Article
Chrome update to raise alarms over deceptive download bundles | The Register
From the horse’s mouth
That’s not the download you’re looking for …. – Blog post
My Comments
I have helped a few people out with removing browser toolbars and other software from their computers that they didn’t necessarily invite in the first place. What typically happens is that a person looks for software to do a particular task such as a lightweight game, native front-end for an online service, video-codec pack, an “essential” CD-burning tool or an open-source Web browser, but they work through a very confusing install procedure that has them invite software like TubeDimmer to their computers if they aren’t careful.
A lot of this unwanted software ruins the browsing experience by “cluttering” the screen with extra advertisements and data or redirects genuine links to advertising sites hawking questionable products. As well, they are more likely to “bog” the computer down by stealing processor time and RAM memory space.
Mozilla has become aware of the problem with Firefox courtesy of their bug-reporting mechanism and found that it wasn’t about proper software bugs but improper bundling practices. They had found that these bundles were infringing their copyrights and trademarks that they had with the software, especially the open-source concept.
Google has answered this problem at the search phase of the operation by identifying whether a download site is paying to advertise courtesy of its Adwords keyword-driven advertising service and provided a way to highlight that the software is not the official software site. This is typically because a download site may bundle multiple programs in to the install package rather than just having the program you are after.
They are even going to “expose” the detection software to Mozilla and others to allow them to integrate the detection functionality in their “regular-computer” browsers or desktop-security software by virtue of their Safe Browsing application-programming interface.
This may be a step in the right direction towards dealing with “loaded downloads” but desktop security programs could work further by identifying installation packages that have more than what is bargained for.