Why does crapware still exist? Follow the Silicon Valley money trail

Why does crapware still exist? Follow the Silicon Valley money trail

Summary: If you followed security experts' advice and manually updated Java this week to fix a critical vulnerability, you might have gotten more than you asked for. Oracle probably makes tens of millions of dollars a year from crapware, and big venture capitalists see it as a growth business.


Oracle this week released an update for its widely used Java software, fixing a zero-day vulnerability that was being actively exploited to install malware via drive-by downloads.

But before you begin patting Oracle on the back for its quick response, note two things about that update:

  • It might not actually fix the underlying security issues.
  • Along with the must-install security update, Oracle continues to include crapware.

Yes, adding insult to injury, Oracle is actually making money and cheapening your web browsing experience by automatically installing the Ask toolbar, which in turn tries to change your default search engine and home page.

I'm ready to move Oracle's Java to the top of my Foistware Hall of Shame, alongside Adobe, for crap like this.


Notice that the "FREE Browser Add-on from Ask" is selected by default. If you're like most people and you impatiently click through the installer screens, you'll end up with a new, unwanted, and downright ugly toolbar in your browser. And that's true no matter which browser you use.

And if you forget to clear that checkbox, you'll be dealing with the toolbar and its automatic updater for a while.

I have no idea how much money Ask pays and Oracle collects off this seamy, sleazy practice. I can only assume it's enough to justify selling out Java users.

The companies involved in the crapware business rarely talk about the economics of their business, but occasionally a bit of information emerges into the wild. Long Zheng today disclosed a glimpse into the economics of the crapware business. In a must-read post at his IStartedSomething blog, he includes the text of letters he received from a prominent software company that was willing to pay big bucks if Long and his partners would agree to include "something extra" with their free (and excellent) MetroTwit Twitter client.

Here's what the offer came down to after Long said no:

We launched similar cooperation with WinZip, Nero, TuneUp, Yahoo, and dozens of other reputable brands so this it’s a shame we can’t work together.

Personally I believe you can still present high quality product to your users and make good monetization out from it.

Based on our estimation this type of cooperation, will add a new revenue channel, estimated at $90,000 – $120,000 each year for your company.

All Long would have had to do is sell out his users by allowing his program's installer to include an offer for a browser toolbar. "We can even have it on opt in," the crapware distributor said, implying that the default offer is installed automatically unless users pay careful attention. Just like the big guys do.

And that's for a tiny software company with a niche product.

When you do the math, it's easy to see why Oracle and Adobe pull this crap. Java has 850 million desktop users worldwide. At 30 cents per successful toolbar install, they stand to collect tens of millions of dollars a year even if only a small fraction of their users accept this "recommended" crapware.

What's more alarming and depressing is that the crapware business seems to be growing. Long notes that a new company called InstallMonetizer is funded by a who's who of Silicon Valley venture capital outfits, including Andreesen Horowitz and Paul Graham's highly regarded Y Combinator. And they're perpetuating the bad behavior of bygone days:

Perhaps even worse, the company’s “solution” also includes “Post Install Conversion Tracking“. Alarmingly, it’s tracking software (some would call it spyware) that monitors and uploads user’s ongoing usage activity of the bundled crapware.

Although the company claims it is all “non-personally identifiable data”, according to its website this surprisingly includes not only IP but the globally unique MAC addresses.

Rafael Rivera did a quick analysis of the InstallMonetizer software and found appalling results, including a cavalier approach to privacy and laughable security precautions.

The rise of tablet-based apps that sell for 99 cents and compete with free apps has made it extraordinarily difficult for software developers to write good products and get properly compensated. But this sort of crap(ware) isn't the answer. Extra toolbars and unwanted add-ons cheapen and degrade the PC experience for everyone, and they hasten the decline of the PC platform.

A gushing profile of InstallMonetizer at TechCrunch yesterday offers depressing numbers:

The company says that it now works with more than 9,000 publishers. It’s profitable, and the number of installations that it’s driving doubles every two or three months.

The article continues, "InstallMonetizer actually launched two years ago, and it was part of the winter 2012 class at Y Combinator, but it hasn’t sought out any attention from the tech press until now." This shouldn't be surprising. The backers of this type of business have never been fond of having their practices scrutinized carefully. 

The biggest irony of all is that InstallMonetizer is being funded by people who I'm willing to bet never touch a Windows PC in their daily lives. In the Valley, of course, everyone uses Macs. Big-time VCs have no problem paying for fully loaded MacBook Pros for everyone in the offices. And guess what? Oracle's installer for OS X doesn't include any crapware. No money there, I guess.

So Andressen and Graham and other Valley bigwigs push their wares out into the world with no empathy and no awareness of how much grief they're causing for their unwitting and often unwilling users. It's a cynical business model: crapware for the rubes.

And the comments on Hacker News to Long's post reinforce what a sleazy, cynical business it is. One representative of VLC, the open source media player, notes:

They are liars, shady business, IP violators and are downright dangerous.

They have all those great offers for you, but they refuse to give any details as soon as you ask any question. More than half of them are "the biggest in the world" (sic). They lie about download numbers, about download size, about number of software actually installed and about their connexions. They even lie on the actual payback price.

Thanks for nothing, guys.

Update: There's a Microsoft connection in the InstallMonetizer story. The company's backers include an "advisor" who is currently employed by Microsoft, and the company got its start bundling MSN and Bing add-ons.

Meanwhile, spyware/adware expert Ben Edelman (who documented the role of big investors in supporting first-generation spyware a decade ago) notes via email that Google sells the ad inventory for Ask, which means that advertisers who deal with Google might find their ads being delivered via the Ask toolbar.

And let's not forget Facebook. The same group behind InstallMonetizer is also delivering ads for Facebook.

Topics: Software, Oracle, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Crapware solution

    Uninstall JAVA!
    Bill Goodbody
    • And

      use what?
      • For what?

        The last program I used that required Java was Limewire and it's long gone... Java ain't on my machines anymore!
        • Easier said than done

          There are many things that still (unfortunately) use Java. Working IT in education there are many apps that rely heavily on Java and I hate it but it is what it is.
          • Agreed...

            I can't be an IT administrator using Cisco equipment and not encounter Java on some level. It's absurd, and I have pleaded with them to abandon it, but I don't see it happening.
          • Java Petition

            Sign this petition to demand that Oracle stop bundling crapware with Java:


            This is our chance to push for change.
            Saeid Nourian
          • re: Easier


            Really, Minecraft is a word associated with spam and has to be reviewed by a moderator?
    • Sour grapes

      'Softies are still smarting over Java:

      "Sun, Microsoft settle Java suit

      And Microsoft's 'development' of .NET is why their patent threats against Sun Microsystem's OpenOffice failed:

      "Good Artists Copy, Great Artists Steal

      That said, Larry, you already own an island (Lanai), mansions, yachts, planes and cars. Please, stop with the crapware already.
      Rabid Howler Monkey
      • Ethnic War

        looks like there is and ethnic war against Java launched, financed and pushed by other technologies :D
      • Agreed, Cut Larry's salary by 30-50 mil and...

        he'll never feel it and Oracle can 'afford' to say goodbye to Ask...

        Crapware indeed.
        Too-Tired Techie
  • Look at Apple store, it mostly distributes crapware ...

    I've disabled credit card account at my son's iPod, so he can install what ever he likes himself, so in order to make virtual "Smoorf berries" for his games, he installs all possible "crapware" and only thing I do I regularly dump them out of iPods memory. So Apple Store can turn over 10bln downloads very soon if they don't stop exploitation of children labor force in their advertisements campaign.
    • That was quite the none sensical rant there my friend.

      Bugs Bunny said it best back in the day "You'ze is a mental case". Nothing you said made any sense.

      Pagan jim
      James Quinn
      • re: nonsensical

        Yet, he still got 6 votes. Maybe just for the apparently anti-Apple content?
        • Maybe

          but I'm not an Apple fan and I still think that post was gibberish.
  • Another example of crapware addon

    Flash player, if you want download install package from Adobe site you must be careful or with FP installer you get chrome...
    • I get McAfee thing

      Adobe proposes me a McAfee security thing as a checkbox on the webpage before I start the download...
  • C'mon ... naive comment

    In a world were so many things are "for free" what do you think all of this money is coming from ?
    Unlike the FED, which can print money on their own, companies have to make money.
    If you think what Oracle slips to users is crapware look what FB does. They are selling your privacy.

    Get it ... there is no such thing as a free lunch.
    • True but

      having a free lunch shouldn't require eating crap. There are better ways to offer free products.
      • Nothing is required

        You do not have to download the toolbar? Are all of you completely unable or unwilling to notice this? Just UNCHECK the box. It is not hidden, an entire step of the installer is devoted to it. There is an actual image of the toolbar and an explanation of what it does.

        There is nothing wrong with this, it allows the free (for consumers) programing language to make some extra money. I have put in place similar concepts in my open source scripts. It can allow me to make money on an otherwise donation to the public.

        What is wrong is crapware being included on a newly purchased machine or when it is included with no exclusion option.
        • Yes but

          most people don't look at the installer. In some cases, you have to choose a custom install to avoid installation (don't recall if Java is like that). I've seen people with 3 or more toolbars from software. They don't know how they got it, don't know how to get rid of it and fewer still understand what happens when those toolbars are installed.