Other Ways To Connect

Tuesday, March 18, 2014

Where did that come from? Accidentally downloading software

All of a sudden, an official looking window pops up telling you that it has analyzed your computer and found 1,600 serious problems. Where did that come from?  Windows' latest update?

Stop!  Step away from the OK button!  

You are a victim of accidentally installed software. I have a friend who went through this last week.  The culprit we think was a "free" video editing package, which helpfully installed the "PC Optimizer Pro" package for her. Both the editing package and its companion "Optimizer" are now gone.

On her system, "PC Optimizer Pro" or something was also installed as an "Add-in" in the browser.  Every time my friend opened a new tab to say, "go to SafelyFiled.com," she was instead shown a window trying to upgrade, analyze or install something for her.

After her initial freak out about malware (or at least un-intended-ware) running on her system, she gave me a call to help her figure out what was going on. When I opened up the "Add-ons" controller in her Firefox browser, it showed some new and unexpected add-ons.  I immediately disabled those for her.

I then went about finding and removing the offenders.  It is unclear whether the scanner would find this program. These appeared to be "gateway malware", annoying but not directly malicious.  I opened "Control Panel" and then selected "Programs and Features" and looked for unfamiliar program names that had been installed on that day.  I rebooted after uninstalling them, and all seems to have been well.   Fortunately, this un-intended-ware was fairly well behaved and the uninstall seems to have worked.  Any residual malicious bits should be caught by her virus scanners.

Speaking of scanners, after removing suspicious software make sure your computer's security software is still working.  Malicious software will often try to disable standard security packages running on the computer. If your surprise software was not entirely benign, it may have tried to stop your security software.

So what are the lessons we've learned (or relearned) from this exercise?

  1. There is no such thing as a free lunch!  Most people do not have purely altruistic reasons for offering services for free.  This is not a bad thing, but understanding the motive can help your evaluate whether you should use that service.
    • Sometimes the ulterior motive is just ego.  It can look really good on a resume to list a service with a large following.  
    • Sometimes the motive is an up-sell to another service. With Freemium software this is a very common model these days.  The free version has reduced features and/or displays ads in the margins.
    • Increasingly, more companies seem to be getting money for installing other pieces of software when you install their free package.  For more reputable companies like Adobe, the fact that it is installing another package will show up at some point in the install process, and you will have the option to uncheck that install option.  But those options are easy to miss.  For less reputable companies, you are not warned of the additional software, and it is a surprise later on.
    • Finally, some software is just bad, and it is a straight up Trojan Horse.  It performs some nominal beneficial service (like a fun game or a video with sketchy content), but from the bad guy's perspective the real benefit is the installation of a key logger (so your every keystroke is tracked and reported), remote control software, or some other truly nasty malware.
  2. Think before you click!  Just because the window looks official, stop if it seems new.  Look up the text displayed in the URL window on the top of the browser (perhaps using a search engine on a different computer or on your phone).  We did that with the PC Optimizer Pro, and immediately saw lots of reports of unexpected installations.
  3. Think before you install!   My friend thought she was being careful with the video editor install.  She had used another version of this software in the past with no problems.  But it looked like the Windows version had split to another company.  If free seems too good to be true, it probably is (see lesson #1).  If you absolutely must use that software, consider installing a separate virtual machine to install it on. But at this point, you might reconsider how essential that software is.
Show Comments: OR