Scott Hanselman

Download Wrappers and Unwanted Software are pure evil

February 12, '14 Comments [170] Posted in Musings
Sponsored By

Call it Adware, Malware, Spyware, Crapware, it's simply unwanted. Every non-technical relative I've ever talked to has toolbars they apparently can't see, apps running in the background, browser home pages set to Russian Google clones, and they have no idea how it got that way.

Here's how they get that way.

You go to download something reasonable. I wanted to download a Skype Recorder, so I went here. (Yes, I linked here to the URL because they don't need Google Juice from me.)

CLICK THE GREEN BUTTON YOU WANT TO

OK at this point I'm screwed. The green button CLEARLY desperately wants me to click on it. I totally ignore the tiny "Direct Download Link" below the friendly button. I have no idea what that glyph icon means, but it's pointing down, so that must mean download.

Welcome to the Download.com installer! How helpful!

image

More green buttons, awesome. Let's go!

CLICK IT!!!

Pre-selected Express installation? Super helpful, I love that. Ah, and next to it there's text in the same font size and color that I totally won't read that says:

Install Search Protect to set [CHANGE] my home page and [TOTALLY MESS UP] default search to Conduit Search [THAT I HAVE NEVER HEARD OF AND NEITHER DO YOU] and [NOW THIS IS AUDACIOUS...] prevent attempts to change my browser settings.

In other words, we, Download.com, are going to totally change the way you use you computer and browser the way and prevent you from easily changing it back. We're going to do it now, when you press Next, and oh, by the way, we have Admin on your computer because just a moment ago you pressed YES on the Windows Warning that we could mess things up, because everyone ignores that.

Or, you can click Custom, because non-technical relative ALWAYS clicks Custom. NO. They don't. Technical people ALWAYS press Custom. ALWAYS. Always. Other people? Never.

MOAR GREEN BUTTONS

Ah, nice, when I press Custom it's set to...wait for it...the same stuff that was gonna happen if you pressed Express.

AND WE ARE ONLY ON STEP 2. What ever happened to clicking just once and getting what I needed?

YOU WILL NEVER READ THE EULA!

OMG "It communicates several times a day with servers to check for new offers and change ads on my computer?" I totally want that. Thanks Green Button!

I'm sure that if I press Decline here that it will mess up my installation of the original thing I wanted to install...I have forgotten what that was, but I'll just keep going.

PAY NO ATTENTION TO THE MAN BEHIND THE EULA

Weird. I thought I was already here. I'm sure I want this also.

ZOMG THERE ARE THREE EULAS

Huh. Does my Mouse not work? I'll click it again. Backing up my files without asking seems legit.

NOT DONE YET

Install Now? What have we been doing all this time?

I am disappointed in us, Internet, that this is a business. Someone wrote this, for their job, directed by their middle manager, who was directed by their rich boss. There was a meeting (there's always a meeting) where it was discussed on how we could most effectively fool non-technical relatives into installing crap.

These are Dark UI Patterns.

A Dark Pattern is a type of user interface that appears to have been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.

This isn't cool and it needs to stop. I won't be visiting Download.com anymore.

I'll only install software from Vendors I trust, like Oracle...

Thanks Ask Toolbar!

Gosh, maybe I need to install that "Crap Cleaner" everyone talks about so I can remove these unwanted toolbars.

Crapware Inception

Ok, forgot it. I'll just stick with the official Windows Updates because I'm sure I want all those.

Seems legit.

So, um. Yeah.

Dumbledore Welp

Sound off in the comments.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Wednesday, February 12, 2014 1:21:23 AM UTC
I am glad someone finally wrote about this. I agree so much that I am shaking my fist at my monitor right now.

Tomorrow morning when I go to the gym and do squats, I will recall the images from this post in my mind and will bring forth a might power that should never be unleashed.
Wednesday, February 12, 2014 1:30:52 AM UTC
My wife just went through the process of cleaning up the mess that very site created on her mother's computer. I distanced myself from the situation as her mother has refused to accept any of my safe web browsing advice.

Alas, much of the top search results for downloads is littered with this type of stuff
Erico
Wednesday, February 12, 2014 1:31:55 AM UTC
Yep. I'm ridiculously careful but i've still gotten caught off guard once or twice just like this. "Voluntary" spyware. It's pure evil.
Wednesday, February 12, 2014 1:41:32 AM UTC
This also happens when installing or updating any free Adobe product such as Acrobat Reader or Flash. With Adobe, they force Google Chrome download, Chrome the default browser and make Google the default search engine.

And people wonder why Chrome is "the world's most popular browser."
Darryl Rowe
Wednesday, February 12, 2014 1:42:11 AM UTC
I got "Olympic Pinkeye" just reading this!

You're so right -- I can't even count how many toolbars i've removed for people over the years. Greed meets Ignorance...I would imagine snake-oil salesmen 150 years ago operated the same way (sans internet). ...it's just that it's more noticeable now. The ignorant will always be taken by the greedy (wall street/mortgage meltdown anyone?)

Imma gonna put on my tinfoil helmet, just to be safe.
Mike
Wednesday, February 12, 2014 1:54:13 AM UTC
I get requests to fix friends computers all the time, and I always end up cleaning out this junk from their hard drives. What's amazing is how some people can keep using their browsers with 7 or 8 STACKED toolbars at the top.
Andrew
Wednesday, February 12, 2014 2:00:39 AM UTC
I agree with Andrew... and they usually say: "I didn't, I did not install this toolbar, this antivirus trial and this backup software... I just installed the software you suggested me. It is not my fault."
It is somehow true but they should at least read the "popup messages"

Great article.
Marco
Wednesday, February 12, 2014 2:01:10 AM UTC
It sounds like a broken record, but "If it's free, YOU are the product". I'd like to see a tech community wrapped around exposing and bashing these vendors and their practices. Maybe when their brands are muddied, they'd think twice about deception and social engineering. That would be a public service.
Wednesday, February 12, 2014 2:04:15 AM UTC
Awesome. And thank you for not sparing the annoying Bing Bar / Desktop in Microsoft Update.

I have reached the point where my non-technical relatives no longer have administrator access to their own machines. Seriously. I install the basics for them, and if they want to install anything else, it goes through me. I find that a good set of pre-installed apps takes care of them quite nicely, and they don't need to download crap from the Internet.

They can use the App Store if they want to feel in control.
Wednesday, February 12, 2014 2:04:23 AM UTC
I was most angered when Oracle participated in their Java installer. I understand it is their free product but it just seemed beneath them.
Chris
Wednesday, February 12, 2014 2:06:58 AM UTC
There is no safe, easy way for an ordinary user to get Windows desktop software.

(Not to mention that there's still the convention that any time you install any Windows app, for some reason you need to give it Admin permissions.)

This is one of the big reasons the iTunes App Store is such a successful model.

And why possibly the biggest Windows 8 mistake Microsoft made was not selling actual Windows apps in their "Windows App Store."

A phone-like app store filled with shitty half-tablet apps? Useless. A phone-like app store filled with the functionality of the Windows desktop ecosystem, combined with a security sandbox? Priceless.

Microsoft thought their tablet API is more important then hooking people into their ecosystem. They were very, very wrong.
Stan
Wednesday, February 12, 2014 2:10:27 AM UTC
Shame on Oracle for including the Ask toolbar in the Java installer... It infuriates me every time I need to install Java. Seriously, why would a multibillion dollar company do something like that? Don't they realize how much it hurts their credibility?
Wednesday, February 12, 2014 2:12:02 AM UTC
Thanks Microsoft! This has been in the DirectX runtime for ages. Ugh.
Matt Eckert
Wednesday, February 12, 2014 2:14:28 AM UTC
Google needs to punish these guys in its index
Kevin Dente
Wednesday, February 12, 2014 2:16:28 AM UTC
Ya oracle got me the other day =(. Would never have guessed coming from them. Also thank you for calling out windows both gutsy on your part and so very true.
Wednesday, February 12, 2014 2:17:28 AM UTC
And it gets no better on any android phone that isn't a nexus directly from Google, full of software you can't uninstall. No Verizon I don't want your GPS turn by turn navigator, of course I don't.

This sort of thing is so deeply unacceptable from real companies, they are predatory and near downright criminal. I'm looking at you Oracle, do you not make enough money that you need to abuse the ubiquity of Java to prop up an ad server?
Theporchrat
Wednesday, February 12, 2014 2:35:32 AM UTC
Sigh. Sorry about the double post.
bill
Wednesday, February 12, 2014 2:40:42 AM UTC
I think I got "google auto backup" this way (or by some other intended avenue) on more than one computer at my house.
Wednesday, February 12, 2014 2:40:51 AM UTC
I just logged into my work proxy server and blacklisted download.com, that'll be the end of that one.
Wednesday, February 12, 2014 2:51:07 AM UTC
I think you actually made a triple post, bill. :P

As to the post subject, yep, it's so disappointing that these practices come from big companies that (supposedly) care about their users...
paul
Wednesday, February 12, 2014 2:56:04 AM UTC
I have to say, it's Oracle that disappoint me the most.

I expect people writing freeware apps to try to cadge a few bucks by bundling them with crapware.

I expect people running download aggregators like download.com to have a business model that involves bundling crapware.

I do NOT expect a multi-billion dollar database giant to try to score a few measly extra bucks on the side by bundling some garbage toolbar with their Java installer. It's embarrassing, it makes a company of 122,000 employees (according to Wikipedia) look like a couple of Eastern European grey-hats banging out code in their bedrooms. Is this REALLY where 37 years of database development has brought them?
Wednesday, February 12, 2014 3:05:06 AM UTC
I haven't used download.com since they implemented this.

The internet is a minefield it seems. I will admit I'm even annoyed when I carefully scan every adobe reader update just so I don't get burned with some toolbar and every time they slap a new reader icon on my desktop. I WILL FIND YOUR APP ON THE START SCREEN WHEN I NEED IT. It seems foxit reader also does this now... Sigh

The most devious thing I have seen a lot is misleading adwords ads for ms security essentials. I explain to friends and relatives when they Google for ms security essentials to watch for misleading Google AdWords links above the real Microsoft.com links. The AdWords links are spyware and proceed to make a mess once installed.
Wednesday, February 12, 2014 3:21:20 AM UTC
http://unchecky.com/ might be able to help.
Anonymous
Wednesday, February 12, 2014 3:27:59 AM UTC
I totally got suckerpunched by Conduit Search one day when I wasn't paying attention (I think I was setting a new machine with Paint.NET on it or something) and then my freakin' browser kept looking for this whacked out search, Google was gone, and no matter what homepage I set in my browser(s) (like setting it to blank thank you very much) it kept coming back to this stupid Conduit site (that looks a helluva lot like Google or Firefox or something). Finally figured out what had happened and quickly got rid of this POS. The worst part is that this isn't just coming from the fly-by-night guys but Oracle and even Microsoft have jumped onto this band wagon to try to promote their products subversively (I think Live Essentials tries to give you Messenger and change your browser/search to Bing).
Wednesday, February 12, 2014 3:35:26 AM UTC
"Technical people ALWAYS press Custom. ALWAYS. Always. Other people? Never." -- I love that! So true! I think this is also what makes us such terrible testers.
Wednesday, February 12, 2014 3:37:18 AM UTC
More true words have never been spoken. Download.com is the absolute worst. Even like 8 years ago when they were "decent"-ish they still did this crap.
Matt Millican
Wednesday, February 12, 2014 3:47:49 AM UTC
Noticed this on some SourceForge downloads lately too (the ones using the SourceForge Installer).
Rob Lee
Wednesday, February 12, 2014 3:56:22 AM UTC
Java is a pestilence similar to flash. Perhaps I'll have to learn it some day, but until then I'm glad I've had little to do with it.

By the way, at least they have gotten rid of the Open Office suggestion they usedto do.
paul
Wednesday, February 12, 2014 4:16:36 AM UTC
I'd like to add that they take it a step further now and put ads on Google fooling users into thinking that it's the actual software.
I was shadowing a user, and she was installing Firefox. She searched on Google and quickly hit the first the link (the ad), and it was Firefox wrapped in either spyware or adware.
Here's a screenshot of Google search results for Firefox, try it yourself.
Wednesday, February 12, 2014 4:20:50 AM UTC
I'm very careful here, and never use any of the download sites when looking for proper software. Ever.

But just last week, after finally having to install Acrobat on my work PC to view my tax info, I *almost* fell for it. In fact, the download had already started when I saw that Adobe had tricked me into download some other crap. I had to cancel that dl and start over.

Totally agreed. The fact that this is an actual business is shameful. Plus, I bet even real malware authors have no respect for these devs :)
Wednesday, February 12, 2014 4:24:20 AM UTC
@Stan desktop Windows apps are in the Windows Store. We list them there, but the actual transaction takes place on the originator's site.

Not sure we'd want to own the whole transaction and install, as that would require people really checking the software to make sure it's not going to do anything funky (something which happens automatically for apps that target WinRT APIs)

Pete
Wednesday, February 12, 2014 4:27:46 AM UTC
So true Scott. I bought a new Toshiba laptop for my daughter. Within literally one day the Home Page in IE had been changed to Qone.com. It was impossible to correct without registry hacking. But here's the kicker - this was *not* caused by downloading anything...this was caused by the very CRAPWARE that Toshiba had pre-loaded onto the laptop!

As for Java and the Ask toolbar, words fail me. And they wonder why Java never took off on the desktop <rollseyes>.

Martin Rennix
Wednesday, February 12, 2014 4:37:24 AM UTC
I try to use ninite.com for as much stuff as possible. They install apps silently and without all the extra crap. Unfortunately some companies/products (like Adobe Flash) have requested that their apps be dropped from the site so that they can continue to do shady stuff.
Matt Smith
Wednesday, February 12, 2014 4:47:24 AM UTC
Scott,

Why should we NOT expect this from the Internet? Isn't this the same place where we go to get our porn? Outside of the Internet we have to deal with the same psychological tactics. Extended warranty? 15% off our order if you apply for our credit card? Make it a 128oz bucket of soda for only $1 more? @Stan is right, Apple are the only ones who seem to be doing anything about this, and I for one am happy to pay a premium to let them.
Dan
Wednesday, February 12, 2014 4:52:42 AM UTC
uTorrent has a really twisty one where you have to at one point click Decline on an unrelated TOS in order to not install additional crapware. They are taking advantage of people clicking Accept to a TOS without reading.
Naralas
Wednesday, February 12, 2014 4:54:20 AM UTC
I work at a big box retailer that fixes computers for people. If it isn't sad enough that I have to explain this on an almost daily basis, it's made worse by the fact that computer repair industries profit obscenely by ripping people off and telling them they have "viruses" when in fact they are just engulfed in malware. Very big difference between a virus that compromises your operating system and malware that trashes it up with ads, toolbars, and the like.

The common denominator for these problems is information. The more people are informed the less this shit will fly. What's sad is seeing the older generation being taken advantage of. There is a reason our clientele is almost always 35+ years old. Young people know better. I try to help people by using generic "SKU" codes for "tech support" instead of charging them $150 to remove what isn't even a virus, but even this tactic is so discouraged that I've been told repeatedly by management that I need to use official "workorders" and "full-price" services. Like hell I will.
arick
Wednesday, February 12, 2014 4:59:54 AM UTC
Reddit discussion: http://www.reddit.com/r/technology/comments/1xo8jf/download_wrappers_and_unwanted_software_are_pure/
Brent
Wednesday, February 12, 2014 5:12:56 AM UTC
I worked for a company about 10 years ago that did this, we knew it was wrong, we still did it. It was about dollars. We tried to clean up and become more transparent and "certified" but still was somewhat shady. If you want I wouldn't mind discussing it. Might be an interesting podcast episode :)

It is ironic I just read this the other day and it rang a bell.

"The Graph That Changed Me"

https://medium.com/launching-ux-launchpad/385ff833f9c8
Wednesday, February 12, 2014 5:24:04 AM UTC
Great post, but I had to uncheck the "Remember me and install Altavista search bar" box that was automatically checked. Sneaky! ;]
Wednesday, February 12, 2014 5:24:45 AM UTC
Makes me pine for the days when I obtained software (for the NeXT) from university-hosted ftp archives.
Jon Hendry
Wednesday, February 12, 2014 5:25:39 AM UTC
SU: How can I prevent Ask.com Toolbar from being installed every time Java is updated?
Spoiler: Add a 'secret' registry key

I keep this .reg in my Dropbox and spread it wherever go, like an anti-Ask toolbar Johnny Appleseed.
Moss
Wednesday, February 12, 2014 5:35:03 AM UTC
  • Ninite for normal people, Chocolatey for developers
  • Never install Adobe Acrobat, use SumatraPDF
  • Don't install Java from the web, install using Chocolatey (silent, Ask toolbar free installer)
  • If possible, use a portable apps version of programs that require Java
  • Enable click-to-run for Chrome / Flash
  • Yes, the Bing Toolbar thing is lame. You can hide that in Windows Update (right click / hide update)


Also, people should keep in mind that this is one of the problems that's (mostly) solved with Windows Store apps. So you can't legitimately complain about this and be a Windows 8 holdout, in my opinion.
Wednesday, February 12, 2014 5:42:21 AM UTC
The sad thing they are doing it legally and by the book. Before, they used to install crap behind the scenes and no way to uninstall. Now the options are visible to the consumer albeit the ones they don't want you to chose are in smaller font with less focus. They also have uninstallers.

The problem is some software guys have their download link going to download.com ONLY. Not even through the software site.
Abdu
Wednesday, February 12, 2014 5:54:20 AM UTC
To be clear, my previous comment isn't really arguing the point of this post at all. Download wrappers are pure evil, and all we can do is avoid them and be careful. I got hit with a browser redirector right before travelling overseas to present at a conference, had to reformat my computer to get rid of it.
Wednesday, February 12, 2014 6:00:42 AM UTC
Ok, forgEt it.
Justus Burger
Wednesday, February 12, 2014 6:02:50 AM UTC
And now the internet realizes how widespread it's become and how we didn't stop it.
Wednesday, February 12, 2014 6:29:02 AM UTC
I've got one word for you. Mac
Deepak
Wednesday, February 12, 2014 6:47:36 AM UTC
i'm astonished that on most of the posts there always must be someone that have to say -solution: mac- or -solution: linux-
Another similar solution is -kindle-, -paper- or -go milking cows instead-
It's like i'm talking with friends about the right way to cook beef, and there is someone behind me that has to say -go vegan!- which is: something i didn't ask for, and a choice that opens so many other variables that it's simply not an answer.
Fabrizio
Wednesday, February 12, 2014 8:16:57 AM UTC
You are right! I think the only solution is to build our own software from scratch from now on.

I'm just going to go to asp.net/downloads and... what's this? Why is it making me download Web Platform Installer? Argh! :-)
Wednesday, February 12, 2014 8:17:55 AM UTC
Do Mac's have any protection from bundling? And Linux installers/packages could be installing anything....

It's not just Download.Com, big 'trusted' sites like SourceForge are covered in green buttons.

I find it very difficult to recommend the great free software from SF, because describing to a non tech person the download process can be quite awkward.
Adrian
Wednesday, February 12, 2014 8:20:46 AM UTC
Ever tried to download FileZilla from source forge? A site for open source projects.. Wrap the software installation with crap I didn't want.. Lucky I was vigilant to notice it..
David
Wednesday, February 12, 2014 8:30:55 AM UTC
That's one of the things why I love iOS. No fear installing apps. How's an ordinary Windows home user to survive with all those popups for fake virus alerts surfing the web, update this or that from untrusted sources. They will probably just click Yes,Yes,Yes. With Windows you always have to fear installing non-mainstraim published software. It hurts the user and the app developer. In that respect Windows failed for me as an OS. Although WinRT adresses this problem for the future, the desktop is still king in windows, and the problem will persist.
Mark
Wednesday, February 12, 2014 8:32:55 AM UTC
I regularly get contacted by companies offering me a "mutually beneficial" deal where they will take my open source software, bundle it with crapware, and offer me a cut of the proceeds. I usually ignore them and eventually they go away (usually after telling me what a fool I am for ignoring such an awesome deal). As much as it would be nice to make a big of cash for my open source efforts, the crapware/adware route has always felt unethical to me.

And Scott, rather ironically, I had been just on the verge of releasing an open source Skype call recorder (with no crapware), when Microsoft scuppered my plans by killing the Skype desktop API.
Wednesday, February 12, 2014 8:33:35 AM UTC
We had some of our software on Download.com, and after years of it being fine, the wrapped it in their horrible download wrapper without our permission.

Then we started to get weird support emails from customers talking about the bundled software (which we were unware of)

Eventually, we managed to contact download.com, and asked them to remove the wrappers, which they did.
Wednesday, February 12, 2014 8:41:15 AM UTC
Coincidentally, I read this article today: https://medium.com/launching-ux-launchpad/385ff833f9c8. That's why it happens. In order for it to stop, companies must place greater value on customer experience than on a quick dollar.
Wednesday, February 12, 2014 8:42:52 AM UTC
Dan Kline: It sounds like a broken record, but "If it's free, YOU are the product". I'd like to see a tech community wrapped around exposing and bashing these vendors and their practices.

Interesting how this mantra completely breaks down when you look at real (rather than shareware) open source products. It's simply not true for a proper GPL2 Linux distribution like Debian.

Adrian: Do Mac's have any protection from bundling? And Linux installers/packages could be installing anything....

Well... no. Mac's don't per se. But we all know they are going to be moving to a walled garden any day now.

Linux? Yes, there is a complete culture difference. I would never search the internet for a software package and then download it. We use the built in package management.

It's
apt-get install skype
not google "skype download" click first green button.

If it's not available via package management, or I can't at least found a signed package from the actual vendor it doesn't get installed. I know that might seem totally alien to people who have never used an OS with built in package management but that's how we roll over here. And hey, it's probably inevitable that even MS (Apple is already well on the way) will being reinventing this particular wheel in the near future.

Wednesday, February 12, 2014 8:44:46 AM UTC
Even as a somewhat more 'advanced' user I fall for these from time to time. 'Where did that button bar come from ?' or 'Wait I didn't install this new virus scanner'. One moment of automatic clicking and BANG :).

What is also very annoying is that the obvious download button as pictured above is appearing on more and more websites. The actual download link is hidden somewhere on the page where the most obvious thing leads to more ads ...
Eric
Wednesday, February 12, 2014 8:47:27 AM UTC
I love this article, because it's 100% true, and I should know, I work in the industry.

I think Stan makes the best point here about the success of the Mac app store - at the end of the day these software developers need to make money on their product, and the best way to do that with free-ware is through tool bar searches or adding pop/injected ads. It's my opinion that the PC world moved this direction because users won't pay for the software, so developers found a work around. However, Mac users embraced paid apps/software, even if for only 99 cents, and doesn't have the same issues as PC users.
Rachel
Wednesday, February 12, 2014 8:53:19 AM UTC
Scott missed Adobe Acrobat and Adobe Flash's sneaky attempts at installing McAfee. Thanks to IE10+ I no longer install flash plugin separately. When I need flash I switch to IE from FF which is my regular browser.

Yesterday spent greater part of an hour trying to get rid of sneakware called IncrediBar. Bloody thing has a service that you can shutdown (even as an admin). Thankfully you can disable it and reboot. It installs Search Providers and sets them up as default and practically 'impossible' to 'Uninstall' even though the 'Uninstall' link will be gone from your Programs list.

I had Bing Desktop installed for the wallpapers till I noticed it was running 3 additional services *UNINSTALLED*.

Overall, Jon Galloway makes some very good suggestions above, but as others have indicated, these sneaksters know that one person in the family is going to be gullible enough to 'not check' and that's going to be the end of it, so they keep trying...

Sad sad sad state of the 'desktop' software industry and probably a reflection of why people are abandoning it in droves :(.
Wednesday, February 12, 2014 9:04:39 AM UTC
I have no idea how it happened, but I have somehow ended up with something called Apps Hat installed on my laptop. It got its claws into IE11 and Firefox, and injects its own page with two massive download buttons in-between page navigations. And I'm technical, and I check installers, so I either missed something super subtle or it was installed without even giving me the option. I'm going to try some forensics before I repave the laptop.

Actually, I've just thought: I install a lot of stuff with Chocolately, which uses silent installs that are configured by the people who submit the packages, which are probably set up to use the Express or Default options. Bother.

Oh, one other thing. To be fair to Oracle, though it pains me to do so, the Ask toolbar is a hangover from the end days of Sun, when they were trying to monetize Java to compensate for the fact that Dell's $1000 PCs had caught up with their $10000 "workstations". It was a ten year deal with Ask, and Oracle inherited it as part of the purchase (along with a bunch of IP and patents that turned out to be useless, ha ha).
Wednesday, February 12, 2014 9:05:13 AM UTC
@Scott - how can you call out the Bing toolbar? Isn't it an optional windows update that is *not* selected by default. By your definition the user would have to click on optional tab (which non-tech users apparently never do) and then tick a box.
Peter
Wednesday, February 12, 2014 9:07:37 AM UTC
Core Temp is another, particularly evil one, if you aren't careful to NOT get the installer.
It used to come as a .zip, so I was delighted when I saw that they had gotten an installer. Unfortunately, they have chosen some wrapper called "InstallIQ" to "manage" the installation. InstallIQ will very similarly try to get you to install all sorts of crapware, which you can avoid by doing a custom install.
Or so you think..
Even if you disallow everything, it ignores you and INSTALLS IT ANYWAY, along with crap they haven't even presented to you..

You can still get Core Temp without the wrapper, but they've cleverly hidden that away.
This is all on their own official web site..
Nick
Wednesday, February 12, 2014 9:08:19 AM UTC
@JonGalloway - yes, Windows Store apps wouldn't have this problem. Now, if only I could install desktop apps through the Windows Store... ;-)
Wednesday, February 12, 2014 9:18:45 AM UTC
A. You can add the McAfee crap that comes with (the dying) Flash.
B. Use Soluto, it knows about all this stuff and provides a great solution and an amazing way to help your (non-tech) relatives.
David
Wednesday, February 12, 2014 9:22:02 AM UTC
All of this is almost as annoying as Microsoft sending every search to Bing in Windows 8.1, as part of a feature that took one of the most useful aspects of Metro apps (multi-app search) and completely knee-capped it. I don't remember being asked my informed consent and I sure don't think the feature improved. (Yeah, maybe it's in the EULA. If the extra stuff you were complaining about in the post above were in the EULA and not surfaced as check boxes, would you think that it was fair since you had given your informed consent?)

Which is not to say that Microsoft doesn't also have dark UI patterns - one example is Internet Explorer setting Bing up as the default and only search engine since time immemorial and forcing a nine step wizard to apply "custom settings" to avoid that, or spending almost that many different steps finding the search provider management window, going to an addin site, getting the Google addin, setting it as default and removing Bing.
Jesper
Wednesday, February 12, 2014 9:24:30 AM UTC
This is my life with my family's computers. I hear the "It's soooo slow" and then I check it and I find a different search engine for Firefox or Chrome's start page, a couple extra bars in the browser and 3-5 new icons on the desktop. Then I go "Well, yeah, you've installed a bunch of crap" "No, I didn't. I just updated X" "Yeah, don't do that. Click Cancel and No on everything."
Wednesday, February 12, 2014 9:26:32 AM UTC
I tried several times to contact Oracle via Twitter regarding the installer and the crap that they install to our PC's, no answer never. Maybe this post will change something. Good read :)
Wednesday, February 12, 2014 9:27:23 AM UTC
Googles for SumatraPDF
Hits the first link - download.com
Next, Next, Accept, Accept, Accept, Finish

...

Dammit.
Simon Needham
Wednesday, February 12, 2014 9:39:14 AM UTC
This is why you should be recommending Chromebooks to your relatives!

It will save yourself hours (if not days) worth of family support
underpants
Wednesday, February 12, 2014 9:51:54 AM UTC
@markrendle WRT to Chocolatey Packages installing unwanted items, this is unfortunately a possibility, and that is what the Report Package link on each package on Chocolatey.org is intended for, so that this can be corrected by the package maintainer, and/or the Chocolatey Development Team. If you find any packages that are installing anything other than what you expect, please let us know, and we will get it fixed.

There is some thought processes around the automatic triage of Chocolatey Packages every time a new version is released to guard against these kinds of things, but this is still a bit away from happening.
Wednesday, February 12, 2014 9:55:59 AM UTC
These Trojan install options are the number one support issue I have seen.

The first example features cNet, a CBS owned company. One would think that a reputable company wouldn't do this slight of hand trickery. Perhaps NBC, ABC, or Fox should do a story.

But wait, the one that hits our users the most is the Adobe Reader install. It has the Google toolbar as a default install. Again, a reputable company engaging in very bad practices. One would think the major news media could make a nice story out of this.
Tony C
Wednesday, February 12, 2014 9:56:10 AM UTC
This post should be translated to all languages in the world, and widely spread all over the internet. It would save "Technical people" days of their life!
Alexandre Neto
Wednesday, February 12, 2014 10:15:40 AM UTC
The problem with these things it that even the good old advice "get a Mac" won't help any longer. This is the new world: cross platform spyware! Download once and sync to all of your devices. How convenient.
Wednesday, February 12, 2014 10:29:20 AM UTC
Tell me about it - just a couple of days ago I downloaded alcohol 52% to make an ISO of a newly bought windows CD for installing onto a Mac (with no cd drive). The installer was very similar to the one described above, and even after declining all the crapware it STILL installed "Smart File Advisor", which on the face of it sounds ok (on login will pop up a brief message if any of your utilities are out of date, and give you a change to update them.) If however you click the message to download an updated version of that utility it will bundle more crapware into the installer for that utility (eg for teamspeak - which has a perfectly fine installer available for direct download from their website), and give you another opportunity to infect your computer.

Fortunately Smart File Advisor can be uninstalled from the add/remove programs menu. It forced me to also uninstall Alcohol 52%, but I already had the ISO by that point, so was happy to see it go.
James S
Wednesday, February 12, 2014 10:39:30 AM UTC
Yes I feel your pain, very frustrating. One of the first things I learned my wife and my kids was never to press any big buttons. The bigger the button the more wary you should be of it.
Andre
Wednesday, February 12, 2014 10:40:40 AM UTC
Your post is bang on the money, Scott. This particular practice is infuriating to witness and I stumble on that green button so many times before stopping myself and cancelling the install altogether.

A clever act of trickery knowing that 99% of users want a very quick download/install experience and will therefore stop at nothing to get the process over with as quickly as possible, the implementation of these downloads on a psychological level are masterful, but at the same time disgraceful.

It's nice to see someone react with a blog post to such practices, and at the same time inject a little humour ;-)
Kevin Lawrence
Wednesday, February 12, 2014 10:45:08 AM UTC
Totally agree with this post. It needs to stop, glad you wrote about it. How many times do I have to check my friends/family computers to remove all these!
Pierrick
Wednesday, February 12, 2014 10:51:03 AM UTC
Thank you for this. These things are the bane of my life as a "techie friend".

On the upside I got a half price hair cut cleaning up my hairdresser's laptop...
Liam
Wednesday, February 12, 2014 10:58:06 AM UTC
I thought the Bing Bar and Bing Desktop apps only appeared if you explicitly installed "Microsoft Update" atop of "Windows Update" at some point -- this specifically states your desire to get other bits of Microsoft software.

Also, crucially, you always have to explicitly select the Bing stuff if you want it to install, so I don't think it is really on a par with anything else you demonstrate.

For a while I've been accidentally installing Google Toolbar and Chrome periodically and having to uninstall them every time; only later did I find out that I have to uncheck a unnoticed box in the FlashPlayer updater.
JDT
Wednesday, February 12, 2014 11:23:27 AM UTC
Yesterday I have received new workstation. Crapware were already installed. Uninstall process was installing new apps. Sometimes uninstalling required captcha.
Zbigniew
Wednesday, February 12, 2014 11:26:04 AM UTC
Holy crap,
When I downloaded FileZilla from SourceForge. It Did the same thing, but this time it started a windows cleaner tool. This is plain RUDE.
The screen looked just like the ones you show...
Norbert Beckers
Wednesday, February 12, 2014 11:30:25 AM UTC
I stopped using these sites, only I used software found in chocolatey. Still i see some weird stuff here and there....hopefully it is not chocolatey :/
Arslis
Wednesday, February 12, 2014 11:50:00 AM UTC
Even though I enjoy how you write with humor Scott, this subject is very important and needs to be taken seriously. But who can the consumer (the one who needs the help here, not us techies) rely on. There is always the "get a Mac" guy in this debate, well Conduit Search runs on a Mac also, and will even change your homepage when let in right through the front door, these scumbags are simply shooting for the largest target to get the most installs.

The end result of all of this crap is that Microsoft gets the blame from end users, they think it's Windows to blame, not themselves, and it tarnishes the brand over and over. You can't simply tell someone to update Adobe and Java anymore, because doing that simple task will end up shoving toolbars, and entirely new browser experiences onto their computer. I find Googles pushing of Chrome in this manner to be a disgusting practice, and Microsoft certainly dabbles in it with the Bing Bar etc.

It's so funny, that my answer to the question of how to stop this for the consumer, is buy a Windows RT tablet, or an iPad, or at the very least to tame their searches for software by using duckduckgo.com. Something HAS to be done, it's not funny anymore, it's destroying the Windows consumer experience.
Wednesday, February 12, 2014 11:50:57 AM UTC
I really hate it when otherwise good products are ruined by either trying to sneak in unwanted software, or having to navigate a minefield of false download links to find Waldo^w the real download. My solution is to just not use, and recommend everybody to alternative software that doesn't use these methods. I always recommend Gimpy over Paint.net fort this reason, even though I'm sure most people would have an easier time with the Paint.net interface.
Wednesday, February 12, 2014 12:08:35 PM UTC
What about the download pages where they put adbots that put a link called... wait for it.. "download".

You're swimming in a sea of download links, many are giant green download buttons... which is the one you use to download what you're actually there for?

As far as installers go... I find myself using the "portable" version of apps. One, it prevents this non-sense from happening to me (random crapware) and the app is self-contained and doesn't install into my profile and registry and what-not. Makes reinstall of the OS much simpler.
Wednesday, February 12, 2014 12:51:24 PM UTC
This post kind of misses the point by yelling in the wrong direction, but does reflect the state of the end-user software industry today. People want everything for free. Complex software that takes months, maybe years to develop *must* be free, it is our constitutional right to get it for nothing and be angry if it - God forbid - installs a shiny ad toolbar along the way. The same is true for companies providing the hosting and download infrastructure, this service must also be free and available 24/7 or else. At the same time we'll gladly leave $10 at Starbucks for a cup of warm water in it and even say thank you when we leave. If only people would pay for the software they use - even a fraction of its value - no one would ever need things like those addressed in this post.
Wednesday, February 12, 2014 12:59:38 PM UTC
Chris Dickerson, I just ran into one of these this morning. Screenshot is here:

Obnoxious download links

I had to stare at the page for several seconds before I could decide where to click. I might not have done even that well if they hadn't served two misleading ads at the same time.
Anthony
Wednesday, February 12, 2014 1:09:24 PM UTC
Great post, Scott. Hopefully, someday if we can raise the volume about this topic so that even novice users understand not to click that crap, that type of evil design will simply evaporate because it will be proven to be unsuccessful.

Someday.

Someday...

Wednesday, February 12, 2014 1:34:15 PM UTC
Ahh, gone are the good old days where you could just go to tucows.com and download software without being bombarded by crap :'(

nowadays the only place I trust is the site of the creator. Everything else I just ignore.
Peter de Bruine
Wednesday, February 12, 2014 2:00:22 PM UTC
I completely agree with this post! Some vendors have become very sneaky with how they do this, just yesterday I was installing a codec package and there was a few programs trying to be installed. The radio buttons to decline were organised in such a fashion that it would be easily missed. From years of experience in installing these types of things I have an eye for it but could of easily missed it.

I think its an absolute disgrace that the big companies are now doing this also.
Bob Gilliland
Wednesday, February 12, 2014 2:01:22 PM UTC
@Robert Seso

I often get emails from different third party companies who want my software to install toolbars and other crap, and they often can't take a hint that when I say "no way in hell", I mean exactly that.

Of course developers want to make money (I sure as heck do), and it's disappointing that our efforts are unrewarded, but inflicting this sort of crap on people is something I can't countenance.

However, I fully agree that I wish people would pay even that $10 for a piece of software they'll find useful, and use over again!
Wednesday, February 12, 2014 2:03:17 PM UTC
Hear hear! This stuff gets my blood flowing in anger.

It's a real bummer is when i see this affect someone i know. i help out my mom's co-worker with computer stuff whenever she has a problem and she's installed half of this stuff on her machine. The reason she gives me?

"It said that I might be infected"

This stuff is creating a culture of fear, and that's really scary and sad to me.
Wednesday, February 12, 2014 2:57:25 PM UTC
Ghrrrrrrrr!
Ton Nious
Wednesday, February 12, 2014 3:05:32 PM UTC
Hi,

Same happens to me with download.com. It is my nightmare to remove all those conduit search things and unwanted advertisement on browser. Thanks for sharing it. I feel that I also should share How I have managed to remove all those crap.

~Atul
Atul
Wednesday, February 12, 2014 3:11:46 PM UTC
This needs to be fixed at the OS level. Computers need to take a big step toward becoming appliances -- app store only installs, sandboxed apps, no elevated user access at all. Will Microsoft be able to solve this problem? I hope so, but I'm not so sure.
Wednesday, February 12, 2014 3:50:46 PM UTC
What gets me, is that in a lot of your screen shots, the "Decline" button is either reduced to a small, legalese-like link, or is styled in such a way that it looks like it is disabled (gray, with washed out fonts, and such).

As a UX guy, that really ticks me off. How many people are conditioned to the point where they don't even bother trying to click on these links, and pick the Accept button simply because they feel they have no choice?

There's a special place in hell reserved for the kind of people who create (or direct others to create) this kind of deceptive UX.
Mike Loux
Wednesday, February 12, 2014 3:51:00 PM UTC
Well-written. I knew the subject looked familiar - I blogged about it here, but your post gives a lot more examples and is charmingly snarky to boot. Thanks for posting this - more people need to know about stealth installations; unfortunately, I fear that Gram and Gramps will always have 17 unwanted toolbars and an abundance of crapware on their system, because they rarely get beyond Lolcats.
Wednesday, February 12, 2014 4:05:57 PM UTC
Nice! And insane this is STILL a problem. Now why isn't this a problem for Mac users yet? :)

Can't even send people to my old friend Paint.net anymore. http://www.getpaint.net/ . . . the DOWNLOAD button (in a google ad to a site that Chrome will block) is too big and green for people to ignore. And if you DO get the installer I'm sure it has the same problems.

Sheldon McGee
Wednesday, February 12, 2014 4:35:40 PM UTC
The ridiculous thing about the "Bing Bar" and "Bing Desktop" in Windows Update is how even after you hide it, Windows Update considers each new minor version a different thing, so you still see Bing Bar 1.7 even though you hid 1.6, and on and on.
Brad
Wednesday, February 12, 2014 5:08:40 PM UTC
Finally caved and tried to install Adobe Flash on my Surface so I could use youtube. I noticed in the download progress window that two files where downloading. I stopped the whole process and started over. When I paid attention to the fine print and checkboxes, I noticed that an AV software package was also selected. Why??????????????
Richard
Wednesday, February 12, 2014 5:28:49 PM UTC
I had no idea the Download/CNET wrapper was as evil as it was. Now I'm worried for our mothers and fathers.
mga
Wednesday, February 12, 2014 5:30:08 PM UTC
In general, the Chocolatey and Ninite installs use the silent, crapware free install options. I haven't gotten any malware using a Chocolatey installer.
Wednesday, February 12, 2014 5:40:49 PM UTC
Who are the programmers willing to write this junk? Everyone needs a job, but if you're talented enough to do this, you're surely talented enough to work someplace that doesn't eat your soul.
jwp
Wednesday, February 12, 2014 6:02:53 PM UTC
It is surprising how many large legitimate companies are willing to spoil their branding and product perception for these design ant-patterns. Its a quick way to promote the image "I'm a cheap and nasty product".
Dan Kellett
Wednesday, February 12, 2014 6:03:14 PM UTC
For everyone complaining that it's a sign of Oracle's dark, cold heart that the Java installer is bundled with crapware: the original blame for that particular bad decision should fall on Sun, who made it before Oracle acquired them. Then-Sun CEO Jonathan Schwartz even raved about all the wonderful moneymaking opportunities installers for their free software products like Java and OpenOffice provided them on his corporate blog back in 2008. That blog disappeared after the acquisition, but the post in question can be found via the Wayback Machine here (scroll down to the entry titled "The Inside Story (Java, Microsoft and MySQL)").

In Schwartz's words:

[J]ust last month, we distributed more than 60,000,000 Java runtimes, to users all across the planet. The number is growing, as more content is built for Java 6 and the upcoming JavaFX, as more PC's join the network, and as more workers join the workforce (and are assigned Java-enabled laptops). At this point, I'd bet there are about 1,000,000,000 (that's a billion) Java runtimes installed on PC's around the world. With more by the day - each generating revenue for Sun.

As with most of our software products, we don't distribute products without intent - like Google, our products are both a means of acquiring customers, and generating revenue...

Foot traffic still counts, but in today's economy, software distribution's a lot easier to manage and monetize than a real estate portfolio.

After all, who wouldn't want to meet a few hundred million new customers?


Of course, just because a company you acquired had a bad policy doesn't mean that you have to continue that policy. So as the steward of Java now, it does reflect badly on Oracle that they continue this kind of scummy behavior. But it's not a case of Oracle taking something that used to be pristine and fouling it with their greed; it was pretty well fouled when they found it.
Wednesday, February 12, 2014 6:22:23 PM UTC
This is a big reason I avoid Windows when I can. Windows 8.1 is good OS. I've enjoyed using it on occasion, but I can't shake the feeling that when I do I've got a target on my chest. Other systems aren't immune, but in practice using something like Ubuntu makes this a non-issue.

I hesitated posting this because I didn't want to encourage a "My OS can beat up your OS" type of discussion. However, ISVs and Microsoft need to take this issue seriously. Is a walled-garden app store the right approach? I hope not! Is a noisy boycot of Download.com and crapware products the solution? Maybe. All I know is that it's hurting our industry.
Miles
Wednesday, February 12, 2014 6:28:42 PM UTC
I always hated this practice. However, I think we're just seeing a symptom of a deeper problem.

Any software that's free or open source for PCs (that is not a Windows app or whatever) that is being distributed over the internet has distribution costs relating to bandwidth usage. That bandwidth needs to be covered, somehow. Right now, for the most commonly used methods of distribution, the distributor bears the full weight of the distribution costs. It's even worse the more popular your software is.

Peer-to-Peer distribution alleviates this problem, but often P2P has, in the past, been frowned upon due to associations with piracy. And of course, P2P has the possibility of distributing software that's not valid, depending on what kind of cryptographic signatures are used. Of course, that's valid for direct downloads, too, but with direct, you have one primary point of failure (ignoring the routers in between server and client), and with P2P, every peer (with their routers in between peers, etc.) could be a point of failure.

What's needed is an effective way to distribute without the incentive to make money off of the distribution. I'm not sure how that can be developed.

The temptation to profit via actions relating to crap-ware seems all too appealing. Statistically, you have some guarantee that some people will never look into the details and install the crapware, of which some of people will possibly use that crapware, not knowing any better. This information gleaned clearly would have some market value.

In the past I would have advocated some sort of micropayment system (by this I mean payments much smaller than one cent), but I think those systems have been tried in the past with little success. That may only mean those systems had some quality to them that may have guaranteed failure, but it could mean that the micropayment concept itself is problematic due to the way transactions must be processed as defined.

I'm not so sure that some form of micropayments could work if the overhead could be minimized and if payments, which need not need to be money based, only needed to be approximate. But this is so far out of my realm of knowledge that I hesitate to guess what would and would not work besides what I've already stated.
Jay Cox
Wednesday, February 12, 2014 7:47:51 PM UTC
If you can't beat join. You should now incorporate this kind of workflow for readers of your blog. It would go something like this:
1) Click Read Now
2) Confirm TOS before reading
3) Add new SCOTT HANSELMAN toolbar option
4) Confirm you would not like to add new SCOTT HANSELMAN toolbar
5) Allow users to read after still installing SCOTT HANSELMAN toolbar
Wednesday, February 12, 2014 8:09:37 PM UTC
I am VERY annoyed by these dark patterns. No website knows "no" anymore. No means no does not apply to the web?

Do you want to (do something bad for you good for the website)
[YES!] [Later]

Or pages begging for donations:
- i already donated
- i want to donate
- not now

WHAT. THE. FUCK.

When i want to donate, i do so. Maybe you can ask me once, but please not per overlay "popup". And not on each article again. And if i do not want, do not show the content, or leave me alone with your crappy begging. No means no.
allo
Wednesday, February 12, 2014 8:26:37 PM UTC
> I love that! So true! I think this is also what makes us such terrible testers.

The real bad thing is an installer, which selects other default options on custom install than on express install. so you do not even notice, that express is more evil. Btw: Express is already misleading, because it should be default options, express is already a euphemism.
allo
Wednesday, February 12, 2014 9:16:02 PM UTC
You should NEVER use Download.com, which is notorious for this kind of thing, and has been for ages.

However, there is usually a simple solution: you can download more than 16,000 apps from http://allmyapps.com/

Note that you do not need to use AllMyApps' installer. You can go to the program you want and download it directly. However, the AllMyApps program will notify you of new versions and install them if you want. Personally, I prefer Secunia's PSI for this, and it's a good way to get your relatives' Windows software updated without them noticing.

As it happens, the Athtek Skype Recorder isn't on AllMyApps but it's a paid-for program: the free download is a trial version.
Jack Schofield
Wednesday, February 12, 2014 9:27:35 PM UTC
You have no idea how much I can relate to this rant! My mum and dad are forever needing help like this.

The conspiracy theorist in me wonders if the hardware vendors are driving it. Every couple of years, mum and dad tell me they need a new computer because "the old one is getting too slow"... they assume the hardware has degraded, instead of realising it's the amount of crap they've built up.

Chris Rogers
Thursday, February 13, 2014 12:30:53 AM UTC
Sorry this is very very old news Scott. This stuff has been aroung since the AOL days. Where have you been? people have been fighting this crap for 15 years were have you been. Its all the same thing once the had all the options already clicked then they changed it so ya have to click decline you have to READ before clicking anything on thses downloads. Whats really Bad Is our Government doesn't seem to think this needs to be fixed. That Fooling people into downloading and installing software is ok business pratice. Why think other wise no laws have been passed to stop the trickery.

So i really don't know why you wrote this article you clearly are not current on whats happening on the internet or computer software.
Stan
Thursday, February 13, 2014 4:00:14 AM UTC
Google totally ruined it's credibility by doing this very same thing with their toolbar .. they continue to ruin themselves with their crapware chrome browser. Junkware is what it is. If it has to be bundled and deceptively loaded on to a machine via legitimate download, then it isn't worth having in the first place ...
Thursday, February 13, 2014 4:37:53 AM UTC
You, sir, get the Gold Medal in Most Relevant Blog Posting. I despise this sneaky piggy backing. Uninstalling McAffee once because you missed the dang checkbox is one too many times. There is a special place in the TRON garbage collector for these purveyors of unwanted bits. Ugh!
Thursday, February 13, 2014 7:58:32 AM UTC
We all have been victims of this fraud, my Nokia Lumia came installed with some third party applications which I don't want.
Someone talked about Nexus being clean, sorry dude, my Nexus 7 (2012) came with many apps pre-installed, Pinyin input, Play Books, Play Music, Play Newsstand, Hangouts, HP Print Service Plugins etc.)
Last time I shared my laptop with my wife, nightmare started for me, some extension/app installed itself on all browsers(An obscure website will open up when you open new tab), when you go to disable it, you see that the disable button is disabled! Had to uninstall some app, make some registry key changes, I am still not sure its all gone..

All of us are angry about this, any ways to punish these offenders?
Thursday, February 13, 2014 9:25:56 AM UTC
I've had the same problem, then I've found sandboxie, no software is getting installed without it, then I can fish out the program and remove all the spyware.

J
Thursday, February 13, 2014 10:07:11 AM UTC
Everyone: you need to inform the app vendor about this kind of crap being pulled. Seriously. Every time. Tell them, that you are not happy about it and because of that you are actively looking for alternatives to their software. Teach your family to do so, too. And your auntie May. And your dog. Make noise, but to the right direction.
El Dorko
Thursday, February 13, 2014 12:33:08 PM UTC
I believe the solution to this problem is white listed software distribution paradigm. (i.e. app stores)

I think Microsoft should include a mechanism to allow desktop applications to be distributed using this more modern method. This whole download the installation package and run it is so complicated for the regular users in comparison with the app store model anyway and these guys (download.com, Oracle, etc. ) make it even more frustrating.

C Celik
Thursday, February 13, 2014 3:36:37 PM UTC
In UX circles, the name for stuff like this is a "Dark Pattern," a UI or interface that's designed to trick people into making a selection that's against their best interest. It almost has some tie back to money, and in design meetings is usually done to try and squeeze that little bit of revenue out of people that don't know better.

The worst part is that there are so many otherwise decent companies that get caught up in it, and in the end, this stuff is no different from spam tactics, burying small charges on credit cards or phone bills, or tacking on unwanted or unneeded services to a purchase (like those "extended" warranties that are basically just throwing away money).

A good non-internet example that I know of is from a telecommunications company that my wife worked for years ago whose name rhymed with "Q'west" (and is now a part of CenturyLink). She worked in what is laughably called customer service (and was really just sales), and they were trained to sell to customers that called in with problems on the bill. The bills were purposefully made hard to understand, information was intentionally hidden, and mistakes were added to bills to force them to call in and ask for help (and get harassed to purchase more bad services).

The sad thing is that behavior like that, which in most circles would be illegal, is perfectly allowed in today's world. It's what permits toolbar installers, or what has ruined formerly good brands like Download.com (it could also be that CNET is just the touch of death for good ideas).
Nick Martin
Thursday, February 13, 2014 3:37:36 PM UTC
@Tyler - I do believe that Karma has already caught up with Mr McAffee

I also hate the way that certain apps <cough>Facebook</cough> can't be uninstalled from my Android phone, regardless of whether I use it or not.
Bob Armour
Thursday, February 13, 2014 3:38:16 PM UTC
This is so annoying and one of the things I'm thankful about on my Surface RT. No one is writing ARM-based Windows viruses (yet at least).
Thursday, February 13, 2014 7:58:09 PM UTC
@Pete (waaaay up there ;) )

"Not sure we'd want to own the whole transaction and install, as that would require people really checking the software to make sure it's not going to do anything funky (something which happens automatically for apps that target WinRT APIs)"

Well of course you wouldn't *want* to. You think Apple wanted to have a human review every app in their App Store? The idea would seem completely ridiculous, until Apple actually did it. It's something you *have* to do if you want to really have a trustworthy app store.

You'd obviously want to wrap the Win32 App Store apps in something like sandboxie. But it could be done. And it would be worth the effort.
Stan
Thursday, February 13, 2014 9:39:30 PM UTC
Thanks for posting this Scott. I have long since been VERY angry that this happens, especially when CNET first introduced it and ESPECIALLY since all of the big giants (adobe, Microsoft, oracle, etc) all do it now too. Even being very technical I remember the first time i went back to downloads.com to download that piece of software again - then i clicked that stupid green button :-(

Anyway, you rock!
Thursday, February 13, 2014 9:41:21 PM UTC
I'd go as far as to classify Dark UI Patterns as Predatory practices. There are very few situations in which I think it is morally permissible for humans to prey on other humans. Our civilization derives no benefit from predators, and no person should be free to prey on another person, excepting circumstances where the prey is in turn a predator. Governments protect citizens from certain subclasses of predators, and an argument can be made for reclassifying additional predatory practices, including Dark UI Patterns, as criminal activities.
Marquis
Friday, February 14, 2014 4:42:41 AM UTC
In defense of our mutual employer, Bing Bar only seems to come from Windows Update which no seems to do... I'm sorry, this was meant to be a defense. Forget I said anything.

As for the often repeated request to have desktop apps actually install from the Store, I agree that would be great. The challenge of course is in testing and validating those applications. App Stores are part of the solution, but it isn't an App Store alone. Another important feature of modern Store solutions is Sandboxing. Desktop applications can include everything from .NET to Win32 to Assembly and operate at a much lower level than App Store packages. The breadth of runtimes, languages, frameworks and APIs available makes replicating the Store experience on the desktop quite difficult.
Friday, February 14, 2014 7:26:16 AM UTC
Totally agree with you, too much wrapper.. too much downloader..
Sometimes it came along with a malware that very hard to remove/uninstall

Friday, February 14, 2014 9:04:27 AM UTC
Thank You! Thank you very much!!! This made my day, no scrap that, this made my whole week!
I ALWAYS click on "Custom/Advanced Install" and even train all my relatives to do so. The main point though remains that users don't read. Yepp USERS DON'T READ. That in no way excuses this installing behavior, of course.
Friday, February 14, 2014 9:18:05 AM UTC
I believe that is exactly the reason why so many non tech-savvy people switched to iPads from their old home laptop PCs.

Huge amount of crapware (and often viruses, downloaded in similar manner), laptop is getting slower every week, so they felt helpless and not in control of their own device.

Life with iPad is so simpler from that point of view.
mktoid
Friday, February 14, 2014 9:43:20 AM UTC
This post should be translated into all languages and made viral with all users. Maybe that will bring us a change (likely even more stealth approach).

But Chocolatey! That's a godsend! Thanks guys!
Friday, February 14, 2014 2:15:47 PM UTC
I'm a well known Windows Installer expert / evangelist (17 years coding, blogging for 10 years, 5000 posts on InstallShield forum and top contributor on all the related StackOverflow tags ). I've always refused to participate in this crap. I used to have a pretty good relationship with Flexera Software (InstallShield) but I slammed them publically for joining forces with Yahoo! six years ago to create a feature in their product to allow all of their users creating MSI's to embed the Yahoo! toolbar and try to monetize their customers (product) that way. FWIW, yes, there always is a meeting. Problem is I'm guessing that 99% of the people leaving comments on this blog don't want to write installers unless forced to. This means it's the junior developer or some off shore resource who gets tasked to do this crap and he either doesn't care or doesn't know to say *NO*.
Friday, February 14, 2014 8:17:05 PM UTC
That's so close to being malware they can see the whites of each other's beady piggy little eyes and wave.
Friday, February 14, 2014 8:38:17 PM UTC
Well Scott, at least they use ASP.NET to drive their crapware browser plugin uninstall instructions page: http://toolbar.conduit.com/changing-search-settings.aspx.

Just sayin. :-)
Friday, February 14, 2014 11:31:06 PM UTC
I just got an ad from Parallels. A product I paid for. Another dark pattern I would propose.
Friday, February 14, 2014 11:42:07 PM UTC
evil by design.

You know what's a little bit like this ploy in the world of Postal Marketing (Direct Mail) is those envelopes that masquerade as government check mailers or entitlement notices.
Saturday, February 15, 2014 8:57:49 AM UTC
At least my family members are trained to click the little X in the corner when they see an unfamiliar dialog pop up.

When it persists and reopens they know to ignore the Window close windows itself and force close running programs.

If it then persists after reboot ->call me. Combined with the restricted accounts I set them up with. (yes I tell them no support if they get a "home" version of windows) My life is now very care free. Computers that used to sport every crapware you could think of within months have now been crap free for over a year.

But the message of the blog is not that this is impossible, but it should not be necessary. Download.com is in all their hosts files btw set to 127.0.0.1
EC
Saturday, February 15, 2014 9:05:44 AM UTC
I'm so glad that you write about it, it's really becoming a pain in the neck. Downloading and installing applications is not simple and intuitive these days.
Usually I avoid download links that won't start the expected downloading process immediately.
VahidNd
Saturday, February 15, 2014 5:32:21 PM UTC
It strikes me that as developers with a conscience, we should be able to do something about this. For example, the Ask Patents on StackExchange is making headway on exposing & squashing patents that shouldn't be approved (e.g.: Victory Lap). Surely there must be ways we can help the ordinary person.

For example, couldn't we make a user-friendly version of Fiddler that helps users see what apps are spewing into the Ethernet? It could identify the offending program and when it is launched/activated (Startup or opening your browser, for example).

Or maybe we could make a NuGet-like program that people could use, or a website that is better than Download.com and beat it into submission, like StackOverflow did to Experts Exchange.

I know these ideas aren't fleshed out in any way, and they won't be simple. But, just maybe, there is an idea floating among your readers as to how we can help...
Dan Gilleland
Saturday, February 15, 2014 8:50:32 PM UTC
Would it help if someone wrote a browser extension to fix some of these issues?

One example, on the Download.com the big button has the class name "downloadNow". This element could be deleted and then the downloadLink, with Id="loggedInUserDlLink" could have the downloadNow class added.

I guess they would just change markup if such an extension got popular but there's maybe a better solution than the few minutes I thought about it.

Saturday, February 15, 2014 10:20:49 PM UTC
Great article. No idea why companies like Oracle are 'allowed' to spread malware while others are persecuted for it. I know someone that accidentally installed the Ask toolbar while installing Java, and, not only did it completely hijack their browser settings, it didn't even appear in the Control Panel to let him uninstall. It's criminal, it really is, and I'm tired of all these large corporations somehow getting away with it.

It's time Oracle, and others, got called out as spreaders of malicious malware. Instead, all the focus in the media is spent giving the term 'hackers' a bad name, diverting attention from the real spammers who are funding their broadcasts.
Alexander DiMauro
Sunday, February 16, 2014 6:34:05 PM UTC
So true! I've faced the removal of Conduit Search (Search Conduit??) several times recently, always on non-technical peoples' computers. Each time it's taken me at least full half-hour of deleting and re-booting to get rid of it. It makes me wonder,"Where does this come from? Who is behind Search Conduit and are they semi-legit, or pure evil?"

If you google Search Conduit or Conduit Search you get literally thousands of "How to remove" sites. The company's own website doesn't appear until the third page. Finally, up comes www.conduit.com buried amongst all the other sites which tell you how to get rid of them in nine easy steps. Their own site proclaims that they "Engage People", which they seem to interpret as tricking them into installing software they don't know about and wouldn't want if they did. They're moving into the smartphone business too... wonderful!

Wikipedia states that they are a $1.3billion Israeli company having over 400 employees. JPMorgan-Chase invested 100 million in them and owns 7%. Wow! Big business funding malware that it seems like EVERYONE wants to remove if they only knew how. An apparently successful, billion dollar business model based on stealing clicks from Google. Mainstream malware. Is this unusual? What's the world coming to?
Pete
Sunday, February 16, 2014 9:08:43 PM UTC
This is just major bad and completely breaks trust with the software vendor. There is no excuse and vendors like Oracle and Piriform should treat their users better!
Sean Kearon
Sunday, February 16, 2014 11:55:30 PM UTC
Great post, I agree with everything said.

Another 'dark pattern' is the frequency that apps carrying this rubbish in their installers have 'updates'. Big name companies such as Adobe, Oracle (as noted by others) to name a couple who should know better. So I always set either 'notify but don't install' or 'only update when I want to' options so that when I do decide to install an update, I do it when I can give it my full attention so that I don't accidentally agree to anything.

It's so sad that the Internet has degenerated to the point where everyone is seen as a potential mugging victim every time they go online (or even when they reboot their computer). It's not right that you need to be a hardened IT professional to be safe online these days, ordinary users just don't stand a chance any more. They're just Lambs to the slaughter, and the people behind these installers / phishing emails etc etc know it.


InternetCommentary
Monday, February 17, 2014 11:40:26 AM UTC
With Download.com as long as you are a registered user then clicking the Direct Download link will let you download the actual installation file rather than the wrapper. I found that out by complaining to them about the wrapper.
Bobw1951
Monday, February 17, 2014 2:47:02 PM UTC
Download.com is dead to me.
Mike Brady
Monday, February 17, 2014 5:28:04 PM UTC
I've hit all of these problems before and been horribly offended by them. Seeing them all summarized on one page (thank you) filled me with the white-hot rage of somebody who just spent an entire weekend cleaning up my parents' computers. Conduit and many other companies need to find a way to make money that involves *adding* value instead of *subtracting* value. Microsoft and Oracle should be ashamed of themselves for participating in this marketplace of deception.

The Bing Desktop/Toolbar are evil (less evil, but still evil) because Windows Update should be reserved for, well, updates. These software installs piggyback on the fears of well intentioned users who want to be as safe as possible by installing all optional updates.
Monday, February 17, 2014 8:13:42 PM UTC
Please notice that all this shit originates and only comes from U..S..A.. The reason why, is because you you idiots over seas, don't have any consumer protection agencies that force companies to produce quality products, And setup rules of how much crap you are allowed to shove down costumers throat.

I know that we have EU which counter-intuitively, force idiotic rules upon us like the Cookie law.. but that's again to protect consumers against evil evil tracking cookies :D
Monday, February 17, 2014 11:37:28 PM UTC
Fantastic!
Tuesday, February 18, 2014 1:02:28 AM UTC
I was just reading another post today...

Jonathan Oliver: "Why I Left Windows" [and the .NET Framework to develop solely on OSX and Linux for scaling.]

http://blog.jonathanoliver.com/why-i-left-windows/
Tuesday, February 18, 2014 1:06:43 AM UTC
Seems to me like all they did was take a common smarmy business software practice and automate it. For anyone who hasn't had to deal with that, it goes like this:

Me: "Oh, look, XYZ corp has a business application I might want to use, and they offer a free trial!"
--fills out a web form that has a shocking resemblance to a credit app--
--clicks Next, sees Download button, about to click it--
>>RING RING<<
Sales Weasel: Hi, this is Bill from XYZ Corp. Don't worry, I'm not in the Sales Department. I'm in the Department We Don't Call the Sales Department to Try to Fool Stupid People. I see you recently downloaded our trial package. I'm just calling to see how your trial is going."
Me: "I haven't downloaded it yet."
Sales Weasel: "Oh, well do you have any questions before you buy it?"
Me: "Um, what?"
Sales Weasel: "I'm sorry, I meant to say, will that be credit or PO?"
Me: "I haven't even tried it yet."
Sales Weasel: "That's OK, we're the best. You can take my word for it. So, what was that credit card number?"
Me: "I have to go now."
Sales Weasel: "No problem, I see you're busy. I'll call you back in six hours. And by 'in six hours', I mean every six hours until you come to your senses and buy our product or your legal team sends a formal cease-and-desist letter."

People not in a position to try corporate software seem to always be shocked at how many "legitimate" businesses employ such harassment tactics. As far as I can tell, somebody at Download.Com saw all this and just figured, "Hey, I can write an installer package that does pretty much the same thing." And here we are. At least the digital gunk can be removed. Not that I'm a fan, or anything.
Tuesday, February 18, 2014 2:22:34 AM UTC
I just spent an hour dealing with what Conduit did to someone's computer today. Very frustrating - especially for non-technical users who have no grasp at all of what's good, bad, and/or malware.

Ultimately, I think these things are a direct consequence of ad blockers and general "banner blindness". If consumer users are unwilling to pay for the product or even support it by viewing advertising, these invasive monetization schemes are only going to continue getting worse.
Tuesday, February 18, 2014 7:21:20 AM UTC
I just had the same shit from SourceForge when I tried to install FileZilla FTP server today. I know they have to make money somehow, and they must surely be hurting over their loss to GitHub, but taking someone's open source code and open source installer and then wrapping it in your own crap was just wrong wrong wrong.

And then of course, people blame Windows even when the same stuff could be done on Linux or a Mac... An overlapping group of people then complain when MS attempts to do a bit of a walled garden. A happy medium would be side-loaded "modern" apps where you can restrict what they can and can't do rather than giving them access to your entire user account token.
Tuesday, February 18, 2014 8:46:34 PM UTC
I gave up on adobe reader bloatware many years ago. Switching to Foxit was a breath of fresh air.
Andy
Wednesday, February 19, 2014 6:20:34 AM UTC
Today wanted to download a widely-recommended program to convert a VMWare virtual hard drive to VHD. A quick Google search led me to the company's website which required me to register to the site to download, so I thought I would look around to see if I could get it without registering.

Back arrow to Google results...Third link down was a Tucows link. They've always been good guys! Let's get it from them! Anyway, the user experience to download was almost identical to Scott's, expect there isn't a tiny "direct download" link on the Tucows page; you have to use their download software and opt-out of all of the junk. The Tucows download software looked very, very similar to the download.com software that Scott screenshotted above. It must be made by the same company.

Never again, Tucows. Never again.
Ken
Wednesday, February 19, 2014 3:09:53 PM UTC
Thanks man you make me laugh.
Charles Teague
Wednesday, February 19, 2014 10:12:30 PM UTC
Never suffer from any of this. I also never used windows(tm), or other closed software blackbox soft that no user really knows what it does. I use Debian. I wonder if that is related.
Carlo Wood
Thursday, February 20, 2014 7:33:52 AM UTC
Sourceforge was the one that really disappointed me. Never thought I'd say it but death to sourceforge! But at least with them you can understand it -- they're poor. But Adobe; Oracle; You suck!
D Watson
Thursday, February 20, 2014 5:44:09 PM UTC
They make people fool by uninstall the crap for the software that is freeware. The person who made software got their user confused that developer want to install crapware when Cnet do it.

Here is my post that I write last months http://geekswithblogs.net/anirugu/archive/2014/01/14/how-cnet.com-install-spyware-in-my-pc.aspx
Anirudha Gupta
Saturday, February 22, 2014 12:46:22 AM UTC
I was going to download Windows 8.1 and Windows Server 2012R2 evaluation to run in virtualbox.

I find out I have to install akamai download manager, not only do I not want to install this, or have to learn what it does. WTF is wrong with having a DVD iso to download via HTTP

When I find no other solution I reluctantly try and install it on my mac and it does not even install !

Who decides forcing this shit on people is a good idea.

Paul
paul
Wednesday, February 26, 2014 4:26:26 PM UTC
I haven't used cnet's download website in 2 years for this very reason. I really wish oracle would take out that toolbar option. i split time between .Net and java platforms, the number of clients that accidentally miss unchecking that is huge. It really just feels unprofessional and money grubbing on Oracle part :/ .
jonny
Monday, March 03, 2014 10:11:05 PM UTC
Here, take this Scott: http://unchecky.com/ :) It really helps!
Tr
Friday, March 07, 2014 7:54:24 PM UTC
I would definitely agree, this new way the Internet is steering in optimising revenue and not providing any value is the wrong way to go, and nothing to be proud of.

I've spent numerous hours trying to uninstall some of these "sticky" apps(apps you struggle to get uninstalled) on my parents pc. More publicity is needed, especially for the less technical users out there.

thanks for a great post.
Monday, March 10, 2014 7:12:00 PM UTC
I had downloads to downloaders. Ex. Web Platform installer, adobe flash, java etc. They advertise (size 150kb) or something and in the back of your mind you are thinking IIS + media wiki, + drupal + ++ okay how big is this really going to be? I have a 250Mbps internet connection I don't need a download to "manage" my download: that is what OS/browser build in tools are for. To add insult to injury most of them don't offer any pause/resume functionality so they are just duplicating what you get from the browser for free.

Also a couple years ago, it hasn't happened lately (companies got better behaved? I doubt it): I remember downloading free software of some sort (torrent client, Firefox something like that) that I could have sworn I remembered to untick each of the install a browser addon, install an antivirus tool etc. After installation my homepage was changed to some third party, I had a browser plugin and the stupid AV was installed. I removed all and thinking okay must have been my mistake I must have missed one of the opt outs. So I repeated again and the same thing happens. I get that these are ad supported programs but how many times is reasonable to ask someone if they want to install something else along with your app? The Google plugin for whatever reason seems to be one that they particularly want to cram down your throat.
Mike
Saturday, March 22, 2014 3:09:44 AM UTC
I would like to thank you for the efforts you have made in writing this article..
Friday, March 28, 2014 10:38:58 PM UTC
Hello Scott. I am not a programmer but I have learned alot from your blog and many comments. Funny I was sent here to learn more from a link on lo4d.com which seems to be some kind of clone of download.com without those extra offers and toolbars.

It looks like what these companies are doing is criminal. I'm surprised there has not been any kind of lawsuit since this has been going on for so long.

Seriously, this blog explains so much.
Tom
Tuesday, April 01, 2014 5:47:40 PM UTC

I am a software professional and well aware of the risks. Nevertheless I am human and make mistakes like all other people. Just today I wanted to install Firefox and by mistake ended up using the cnet installer. I caught it just a minute too late. To be safe I used system restore to hopefully rid the machine of the garbage cnet put on. My objection is that this behavior is both wrong and wrongheaded.

It is wrong because they are being underhanded and tricking people. This should be illegal and criminal with both jail time and massive fines for any site that does it.

It is wrongheaded because I will be sure to not use the site that does this; the software that they tried to install and will be a resentful of those who tried it for years. It will drive away customers for a short term illusory gain.

It is like a merchant taking your twenty dollar bill. Then claiming you only gave them a ten dollar bill. It is cheap; it is underhanded and it is sleezy.

For a company from Oracle to Cnet to do this it says more about their management. It shows they are not people I want to do business with. Sure I may have no choice in case of Java. However I would remember that if I ever wanted to chose a database. Why should I do business with a company whose top management are scum?
frabii
Sunday, April 13, 2014 8:11:05 PM UTC
I quit using CNET for downloads because I realized it was installing the same Conduit thing that I was having to spend hours scrubbing off my daughter's laptop. What can they *possibly* be thinking?
slfisher
Monday, April 14, 2014 4:29:00 AM UTC
Use ninite.com and they click 'No' for you.
Kernimg
Monday, April 14, 2014 1:46:42 PM UTC
My mom is not very tech savvy so she called Comcast to help her fix her wireless internet. The Comcast tech installed the Comcast IE toolbar on her computer and it slowed her machine down considerably. It ran like new once I uninstalled that toolbar for her.
Greg
Saturday, April 19, 2014 3:57:20 PM UTC
Hello it's me, I am also visiting this web site regularly,
this web page is genuinely fastidious and the visitors are really sharing nice thoughts.
Name
E-mail (will show your gravatar icon)
Home page
 
Comment (Some html is allowed: a@href@title, b, blockquote@cite, em, i, li, ol, pre, strike, strong, sub, super, u, ul) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.
Live Comment Preview

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.