[Guide] Avoiding Adware in Installers


Recommended Posts

Avoiding Adware in Installers

About This Guide

This guide provides several real examples of installers which contain adware. The intent is to show you the tricks that they use to attempt to trick you into installing the adware in hopes that you can learn to avoid it.

Before you brush off this guide as common sense, it may be worth a look. The adware developers are getting very sneaky and I've almost been caught a few times myself. Recently, Foxit Reader modified their installer so that the adware was no longer optional but mandatory. This is a continuing trend and adware is only going to get worse, so it's important to learn how to avoid installing it... unless you like toolbars which track your browsing history.

Note: All of the installers have [#] in their titlebar because they were running in Sandboxie.

Accept or Decline? Agree or Disagree?

This is a common trick that they'll use. To avoid installing the adware, you must click Decline / Disagree rather than Accept / Agree.

post-57213-0-97313500-1307244464.png

This may catch some users because the text looks like the license agreement.

post-57213-0-75118600-1307244483.png


I agree to...

In these examples, you must uncheck the checkbox in order to avoid installing the adware.

I agree to the agreement :huh:

post-57213-0-54889700-1307244460.png

post-57213-0-30507300-1307244543.png


Custom Installation

For some installers, you must choose Custom installation if you want to opt out of the adware.

post-57213-0-01617000-1310709539.png


Post-Installation

This installer attempts to catch you after you've installed the program.

post-57213-0-76124000-1307244486.png


Distraction

Some installers may catch you by tricking you into clicking the wrong option. I'm not sure if these were designed to deceive, but I nearly clicked the wrong options for both installers, so I added them to the guide.

Here, my first reaction was to click Custom installation and uncheck the boxes below it.

It seems obvious, but the Custom installation is the first thing to grab your attention.

post-57213-0-63316500-1307244452.png

Once again, the Custom installation was the first thing to grab my attention.

post-57213-0-44441900-1310709537.png


Mandatory Installation

Recently, Foxit Reader didn't give you an option; You we're forced to install the adware if you wanted to install Foxit Reader. You may think that unchecking the two boxes was enough, but you have to read to understand there's no opting out.

Foxit Reader later updated their installer following several complaints, but this still stands as a solid example.

post-57213-0-38803100-1307244490.png


Websites Packaging Adware in Downloads

This is a new and worrying trend. Many websites, including the popular CNET, have started packaging several downloads in a custom web installer which includes adware, often without the permission of the original developers. The examples below are pretty obvious and easy to avoid, but it's a trend you should be aware of none the less.

CNET's download.com

post-57213-0-93104600-1323809688.png

Softonic.com

post-57213-0-45170600-1323809690.png

Tucows

post-57213-0-86509500-1328579848.png


Installers with Spyware

It was recently reported that DAEMON Tools, a popular CD-image mounting software, installed a spyware feature called MountSpace which reported every image you mounted to an online server. Even if you declined the feature, it was still active without your permission.

http://www.neowin.ne...ted-last-summer

Edited by Xinok
Link to comment
Share on other sites

Nice work Xinok, i recently installed Foxit 5 and like you mentioned unchecked the Ask toolbar boxes (as was the case in previous versions) then during install i was alerted to the AskToolbar checker making an outgoing connection. I knew something wasn`t right but carried on, i was like proper :angry: when the toolbar showed up in the browser.

Wasn`t a problem as i just re-imaged from a recent back up, but boy have i lost faith in Foxit. This is not something you should do to potential customers, fair enough if the option to not install is there (these companies pay big money to be included in installers, thus help with development hopefully!) but to downright trick people is out of order.

Needless to say i`m am trying out other pdf options...

Link to comment
Share on other sites

Thanks for this. I script a lot of my installers in my custom XP source and one test run wound up with "Dealio Toolbar" installed. I was seeing red, half at myself for not having caught it and half for the marketroid bottom-feeders who buried that installer in there to begin with. I think it installed alongside a disc-burning tool but I'm not sure yet.

What ****es me off is that unattended installs offer no way that I know of to cut the worthlessware (hear me advertisers? You and everything you do are all worthless. Yes, you. And yes, everything, really. Go die.) out and just leave the core program itself. Makes it a lot harder to do up some effortless automated installs.

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • 4 months later...

So I recently came across an installer that was so bad, I felt the need to post it. I was looking for a desktop application for Facebook chat, so I wouldn't have to keep my web browser open. What resulted is the horror you see below.

Immediately after launching the installer, I'm greeted with the first box I must uncheck. Not only that, but if you read the text, it installs a mandatory background process which calls home.

post-57213-0-66413000-1321136836.png

Next, I had to choose custom installation and uncheck three boxes.

post-57213-0-35765700-1321136839.png

That isn't all! Next, I'm presented with this screen in which you must check Decline, not accept.

post-57213-0-67158200-1321136843.png

Now that I've avoided all that, I continue to install and launch the program. As if all the crap in the installer wasn't enough, they also implement an ad into the interface.

post-57213-0-01380200-1321136838.png

Okay... so I'll just login and see if this program was worth the trouble...

post-57213-0-17528800-1321136835.png

At this point, I stop, clear the sandbox, and check Facebook to make sure it hadn't made any changes to my account.

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Good guide to put up for those who didn't know this. Figured this out a couple years ago but suprised that people didn't know about this still!

Link to comment
Share on other sites

  • 1 year later...

Also avoid downloading anything from cnet :p

Lately, yes I'd have to agree, I hate that installer thing you need to have just to download something.

I always choose advanced when installing, to see what I have control over (in case of something I don't want installed) but even then, like OP pointed out you don't have a choice with some software

(usually I'll go find a rival product)

Link to comment
Share on other sites

  • 10 months later...

Always click on the advanced button when installing stuff, the adware or toolbars hide in there as well.

Link to comment
Share on other sites

  • 2 years later...

What I cannot understand is why some software developer has never created an app to circumvent these dirtbags. How difficult could it be to create something that would download from CNET into a safe containment (Virtualbox? Sandboxie?), allow one to open the archive, save the target file, and delete the malware? They can create Fraudfox to help juvies steal your credit card info, but not this!

Link to comment
Share on other sites

16 minutes ago, Formido said:

What I cannot understand is why some software developer has never created an app to circumvent these dirtbags. How difficult could it be to create something that would download from CNET into a safe containment (Virtualbox? Sandboxie?), allow one to open the archive, save the target file, and delete the malware? They can create Fraudfox to help juvies steal your credit card info, but not this!

Dude this thread is so old, it is moldy. 

 

https://unchecky.com/

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.