Adware that installs its own security certificate

[+Warwagon MVC]

While Superfish being bundled with Lenovo is troubling, what I find even more troubling is the fact that practically every computer I come across from the average user is filled with adware. So that made me wonder 3 things.

 

1) How many of you have seen Adware-packs (poo packs) that are bundling Superfish?

2) How many of these bundle packs are bundling adware which also install their own security certificate?

3) How many average users are currently running with severely compromised security because of adware?

 

I bet if you pick a random person on the street and check out their PC they more than likely have some bundle pack of adware installed.

 

So while the Lenovo thing is troubling, I wonder just how many people have this that don't own Lenovo laptops.

[Knife Party]

I think another question to ask is which other OEM's are doing this, because Lonovo definately can't be the 1st one to the party. Frankly, windows needs to shut down or cripple these adware/malware business models that OEM's think is ok; especially all these bundled free or 30 day AV's. Those are such culprits.

[+Warwagon MVC]

I think another question to ask is which other OEM's are doing this, because Lonovo definately can't be the 1st one to the party. Frankly, windows needs to shut down or cripple these adware/malware business models that OEM's think is ok; especially all these bundled free or 30 day AV's. Those are such culprits.

 

Except the profit margin is almost non existent on PC's and the average user wants cheap PC's

[Knife Party]

Except the profit margin is almost non existent on PC's and the average user wants cheap PC's

They've been installing toolbars, trialware, adware and malware for years, and I've wondered exactly the same thing. The ROI is abysmal, they ruin the consumer experience and at the same time they tarnish their brand like hell. I have no idea how their OEM exec's can make such stupid decisions, or how they thought all this will play out. This is simply the 1st step to uncovering more OEM shady practices.

[+BudMan MVC]

1) I wish you would use term a that people would be expected to understand poo packs is not a term anyone other than here on neowin reading your posts would understand what your talking about.

2) Maybe all of them?

3) Large %

 

First thing done to any box gotten from any OEM, wipe it and install clean..What I would like in perfect world is they sold the hardware clean without any OS at all.  I don't care what the OS is - I don't want the OEM installing it be it windows, linux, bsd, os x, whatever.

 

If you signed a deal to have windows on every machine - great give me the option to ship that on media with my hardware purchase.

Give me the option to have no bundled software - with pricing change if so needed. I am curious what the profit for installing such wares.. How much $ do they get per unit is my question.  I would gladly pay that to not have it install most likely

 

I don't want your dvd player software, I don't want your webcam software, I don't want your antivirus, I don't want your driver updater..  Just give me the hardware   And provide the drivers or links to the drivers for the hardware you used for windows, linux, bsd, etc.

 

We can dream I guess.

[+Warwagon MVC]

1) I wish you would use term a that people would be expected to understand poo packs is not a term anyone other than here on neowin reading your posts would understand what your talking about.

 

Alright it's been changed, although I doubt it would be very hard to grasp what a poo pack is. Poo is ######, and a ###### pack sounds like an adware pack

 

 

Maybe all of them?

 

I know, after thinking about the answer to my own questions, a bunch of that adware injects ads on websites, I guess I haven't been looking to see if they get injected on HTTPS connections, though I suspect they are.

[+BudMan MVC]

Dude the term will never ever catch on..

[+Warwagon MVC]

Dude the term will never ever catch on..

 

HA!

[DConnell Member]

HA!

 

I'm sure I can get my 4 year old godson to help spread the poopack gospel. Drop the word in his presence a few times and he'll be saying it constantly.

 

 

 

 

 

 

 

 

 

 

 

 

And I'll be running for my life from his mother.

[techbeck]

If I were to guess, I am betting most personal systems do have some kind of malware installed.  Especially when these "free" programs people use install some type of crap in to the system if you do not pay attention with what you select during the install.

[francescob]

PC manufacturers have bundled Java and other never-updated vulnerable browser addons (some of which made by them) for years and now that Lenovo bundled some invasive adware they're the "worstest" company ever? What the Dell?

 

Also for everybody complaining that the manufacturers shouldn't bundle crapware, it's actually the users asking for "le antiviruses", "le office suites", "le ACROBATS", "le photoshops!" that are actually incentivating the crapwarefest because some of them actually buy hardware based on the crapware that is included, you can't just expect the manufacturers to not include it since despite how unbelievable it may sound it's actually a selling point. And some of the drivers are also crapware, see all the advanced control panels for those IMMA-SPECIAL-SNOWFLAKE manufacturers who think their crappy wifi management or power management that loads hundred of megabytes of garbage at every boot is "better", I've even seen laptops coming with the Intel Raid management software loading at every boot despite having and allowing only a damn single disk.

 

Microsoft should have two tiers of drivers certifications one of which without any additional service or control panel, and manufacturers should allow optional clean installs with only that kind of drivers with extra software allowed just for the features windows doesn't manage.

[Obi-Wan Kenobi]

I decrapified my Lenovo out of the box, but I checked it anyway, and it is clean. I've checked it with hitman, and malwarebytes, I don't visit shady sites, and I run eset smart security. So if you came up to me in the street, I'd disappoint you. That is, after I probed a joke out of you, lol! You make the best forum threads, Mr. Wagon!

[francescob]

If I were to guess, I am betting most personal systems do have some kind of malware installed.  Especially when these "free" programs people use install some type of crap in to the system if you do not pay attention with what you select during the install.

 

If Antiviruses devs actually cared they should start flagging any "enhanced downloader" or "special-offers-enhanced setup" or any nicely-sounding-marketing-term-for-machine-infesting-software as unwanted software. I've seen popup-infesting adware disguising itself as "Windows update", "Update" or other sorts of system-component-like-name (adware that was also silently updating itself and silently downloading and installing other adware) and the antiviruses didn't care at all.

[goretsky Supervisor]

Hello,

 

Actually, determining the prevalency of this kind of program is something various anti-malware companies are in the process of determining right now.  There are a lot of other programs based on Komodia's SSL Interceptor (cached page, original seems to be offline right now for some reason) technology besides adware, including things like parental control software.  That means some caution needs to be taken--you don't want to immediately go and break any legitimate programs that are supposed to be protecting the user.

 

By "poo pack" and "bundle pack," are you referring to download wrappers?  That's the term we use at work to describe programs that offer/recommend potentially unwanted applications, adware, etc., before downloading the program you thought you were getting.

 

Regards,

 

Aryeh Goretsky

 

 

While Superfish being bundled with Lenovo is troubling, what I find even more troubling is the fact that practically every computer I come across from the average user is filled with adware. So that made me wonder 3 things.

 

1) How many of you have seen Adware-packs (poo packs) that are bundling Superfish?

2) How many of these bundle packs are bundling adware which also install their own security certificate?

3) How many average users are currently running with severely compromised security because of adware?

 

I bet if you pick a random person on the street and check out their PC they more than likely have some bundle pack of adware installed.

 

So while the Lenovo thing is troubling, I wonder just how many people have this that don't own Lenovo laptops.

[goretsky Supervisor]

Hello,

 

About fifteen years ago, Microsoft was the subject of an antitrust investigation by the United States Department of Justice.  Most people remember this being over the price computer manufacturers paid for copies of Windows, allowing third-party web browsers like Netscape Navigator and so forth, but the most important part of this, at least from the computer manufacturers' points of view, was the ability for those manufacturers to bundle third-party software onto their systems.

 

With Microsoft convicted of monopolist behavior, computer manufacturers were "free to innovate."  In this case, by converting those computers into essentially advertising platforms, selling space on the Desktop and Start Menu for icons, default home pages and search engines and bookmarks in the web browsers, and, yes, even installed software.  When that becomes so much of a problem it spawns a cottage industry of programs with names like "Dell Decrapifier" (now PC Decrapifier) and "Crap Cleaner" (now CCleaner) you know the problem's become quite entrenched in the industry.

So far, Microsoft's response has been somewhat tepid, it's Signature PC program, but given the lawsuits they went through with the US, EU and probably others, it is understandable why they may feel they are in a position to solve this problem.

 

Regards,

 

Aryeh Goretsky

 

 

I think another question to ask is which other OEM's are doing this, because Lonovo definately can't be the 1st one to the party. Frankly, windows needs to shut down or cripple these adware/malware business models that OEM's think is ok; especially all these bundled free or 30 day AV's. Those are such culprits.

[remixedcat]

Alright it's been changed, although I doubt it would be very hard to grasp what a poo pack is. Poo is ######, and a ###### pack sounds like an adware pack

 

 

I know, after thinking about the answer to my own questions, a bunch of that adware injects ads on websites, I guess I haven't been looking to see if they get injected on HTTPS connections, though I suspect they are.

You are correct.. PuP is a real term for Potentially Unwated Program... PuPack=PooPack

[+Warwagon MVC]

You are correct.. PuP is a real term for Potentially Unwated Program... PuPack=PooPack

 

Except most of the time they aren't even potentially wanted.

[+Frank B. Subscriber²]

Fix your thread title. It should say 'its', not 'it's'.

[sinetheo]

How about a tool designed to block ads and spying using MITM to spy and serve ads!

 

http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/

 

http://forums.theregister.co.uk/forum/1/2015/02/24/comodo_ssl_privdog/

 

... and to top it off they make a browser called Comodo Dragon which promises privacy and an ad free experience??! .... oh and AV software.

 

That is sick.

[#Michael]

While Superfish being bundled with Lenovo is troubling, what I find even more troubling is the fact that practically every computer I come across from the average user is filled with adware. So that made me wonder 3 things.

 

1) How many of you have seen Adware-packs (poo packs) that are bundling Superfish?

2) How many of these bundle packs are bundling adware which also install their own security certificate?

3) How many average users are currently running with severely compromised security because of adware?

 

I bet if you pick a random person on the street and check out their PC they more than likely have some bundle pack of adware installed.

 

So while the Lenovo thing is troubling, I wonder just how many people have this that don't own Lenovo laptops.

 

I am not entirely sure that my parent's HP laptop doesn't have a variant of superfish on it.  That laptop was bought about 4 years ago but it has some form of it installed on it at the moment.  I am going to spend some time during the day cleaning it up and I'll see if I am right.  I'll post some screenshots along the way.

[+Warwagon MVC]

They were talking on security now that 2 pieces of crap (that they know of)that gets installed via download.com downloader install the komodia certiciate

 

http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/

[Mr. Gibs]

While Superfish being bundled with Lenovo is troubling, what I find even more troubling is the fact that practically every computer I come across from the average user is filled with adware. So that made me wonder 3 things.

 

1) How many of you have seen Adware-packs (poo packs) that are bundling Superfish?

2) How many of these bundle packs are bundling adware which also install their own security certificate?

3) How many average users are currently running with severely compromised security because of adware?

 

I bet if you pick a random person on the street and check out their PC they more than likely have some bundle pack of adware installed.

 

So while the Lenovo thing is troubling, I wonder just how many people have this that don't own Lenovo laptops.

It's not just OEMs like Lenovo. There are a ton of free legitimate software that install various adware / toolbars / browsers etc.

Then you have legitimate download sites that trick people into clicking the fake download links (like CNET).

Then you have various sites (like ######ing HP) that ask people if they want to use their ad-filled download manager for "ease of downloading." Yeah because clicking save is so difficult...

Sure you can avoid installing it if you look carefully through the installer instead of clicking next as fast as possible, but still.