Avoiding Sneakware

I see it all the time: PCs choking on gobs of uninvited software to the point where they barely function.  They may be Web browser toolbars or antivirus utilities or programs that promise to speed up your computer, when in fact they do exactly the opposite.  It enrages me to see programs like these on my customers’ computers because I know that they did not knowingly install these programs--these programs waltzed in with another that the customer did want.  This sort of software is referred to as “sneakware.” It’s kind of like the plus-four your buddy brings to your small gathering that was really only supposed to be a plus-one at most. It’s rude, annoying, and most people don’t know how to properly say “no.”  I can’t help you with your social skills, but I can tell you how to say no to sneakware.

First of all, let’s take a look at a Web site that should know better: CNET’s Download.com.  Download.com has for years been the place to go for free software. Need a quick audio converter?  Download.com probably has one that’ll do the trick.  What about a utility to analyze your hard disk usage?  Yup, pay a visit to Download.com.  So it was disappointing to me, after almost two decades of use, to see Download.com introducing sneakware.  The only thing you should receive from Download.com is the installer for your chosen program.  What you get instead these days is a Download.com installer that will give you your program, but not before it tries to sneak in a few other items.  Let’s take a look at the installer for a database file reader that I recently downloaded from them:



You can see above that rather than just the plain installer for my program, DBF Viewer Plus, we’re getting this sort of frame for the installer.  Anytime you see the site you downloaded a program from imposing itself on your installation experience, you’ll want to proceed with caution.

Next Step:

You’ll see you have a choice between a “Quick” Installation and an “Advanced” Installation.  This is a bit of lingual trickery that you’ll see a lot of free software installers try to pull.  I mean, you’re not a computer person, right?  You wouldn’t dare choose the “Advanced Installation” – it’s too advanced!  Rubbish.  Look above, and you’ll see that CNET wants to install something called the “blekko” toolbar.  What in the world is that?  Blekko?  Never heard of it.  Never heard of it?  Then don’t trust it.  Remember, it’s your computer: you decide what goes on it, so always pay attention during installations – most people do not.  Thankfully, CNET is giving us that option for an “Advanced Installation,” employing phraseology so succinctly ridiculous that they and everyone else who uses it should be given a trophy.  You go ahead and select that Advanced Installation and then deselect all the check boxes for installing this “blekko” nonsense you didn’t ask for.  

Next Step:



What’s this?  SpeedUpMyPC 2013?  Whoa!  It’ll speed up my computer, and it’s the 2013 edition?  2013 is still like three months off – this is so super-advanced you surely must want it!

WRONG.

The moment you see something like this that advertises to speed up your PC or check for issues or correct registry errors or viruses or anything else along those lines, you run screaming in the other direction.  These programs spell certain doom for your computer’s speed.  What’s particularly disturbing about this step of the installation is that CNET is giving you an option to accept or not accept an End-User License Agreement, or EULA.  Those who actually take a moment to read the window will realize this is a EULA for a third-party application--not the one you’re trying to install.

Those who don’t stop and read will likely click “I accept” because you always have to accept a EULA with these programs right?  It must be necessary to accept in order to proceed, right?  N-O-P-E.  Not for this step – you just go ahead and decline this particular EULA.  After going through this step, the real program I was trying to download, the DBF Viewer Plus, will actually download and install, but the hoops I had to jump through to get to that point are disturbing. At no point during all this did CNET bother to explicitly tell us that this junk was completely optional and that not accepting it would in no way affect the installation of the real program.

Let’s take a look at another common source of sneakware: Adobe.  That’s right, the makers of Acrobat Reader and Flash are very guilty of trying to sneak you some wares, though less aggressively than CNET.  



Above you can see I’m trying to install Adobe Reader X using Microsoft’s Internet Explorer.  If you don’t read the screen and just click the bright yellow “Download now” button, you’ll end up with both the Google Chrome Web browser and the Google Toolbar for Internet Explorer.  Now, these aren’t nearly as bad as “blekko” or “SpeedUpMyPC,” but they are still unsolicited.  I will say this for them: at least they’re marking these programs as optional, which is definitely better than CNET.

So, what happens if I try to download Adobe Reader using Google Chrome?  McAfee!



Yes, Adobe is trying to sneak McAfee Security Scan Plus onto my computer.  Bad, bad Adobe!  McAfee’s name is mud in the Internet security world.  Despite this fact, big box stores like Best Buy and Office Depot--not to mention online banks--partner with McAfee and will try to push you towards it for your Internet security needs.  These people are not your friends; if you need good Internet security for your Windows PC, go download a free-for-life copy of Microsoft Security Essentials. Never, ever get McAfee, even if it’s being offered for free.  This Security Scan product appears to be free, but what you’re not told is that it will only check whether your computer has antivirus software or not and direct you to McAfee’s site to purchase their protection. This free software is nothing more than an elaborate advertisement.
Download.com and Adobe are obviously trying to be somewhat subtle in maneuvering you to install sneakware on your computer, but if you read the screen carefully you can avoid it.  In other instances, the solution is not so simple, such as the advertisements displayed on some download sites:

 



Here, I’m trying to download the installer for a popular disk defragmenter, Defraggler, from FileHippo, a service similar to Download.com.  Except, where do I click?  There’s a big, green download button on the left, and another one in the bottom-right, and then a third, much smaller download button in the upper-right--how are we supposed to know?  If you’re ever in a situation like this where it looks like you have several options for downloading your file, remember there is only one valid link on the page.  Make sure that the button in question doesn’t read “advertisement” below it or offer some service unrelated to what you’re really downloading. The bigger, brighter, and gaudier the button is, the less likely it is to pertain to your legitimate download.  Look for something smaller and unassuming, but even then, be careful!

Another common source of sneakware is file-sharing programs.  I’m not going to go into detail about what these programs are called or where you can get them.  Suffice it to say, they are out there and are used to illegally swap pirated music, movies, and software.  Sadly, a lot of people choose to use them.  What’s even more unfortunate is that they are perhaps one of the largest sources of sneakware and malware.  I would advise you against using such software for many reasons.

You may also come across Web sites that ask to install a toolbar in your browser that will enhance its searching capability or some such malarkey.  Many users will say yes to these toolbars because they think they have to.  You don’t.  If you come to a Web site that makes such demands upon you, dismiss them and back out of the site, otherwise over time your browser might come to look like this:

 

There was a Web browser underneath all that . . .

I wish I could say that sites like CNET, Adobe, FileHippo and many more will read this and be shamed into taking a more honest approach to offering programs for download.  I get that they need to make some money to host these files, but it would be nice if they’d go about it in less blatantly stealthy ways.  I’m sure they will continue actively trying to trick users into installing software that they not only didn’t ask for, but will more often than not cause damage to their computers. For shame.  So it’s up to us, as ever, to be vigilant online!

So, let’s do an overview of what we’ve learned:

  • Whenever installing new software, read everything that’s on the screen in detail;
  • Beware pre-checked boxes;
  • If you don’t feel comfortable with an installation, don’t proceed with it;
  • Check to make sure any EULAs you’re accepting actually pertain to the software you’re trying to get;
  • Take your time and make sure you click on the correct download link/button;
  • READ EVERYTHING ON YOUR SCREEN IN DETAIL AND TAKE THE TIME TO COMPREHEND IT.