scan result for an .mp4 file.

[TonyKath]

On Virustotal I'd consider just one negative result as evidence to avoid. I think if you give the url of the .exe file it will scan direct without having to download it.

Faststone looks pretty useful.   Seems like it downloads clean from Softpedia, but I agree check everything in every legit tool you have.

Tony

[Maik]

On Virustotal I'd consider just one negative result as evidence to avoid.

Just as no AV will detect 100% of malware they can also mis-identify, so it could be a false-positive whereby the AV has mistakenly identified a 'good' file as malicious, e.g. very recently Panda antivirus software labels itself as malware 


On the other hand, when a new type of malware is released discovered it can take the AV companies a day/week or so to devise and release an update to protect you. So, yes, worthwhile paying attention to any negative results shown and checking out more thoroughly.

[Maik]

Mac OS X Isn’t Safe Anymore: The Crapware / Malware Epidemic Has Begun

OS X users like to make fun of Windows users as the only ones that have a malware problem. But that’s simply not true anymore, and the problem has increased dramatically in the last few months. Join us as we expose the truth about what’s really going on, and hopefully warn people about the impending doom.

Since it is actually Unix under the hood, OS X has some native protection against the worst types of viruses. But the problem these days isn’t viruses that completely break your computer, it’s spyware, crapware, and adware that sneaks onto your computer, hijacks your browser, inserts ads, and tracks what you are looking at. And much of it is legal, because you get tricked into clicking the wrong thing during an installer.

And now download sites, fake ads for software on search engines, and sketchy applications are bundling adware and crapware into installers for legitimate software. You can’t just assume you are safe anymore because you’re on OS X. You need to be careful what you download and what you click.


Even though we’ve shown that malware, adware, crapware, and spyware is getting increasingly worse on OS X, that doesn’t mean that you necessarily need to worry or go out and install Linux or do something drastic. OS X is still not being targeted as much as Windows is, and there are still some security measures in place that make it more difficult for malware to get through.

The safest thing that you can do is use the Mac App Store to install your applications whenever possible.


There’s no better time for Windows users to switch to Mac. With this much crapware and adware being developed, they’ll feel right at home! (We’re joking, of course.)

http://www.howtogeek.com/210589/mac-os-x-isn%E2%80%99t-safe-anymore-the-crapware-malware-epidemic-has-begun/


  Not sure about the 'impending doom' but Mac OS X isn't totally immune.

[Maik]

A few things I've come across via techsupportalert.com:

DDownloads: similar to ninite. Not sure it would be what I'd choose but might be of interest.

Chocolatey: sounds delicious but as clear as mud chocolate, here's How to use Chocolatey

Unchecky: now, this one sounds like it might be quite good. In fact, it's just been bought out by a bigger outfit. A short review.

[Aristarches]

What's an app?

[TonyD]

"program" iz a lng & dffclt wrd 2 spll - innit

[Maik]

What's an app?

Application software (an application) is a set of one or more programs designed to permit the user to perform a group of coordinated functions, tasks, or activities. Application software cannot run on itself but is dependent on system software to execute. Examples of an application include a word processor, a spreadsheet design and management system, an aeronautical flight simulator, a console game, a drawing, painting, and illustrating system, or a library management system.

The term is used to distinguish such software from another type of computer program referred to as system software, which manages and integrates a computer's capabilities but does not directly perform tasks that benefit the user. The system software serves the application, which in turn serves the user.

Examples of types of application software may include accounting software, media players, and office suites. Many application programs deal principally with documents. Applications may be bundled with the computer and its system software or published separately, and may be coded as e.g. proprietary, open-source or university projects.

http://en.wikipedia.org/wiki/Application_software

Put simply

It's the trendy name bright young things use for what we'd call a

"program"

[Aristarches]

You might call it a program but me, being English, would call it a programme.  The only programmes I know are on the telly.  If a "program" or an "app" is a yoof thing then its no wonder I have no idea what the words mean.