Pittsburgh Tech Guy

So how did I get that malware on my system is the question I get more than anything.  From the look of things, you probably installed it yourself.  It typically came from some legitimate software that you wanted to download.  

There was a time when we went to some good download sites and clicked on the Download button to download software. And what we got was – software. But times have changed now, and things have gotten a bit messy. Now you have to be very careful before you click on any Download button or link, because you never know what you may end up with! You may go visit a download site to download, say our 340KB Ultimate Windows Tweaker, and end up with a bunch of other crapware you did not ask for!

Why have things come to this stage?

Over a period of time, something somewhere changed. Reputed download sites started getting a lot of traffic. Search Engines rank these sites well, so many visit them to download software. People trusted them. Then came a day when such sites decided to encash that trust – and betrayed their users! It was all about money!

They started offering Installers!

CNET is one such site. So are BrotherSoft, Softonic, FreewareFiles and Tucows. The open-source download site Sourceforge is yet another example! I am sure there are many more. So what are these Installers or Downloaders? They are nothing but setup files that try and first push third-party offers, bundleware and potentially unwanted programs on to your computer before giving you access to the file you want. This is how the downloaders or installers look like.

The CNET website explains:

The Download.com Installer securely delivers software from Download.com’s servers to your computer. During this process, the Download.com Installer may offer other free applications provided by our partners.

Brothersoft states its Download Manager policy as:

The program you want to download will be downloaded through Brothersoft Downloader, making the download process much faster, showing a progress bar and ensuring the program is virus-free.

Says SourceForge about its Installer and third-party offers:

Our mission is to help open source communities to grow, and we understand some projects need funds to be sustainable. We have taken every effort to ensure that the offers that you’re presented with are trustworthy and legitimate, and not a conduit for malware, spyware, viruses, or otherwise malicious software. All offers presented via this installer are subjected to a rigorous verification process to ensure that you are safe. Furthermore, if you don’t choose to accept the offer, the installation will continue, and you’ll hear no more about it. Nothing is installed without your consent, and no personally identifiable information is sent anywhere without your consent.

Don’t press the green Download Now button blindly

When you go on to download some software, you may see a big Download Now button. Most people will typically click on this button, and end up downloading the download sites installer, which is ad-supported and may include third-party offers. Most don’t see them and keep clicking on Next > Next, and end-up with software they did not want on their computers. Fortunately, for those who are sharp enough, you can see a Direct Download Link too. Its very small, but its there on most sites, including CNET. All Download.com Installer enabled products now have this Direct Download Link that you can use instead of the Installer. So remember to click the small Direct Download text link instead of the large Download Now button or link.

If you can, try to find the direct site of the software.  Anytime you get it from a third party website, chances are it is coming with malware.  Whenever you do install, do a custom installation.  Do not do the recommended installation.  Do a custom and it typically will list what will be installed, UNCHECK everything other than what you wanted.