Google: Unwanted bundled software is way more aggressive than malware

Researchers have exposed the questionable practices of the pay-per-install industry behind the lucrative market for unwanted software.


Google says ad injectors can impersonate an antivirus alert to scam users into fixing non-existent system issues.

Image: Google

Google says it issues over 60 million warnings each week to help users avoid installing software that attempts to gain user consent by deception.

According to Google, it issues three times as many unwanted software warnings than malware warnings, much of which relates to adware and browser-hijacking software that's been sneakily bundled with legitimate software.

Ad affiliate networks know that people rarely read terms and conditions and exploit this failing by burying details about bundled software in the text of their consent form. Consumers may not want the additional software, but their consent allows the affiliate marketer to operate legally.

Meanwhile, every new install nets participants up to $1.50, providing plenty of incentive to continue dubious online marketing strategies that at best warp a user's online experience and at worse infect machines with malware.

To size up the pay-per-install industry, researchers at Google and the NYU Tandon School of Engineering conducted a year-long study of its multiple players, including the advertisers or software makers that want to buy installs; affiliate networks that connect advertisers with developers of popular apps who are willing to bundle their software for a fee; and website publishers that deliver links to the software bundles.

The researchers found the pay-per-install industry has just a few hundred players, but argue its decentralized nature "encourages advertisers to focus solely on monetizing users upon installation and for publishers to maximize conversion, irrespective of the final user experience".

"This separation of monetization from distribution allows publishers to focus solely on garnering an audience and driving installs through any means. Consequently, advertisers may have no knowledge of the deceptive techniques that publishers employ to obtain installs, nor what their binary is installed alongside," the paper notes.

Over the course of the study, the researchers analysed 446,000 offers related to 843 unique software packages and found that most bundles include ad injectors, browser-setting hijackers, and products that solve bogus problems, otherwise known as scareware.

They also found that 59 percent of bundles are flagged by at least one antivirus engine as potentially unwanted, and that some packages are built not to install when the presence of antivirus has been detected. Key security products checked for include ESET, Avast, AVG, McAfee, Avira, and Symantec.

However, antivirus also featured in the research as one of the longest-running product categories that use pay-per-install. The main brands employing these methods included AVG Toolbar, LavaSoft ad-aware, Comodo GeekBuddy, and Qihoo 360.

Other established users of pay-per-install are software utilities, such as Speechecker, Uniblue, OptimizerPro, and My PC Backup.

The researchers also found familiar brands such as Opera, Skype, the Yahoo Toolbar, and AOL Toolbar using pay-per-install.

Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon and an author of the study, said the research hopes to draw attention to an industry that covers its deceit with a "thin veil of consent".

"We're hoping to expose these business practices so people are less likely to get duped into flooding their computers with programs they never wanted," McCoy said.

Read more on this story


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All