Has the antivirus industry gone mad?

By | January 19, 2015
Print Friendly, PDF & Email

Our friends at Emsisoft wrote and gave us permission to publish this article on our Web site. We’ve exposed Avast and AVG before – they install PUPs and search engine and browser toolbars and hijackers. Supposedly free, the price you pay in aggravation may make you take another look at them. And considering neither Avast nor AVG have little or no protection from PUPS — it’s no wonder, since they install PUPs too – the price of these two free antivirus programs may be more than you’re willing to pay.

We’d like to thank Emsisoft for conducting this research and validating our own research into Avast and AVG installing PUPs.

Has the antivirus industry gone mad?!

We have seen a concerning trend that is about to spiral out of control: Potentially Unwanted Programs (PUPs) are further on the rise. What’s even more concerning is how they are spreading. After big vendors as Oracle (Java) and Microsoft (Bing and Skype) started bundling, now antivirus vendors have joined the game. We did research on some of the most popular PUP practices among the freeware antivirus vendors, and the results are quite disturbing.

PUPs want to get on your computer to make money off of you

First, lets quickly recap what PUPs are and why they’re spreading like wildfire. PUPs are programs in the form oftoolbars, adware, plugins or other downloads that sneak onto your computer. PUPs are not classified as malware (yet?), since they’re not always harmful but pretty much always annoying, hence the name “potentially” unwanted. But, PUPs are getting more and more unwanted than ever: just the fact that you don’t know what you’re installing is undesired. If you notice a sudden change in your computer’s speed, notice your search engine changed, experience annoying pop-up ads, notice new toolbars in your browser menu bar or any other sudden change in your computer’s behavior or layout, chances are high that your computer has one or more PUPs installed.

pup-toolbars

PUPs come in many shapes and forms, but they all have a few things in common:

  • PUPs want to make money off of you. PUPs want to be on your computer for a reason, to make money off of you. The most common form is by hijacking your browser: they can then show you ads, monetize or sell your search and/or browser behavior or redirect your homepage.
  • PUPs use aggressive distribution methods to get on your computer: we specifically used the word “sneak” onto your computer, because in the large majority of the cases, the user is not aware that he/she is installing a PUP.
  • Most PUPs don’t have any significant value or advantages, so PUP producers have to get around this by paying other software vendors or distributors such as download portals $$$ per new installation that they get them.
  • PUPs are often brought to you by freeware vendors: they frequently get on your computer bundled with a freeware program. While you’re installing program A, you also install one or more PUPs, often without knowing you did. The freeware vendor gets money from the PUP producer to do this, up to $2 per install.

Danger! Do not try this at home: download the top 10 apps on Download.com

11248853_sPUPs are not new. But its a very alarming trend that more and more large freeware vendors and distributors, such as download portals, are distributing PUPs in high volume – all in exchange for quick cash. Even Sourceforge, a hosting platform for open source projects, started to add PUPs to their downloads, without the consent of the developers who run their projects there. Tech website HowtoGeek recently showed what happens when you download the top 10 listed apps at Download.com ranked by download volume:

“We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. We’ve been railing against freeware download recommendations for years, so we thought, why not have some fun and see what really happens if you download software like a regular clueless user might?”

The result of this test: ALL the top 10 apps on Download.com come with bundles or PUPs, some loaded with them. HowtoGeek even recommends users to not do this at home on your primary PC, unless you want to make your computer a “smoking pile of useless.”

Antivirus programs have joined this nasty game too

Now, here is the top 10 Download.com list that HowtoGeek used for their test:

Capture

Does anything stand out to you on this list? There are two antivirus programs on there! Ethics in the software industry seem to be lost completely when even antivirus vendors bundle PUPs with their software. Now look at the download amounts in the above screenshot: up to one million downloads a week. Add to that downloads from other sources, and the fact that PUP producers are willing to pay anything from a few pennies to USD$2 per install, and it can give a rough idea how much money there is involved in this business: thousands if not millions of $$$. We learned that before as well when Emsisoft got approached for a similar PUP bundle deal.

Fact: 7 out of 8 tested free antivirus suites bundle with PUPs

We decided to further look into this and do the same test with other free, full antivirus suites, and the results are pretty shocking:

All tested free Antivirus programs come with toolbars or PUPs of some sort – except Bitdefender Free. A lot of them have a “rebranded” Ask toolbar that generates considerable pay per install (PPI) revenues while they’re labeled as part of the vendors own security solution. Some disclose they use Ask (for example Avira), others like AVG go as far as adding pops with coupon deals.

Antivirus programs are supposed to protect your computer from viruses, yet many of them give you a questionable program during installation, without clear disclosure. Below is the list of 8 free antivirus programs and the type of PUPs they give you during installation at the time of posting. Please note that we only included full antivirus suites, not scanner-only products.

pro-icon Bitdefender Free: as mentioned before, Bitdefender Free is one of the only clean antivirus vendors that does not come with any PUPs.

contra-icon Comodo AV Free: changes home page and search engine provider to Yahoo during the installation process, unless the user unchecks the box.

Comodo-yahoo[1]

contra-icon Avast Free: offers Dropbox during installation by default, unless you uncheck the box. No toolbars are installed.

avast-dropbox[1]

contra-icon Panda AV free: installs Panda Security toolbar, yahoo search takeover and MyStart (powered by Yahoo) home page takeover. No product rebrands, at least the installer is clear that both are Yahoo products.

panda-yahoomystart[1]

contra-icon AdAware free: installs WebCompanion by default unless user unchecks the box. Also installs Bing Homepage takeover and Bing search takeover by default, unless opted out. Discloses that AdAware offers these programs to keep the software free.

AdAware-wcomp-bing[1]

contra-icon Avira free: offers Dropbox after installation. Takes over search with Avira Safe Search, which is a a white-labeled version of the Ask toolbar. Avira does disclose that it partners with Ask, and states that it “chose Ask.com to be our partner in bringing you the SearchFree Toolbar because Ask.com is one of many vendors whose products offer functionality which we believe our users will value”.

Avira-safesearchext[1]Avira-safesearchhome[1]

contra-icon ZoneAlarm free AV + Firewall: with Custom Install: Zonealarm homepage and search takeover.This is a rebranded Ask toolbar, which is not mentioned on ZoneAlarm’s website.

ZoneAlarm-search[1]

contra-icon AVG free: installs Web Tuneup, including AVG SafeGuard. Sets AVG Secure Search as homepage, new tab page and defaults search engine. Toolbar is Ask powered, although this is not explicitly stated. Also offers AVG Rewards, which displays popup advertisements with coupons and deals.

AVG-safeguard[1]
AVG-safeguardChrome[1]

Popular ways for free Antivirus programs to make money with PUPs

Looking at the above screenshots, we can see that the antivirus vendors have a few popular methods to make money with PUPs:

  • Search Engine Takeover: you now set your default search engine to the software vendor’s choice, there’s big money to make there. Just look at this company called Google.
  • Ask Toolbar: do a quick search on Google for the Ask toolbar, and you’ll learn quickly why the first results page is full of “How to remove the Ask toolbar” and “How to get rid of the Ask toolbar”.Ask_toolbar
  • Rebranded Ask Toolbar: even worse than the Ask toolbar, the rebranded version is a white-labeled Ask toolbar where the software vendor gives it a different name and look, while it’s just the Ask toolbar in disguise.
  • Homepage take-over or new tab: “free” guaranteed traffic to a website anyone?
  • Your data, search and browser behavior: it is not known what antivirus vendors do with your data. It is known that they are watching you and track you. Do you trust whether they do anything with this data? Tracking and selling browser data and other personal information has been a big business for years in the internet industry, so who knows.

What’s disturbing about all the methods these antivirus vendors use is that in the majority of the cases, the PUPs are included in the default intallation, unless a user opts out or reads the small fine print. Sometimes the PUP install is not disclosed at all, or hidden. It’s rarely explained what the installed PUP actually does, if anything. Questionable tactics to get onto computers of unknowing users. 

When the product is free the real product is YOU

As HowtoGeek states as well, it doesn’t matter what download site you use. The people that make the freeware are the ones bundling. Some download sites bundle on top of that but it’s not the root of the issue. They’re a player in the game. As HowtoGeek states it in their article: 

“There are also no safe freeware download sites… because as you can clearly see in the screenshots in this article, it isn’t just CNET Downloads that is doing the bundling… it’s EVERYBODY. The freeware authors are bundling crapware, and then lousy download sources are bundling even more on top of it. It’s a cavalcade of crapware. Each time we ran through this experiment over the last few months, different software would end up being bundled in a rotation, but every single software that bundles itself ends up bundling the same culprits: browser hijackers that redirect your search engine, home page, and put extra ads everywhere. Because when the product is free the real product is YOU.”

Do freeware users “enable” the PUP business?

Let’s clearly point out that not all freeware is bad and relies on PUPs, but the good ones have unfortunately become an exception to the rule. The few examples of good freeware are:

  1. Trimmed down versions of full products. where the free version gives an idea of the product and provides basic functionality while the vendor tries to sell a higher edition of the same software.
  2. The open source community. where people create software for fun or to help make the world a better place. Although this is a tricky one: sometimes others use open source projects to add PUPs by fake imitations.
  3. Projects that live of donations, although these have become rare.

alert_pupThe rest of the freeware vendors need to resort to software bundles to make money. Are people enabling the growth and distribution of PUPs by continuing to download this freeware? In a way yes, but you can’t blame them really. Most of them just think a free piece of software sounds like a sweet deal, but have no clue what it may come with. At most you can blame them for the fact for not looking into why a piece of software is offered at no cost.

PUP producers know that what they do is misleading, freeware vendors know PUPs are highly questionable and antivirus vendors for sure know that it’s unethical. Therefore, all these players will go great lengths to hide the fact that they are bundling PUPs. They will make sure that they fulfill the legal requirements sharp, but use any possible way to increase the spread of those unwanted programs. The fact that vendors are willing to put their ethics aside and their reputation at risk for quick cash, says a lot. PUP distributors are taking advantage of the average “unknowing” computer user. 

Conclusion: be careful with freeware, paid software usually doesn’t come with PUPs or bundles

The amount of PUPs will spread further and they will become nastier and sneakier in form if people don’t take action. The only way to make a change is collectively. Even if you are a PUP-free antivirus user, you are affected by the rapid growth of PUPs. You will hear about them more, see them blocked more, see more and more signatures updated to your antivirus program to detect all the different types of them. For example, Emsisoft’s malware analysis team now spends half of their overall analysis time on PUPs, while we could spend this time towards other resources and other types of malware to protect you from other internet threats. At least, users need to demand full disclosure so that they are given a chance to make a conscious choice whether they want to download a piece of software or not, and so that they know what they are downloading. Bottom line is, be careful with freeware, paid software usually doesn’t come with any PUPs or software bundles.

Did you ever find PUPs on your computer? Are you surprised by these PUP practices and the fact that freeware and antivirus vendors participate? Share your opinion and leave a comment below.

Have a great (PUP-free) day!

Source: Emsisoft Blog

Get Emsisoft Anti-Malware from us for $10 off – always.

10 thoughts on “Has the antivirus industry gone mad?

  1. Linda

    I am not quite sure that there is a “free” Emisoft. I am sure though that someone will be able to answer your question though.

    Reply
  2. Rita

    Emsisoft offers a free TRIAL which is absolutely safe. When the trial period runs out I’m sure you’ll want to purchase the full version. You’ll not only get the very best AV program on the market, but if you make your purchase through Cloudeight you’ll also save $10.00. It’s a win win.

    Reply
    1. infoave Post author

      Also wanted to mention that after Emsisoft’s trial period it still remains viable but it does not provide real-time protection. Rita steered you right.

      Reply
  3. Cleste Hall

    Will warn my friends with this information; however, I have Emsisoft and don’t worry. I have not been getting the Cloudeight InfoAve Premium since I changed my email address. I have forgot how to inform you of that change from chall522@yahoo.com to chall2258@gmail.com. Please make the change or instruct me on how to go about it.

    Reply
  4. Dollie Glover

    Avg. & Avast put pups & spy ware on my computer I had the free versions. I had avg. for a few years it cost me 100.00 & several trips to computer master to have the spy ware removed. They finally had to reinstall my windows. Then I got Avast free antivirus & they did the same thing to me a few months later. Now I have cox computer help with mac avee antivirus. And have had a few problems but paying the 10.00 a month Cox support they get in my computer & takes out the spyware & virus’s. I like that remote help!! I would not reccommed the the free version of AVG, or Avast. The pay version might be OK?

    Reply
    1. infoave Post author

      The pay version is just as ineffective as the free version. Don’t know about the PUPs because we’re not going to pay them to find out. But I wouldn’t put it past either AVG or AVAST to install PUPS with the paid versions too.

      Reply
  5. Mary Mulroy

    Not a good idea to publish your email address on such a public place.

    Reply
  6. Sue

    Some people can’t afford to dish out money for all the things one needs for their computer so we rely on free programs. My husband and I live on our SS. We are using the free version of Avira. Is Avira corrupted like all the Anti-virus programs you mentioned? The way things are going, the only thing left is to stop using the computer. Stay off the internet on your Ipad and cell phone. The first of the month. my computer Froze. I didn’t have to take it to some repair shop to have it fixed because my son rebuilds and fixes computers for the family. It started out as a hobby, sort of. This is not his occupation and he doesn’t charge me. He is so busy in his line of work. Not much time for other things. I definitely understand; What time he does have, he doesn’t want to work on computers. He had my computer for two weeks. I’m constantly downloading PUPS and sometimes a virus or two. What’s a person to do when a program is needed and it has to be downloaded. I was using Avira to check for viruses and malware before I installed it. Also, moving on to another subject. I can’t remember what I downloaded but on two occasions, I ended up with Norton and then McAfee. I read the fine print and uncheck the boxes, the two anti-viruses were downloaded onto my computer any how. I had one awful time getting rid of them. I did some research and found two removal tools online, one for each anti-virus. It worked but not until I got the removal tool (for Norton) back from Avira, it saw it as a threat and moved it to quarantine. 🙁 :'(

    Reply
    1. infoave Post author

      Sue, we know that not everyone can afford to buy software, but owning a computer in today’s Internet environment is like owning a car – you can’t own a car without taking car of it. You can keep putting off repairs to save money, but if you do, eventually it’s going to cost you and cost you a lot more than had you just kept up with repairs.

      Avira – like Avast, AVG, and most others has little malware protection and even less PUPs protection. And as we’ve reminded people many many times that the days when viruses are the biggest threat are long gone. The biggest threat to Internet users is malware and PUPs. Like the car analogy, you can save money by using a free anti-virus but over time, if you’re like 90% of other users, your computer will begin running poorly, Web sites won’t load correctly – and some won’t load at all – ads and will appear seemingly from nowhere and it will get to the point where you’ll have no choice but to have it repaired…which will cost you several times more than purchasing Emsisoft. It’s highly unlikely you will find repair service available for $30 – unless you have a friend who knows what he or she is doing. And know one knows better than us – it’s not something most people know how to do correctly and it can be extremely time consuming. Darcy and I have worked on thousands of computers – most of them infected with malware and pups. If these are not completely and correctly removed they can come back. It’s not easy to do – perhaps though your son can do it and if so you may be lucky. Most people aren’t so lucky.

      Avira’s detection of Norton Removal Tool and McAfee Removal Tool as threats are probably false positives – however you have to be diligent when downloading legitimate software. There is a lot of trickery and misdirection going on and if you search to find something it’s very important that you don’t just click the first thing on the list without reading what it is and know to what site the link leads to.

      Reply

Leave a Reply to Mary Mulroy Cancel reply

Your email address will not be published. Required fields are marked *