We have been warning you about software bundles (which Emsisoft calls “download wrappers”) for a long time. The following information comes from Emsisoft’s helpful Anti-Malware web site, and we’d like to share it with you, because it give you information you can use to avoid sites which distribute software via bundlers (or “Download wrappers). These are all popular download sites; Download.com and Tucows have previously enjoyed good reputations for being safe sites from which to download, however that has changed. Now it’s not all about giving you the program you want, it is all about the money. Download wrappers (Bundlers) earn these sites a great deal of money — but the money is earned by making you believe you want the garbage bundled in these installers, or just plain trickery. In any case, you are warned — if you download from these sites, you’re mostly likely downloading software which is bundled — or wrapped in an installation wrapper.
If you click on the download button of a file that reads “CNET Installer enabled” in small print on the world’s biggest download portal, you will receive a wrapper of about half a megabyte instead of the desired file. Due to user complaints and threats of lawsuits from several software providers, the portal has refrained from using the wrapper for these and uses it only for programs whose providers have not made a complaint (or who do not even know that their software has been “wrapped up”).
Risk: Installing a browser toolbar and hijacking your browser’s homepage.
Attention! Never be tempted to just click on “Next Step”. You would not see the option “I do not accept” hidden in the lower right corner that enables you to not install the supplementary toolbar.
Even the multi-language portal “Softonic” has acquired the bad habit of giving out a wrapper before you receive the desired file. At little more than 300 KB, this is one of the smaller ones, but shows the most aggressive ads. The section “Options” shows nothing but an ad page for a third-party program from a pool of other programs. Installation is also enabled by default. If you uncheck the corresponding box, you will immediately see another ad page for another program. When the download is finally about to start, you will see another ad banner for another program that will be even more focused once the download is done. This ad penetration is worse than any other wrapper.
Risk: Installing undesired software, fraudulent ad banners.
In our opinion, the veteran among the download portals has the sneakiest ways of all: The wrapper called “AVG CloudInstaller” lets you choose between “Express” and “Custom” installation of the AVG toolbar in the first place. You can only skip this by clicking on the “Decline” button below. This suggests, though, you are canceling the download and installation of the desired program. No matter whether it’s Express or Custom, your browser’s homepage will be hijacked and default search engine altered by default as well as a toolbar installed.
Risk: Greatest risk due to accidentally installing third-party software and tampering with your browser.
Note: The technology by the company “OpenInstall Inc.” that the wrapper is based on is recognized as a potential risk through Emsisoft’s signature scans and behavior analysis as data is sent to the web once the download is done and even after closing the software, most likely for statistical reasons.
Emsisoft Anti-Malware recognizes suspicious download wrappers as Riskware. The behavior blocker will also display a spyware alert when a wrapper downloads or sends any data from or to the provider in the background.