DOWNLOAD ALERT: Foistware Warning
A reader asks: 'My browser is filling up with unwanted toolbars, and I can no longer search with Google. I have anti-virus protection, but these things still creep in somehow, and I don't recall ever asking for them. Where do they come from, and how can I avoid this problem?'
What is Foistware?
Foistware is a term used for software that's "foisted" on you, typically without your knowledge or explicit consent. Foistware isn't technically malware, but it can range from marginally useful, to annoying, to malicious. Most often, foistware takes the form of browser toolbars, but it can also take over your browser homepage and preferred search engines. Some foistware pops up when you visit online shopping sites, and tries to steer you to certain vendors or offers.
Foistware almost always tags along when you download a program that you do want. Through various deceptive practices, the download process may try to add extra, unwanted software to your installation package. Usually it takes the form of a checkbox that's already selected, and if you just click NEXT or CONTINUE without reading carefully, you'll end up with this extra software clutter.
Sometimes confusing buttons, self-serving "recommendations" or items buried in the terms of service play a role. In other cases, a tag-along foistware product will be installed with NO prompt or warning. But thankfully, those are rare.
The purveyors of these pollutants will say that it's your fault for not paying attention, and to a certain point, they're right. If you're very careful to uncheck all those boxes, read every word on each segment of the download/install dialogs, and scan the legalese for gotchas, you can avoid almost all of these foistware nuisances.
But many users have become accustomed to clicking an endless series of Next, Next, Next to get through a software installation. Nobody want to read those long, boring Terms of Service and the accompanying legal blah, blah, blah that can make your eyes glaze over. And plenty of users are not technically savvy enough to understand that a "recommended" toolbar, add-on or plugin is not in their best interests.
You might think this problem would show up mostly in the dark corners of the Web. But the most egregious offenders are some of the most trusted and popular names in Internet software. If you try to download or update your Adobe Reader or Flash Player, Skype, or the Foxit Reader, you'll see examples of what I mean. Adobe pushes the McAfee Security Scan, which you probably don't need because you've already installed one of the options in my list of Free Anti-Virus Programs, right? Foxit Reader, which I use and recommend, is also guilty of pushing the useless Ask.com toolbar. See the images on this page for examples of what to look out for.
The Ask Toolbar is especially loathsome, because it has a delayed installer. You'll download your software and everything appears to be fine. No annoying popups or toolbars in your browser, great. But after lurking for ten minutes, the Ask Toolbar installer springs to life and does its dirty work. Later, you open your browser, and see the damage. And hopefully, you'll chalk it up to a lapse in your anti-virus program, instead of blaming the company that foisted it on you.
Hope and Change?
There are a few bright spots in the foistware arena. The ever-popular Skype used to push unwanted software extras, but now they just want to mess with your browser settings by foisting Bing and MSN on you. More good news comes from Oracle and their ubiquitous Java. Until very recently, downloads for Java or Java security updates would present you with a pre-checked offer to install the Ask Toolbar.
And with the recent Java security scares, most people just wanted to get the updates and get on with it. I imagine that several million people got the Ask Toolbar in this manner, during last week's Java security panic.
But as of last Friday, my tests indicate that Oracle has removed the offer to bundle Ask with Java downloads. So good for them. (Ugh, it's back. I'm putting Java on the Naughty List again.)
And I have to mention Ninite, an awesome service that lets you select one or more popular downloads, and safely download them with a few clicks. It eliminates the Next, Next, Next by automating the installation process; promises no toolbars or other unwanted extras; and will help you update your software to the latest version when necessary. It's free, and it just works.
CNET/Download.com: A Six-Part Horror Story
I've saved the best (or worst, depending on your point of view) for last. Recently, CNET, which I always admired for their trusted reviews, safe downloads and tech advice, has become one of the worst offenders in the foistware game. CNET has a popup disclaimer on their download buttons that says: "The CNET Download.com Installer is a tiny ad-supported "download manager" that helps securely deliver your downloads. We also include offers for carefully screened software that complies with Download.com policies..."
That doesn't sound too bad. After all, CNET has been around since before Al Gore invented the Internet, and they're the good guys, right? Well, I decided to try downloading a program from CNET called Toolbar Cleaner. As you might expect, it offers to remove annoying and unwanted toolbars from your computer. The CNET download process plays out over six successive screens. The first screen you see after clicking the green Download button is cluttered with misleading ads that want you click on more "Download Now" buttons that have nothing to do with the program you actually want to download. There's actually nothing you need to click here at all. If you have a fast connection, a familiar browser popup will appear, prompting you to save or run the downloaded file. If you have a slow connection, you may wonder what's going on, explore the various deceptive ads on the page, and click off in the wrong direction.
If you're lucky, you'll see what looks like another ad across the page that instructs you to open the Installer, click 'Yes' or 'Run', and follow the Installer instructions. Assuming you get this far, you'll be greeted by the CNET Download.com installer window (Step 1 of 5), which assures you that you're installing the right program, and that it's virus and spyware free.
Ick. If that's not bad enough, it's also difficult to completely remove this pest. (MalwareBytes AntiMalware identifies it as malicious, and will remove it.) The download screen prompts you to "Click ACCEPT now to continue your installation". If you do happen to read the text underneath, you may be left wondering whether the DECLINE or CLOSE buttons will let you continue with the installation of Toolbar Cleaner.
Moving along to Step 3, the next screen in the CNET/Download.com process prompts you to "Click NEXT STEP now to continue." But wait, there's a bunch of tiny pre-selected checkboxes lurking. If you fail to notice, you'll get the Iminent Toolbar, and Iminent SearchTheWeb bolted on to your web browser. In other tests I ran, a different toolbar/browser/search hijack combo called Visual Bee was offered. Failure to uncheck these boxes will result in these annoying (and possibly malicious) toolbars winding up on your computer. (See my related article My Browser Got Hijacked to learn more about these pests, and how to remove them.)
Thankfully, Step 4 and Step 5 are innocuous, and you can finally click a green INSTALL NOW button, to install your software. I ran through the CNET download process several times, and in one instance, it prompted me to add THREE unwanted extra programs to my download bundle. I was incredulous that CNET tried to foist two or three browser toolbars on me while trying to download a program that's supposed to *remove* toolbars. If you make it through this gauntlet unscathed, carefully unchecking and declining all of CNET's "carefully screened offers", you'll finally get to download the installer for Toolbar Cleaner.
This is where the horror show is supposed to end. "But wait..." as they say in those infomercials, "there's more!" I clicked on the installer I had just downloaded, and guess what? The Toolbar Cleaner Setup Wizard instructed me to simply click FINISH to close the wizard. But below that, two more pre-selected checkboxes recommended that I "Protect my system with Anti-phishing Domain Advisor" and change my browser start page to MyStart. More foistware and browser hijacking nonsense. The CANCEL button is greyed out, so your only option is to uncheck those boxes and continue onward. But after all that, there's no way I'm going to trust this program on my computer. Or CNET, either, until they clean up this mess.
I understand that online businesses that provide free advice, reviews and other services have to do something to make money. So ads and sponsors are part of the Internet ecosystem. But deceptive practices don't have to be. Tricking unsuspecting users into downloading crappy or malicious software is obviously wrong. I'd be fine if they put that checkbox on the page and recommended a useful add-on program. Just leave it up to me to check that box and decide that I want a toolbar, plugin or whatever.
Do you have something to say about foistware? Post your comment or question below...
Posted by Bob Rankin on 28 Jan 2013
For Fun: Buy Bob a Snickers.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!
BACKUP: Carbonite, Mozy, or Crashplan?
The Top Twenty
Geekly Update - 30 January 2013
Link to this article from your site or blog. Just copy and paste from this box:
There's more reader feedback... See all 94 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- DOWNLOAD ALERT: Foistware Warning (Posted: 28 Jan 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved