Tag: unwanted software

Google makes further efforts against unwanted software

Article – From the horse’s mouth

Google

Year one: progress in the fight against Unwanted Software

My Comments

What has become familiar for me after some computer-support tasks was dealing with unwanted software that uses fraud and deception to have computer users install the programs on their systems. Such software like TubeDimmer typically takes over one’s online experience by serving up ads typically for dodgy businesses, slowing down the user’s computer or sending off the user’s private computer-usage data to questionable entities. In some cases, the software pesters users to download other worthless software or pay for worthless IT services.

There have been some efforts in the computing industry to tackle this problem, most notably MalwareBytes Anti-Malware providing the ability to remove this kind of software. But Google has approached this problem in a multi-faceted manner.

Firstly, they have revised the Safe Browsing API used in Chrome, Android and other browsers and endpoint-security programs that exploit this API to detect the unwanted nuisance software. They also provided an online “cleanup tool” for Chrome to remove ad injectors and similar unwanted extensions from that browser.

On the AdSense and DoubleClick advertising-network front, Google have tuned their Bid Manager which is used for buying advertising space on these networks to filter out chargeable impressions that are generated by the unwanted ad injectors. Similarly, they are disabling ads which appear on these networks but are leading to unwanted-software downloads. These include the ads that show the “Download this” or “Play this” kind of text or artwork without referring to what you intend to download and is augmented by an unwanted-software policy that applies to any advertising that is about software delivery.

If you are “Googling” for software, the Google Search Results screen will highlight links that lead to the delivery of unwanted software or advertised software links.

These efforts have paid off for Google in the form of reduced user complaints about Chrome and other Google client software. There has been increased Safe Browsing alerts regarding unwanted software which has placed a roadblock against this software being installed. Chrome users and personal-IT support personnel have been able to get rid of the unwanted software very quickly and easily.

Now Uncle Sam has joined in the fight against unwanted software downloads

Now Uncle Sam has joined in the fight against unwanted software downloads

But there needs to be further action taking place beyond what is happening in Google’s or Malwarebyte’s offices. Uncle Sam has lent his weight behind this effort with the US Federal Trade Commission classing this unwanted software as a form of malware.

Microsoft could help with this effort by extending their security and software-cleanup tools that work with Windows, Office and Internet Explorer to provide a “one-click remove” option. Similarly Web browsers and endpoint-security software can be part of the effort to slow down the deployment of unwanted software, reduce its effect on the system or simplify its removal.

As well, there needs to be efforts taking place within the online advertising industry to clean up its act.This may involve issues like:

  1. managing the availability of low-risk high-return advertising products like “cost-per-click-only” products that appeal to “fly-by-night” operators;
  2. management and supervision of advertisers, publishers and campaigns;
  3. advertising through client-side software rather than Webpages;
  4. advertising campaigns that lead to software downloads, amongst other issues.

Such issues may have to be dealt with via establishing an industry-wide code of practice and/or use of a “seal-of-approval”. Here, this is to make sure that online advertising has the same level of respect as traditional advertising has amongst advertisers; publishers, broadcasters and advertising-surface providers; and the general public.

Google Chrome can now detect loaded downloads

Article

Chrome update to raise alarms over deceptive download bundles | The Register

From the horse’s mouth

Google

That’s not the download you’re looking for …. – Blog post

My Comments

I have helped a few people out with removing browser toolbars and other software from their computers that they didn’t necessarily invite in the first place. What typically happens is that a person looks for software to do a particular task such as a lightweight game, native front-end for an online service, video-codec pack, an “essential” CD-burning tool or an open-source Web browser, but they work through a very confusing install procedure that has them invite software like TubeDimmer to their computers if they aren’t careful.

A lot of this unwanted software ruins the browsing experience by “cluttering” the screen with extra advertisements and data or redirects genuine links to advertising sites hawking questionable products. As well, they are more likely to “bog” the computer down by stealing processor time and RAM memory space.

Mozilla has become aware of the problem with Firefox courtesy of their bug-reporting mechanism and found that it wasn’t about proper software bugs but improper bundling practices. They had found that these bundles were infringing their copyrights and trademarks that they had with the software, especially the open-source concept.

Google has answered this problem at the search phase of the operation by identifying whether a download site is paying to advertise courtesy of its Adwords keyword-driven advertising service and provided a way to highlight that the software is not the official software site. This is typically because a download site may bundle multiple programs in to the install package rather than just having the program you are after.

They are even going to “expose” the detection software to Mozilla and others to allow them to integrate the detection functionality in their “regular-computer” browsers or desktop-security software by virtue of their Safe Browsing application-programming interface.

This may be a step in the right direction towards dealing with “loaded downloads” but desktop security programs could work further by identifying installation packages that have more than what is bargained for.