How To Hijack Your Own Windows System With Bundled Downloads 324
How-To Geek has tested and described something that you probably shouldn't do on your own computer -- unless, as they did, you do it on a virtual machine just for this purpose. Namely, they downloaded 10 of the most popular software titles from download.com, clicking through as a naive user might, accepting the defaults or the most obvious Next buttons, as most users surely do. They note that download.com's stated policies certainly look good on-screen; it says that the site comprehensively screens for, and disallows, malware of all kinds. But malware of various kinds, even if much of it is in a grey zone rather than actually malicious, is a fair description of what the authors encountered as they clicked through. Bundled software, some pieces of it at odds with others, was attached to each of the downloads, and from download to installation the process by design foisted more and more junk on their system, even if some of the bundled junk could have been avoided by a user jaded by previous hijackings. The conclusion:
[N]o matter how technical you might be, most of the installers are so confusing that there's no way a non-geek could figure out how to avoid the awful. So if you recommend a piece of software to somebody, you are basically asking them to infect their computer. And it doesn’t matter which antivirus you have installed — we've actually done this experiment a number of times with different antivirus vendors, and most of them completely ignored all of the bundled crapware. Avast did a pretty good job this time compared to some of the other vendors, but it didn't block all of it for sure. There are also no safe freeware download sites because as you can clearly see in the screenshots in this article, it isn't just CNET Downloads that is doing the bundling it's EVERYBODY. The freeware authors are bundling crapware, and then lousy download sources are bundling even more on top of it. It's a cavalcade of crapware.
Application installers suck. (Score:5, Insightful)
If it's one thing I've learned after playing with OS X and Linux, it's that no matter what the OS is, an install script is an awful UX.
This isn't a problem in OS X because most software installs via app bundles. Yes, there are .pkg installers that could bundle god knows what, but they're not the norm for Mac software.
Also this isn't a problem in Linux because either you're usually installing from a repo or source, of which the requirement for any repo package or code base isn't going to be libtrackingmalwarelolpwn(64 bit; of course).
Why does Windows keep this antiquated process around?
Re:Application installers suck. (Score:5, Funny)
Why does Windows keep this antiquated process around?
That's a great question. The only thing I can think of is someone making money off of having the crapware bundled together to offset the cost of offering their product as a free download.
Re:Application installers suck. (Score:5, Interesting)
that's not what I meant.
Why is it that in 2015, to install software from the internet, I need to let someone run a privileged script that can and will write whatever it wants, where it wants? Why can't I just get some archive bundle that I can drop into a collection of other applications?
I think the OS X style application bundles are the right way to do things.
Re:Application installers suck. (Score:4, Insightful)
I don't think that's quite right. (Score:5, Informative)
I'm pretty sure you're mistaken there. I've done installers with both RPMs and MSIs. Not my specialty, but I have some experience.
In Windows, you don't need elevated privileges to install an application to a user-specific location. You only need it to install system-wide. The registry keys to track Windows Installer components can be referenced from either location in the registry (the administrative access part, or the user-only part).
It's not all that different from RPM, though really it's a little easier to do user-only installs with Windows Installer. You need administrative privileges to install system wide w/ RPM. You can also do a bunch of RPM hacking to install to a user-only RPM database and installation folder without root, so long as you specify that you're running RPM against a non-default RPM database location, and someone went to a lot of trouble to permit user only installs in your RPM spec file. There's a bit of work to enable this in regular MSIs, too, but it's actually better supported that under RPM.
Re:I don't think that's quite right. (Score:4, Interesting)
In Windows, you don't need elevated privileges to install an application to a user-specific location.
Where have you been? Unless you're deploying "Hello world" written in C++, it is certain you're going to have to distribute some library which insists of being installed in the system area along with registry entries. Therefore you will have to have admin privileges. Heck even just copying to Program Files takes admin privileges starting with Windows 7.
Re: (Score:3)
Re: (Score:2)
The ironic thing is that this can be done under Windows. VMWare's ThinApp, and Evalaze are utilities which can take a Windows package and turn the whole thing into a single file. ThinApp could even find the latest update of a packaged application in a share, so if one ran Word, it would execute the latest one.
It takes up disk space, but it would be nice to have Windows offer a completely virtual machine (with virtual FS and Registry) so one could click on an application, and its data would be stored in a
Re:Application installers suck. (Score:5, Interesting)
For much of the Mac's history this was also the case. If you wanted an application, you just copied the damn thing from one media to another.
IIRC, it got worse over time on the Mac as apps got bigger (more supporting crap, stuff to copy to the System Folder, maybe a control panel or init, etc).
One in a while you run into applications, often utilities, that are truly standalone -- you can copy it to a new system and just run it. And then there are the various techniques for making portable apps, some kind of hand-done with a wrapper, others that scan a system before install and after and package all the deltas and use a wrapper after running to redirect all the various accesses.
I kind of blame shared libraries myself versus static linking. I've never quite groked the attraction of shared libraries. I get pilloried on Slashdot for saying this, of course. Usually its "ZOMG how will I patch my system when $library has a security weakness and 69 apps all use it" or "it takes too much disk space".
#1 is a fair criticism, I guess, but means little on Windows which seems to use less of that kind of a shared library, but I also wonder if there isn't a counter argument by which not every app statically linked to a common library will have the same bug and won't need updating. And it's not like updating a shared library is always risk-free; there's always the chance that an updated dependent library may change in some way that borks some of the apps that depend on it or some of the problems and cruft from several versions of the same library on the same system.
#2 seems like a bullshit criticism in this day and age. I'm curious what a "typical" OS install would be like space-wise if it was all statically linked.
And if you had all-statically linked applications, updating them to new versions would be just a matter of copying in a new version which seems simpler and more manageable to me for some reason.
Of course, none of this means much to apps which legitimately have a shit-ton of included resources which need to be shared system wide. Those have to go in their right places somehow, but if they are app specific they could just be in the same directory as the application. Maybe apps could um, register, their shared capability with the system so it would know to look for a resource in a virtual directory /app/resource/shared instead of a system-wide /resources directory -- the app itself remains self-contained, no installer required, and it could just register its capability at runtime with the system.
Re: (Score:3)
In very rough figures on my Linux system, libc alone would consume an extra GB. It would take more analysis to look at gtk and other X libs but that would easily be much larger.
Consider, /bin/cat is about 51K by itself, but it links against libc at 1.5M.
Re: (Score:3)
Microsoft has a solution to this problem. It's a walled garden called Metro and the Windows Store.
In spite of some of Android's faults, I'd really like to see Google come up with a desktop design spec and have it replace Windows as the de-facto desktop OS.
And no, linux on its own can't really do this because no developers can ever seem to agree on which libraries they want to use, making it a big giant gaggle-fuck as far as desktop applications are concerned. Android meanwhile has a respectable standard set
Re: (Score:2)
So you are suggesting "Click next to install all crapware bundled within this installer"?
Re:Application installers suck. (Score:4, Interesting)
it would certainly be way more honest.
Re: (Score:3)
It's faster. With the same results.
So, why not?
Re: (Score:2)
Re:Application installers suck. (Score:5, Insightful)
Because, thanks to nonsense like the registry, installing an app into Windows is a non-trivial operation. So everybody uses one of two or three installer shells that all use that "wizard" mode where you have to click next ten times.
The sad part is that it is possible to make a trivial app that doesn't need to be installed. Putty does it, and I've done one before, too. But MS never came up with a "bundle" concept like OS X (I think it was in 9 as well) that presents a folder as through it were a single application, nor is there a default applications directory that multiple users can all access by simply dropping stuff into it. So if you've got files that need to tag along with the .exe (especially DLLs) or want the app installed for more than one user, you're stuck with installer hell.
Re: (Score:3)
The problem was after the app finished running, Windows somehow assumed it was an installer, and flashed a popup that said, "the application did not install correctly." Not a problem since it was only used internally, but it was really annoying.
Re: (Score:3)
Applications and config/data files that need to be available for multiple users can be installed to C:\Users\Public by default without admin privileges. This location is available in an environment variable in case the admin has changed it (can't remember the variable name off the top of my head).
Applications with per-user installation or config files can use the %USERPROFILE% environment variable to find a safe place to store their data (defaults to C:\Users\username). Creating your own directory there is
Re:Application installers suck. (Score:4, Interesting)
Because, thanks to nonsense like the registry, installing an app into Windows is a non-trivial operation. ... So if you've got files that need to tag along with the .exe (especially DLLs) or want the app installed for more than one user, you're stuck with installer hell.
a) it's crappy developers that force the registry hell on you. There's no reason to use it, nor any requirement to use it.
b) There's no problem building a single EXE with all required DLLs (or there didn't used to be.)
c) there's nothing preventing you from shipping a zip (because windows still doesn't understand a tarball) which has everything packaged up nice and neat (ie, a bundle)
d) multiple users can use an app that you drop into the appropriate places, some will require that when you drop it there, you have to elevate your privs, but that's pretty standard
There's no excuse to have installer hell. Just say no.
Re: (Score:3)
c) there's nothing preventing you from shipping a zip (because windows still doesn't understand a tarball) which has everything packaged up nice and neat (ie, a bundle)
It seems you don't completely understand what an app bundle in OS X is. Yes, it is a directory where all the files that comprise an app are packaged up nice and neat.
But that directory is treated by the Finder in a special way: from the point of view of an end user, it is just a file. He double clicks on it, and the app launches. He drags a document icon on top of it, and the document opens in the app. He can move it around, move it to another disk or to another Mac, etc., and it consistently behaves like a
Re: (Score:3)
Which is what you get at http://www.portableapps.com../ [www.portableapps.com] Apps like WinSCP, Putty and a whole bunch of others have been modded to run from ONE locatiion and to NOT fuck with the registry...I see they even have Wireshark in portable form... not sure how they get past the fact you need Winpcap running as admin also to actually *do* live captures on a running system...
Comment removed (Score:5, Interesting)
Re:Application installers suck. (Score:4, Interesting)
Re: (Score:2)
Yeah. If only the UI paradigm for "modern" apps didn't suck.
Re: (Score:3)
Pretty much.
The Windows Store has more granular permissions, restricted UI modes, and reduced legacy API support. These things will lead to apps using modern security and UI conventions, which is mostly a good thing.
A curated app store is probably good for normal users. As long as sideloading apps is always supported, this should make some headway on taming the burden of legacy software.
I expect to see an unending avalanche of shitty Win32 apps for the rest of my life, but the Windows Store at least offers
Re:Application installers suck. (Score:5, Informative)
Why does Windows keep this antiquated process around?
Chocolatey.
https://chocolatey.org/ [chocolatey.org]
Re: (Score:2)
Re:Application installers suck. (Score:5, Informative)
Re:Application installers suck. (Score:4, Interesting)
Why does Windows keep this antiquated process around?
Try the windows 8 app store.
The antiquated process is kept around because everybody rejected their solution. Admittedly the app store only carries 'new ui' apps, and the 'new ui' was, deservedly, the main reason for all the rejection.
But a LOT of the issues with the 'antiquated' installer solution WERE actually resolved with it.
Yes, there are .pkg installers that could bundle god knows what, but they're not the norm for Mac software.
Have you tried using download.com as your source for mac software?
Re: (Score:3)
They need (yet again) to do a better job of marketing. The MS App Store doesn't just carry "new ui" apps. Developers can also submit links so people can find desktop apps and get them from the developer's site. Not perfect but still better than cnet.
Re: (Score:2)
I have used Linux for decades and am a fond believer in it being a better OS.
However, it is now Microsoft that is the issue here. OsX and Linux have great package management and in most instances it is used. Once you get into commercial software the install shifts. I am not sure why they don't make RPM's, DEB's, etc but even the commercial Linux producers use these crappy installers. Try installing the NVidia Drivers from NVidia. They require you run the install script and run you through the next, next, ne
Re: (Score:2)
Why does windows keep this antiquated process around? What would you suggest? Maybe they should have curated store where people could go to get apps with a high level of confidence that they'll be safe. Hmm, that might just work. They would have to be careful and not switch to that new system all at once though since that would surely backfire and piss everyone off. They'd have to slowly tighten the screws over a period of releases.
You should write them and make sure they know of this plan...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Application installers suck. (Score:4, Interesting)
You don't say !! (Score:5, Insightful)
Re: (Score:2)
I was thinking the same... I can't think of a worse choice of site, except perhaps Tucows...
It's getting so that you start looking for .ru on the end of a URL to indicate it's safe now...
Re:You don't say !! (Score:5, Interesting)
This reminds me when link farms were more of an issue than they are today, and when just doing a search could kill your windows machine.
Really it is the search engines that keep these people in business, and modifications of the algorithm could minimize the damage just like it did with link farms.
Comment removed (Score:4, Interesting)
Re: (Score:3, Informative)
Whatever happened to the great days of shareware?
The people making 'shareware' realized they had rent to pay and kids to feed.
Re: (Score:2)
Many people tried. Very few buyed.
This was especially true once internet speeds got faster and getting a cracked full version of the software was just as easy to find and download as getting the locked down shareware.
this has been the issue forever (Score:3)
Re: (Score:3)
Re: (Score:2)
Only go there with AdBlock, though.
Is there anywhere worth going without adblock installed??
Re: (Score:2)
Well some pornsites say that their sites performance will suffer from adblock being turned on, so there's that ;)
Or just pick better sources ... (Score:5, Interesting)
Download.com is crap.
Sadly open source isn't immune to this crap with SourceForge [google.com] now doing this stupid shit of bundling malware, adware, toolbar hijacks, etc. Especially when you have yahoo's like FileZilla's admin approving(!) [filezilla-project.org] of this irresponsibility !?
At least Git hasn't been effected (yet)
Re: (Score:2)
Re:Or just pick better sources ... (Score:4, Insightful)
Perhaps he is confused by the fact that many small developers, especially of game mods, distribute directly from github, and indeed, github is not adding anything to those downloads.
A lot of people don't seem to realize that git is a thing quite aside from github
Re: (Score:2)
Git and GitHub users, if they provide binaries at all, don't follow this "let's shit on the customer attitude"
Libreoffice (Score:2)
I can witness on open source not being immune. I recommended Libreoffice to a novice PC user recently. I don't know from where he downloaded the installer, but when he finished he had some redundant anti-virus programs, and another program that reset the home page of his web browser and wouldn't let him change it back.
Re: (Score:3)
Some times you only have to get it from the authors intended source for it to be an issue - the reason I dropped PDFCreator as a tool was the bundled crap from the Sourceforge download.
Re:Libreoffice (Score:5, Informative)
these days they dropped the sourceforge crap for their own crap built-in into the main installer, silently downloaded in the background from sites such as coapr14pool _DOT_ com AND THEN executed while having elevated full admin rights. This is typical trojan dropper / infector / keylogger behavior.
source: http://www.pdfforge.org/blog/p... [pdfforge.org]
(in comments)
Re: (Score:2)
Yeah, I just use the stuff built into Windows these days - works a treat, and due to the past behaviour of projects like PDFCreator I have no sympathy for them.
Re:Or just pick better sources ... (Score:5, Informative)
Download from the source (Score:5, Informative)
Need SCP? Download it from winscp.net. Need VLC? Download it form videolan.org. Teach your non-geek how to think outside the box (just a little and be gentle). Teach them about digital trust. To locate website of the vendor that makes the software that they want. If that vendor redirects them to cnet, then that is where they should download the software from.
For all driver needs tell them to download only from the original equipment manufactures website. If the driver doesn't exist anymore there is a reasonable chance the driver found on some third party website won't work anyways.
Re:Download from the source (Score:5, Informative)
Ninite.com is the only place I go for software on a new Windows installation. Select what you want and it gives you one installer. And you get exactly what you asked for. No search bars or crapware. It has been working great for years now.
Re:Download from the source (Score:5, Informative)
So, Ninite takes this installer, and makes sure nothing else has been added to it. However, they have no concept of the genuine installer forcing bloatware on you. It seems they are just checking for 3rd party bloat. So, with the genuine installer you have the option to uncheck this bloatware and not install it. This is not true with Ninite's one-click installer which accepts all of the defaults.
For me, this made ninite a non-starter, and I do as most of us do, and go to the app provider's site to download.
It's a shame.
Re: (Score:2)
The problem is that people doesn't want to think, they just want things to "work".
For my non-technical friends I usually recommend that they use Ninite (https://ninite.com/) for installing the most common apps they need.
Re: (Score:2)
I've had very good luck downloading from Softpedia, as they do not add their own installers; the only bundled junk you have to worry about is that which is included by the publisher of the title (which would also be on the downloa
Re: (Score:2)
Re: (Score:2)
If that vendor redirects them to cnet, then that is where they should download the software from.
Um, that is exactly the opposite of what I tell them. CNET is so riddled with crapware, that if anyone needs something that can only be found there, it is not good. PERIOD.
If you find yourself at CNET, for any reason, LEAVE and call me. Yeah, it is that bad, and probably worse. The price you pay to de-crappify your computer is not worth whatever crap you're getting from CNET. Pay for legitimate software, it is cheaper, trust me.
Re: (Score:3)
This.
I make people aware of the difference between Google and the Address Bar.
For instance, some people have the (horrifying) habit of going to Chase bank by searching for it in Google, and then clicking on the first link.
I teach them to put chase.com in the address bar.
Even with Google, I teach them to look at the place they are about to go to make sure it;s not, say, chase.com.ru.
In a perfect world, I would not have to do that, but ... advertisers.
Re: (Score:2)
or maybe work with search engine providers (you hearing this Google) so they prefer the sources over CNET when ranking search results. Yeah I know CNET pays Google money but paid results like this are what point naive users erroneously to Download.com in the first place.
Re: (Score:2)
Can't you just nuke the recovery partition with dban or something similar? I've removed Dell recovery partitions that way in the past.
Re: (Score:2)
If MS had that much control over the OEMs everyone would be crying about how they are abusing their power again. Even when they did have a lot of control they didn't have *that* much control to keep OEMs from installing crap. If you want a crap free system order it directly from the Microsoft Store. They configure all of those systems and remove all the crapware. That's about the best they can do.
Comment removed (Score:3)
Re: (Score:3)
Find the source (Score:4, Informative)
Also, if you are forced to download from one of those sites, don't assume that just because you uncheck all of the crapware in the installer that it won't just go ahead and install it anyway, because it will. Basically, ask yourself if you really really need that app or if you could maybe find something else that does the same thing but is still supported. It's also a good idea to run whatever your favorite anti-spyware app is if you do have to install something like that.
Re: (Score:2)
Exactly. Look what happens when you install Apple Quicktime. You explicitly uncheck the box to not do auto updates, but when you're done, the auto updater is installed. Same goes for iTunes.
Re:Find the source (Score:5, Funny)
The process goes something like this:
"Help. My computer is slow."
"You need to clean up the malware."
"Okay, I did a Google for malware cleaner. That only made it worse."
"Oh, you have to install Malwarebytes. That software's a fake."
"Okay, I don't know how I was supposed to know it was fake, but now I've installed Malwarebytes. Things got worse."
"That's because the first search result in Google is actually an ad for somebody else distributing Malwarebytes with its own malware. You have to go to this page instead."
"Okay, I don't know I was supposed to know that too, but now I've installed it. Why is it still not working?"
"Because the malware on your computer redirects attempts to remove the malware on your computer."
"Fuck this. I'm buying a tablet."
(one month later)
"How do I delete all this crap on my tablet?"
"You can't unless you root it. Here's a guide that a five year old child could follow, with only a 10% chance of bricking your unit."
"Then fetch me a fucking five year old child because I'm paralyzed by learned helplessness by this point."
I think we forget how overwhelming and stacked against the user the entire process is.
I think the term you're looking for is.. (Score:2)
Craptacular!
Download.com used to be a great place, but it's like a dilapidated, crime infested neighborhood now; don't go there.
Re: (Score:3)
Download.com is the Detroit of download sites.
Not Surprising (Score:3, Informative)
Free software and free hosting has to make money some way. Even the more legitimate ones tend to bundle stuff like
adobe acrobat, google chrome, google toolbar, or some other random search engine toolbar that presumably gives them
a kickback. As long as people keep demanding free apps and free software then you will continue to see sneeky ways
to monitize their software. That being said, some of the worst offenders I've seen are PAID software like norton and
mcafee.
Re: (Score:2)
How about all the crapware/trialware you get with a new machine from Dell, etc?
Re: (Score:2)
Caveat downloader (Score:2)
Malware (Score:4, Interesting)
malware = stuff designed to do nothing more than harm your computer.
adware / junkware = stuff not specifically designed to do that, but a pain in the butt, extremely annoying, probably unwanted but not necessarily "evil" as such.
No malware doesn't mean it's "safe" or won't fill your computer with unwanted junk. Hell, even some AAA paid-for game titles will fill your computer with junk given half a chance.
That said, download.com has been dead to me for a number of years. Precisely because, like a text conversation I had with an old friend just now, people eventually have to ask me to clean their machines after touching it. Sure, it's not doing damage, but slowing your machine, popping up junk, intercepting your default search etc. is not "malicious" so much as downright rude and annoying, if you've agreed to it.
It's like the difference between posting some junk mail through my door, and posting some dog excrement. One is clearly intended to harm. The other's just a pain in the butt that I never really wanted (even if I "volunteered" for it at some point, somehow).
Sorry, but I remove (and have more trouble removing) more "adware" / "junkware" in my professional life than I ever do malware. It doesn't mean it's okay, still, but it's not malware. It's not exploiting security holes, stealing your passwords,avoiding your antivirus,etc. Most of it will remove itself if you ask it to. But that doesn't mean that anyone actually WANTS it either.
Sorry, the second you bundle unnecessary junk into your downloads, I stop using you. I've had to abandon several good pieces of freeware because of that (yes, I'm looking at you IZArc and lots of your friends because you just can't resist bundling some unwanted junk with a lovely freeware util that I'd gladly give you £10 for if it didn't have that stuff).
Re:Malware (Score:4, Informative)
I classify adware/junkware as malware, as - at the very least - the extra use of resources (memory, disk) is a drain on the PC. Even browser toolbars tend to reduce the performance of a computer.
It's too bad that is has come to this (Score:2)
I used to always recommend download.com to non-technical users as a trusted source for freeware.
Now, unless it is available through the ninite.com installer, I don't recommend users download anything themselves.
I just went through a major ordeal with my mom's computer where I ended up having to ship the thing to me in order remove the infestation of malware she got because she was trying to install driver software herself. The stuff was basically making her computer unusable. I had to rebuil
Oracle on down ... (Score:5, Insightful)
When Oracle bundles the ask.com shitware with Java, and you have to conscientiously know it's there and un-check it, is it any surprise pretty much everyone else does this stuff?
Some ass is always trying to monetize your clicks, and 'free' comes with strings.
I've noticed over the years CNET is doing this, so much so that I don't typically trust them as a source.
The marketing assholes have pretty much wrecked the internet, and they pretty much use the same tactics as the malware people -- putting stuff on you don't want.
Re: (Score:3)
I see it as the evidence of the end of Java. Oracle sees Java as a vehicle for affiliate link clicks and adware kickbacks. It's more than a little sad.
Re:Oracle on down ... (Score:5, Insightful)
When a multi-billion dollar company is resorting to looking for affiliate and adware kickbacks it's truly pathetic.
By putting that ask.com crapware bundled with the core Java installer, Oracle have done more to undermine the existence of Java than pretty much anything.
This is why we can't have nice things ... because it just gets bought and destroyed by a bigger tech giant who craps all over it.
I've lost track of the number of times I've had to uninstall it from people's systems.
Why people like walled gardens (Score:3)
Re: (Score:2)
CNet's Download.com has been terrible for a while. (Score:2)
I'd say that's what they are intented to do (Score:2)
...most of the installers are so confusing that there's no way a non-geek could figure out how to avoid the awful. ...
Working as designed. The purpose of the installers is to get the secondary software installed, so why make it easy not to meet that goal?
This is why the App Store is good (Score:2)
Us geeks despise the idea of a walled garden source for software installs, but at least it nominally protects users against this kind of stuff.
Yes - things sneak through from time to time, but it's still orders of magnitude safer than Joe User hoping to find a program online to perform the same task that won't bring his web browsers grinding to a halt with fifteen toolbars.
nonags.com still good? (Score:2)
Fifteen or twenty years ago, when I used a cheesy mass-market OS from Microsoft, nonags.com was the place to go for good, free software with no bullshit. Is that still a good source for grandma to get software for Windows?
So much crap (Score:2)
I don't normally use Windows except as a launcher for certain Windows-only games that I play (I'm primarily an OS X user), and even when I use a web browser, it is NOT Internet Exploder. A few weeks ago I ended up running one of those crapware installers on a W7 laptop. Fortunately the very fact that I don't use Windows for much helped me, because I noticed the problem immediately and could see all the new stuff simply sorting by date.
A couple of things I noticed: turning off my WiFi didn't persist over a
Brrrr... (Score:2)
The ultimate bypass (Score:2)
There is a very easy definition of malware (Score:4, Insightful)
Anything that does something which is not in the interest of the owner of the system is malware.
The owner of the system defines what is in his interest.
Simple as that.
Re: (Score:2)
Useless.
Because then the software would just refuse to operate until you included those files, or would bundle a tiny innocuous file that it would then execute on first run to do the same job.
These people don't care about your experience downloading, they just want to entice you to download something that makes them money (usually off the back of some shareware/freeware author's work).
That said, why all Windows MSI's can't have this functionality is beyond me - they pretty plainly list every file, registry
Re: (Score:2)
Yes, exactly that.
Yes, the title says "Windows" but they avoid it then on, talking about "your computer" and make it look like they weren't talking just and only about Microsoft Windows and when the say EVERYBODY there were not talking ONLY about the Windows ecosystem.
Re: (Score:2)
To be fair, since download.com and entire CNET is actively involved in pushing malware, I wouldn't be surprised if any non-Windows downloads they might offer would try to push malware as well.
Re: (Score:2)
To be fair, since download.com and entire CNET is actively involved in pushing malware, I wouldn't be surprised if any non-Windows downloads they might offer would try to push malware as well.
Once CNet acquired VersionTracker (Mac software site that'd been around forever), they tried their substitute installer bit. I don't know how successful they were as I've never been back using http://www.macupdate.com/ [macupdate.com] instead.
Re: (Score:3)
Why do you _assume_ free is good?
Just to drive the point home:
STDs such as Aids are "free" too.
Just because it is free, doesn't imply it is good (for you.)
Free source code: Good .exe + malware: Bad
Free standalone binary: Good
Free
Re: (Score:3)
Nothing like false equivocation.
Re: (Score:2)