Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What About Malware That is Hidden in a Download?


  • Please log in to reply
10 replies to this topic

#1 pdmike

pdmike

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:12:28 PM

Posted 15 May 2015 - 10:56 PM

I am told that a good way to protect your computer from malware is to carefully look at all of the "additional stuff" that they intend to send to you along with the program you want to install and uncheck all of the boxes for stuff you don't want.

 

Fair enough - but this assumes that the malware is out in the open for everyone to see and you have a chance to avoid it by unchecking the boxes.

 

I worry that malware is going to be installed on my computer without my ever being given the chance to uncheck any boxes.  In other words, don't they "hide" malware sometimes so that you not only don't know it is being bundled with the program you want, you also never had the opportunity to avoid it?

 

So what do you do in this latter case?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 15 May 2015 - 11:04 PM

Hi pdmike :)

Usually, bundled installers will give you the option to opt-out these additional programs, often referred to as PUP (Potentially Unwanted Programs). Depending on the installer, you'll face different situations like one where you have to pick a Custom installation to opt out these programs, one where its an Advanced Installation, once where the opt out option will be greyed out but still clickable, etc. The trick here is to download programs and files from legitimate sources, ones that do not offer bundled installer, simply a direct download to the program or file you're trying to obtain. If it doesn't offer that option, then you should try another website, if this wasn't the official website for what you were trying to download. The kind of installers you are talking about do exists, but they are less commom then installers which actually offers you the option to opt out additional programs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 pdmike

pdmike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:12:28 PM

Posted 15 May 2015 - 11:17 PM

I know that I have to remember to uncheck "Install Google Chrome" every time I want to download anything, it seems like.  Also, I have to uncheck a box or two every time I update iTunes.  But Google Chrome and Quick Time aren't malware.  How do you know that you are looking at a piece of malware in order to uncheck it - is it just a good rule to uncheck everything if you don't know what it is or you do know and don't want it?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 15 May 2015 - 11:20 PM

The way I see it, if I download a program and it comes in a bundled installer, I'll unchecked every additional programs it offers me. Why? Because I just want to install the program I downloaded the installer for, and not the ones that they propose me. Sure, programs like Google Chrome and QuickTime aren't malicious but do I want them to be installed on my system? No. So I simply opt them out. I always opt out QuickTime when updating iTunes because I dont need it. I always opt out McAfee Security Scan Plus from the Adobe website when downloading one of their program because I dont need it. I always opt out the Ask Toolbar from Java because I dont need it. Usually, Googling the name of a software tells you pretty quickly if its malicious or not. If its not malicious, doesn't mean you want it, and that is what you can call a PUP.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Drew1903

Drew1903

  • Banned
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 16 May 2015 - 02:19 AM

I know that I have to remember to uncheck "Install Google Chrome" every time I want to download anything, it seems like.  Also, I have to uncheck a box or two every time I update iTunes.  But Google Chrome and Quick Time aren't malware.  How do you know that you are looking at a piece of malware in order to uncheck it - is it just a good rule to uncheck everything if you don't know what it is or you do know and don't want it?

Mike,

We should be mindful not to mix apples & oranges. While you are right to have a concern about unwanted things going in, we are not necessarily talking malware. Then again malware can install w/out the End User aware, usually is the case.  But, the former can be controlled by the End User by watching for it & unchecking boxes (like Chrome & Google Toolbar for IE w/ Java).  Malware, by its very nature, is not so visible... BUT, that is why we have things like MSE & Windows Defender & SpywareBlaster working in real-time to fight malware.  Additionally run Malwarebytes maybe wkly, just to be sure.

 

The 1st, just be alert & don't (also) take anything but, the things that was, actually, wanted initially.  The 2nd, have good tools & keep up to date w/ definitions & versions.
 

Cheers,
Drew

thO622AIFO_zpsncnl0jup.jpg

 



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 16 May 2015 - 03:03 AM

About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Sometimes installers might not give you the option to opt-out (as in the case with DaemonTools) - that is where the real-time protection of anti-malware software like Malwarebytes and Emsisoft kick in. Most PUPs are easy to block (let Malwarebytes Premium quarantine its installation file and you're good), but are a PITA to remove once they have taken root on your system.

Calendar of Updates' Installers Hall of Shame is an useful place to keep an eye out for software that bundles. When you are going to install something, go to the Hall of Shame and search if the software in question is in there - it will save you a lot of headache.

Edit: PUPs are called that way because they aren't malware - they don't do anything to harm your computer (or so their makers say)... but I have not seen one single case where the user installed them willingly, maybe except researchers who want to make detections for them. :lol:

Edited by Alexstrasza, 16 May 2015 - 03:19 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:28 PM

Posted 16 May 2015 - 05:51 AM

Folks need to take some personal responsibility and educate themselves about the practice of bundling software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 pdmike

pdmike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:12:28 PM

Posted 16 May 2015 - 10:33 AM

Thanks you to all who responded to my question here.  I have learned much and will put it to good use, believe me. :thumbup2:



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 16 May 2015 - 10:55 AM

No problem pdmike, our pleasure :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Drew1903

Drew1903

  • Banned
  • 1,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 16 May 2015 - 11:21 AM

You're welcome :)

Cheers,

Drew
thO622AIFO_zpsncnl0jup.jpg
 



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:28 PM

Posted 16 May 2015 - 05:12 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users