Tag Archives: adware

The harmful code recently found on Lenovo machines is now surfacing in other apps

Posted on by

As we previously reported, Lenovo apparently pre-loaded a number of its machines with Superfish adware along with other malicious code. The appearance of the potentially harmful software was not only shocking to many, but also prompted researchers to look around to see if the adware (or similar code) made it other places it shouldn’t have.

Based on recent data, that appears to be the case with at least two other firms reported to have affected apps out in the wild. This dirty code, which was spotted by researcher Fillipo Valsorda, causes devices to accept any old, self-signed certificate from sites, obviously causing serious privacy/security issues in the process. Valsorda noted that code of this nature can be found on the Ad-aware Web Companion anti-virus/privacy software from a company known as Lavasoft and within another ad-focused privacy app called PrivDog from Comodo.

Both occurrences expose users to the serious potential of man-in-the-middle attacks and leave personal data up for the taking, not to mention the negative affect it will have on both companies. Comodo is generally trusted on the internet with regard to certificate management, however that may not be the case for long.

While Lenovo has since admitted the issues surrounding the Superfish adware on its machines by offering it own removal tool, there is still no word from Lavasoft or Comodo on the latest findings. Microsoft has also updated Windows Defender so that it will detect and remove Superfish adware on its own.

via The harmful code recently found on Lenovo machines is now surfacing in other apps – TechSpot.

Microsoft to start blocking annoying adware by default

Posted on by

Microsoft has toughened its criteria for classifying programs as adware and gave developers three months to conform with the new principles or risk having their programs blocked by the company’s security products.

The most important change in Microsoft’s policy is that adware programs will be blocked by default starting July 1. In the past such programs were allowed to run until users chose one of the recommended actions offered by the company’s security software.

Interestingly, Microsoft’s crackdown on adware comes as it introduces tools to make it easier for developers to incorporate advertising into Windows 8.1 and Windows Phone apps.

The company has re-evaluated its criteria for classifying applications as adware based on the principle that users should be able to choose and control what happens on their computers, according to Michael Johnson, a member of the Microsoft Malware Protection Center.

First of all, only programs that display ads promoting goods and services inside other programs—for example, browsers—will be evaluated as possible unwanted adware applications, Johnson said Thursday in a blog post. “If the program shows advertisements within its own borders it will not be assessed any further.”

In order to avoid being flagged as adware and blocked, programs whose revenue model includes advertising must only display ads or groups of ads that have an obvious close button. The ads must also clearly indicate the name of the program that generated them.

No tricks or you get the boot

Recommended methods for closing the ad include an “X” or the word “close” in a corner; the program name can be specified through phrases like “Ads by …”, “… ads”, “Powered by …”, “This ad served by …”, or “This ad is from …”.

“Using abbreviations or company logos alone are not considered clear enough,” Johnson said. “Also, only using ‘Ads not by this site’ does not meet our criteria, because the user does not know which program created the ad.”

“”The adware industry is a multi-billion dollar business and I don’t expect adware developers to go along with Microsoft’s decision without any pressure.””

In addition to following these ad display guidelines, programs need to provide a standard uninstall method in the Windows control panel or the browser add-on management interface, if the program operates as a browser extension or toolbar. The corresponding uninstall entries must contain the same program names as displayed in the generated ads.

“We are very excited by all of these changes,” Johnson said. “We believe that it will make it easy for software developers to utilize advertising while at the same time empowering users to control their experience.”

Adware, ick

Adware programs typically affect the Web browsing experience and have been a nuisance for years, primarily because their developers make it intentionally hard to completely remove all of their components or undo the changes made by these applications.

Researchers from antivirus vendor Avast named unwanted browser toolbars and extensions as one of the biggest problems for users in 2013. Such toolbars are often difficult or even impossible for average users to fully uninstall because they change their names and identifiers on almost every new computer to prevent detection and removal by security products, they said in a blog post at the end of December.

“Most adware in the past years has been classified as greyware at best,” said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, Friday via email. “Often users would have to opt out of the adware offering and those less careful would end up with a product they don’t want installed on their machine. These adware add-ons are also very difficult, if not impossible to remove, which makes them look awfully similar to spyware.”

“However, the adware industry is a multi-billion dollar business and I don’t expect adware developers to go along with Microsoft’s decision without any pressure,” Botezatu said.

via Microsoft to start blocking annoying adware by default | PCWorld.

Why isn't a program malware if it installs additional, unwanted software?

Posted on by

A lot of programs–especially free ones–install additional software on your PC. They do this as a form of advertising, and they may make some money off of it. Of course, it can backfire and alienate users.
This practice gives you, the user, an additional responsibility. If you’re not careful about how you install freeware, you can end up with a lot of potentially unwanted programs (PUPs).
(Frankly, giving what we’re talking about, I find that acronym way too cute and cuddly. The acronym would have been far more descriptive if everyone had agreed on the term “potentially unwanted software.” On the other hand, these programs leave messes all over your PC, so perhaps PUP is appropriate.)
But why don’t antivirus programs block PUP-carrying installers? Because they’re legal, and because, annoying as they are, they’re not anywhere near as bad as real malware. True, installing one program and getting two or three more feels like a violation, but these unwanted programs don’t hide their existence. Nor do they, as far as I know, do anything illegal. And they can all be uninstalled.
What’s more, in almost every case, you can install the program you want and bypass the PUPs. You just have to pay attention while installing .
First of all, never, ever select the “Typical” or “Automated” installation–which will almost certainly be the default. Select the Custom installation or a similar option.

iLivid installation. Select the settings that the arrows point to.
Then, study every page of the installation wizard, and uncheck every option to install another program (unless, of course, you want that program).

More of the iLivid installation. Select the settings that the arrows point to.
You can’t really blame the developers for wanting a little money for their labor. But you don’t have to install software that you don’t want.
via Why isn’t a program malware if it installs additional, unwanted software? | PCWorld.