Tuesday, 20 May 2014

Software from the Shadows

If I were to ask you what software was installed on your computer would you be able to tell me?

It’s a simple enough question to answer you’d think – you’ve got your browser or two, probably a version of Office, some antivirus software, and maybe an account package or some games. If you install your software using standard install packages then you will find them listed in the control panel under Programs and Features. It’s always interesting to see what’s listed, and what you can identify, because when I examine a customer’s computer I’ll invariably find several programs they had no knowledge of installing and one or two really obscure ones that I have to Google for (almost always before I remove them). When I write up the job I describe this part of it as ‘removed unwanted programs’.

The question we are always asked is “how did this software get there”. And the answer is of course that you installed it. This certainly wasn't something you did intentionally but the sad fact is that a lot of the free software that we regularly install will come with a hidden payload that you will only see if you look carefully while you are installing it.

We are talking here about the fringes of the dark Internet; that borderland where what is going on certainly isn't good, but falls short of the activities of the criminal dark side. It's a confusing world where a button on a webpage may not do what you think it's going to do; where you need to be on your toes to make sure you don't click the big green ‘Start Download’ button because the one you really want is a little one above it, and it’s the sort of place that would confuse the hell out of your parents. Welcome to the world of foist-ware

At one end of the scale you've got Adobe who I seem to mention far too frequently - their default download of Adobe reader tries to foist a copy of McAfee Security Scan, which is top of our list for instant removal. Two respectable companies there, both of which should know better.

Next let's take the example of another respected name; Java. As you'll know Java will regularly prompt you for an upgrade. If you look carefully at the install screen it will have a pre-ticked box that will install the Ask toolbar and make Ask your default search provider. Apart from the fact that the Ask search engine is absolutely terrible, this resetting of your search engine without your actual permission is exactly the sort of thing that malware will do. Evil is as evil does.

Another piece of software that we regularly see installed is uTorrent, which has gone from being a well-respected bit torrent client to a bit of a whore when it comes to foist-ware. Their recent partnerships have included the Ask toolbar, another piece of borderline malware called Search Protect, and at one stage even the Bing toolbar. I mean which self-respecting user would ever knowingly install any of that tat?

There is of course a reason for all this and it comes down to the commission that is paid for deploying these nasty bits of software, but the ends shouldn’t justify the means. It reminds me a little bit of the old days of trying to book a flight with budget airline, where just as you were about to check out you noticed that the price has mysteriously changed, and on closer examination you'd spot that travel insurance had been added to your purchase.

In the name of consumer protection this sort of practice has since been stopped, but for some reason the low-life that pedal a lot of the software that we customarily remove from computers seem to think that the same rules shouldn't apply to them. Given that generally users don't want their software, didn't ask for it, and suffer in performance terms as a result of it running, I have no hesitation in calling them out as peddlers of malware.

They may claim legitimacy and threatened to sue those who attack their business model, but it seems to me that a simple code of conduct that states that software may only be installed on a computer when explicitly requested by a user, rather than by means of a pre-ticked box, would see these companies put out of business overnight. This simple change would at least allow some separation between the bad guys and the rest of us, and I've no doubt that products like Search Protect will find no place to hide if they are forced to come out of the shadows.