[Guide] Avoiding Adware in Installers

[+Xinok Subscriber²]

Avoiding Adware in Installers

About This Guide

This guide provides several real examples of installers which contain adware. The intent is to show you the tricks that they use to attempt to trick you into installing the adware in hopes that you can learn to avoid it.

Before you brush off this guide as common sense, it may be worth a look. The adware developers are getting very sneaky and I've almost been caught a few times myself. Recently, Foxit Reader modified their installer so that the adware was no longer optional but mandatory. This is a continuing trend and adware is only going to get worse, so it's important to learn how to avoid installing it... unless you like toolbars which track your browsing history.

Note: All of the installers have [#] in their titlebar because they were running in Sandboxie.

Accept or Decline? Agree or Disagree?

This is a common trick that they'll use. To avoid installing the adware, you must click Decline / Disagree rather than Accept / Agree.

This may catch some users because the text looks like the license agreement.

---

I agree to...

In these examples, you must uncheck the checkbox in order to avoid installing the adware.

I agree to the agreement :huh:

---

Custom Installation

For some installers, you must choose Custom installation if you want to opt out of the adware.

---

Post-Installation

This installer attempts to catch you after you've installed the program.

---

Distraction

Some installers may catch you by tricking you into clicking the wrong option. I'm not sure if these were designed to deceive, but I nearly clicked the wrong options for both installers, so I added them to the guide.

Here, my first reaction was to click Custom installation and uncheck the boxes below it.

It seems obvious, but the Custom installation is the first thing to grab your attention.

Once again, the Custom installation was the first thing to grab my attention.

---

Mandatory Installation

Recently, Foxit Reader didn't give you an option; You we're forced to install the adware if you wanted to install Foxit Reader. You may think that unchecking the two boxes was enough, but you have to read to understand there's no opting out.

Foxit Reader later updated their installer following several complaints, but this still stands as a solid example.

---

Websites Packaging Adware in Downloads

This is a new and worrying trend. Many websites, including the popular CNET, have started packaging several downloads in a custom web installer which includes adware, often without the permission of the original developers. The examples below are pretty obvious and easy to avoid, but it's a trend you should be aware of none the less.

CNET's download.com

Softonic.com

Tucows

---

Installers with Spyware

It was recently reported that DAEMON Tools, a popular CD-image mounting software, installed a spyware feature called MountSpace which reported every image you mounted to an online server. Even if you declined the feature, it was still active without your permission.

http://www.neowin.ne...ted-last-summer

Edited February 16, 2012 by Xinok

[Riggers]

Nice work Xinok, i recently installed Foxit 5 and like you mentioned unchecked the Ask toolbar boxes (as was the case in previous versions) then during install i was alerted to the AskToolbar checker making an outgoing connection. I knew something wasn`t right but carried on, i was like proper :angry: when the toolbar showed up in the browser.

Wasn`t a problem as i just re-imaged from a recent back up, but boy have i lost faith in Foxit. This is not something you should do to potential customers, fair enough if the option to not install is there (these companies pay big money to be included in installers, thus help with development hopefully!) but to downright trick people is out of order.

Needless to say i`m am trying out other pdf options...

[Copernic Reporter]

Great guide, Xinok!

[CelticWhisper]

Thanks for this. I script a lot of my installers in my custom XP source and one test run wound up with "Dealio Toolbar" installed. I was seeing red, half at myself for not having caught it and half for the marketroid bottom-feeders who buried that installer in there to begin with. I think it installed alongside a disc-burning tool but I'm not sure yet.

What ****es me off is that unattended installs offer no way that I know of to cut the worthlessware (hear me advertisers? You and everything you do are all worthless. Yes, you. And yes, everything, really. Go die.) out and just leave the core program itself. Makes it a lot harder to do up some effortless automated installs.

[Dan~]

This is why for unknown software which I wish to install I put it on my VM machine. Looking at those examples above look very sneekly, the sly buggers.

[alexalex]

Thanks for this. Ed Bott calls these applications Foistware ; https://www.neowin.net/forum/topic/998922-ed-bott-adobe-and-skype-top-my-foistware-hall-of-shame/

[MidnightDevil]

Nice one, some of them are very tricky and get a lot of experienced users distracted. Thank's.

[+Xinok Subscriber²]

So I recently came across an installer that was so bad, I felt the need to post it. I was looking for a desktop application for Facebook chat, so I wouldn't have to keep my web browser open. What resulted is the horror you see below.

Immediately after launching the installer, I'm greeted with the first box I must uncheck. Not only that, but if you read the text, it installs a mandatory background process which calls home.

Next, I had to choose custom installation and uncheck three boxes.

That isn't all! Next, I'm presented with this screen in which you must check Decline, not accept.

Now that I've avoided all that, I continue to install and launch the program. As if all the crap in the installer wasn't enough, they also implement an ad into the interface.

Okay... so I'll just login and see if this program was worth the trouble...

At this point, I stop, clear the sandbox, and check Facebook to make sure it hadn't made any changes to my account.

[+Gary7 Subscriber²]

Great Tut!

[Jesse11]

Great guide, Xinok! thank you very much.

[fintechfooty]

Good guide to put up for those who didn't know this. Figured this out a couple years ago but suprised that people didn't know about this still!

[Rudy]

Wow....the state of adware in Windows is way worst then when I left it

[fintechfooty]

Yeah, every single program I install nowadays has some sort of Adware in it. :/

[+Xinok Subscriber²]

Also avoid downloading anything from cnet :p

Good point, I added two examples to the guide. :p

[+Warwagon MVC]

The worst one (I don't have a picture of it) for the AVG toolbar where the checkmark is INSIDE the paragraph!

[The Evil Overlord]

Also avoid downloading anything from cnet :p

Lately, yes I'd have to agree, I hate that installer thing you need to have just to download something.

I always choose advanced when installing, to see what I have control over (in case of something I don't want installed) but even then, like OP pointed out you don't have a choice with some software

(usually I'll go find a rival product)

[issh]

Nice guide. I think I'll give this to my grand aunt. She always keeps calling me to fix her PC cause she installs adware all the time.

[compl3x]

Always click on the advanced button when installing stuff, the adware or toolbars hide in there as well.

[Formido]

What I cannot understand is why some software developer has never created an app to circumvent these dirtbags. How difficult could it be to create something that would download from CNET into a safe containment (Virtualbox? Sandboxie?), allow one to open the archive, save the target file, and delete the malware? They can create Fraudfox to help juvies steal your credit card info, but not this!

[adrynalyne]

16 minutes ago, Formido said:

What I cannot understand is why some software developer has never created an app to circumvent these dirtbags. How difficult could it be to create something that would download from CNET into a safe containment (Virtualbox? Sandboxie?), allow one to open the archive, save the target file, and delete the malware? They can create Fraudfox to help juvies steal your credit card info, but not this!

Dude this thread is so old, it is moldy. 

 

https://unchecky.com/