Allow me to walk you down the garden path to the briar patch called Freeware; a segment of the software industry that just needs to go away. Now I am not referring to such organizations like Open Source Foundation, Open Office, Open Libre, The Apache Foundation, or the authors of Squirrel, Firefox, MySQL, Notepad++, Filezilla and many others. The downloads they initiate are transparent and they as yet do not participate in this debacle. I am condemning at least two organizations once deemed forthright and noble; cnet.com and sourceforge.net that are promoting this demonic version of free stuff.
I can empathize with coders who have developed apps for narrow niche needs. Some live off of donations. Other coders moved up to Tryware, but savvy users quickly discovered that if a restore point is set first, users have unlimited use of a time limited app. More and more developers are succumbing to the siren song of shady business operators offering them “bucks per download”. These aggregators wrap the developer’s program in an “installer” that will make further software offers to the hapless end user in addition to the app being sought. The aggregator has a lawyer-centric EULA and is shrouded in a corporate veil.
This aggregator then turns around and sells his install slots to many and varied advermin who are supposedly offering daily horoscopes, recipes, or browser enhancements and plug-ins, when in actuality they are stealing your personal data. The four major browsers are the major focus as that is where we do most all of our work these days and the theft of your personal data is the easiest to pull off. These advermin perform a whole litany of unholy work, from directing pop-up ads to your screen, resetting your homepage, changing your search settings, gathering your search and navigation history, passwords, and archives of secured web pages, then sending them to who-knows-where, usually to Madison Avenue. This activity has been so ingrained and corrupted that major advermin product, that is stealing your private information off of your PC, is not even flagged by Norton/MacAfee, as even they have been bought off. The two degrees of separation between the end-user and big business allows the insurance companies and car manufactures to plausibly claim denial in the theft. The dirty deed is complete as even though you refuse all these offers, some installers will still imbed advermin code when you answer ‘yes’ to the “making changes to your PC” warning box as you install your requested freeware. Recent de-compilations of some advermin code indicate stolen data is being sent to servers in Panama (Chinese) and Eastern Europe (Russians).
The solution to this problem already existed until Microsoft got greedy. Along with Windows 95, MS offered developers a service of “signing” new applications so the op code could not be changed after publication and the author/owner of the application would be identified. When a program is loaded by the OS, the EXE is parsed using an encryption algorithm, and if it fails or the program was never signed, the user receives a warning saying that Microsoft does not “trust” this code and the user should abort the load. Later, MS began charging over $10,000 to “sign” a single application once, and now not even the big-time developers bother to have their applications “trusted” by MS, and we are now all blind to the “trust” warning. Contrast this with Apple, who charges developers $100 a year to sign a reasonable number of apps under IOS, all IOS apps must be signed, and the IOS apps can only be distributed through the Apple Store. Misbehaving apple apps are quickly discovered and the perpetrators prosecuted.
My recommendation for Freeware users is not simple.
- Get to know all the entries in Add/Remove Programs. Google the names you don’t recognize. e.g. Bon Jour is a needed program if you are a regular iTunes user.
- Make a full hard drive backup of your PC drive before navigating to a download site. In today’s environment, unless you can re-create your system from resources at hand, an occasional logical drive backup is a must! If everything goes south, this is the ultimate ‘save’.
- Avoid “installers” if at all possible. Learn how to use ftp: and manipulate .zip, .tar, .cab and .msi files to install the software.
- Make a restore point before the download.
- Download only one app and follow steps 6, 7 and 8.
- Examine each screen carefully in the download process. Read each “Terms and Conditions”. Some Advermin will actually tell you what they intend to do.
- When the installation is complete, restart your system. Best to know immediately if your OS is gonna crash.
- Go to Add/Remove Programs and look for entries that are new. Google is your friend. Remove anything that looks fishy.
If you are using a freeware program through an “installer” for a specific task and you are finished, you might consider uninstalling the program and restoring the system at the point you created in step 4. Though not a guarantee that it will disable/remove a possible advermin, it would be prudent.