What we are talking about here are PUPs, not the loveable, furry, 4-legged kind commonly referred to as ‘man’s best friend’. We are talking about those pesky critters that seem to sneak into the operating system when no-one is looking, commonly known as Potentially Unwanted Programs.
I realize we’ve already published plenty of articles relating to this very topic but it is something which definitely bears repeating, because, quite frankly, as with common advice regarding passwords and overall risk management, too many people do not appear to be listening.
The first point that needs to be re-enforced is that the majority of these PUPs are installed by the user. Inadvertently, yes, but that’s little consolation after the fact. Piggybacking these pesky programs with genuine software has become pretty much standard practice so the first step in avoiding them is to proceed on the assumption that everything you are about to install comes bundled with something. The second step is to be vigilant during the installation process and not just click through without checking every single screen.
There are some instances where unscrupulous developers surreptitiously bundle toolbars and other crap without providing any indication or options to decline, making these PUPs nigh on impossible to avoid, but, in my experience, they are generally the exception rather then the rule. The vast majority of developers will provide the end user with the necessary options to avoid any bundled extras, although, in many cases, they will still do their very best to obscure them. Some of these PUPs can hook deep into the system and be a real pain in the you know what to get rid of completely, so avoidance is the much preferred option.
Most Common Methods for Installing PUPs
What follows are examples of the most common methods in which these parasites are offered and what you need to do in order to avoid installing them:
Number one rule: when installing software NEVER accept the default “Express” or “Standard” installation setting, even when it is labeled “Recommended”. If this setting is available then it will generally be accompanied by a “Custom” or “Advanced” installation option as well, this is the one you need to enable. Using the Express/Standard installation option will skip the screens offering decline options and just go ahead and install everything, including any bundled PUPs. Enabling the Custom/Advanced installation option will, in the vast majority of cases, ensure that you get to pick and choose exactly what is installed and what isn’t.
Here’s one that utilizes the Standard (recommended) versus Custom installation method:
What you’ll need to do in these instances is enable the Custom installation option and you’ll then be able to deselect any additional programs you do not want.
Here’s a slightly different version of the same system – this first screenshot shows how options to deselect the PUPs are grayed out (inaccessible) with the Express install option enabled:
Change that to the Custom install option and you’ll see how those PUPs are now highlighted and available for deselection:
Note the “for advanced users” appended to the Custom install option, an obvious attempt at dissuading less experienced users from enabling this setting.
Next is an example of one of the most common methods used for presenting PUPs, all that’s required here is to deselect the unwanted program:
Here is another example where the opposite applies; rather than simply deselecting the unwanted program’s installation option, the user has to tell the installer they do not want it:
A more sneaky practice is to utilize a “Decline” and “Agree” (or “Accept”) system. This tends to confuse users, especially those less experienced, by giving the impression that it may lead to declining the main installation. It does not, it merely declines installation of the PUP. So, in these cases, clicking the Decline button is the way to go:
Last but certainly not least; while I know it can be a pain in the you know what to actually check through the software’s EULA (End User License Agreement), it can also reveal the inclusion of PUPs, especially where advertising modules are concerned:
In this case, as you can see, the developer has indicated the inclusion of OpenCandy in bold text right at the beginning of the EULA, a transparent and thoroughly responsible approach.
In Conclusion
You will probably have noticed that some of the above examples are associated with reputable and popular programs, re-enforcing the ‘do not trust anyone’ doctrine.
Some of these precautions may appear to be pretty basic but in the end, of course, it all depends entirely on the user’s level of vigilance, and NOT just clicking Next all the way through without checking each screen for potentially unwanted programs.
I’m not sure why users are still continually falling prey to these practices, perhaps because they are not the sort of people who tend to visit sites such as DCT where this advice is prevalent. Even if, as a more advanced user, this advice is not particularly relevant to yourself, you can still help prevent the spread of these pesky critters by schooling the less experienced among family and friends. Even suggest that they may benefit by becoming a regular DCT reader. 
No comments:
Post a Comment