
What Happens When You Install the Top Download.com Apps - DanBlake
http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps/?PageSpeed=noscript
======
aaronbrethorst
And this is why Apple created Gatekeeper and made the Mac OS X App Store so
ridiculously onerous for developers[1]. The software world is, for all intents
and purposes, a thin sheen of gold flecks and diamonds atop a _veritable
cesspool_ of shit.

You can just imagine the conversation at 1 Infinite Loop:

    
    
        Marketer: The Panic guys are considering pulling
        out of the App Store. Maybe we should reconsider
        our App Store strategy to make it more inclusive.
    
        Product Manager: Have you seen the top 10 downloads
        from Download.com? They literally destroy your
        operating system.
    
        Marketer: ...
    

All that said, I'm disappointed with many of the restrictions that Apple
places on iOS and OS X developers, but, after reading an article like this,
I'm reminded why these restrictions exist, and that it's our own fault.

[1] and sandboxed iOS apps, and made the iOS App Store the only way to install
iOS apps without jailbreaking your phone.

~~~
iSnow
Ironic, considering that Apple did exactly the same, when you installed
QuickTime on Windows. They tried to trick you into installing iTunes and
Safari and set them as default apps.

Also, it stinks that Apple has nailed iOS that shut that even as a
knowledgeable user you are not able to bypass it. They did not yet dare to do
the same on Mac OS, but who knows when that comes.

~~~
pjc50
Apple are quite happy to trash another company's OS. The Windows iTunes
experience was _terrible_ : it ate resources, was opaque in operation, didn't
always sync properly and could occasionally wipe your devices. It used to be
required for OS updates.

The "nailing shut" is an increasing problem for anyone that believes in a free
market in software. Which isn't helped by all these sites shipping value-
negative software.

~~~
FollowSteph3
If you have an ssd and more than one Apple device, each device you synch eats
up about 10gb of space or more. If you have a spouse with an iPhone in
addition to yours, a kid or two with itouches, then that can easily eat up
50+Gb of an ssd drive. This can be a very significant percentage of your
drive!! And there's no way to change it to anything by the c drive on windows.

~~~
DanBC
There is a complex method of changing the backup drive by setting up symlinks.

It is user-hostile of Apple to force use of C:\

~~~
bruceboughton
If you have a Mac with more than one hard drive, one of which is an SSD, you
probably know how to set up symlinks.

------
anon1385
Download.com is just the beginning of this crap. At least a lot of people now
realise that download.com is shady. Google is just as bad as download.com, but
people still think of Google as a reputable site. Even in this discussion
people are recommending just googling the product name to find a download.
Please don't tell people to do that. It's dangerous.

If you type terms like 'firefox' into google search much of the time the top
result (which is actually an ad) takes you to a site offering a version of
firefox bundled with toolbars and god knows what other malware. The story is
similar for other popular windows downloads. I've even seen these ads crop up
for things like Chrome in the past.

For example, here is a search I did just now for the term 'download firefox'.
The top result is an ad leading to malware:
[http://i.imgur.com/Ote9c2k.png](http://i.imgur.com/Ote9c2k.png)

Imagine having to explain to an inexperienced computer user how find to
firefox or other common software, without clicking on any of these landmines
google carefully disguises right at the top of the results.

I've been bringing this up on HN for a while now and nothing has changed. Many
of the sites are the same as they were a year ago. Google does manual review
of adwords sites. The domains of these sites have been the same for at least a
year. Google knows _exactly_ what is going on, making them just as bad as
donwload.com in my view.

Google search ads are probably one of the biggest vectors for malware these
days, along side the kinds of big download button ads you see on software
sites (many of which are also google ads).

Previously:

[https://news.ycombinator.com/item?id=7335401](https://news.ycombinator.com/item?id=7335401)

[https://news.ycombinator.com/item?id=7971201](https://news.ycombinator.com/item?id=7971201)

[https://news.ycombinator.com/item?id=7089727](https://news.ycombinator.com/item?id=7089727)

~~~
makomk
At least the actual, genuine result is visible without scrolling. A few years
Google were paying computer manufacturers to set a special version of Google
with more prominent ads as their default search engine. The net result was
that if you got a new computer and searched for Firefox using their default,
Google-supplied search the genuine result was actually below the fold in some
cases.

~~~
lsaferite
Can you back that up with a citation?

~~~
makomk
Not trivially, unfortunately - I didn't save the information at the time and
don't seem to be able to find details because it's buried under articles about
Google's newer changes to increase the number of ads and the (equally ad-
heavy) redirection page for URL typos they were paying OEMs to bundle at one
point.[1] Basically, there's too much discussion of other bad practices for me
to Bing or Google this one. Sorry.

[1] See [http://blog.opendns.com/2007/05/22/google-turns-the-
page/](http://blog.opendns.com/2007/05/22/google-turns-the-page/)

------
tdicola
I had to install the DirectX user runtime recently and was pretty shocked to
see Microsoft has loaded it up with lots of crapware. First when you click
download from its page at [http://www.microsoft.com/en-
us/download/details.aspx?id=35](http://www.microsoft.com/en-
us/download/details.aspx?id=35) you're prompted to set MSN as your homepage,
download the malicious software removal tool, and download IE11 (if you're on
Windows). Then after you skip that you get the download and when you run it it
will try to get you to install the Bing bar in the installer. Overall just a
really shady and crap experience, especially coming from Microsoft.

Also agreeing to set MSN as your homepage with the install bloats the download
size from a svelte 286kb for the DX web installer to 2.4mb (just to set a
homepage!?). Way to completely defeat the purpose of providing a small
installer by bundling in crap.

~~~
scrabble
I stopped trusting Microsoft installers when Windows Update listed the Bing
Desktop as a Critical Update.

~~~
unreal37
The accusation has been around for a while and is not true.[1] Amazing how the
story has morphed from "Optional Update" to "Critical" in 1 year's time. And
it just sounds untrue. Why would you believe that?

[1] [http://www.dasmirnov.net/blog/bing-desktop-won-t-
be](http://www.dasmirnov.net/blog/bing-desktop-won-t-be)

~~~
scrabble
In the off chance you ever come back to read this, this is my bad.

I never saw any articles about it at the time. I just remember it always being
in my Windows Update list and I was sick of it. Windows Update in my mind
should generally be for OS and software updates, and not for software that
Microsoft is looking to push.

Which is funny, because I'm a Windows guy who works in the Microsoft stack.

------
petecooper
Mobile computer tech, here. War story follows.

I handle high single-figures of these adware and/or potentially unwanted
programs (PUPs) infestations every week.

Mostly it's Windows 7 and 90% adware/PUPs-centric, occasionally ransomware. In
the huge majority of cases, the following will get a computer back up and
sorted in a sensible amount of (billable) time:

First, bring known-good copies of AdwCleaner, Junkware Removal Tool, RKill and
ComboFix on a thumb drive. Same-day downloads are preferred as some detect
out-of-date versions and don't play nice. Shut down computer. Restart in safe
mode with command prompt. Run explorer.exe from command prompt. USB typically
works as usual, even in safe mode. Run each of the applications above as
administrator in the order they are listed. Some will require a reboot to
complete their work. The reboot should be in normal mode, subsequent
restart(s) to run other cleaner(s) should be in safe mode with command prompt.
Diminishing returns will take place after the third of fourth cleaner, and
allow 15 minutes for a typical infection.

The longest it's taken me to completely clean a computer of was 7 hours,
comprising around 18GB of tat. If it's a severe infection, I will recommend a
rebuild from known-good factory media after a Windows Easy Transfer export,
assuming there's not too much in the way of user content.

As an up-sell, I also offer a better-than-factory reset where there's a clean
Windows 7 installed and no vendor-specific junk on there. Computer vendors
aren't as bad as free-to-use software vendors, but there's a reason why a
adequate Lenovo laptop can be bought in the UK for 230GBP (including sales tax
at 20%). Install, updates, and Windows Easy Transfer will typically be around
2 to 3 hours. It's a hard sell with a cheap laptop, especially since some
clients are already preparing to buy a new laptop rather than fix the old one.

~~~
petecooper
Addendum: I save a ninite.com installer to their desktops, renaming it to `Run
this every Wednesday`. If they see any `You need to update Flash Player`
dialogues, I advise them to close them and _only run the desktop icon_ \- this
in and of itself saves most people from reinfection.

Edit: typo and formatting.

~~~
e40
I cannot say enough about ninite. They are brilliant. I moved to the Mac a
year ago, and I miss it dearly. I wish they had a Mac version. It's so
convenient. And safe. And easy. I paid them for something just because I
wanted them to be successful. Single best product I used on Windows!

~~~
swies
That's so nice to hear. Thank you!

I'd love to make a Mac version someday, but the problems are so much worse on
Windows so we're focusing there.

~~~
Systemic33
Wow, the co-found of ninite :D

I can't thank you enough! That program is _always_ the absolute first i
download on every windows machine, period.

I think i've told all my friend about ninite by now, and everyone is super
impressed.

Would you care to elaborate on how it works? do you download from each
software homepage, or do you constantly have to download latests versions and
then serve from your own server?

Any way you could make a free or cheap one-time pay, for a version that can
use a private server to host, and then deliver programs to it this way.

------
route3
In 2012, YC invested in a company InstallMonetizer[0] which, from my
understanding, helps align software products with bundling other installers
for additional revenue.

[0]
[http://www.crunchbase.com/organization/installmonetizer](http://www.crunchbase.com/organization/installmonetizer)

~~~
jacquesm
That's by far the worst company they ever invested in.

See here for PG's take on this:

[https://news.ycombinator.com/item?id=5092711](https://news.ycombinator.com/item?id=5092711)

~~~
cdr
I dunno, there's a few contenders. Scribd was pretty bad. RapGenius was pretty
bad in terms of the people.

Edit: Oh, and Quora, even if that wasn't much more than YC lending its name.

~~~
unreal37
What was wrong with RapGenius? I actually like them. Simple idea executed
well. I still use Genius regularly.

~~~
anon1385
People disliked them because the founders acted like obnoxious fratbros, but
the specific claims of wrongdoing were over blackhat SEO (
[https://news.ycombinator.com/item?id=6956658](https://news.ycombinator.com/item?id=6956658)
) which ended up getting them penalised by Google.

------
TeMPOraL
> _Because when the product is free the real product is YOU._

I disagree with this conclusion. Also, I have a related issue with some of the
opinions I hear e.g. on HN that confuse me.

Many a person says in defense of ads - "but surely authors have to support
themselves, otherwise there'd be no site/software", "TANSTAAFL", etc. But this
seems to me to be in disagreement with observable reality.

What I see is a strong and direct correlation between amount of ads and
crappiness/dishonesty. For websites, it is usually "the more ads there are,
the more likely content is wrong/crap/nonexisting and the author is there to
take your money". For applications, similarly - more ads means crappier
downloads, and - if it's the author's site that's full of banners - the
program is most likely shit.

What I observe is that there are two reliable types of sources/downloads: 1)
linked on author's site, free and free of ads - they signal that the author
actually cares about the content they're providing (see "the toilet-paper
companies"[0]) and 2) linked on author's site, that ask you to pay up front -
here it signals that the author is honest.

So do the authors really have to "support themselves"? Or is it that the
honest ones either do it for free (because they care, and they get money
needed to support it elsewhere) or sell in clear terms? And the ad-dependent
money makers have no business being on the Internet in the first place?

That's why I also feel no guilt for browsing with AdBlock on - neither the ads
nor the ad-serving pages are a good deal for anyone in any way.

As for the Downloads.com, CNET, et al. - I hope that the introduction of
Windows Store/package manager will shut them down for good. They're evil, they
deserve to be down.

[0] -
[https://news.ycombinator.com/item?id=8319102](https://news.ycombinator.com/item?id=8319102)

~~~
Sir_Substance
I've always considered the assertion that quality content is only created if
there is financial reward to be a flagrant lie.

Expectations of ads fully supporting websites are relatively new even to the
world wide web, let alone the internet. 10 years ago, you might at best hope
that your ads would offset a bit of the websites hosting costs.

The really good content is put up by people who are in it because they care
about the content, not the money. The same is true of software.

My experience is that if you are offering quality, you either give it away for
free, or insist on up front payment.

Pay by ad, pay by data and in app purchase are all business models of people
who want money and don't care about the content, but know their product isn't
good enough to sell.

~~~
snowwrestler
There is certainly a lot of great content created by people doing it for the
love, but love only gets a person so far. To do real in-depth reporting takes
quite a bit of time, way more than anyone but the independently wealthy have
at their disposal unless they are working (and being paid) as professional
reporters.

Consider the work on the Snowden files. Snowden handed his huge collection to
professional reporters, who then spent weeks and months carefully reading it,
confirming what they could independently, working with experts to understand
what was most important, working with lawyers to understand what they could
and not publish, and finally, writing and editing the articles.

Or consider investigative journalism pieces like the work that revealed the
problems at the U.S. Veteran's Administration, or the Washington Post's series
on civil asset forfeiture:

[http://www.washingtonpost.com/sf/investigative/2014/09/06/st...](http://www.washingtonpost.com/sf/investigative/2014/09/06/stop-
and-seize/)

The Post and other news operations need to make money somehow, so that their
reporters can afford to spend the time to keep doing this work. So far, ads
are the only revenue source that seems reliable, although a lot of news ops
are experimenting with online subscriptions as well.

~~~
TeMPOraL
Ok, but on the other hand consider the remaining 95% of content created by
news sites, which is lies, clickbait, and total&utter crap. I very much
apperciate investigative journalism for both the entertainment value and the
function it provides to society - but that's a very, very small part of what
gets published in papers, and the rest of what gets to the front pages of news
sites is what makes them an example, not an exception, of my rule.

I applaud the work of professional journalists who care about stories they do
and providing value to the public. So I want to support them, but not the
other 95% published under the same banner. Because seriously, I get much
better value from HN and Reddit comments, which not surprisingly, are both
free and written by people who care.

------
Renaud
Instead of dowloading from Sourceforge (loaded with ads and its own devious
'installer'), CNET, Download, etc, there are no-crapware alternatives that
offer more management tools as well (remembering your list of apps across
machines, automated updates, discoverability):

Ninite: nice, simple, installer: just select apps and let the installer do it
all for you.

AllMyApps: all the apps, no crapware (at least for now).

chocolatey: a command-line package manager for Windows

[https://chocolatey.org/](https://chocolatey.org/)

[https://ninite.com/](https://ninite.com/)

[http://allmyapps.com/](http://allmyapps.com/)

Ninite is clean and great for managing deployment on multiple machines,
although it offers a limited number of curated apps (but they tend to be very
common).

AllMyApps has tons of apps and the most user-friendly. I could give that to my
mum. Only had some minor issues sometimes when it fails to recognise versions
to update. It will even recognise and update apps that were not installed
through its manager.

Chocolatey has lots of packages and you can create your setup to make it easy
to deploy across machines. It's getting more secure and the authors are
putting a review process in place to guarantee quality.

I've used all three and they all offer something useful. All allow you to
manage your own deployment across machines.

~~~
TeMPOraL
A nice list. How long they're all around?

I still can't shake the feeling that it's only a matter of time before Moloch
gets to them and they'll start serving crapware like any others. I'd love to
be wrong on that.

~~~
swies
Ninite Co-Founder here.

Our pro-version SAAS business model works great.

Plus we started Ninite because junkware enraged us so much. It's just punching
down at non-technical users. I'd kill the company before doing that.

Anyway, we'll be around and junkware free until the world moves to platforms
where everything's signed and sandboxed.

~~~
TeMPOraL
Thank you for your reply. I'll definitely check out your product then.

------
weavie
I regularly get called by people complaining that their computer no longer
works. Pretty much every time it turns out that their machine is loaded with
crapware. It amazes me how people just put up with random browser windows
popping up and having to search via some random search engine that has been
imposed on them.

At the minute I just have to put up with spending a few hours removing the
worst offenders and then running several different adware removers. It
generally keeps them running well for a few months.

I would love to set up a VM so whenever things start going wrong they could
just delete the VM and start fresh. Currently VMs are a bit too heavy weight,
a lot of people struggle with the concept of working in multiple Windows let
alone knowing which machine they are actually working in. I am looking forward
to Microsoft implementing containers ala Docker. It will be interesting to see
what possibilities will be available for making it seamless and quick enough
for a computerphobe to browse within a container.

~~~
lucaspiller
I feel your pain. Whenever family ask me to look at their computer I spent an
hour deleting spyware and such. The worst bit is they do have antivirus and
Windows defender, but they do nothing to stop it :/

The common advice to stop it before was "don't use IE". Everyone uses Chrome
now, and so that's now where everything installs itself (check the extensions
and there is usually something dubious). Google even have a tool to remove
this stuff:
[https://www.google.co.uk/chrome/srt/](https://www.google.co.uk/chrome/srt/)

~~~
cnvogel
I had to deinfect a adware infested computer of a colleague recently. In my
oppinion, most adware is _very_ eager to include some proper way of
uninstalling, just to not be classified as a trojan/virus/... Even if this is
completely leaning to persuade the customer NOT TO INSTALL it:

"You will loose precious functionality, your computer will get slower, the
locusts will invade your country: Are you SURE to deinstall
CrapToolbarAdMakeComputerFaster2000? [NO!] [NOT AT ALL!] (yes) [CONTINUE USING
ADWARE]"

I guess it's done that way so that Microsoft would look like to impair a
earnest software business' operation, would they choose to include it in their
"evil monopolistic" antivirus software.

~~~
weavie
It is that 5% that refuse to go away and then reinstall themselves when you
finally work out how to get rid of them that takes up 95% of the time.

------
josteink
I see a lot of comments here about Mac & Ubuntu. I run Ubuntu myself, so no
disrespect intended.

That said: If we all do and make everyone else do as we say, replace Windows
with Ubuntu & Mac, guess what happens next? The next shitwave of shitware will
come to our favourite platforms, and they will find new exploits and new
creative ways to fuck us over too.

This is a social problem and technology alone wont solve it. Either users must
be taught to avoid things like this (flying pigs be damned) or it must be
banned by law. Law which unfortunately knows geographical limits and universal
lack of uniformity & coherence.

What's the general opinion on that? I'm obviously all for banning crapware,
but lets say the majority was for banning it, and we found a solution for the
"global" laws thing... How would you define it, where would you draw the line
for what is just poor software and what is actively harmful?

What about remote-control/support-tools? Obviously they can be used for good,
but in the wrong hands they can be used for espionage and surveillance and
ransomware.

I suspect such a ban would cause quite some debate, even among techies.

~~~
thirdsun
It's already happening on OSX. The other day a non-tech-savvy co-worker of
mine wanted to install some kind of Samsung Sync software for his mobile (KIES
or something?) - instead of the official site he went with the first Google
result. That colorful and large download button inspired confidence after all.
The downloaded app installed...something, but it wasn't Kies. It hijacked the
browser, installed MacKeeper and changed all kinds of settings and
preferences.

He told me after the fact and since the machine was just freshed setup with
few things changed (apart from the crapware) I told him to do a clean install
since you never know what you missed when you try to clean it up manually.

------
Animats
That's a major indictment of CNET. They're in the crapware/adware/spyware
business. Some of the crapware downloaded even bears their logo.

The two programs frantically fighting over the browser home page was amusing.

------
austinz
Even the Windows Java client installer tries to get you to install the Ask
toolbar (or at least it did; I haven't seen an update recently). I imagine it
must be quite lucrative for Oracle; either that, they stopped caring about
Java's reputation as a user-facing technology for web content or desktop
applications, or users just don't notice these things.

~~~
easytiger
There was a discussion on here recently. Apparently Ask.com makes something
like $400+ mil per year. Mind boggling.

[https://news.ycombinator.com/item?id=8762663](https://news.ycombinator.com/item?id=8762663)

~~~
theandrewbailey
Oracle makes $billions per year. There's no reason to bundle Ask. Despicable.

~~~
easytiger
Yea but it will be attempts to make business subgroups self funding that led
to this. Under sun java was the cherry-on-top of their hardware / gateway drug
to their server side hardware. I doubt oracle look at it like that.

------
rbanffy
This is why I moved my mom to a Mac and then to Ubuntu in, IIRC, 2007. The
last time I had to clean up her Windows machine, everything was so completely
contaminated with all kinds of malware that I simply gave up. I backed up her
most important data (customer data, proposals), cleaned it thoroughly (Office
documents can be infected - thank you, Microsoft) and just moved her to a Mac
I no longer used. When she started complaining the Mac was slow (it was no
longer up to the task of running a modern browser with Gmail in it) I moved
her to an IBM desktop with Ubuntu she uses to this day.

She even updates the machine herself through the package manager GUI.

And she's 79.

~~~
olavgg
My grandfather had the same problem, now with Ubuntu he is happy :-)

------
ptaffs
This timely article appears the weekend I erase & install OSX having clicked
the wrong download button on CyberDuck. The Google DoubleClick banner is
prominent on the page, the actual software download is "below the fold". I
should know better, but I clicked the big green "Download Now" next to the big
Yellow duck, and underneath the same-Green Donate button. I ended-up
downloading something wrapped in Genieo's InstallMac software, nothing to do
with CyberDuck, who I wouldn't even mention except the banner is so prominent
on the page. I also, dumbly, entered my admin credentials before aborting the
install when it started downloading more components. Within seconds my search
engine on all browsers was changed, start-page reset and other configuration
including a process left running.

The installed files and modified files were not easy to find, apple provide
good help but it's hard to trust the computer once it's executed malicious
deceptive code with root privilege.

Clearly this was all my own fault and poor decision making.

~~~
j_s

      > Clearly this was all my own fault and poor decision making.
    

Don't blame the victim!

------
benbristow
Unchecky is a useful defense against this. Uses about a megabyte of RAM and
runs in the background, blocking most offers.

[http://www.unchecky.com/](http://www.unchecky.com/)

Install it on all computers that I get given being the family/friends 'IT
guy'.

~~~
m_ram
Wow, this is brilliant if it works well. If anyone from Unchecky reads this,
you should repeat this experiment with your software installed and post it on
your blog.

------
robobro
_Free software vendors make so much more money by bundling other software than
they do by selling subscriptions that it’s pretty much the only business plan
that anybody can consider using. At least Avast is bundling something good, so
we can’t really argue with it.

Because when the product is free the real product is YOU._

His use of the term "free software" kinda bugs me here. Yes, "freeware" are
harmful, but just because something doesn't cost anything doesn't make it bad.
Because his article is intended for a general audience, I think he should
offer links to legitimate free software vendors. Instead of going on a crusade
against "free (and open source) software" he should go on one against
"suspicious free (of cost) software sites".

KMplayer does have an option to add an Ask toolbar, but it doesn't have Search
Protect. I really don't think that a lot of the big-name software containing
trojans on Download is uploaded there by the project developers, but that's
just the dreamer in me talking. On sites that let people upload executable
files with little-to-no moderation, or on sites that are in and of themselves
harmful, malware is unavoidable.

~~~
alextgordon
Most people versed in the English language will think "free software" means
"freeware", because the other meaning is approximately as comprehensible as
"educated toasters". Software can't have freedom. People have freedom.

------
ksk
I think in general, this is what happens when companies start failing. CNet
used to be a great company, but these days people don't go quietly off into
the night. Corporations hire useless MBA types who want "synergy" with the
"ecosystem" and "streamlining sales process for customers" (by customers I
mean the malware companies, not the website visitors) and other nonsense
euphemisms that usually means "we're going to screw someone".

In a saturated s/w market it seems like the only money that's left is in
places where people didn't want to go before because of the "that's kind of a
dickish thing to do" self-awareness that companies used to have.

While in theory, this is not Microsoft's fault, practically I don't feel
comfortable recommending Windows to any family member these days. OSX is good,
but a lot of OSX crapware is starting to come with kernel extensions and
Launch Daemons/Agents, etc.

------
brudgers
The higher level of trust I place in free software is one of the motivations
for my increasing use of Linux. Even Java comes with crapware on Windows, the
app store has the standard creepy more permissions than needed business model.

I remember when download.com was a resource and there was good stuff to be had
for free. But bad drove out good a long time ago. The official Windows
ecosystem is permalogin appStores and what lives outside the walls is a
massive web of bad actors who thrive on Google's self-serving
disinterest...Why do download.com and Cnet show up in results? They are less
benevolent than content farms.

It's not that I hate Windows or experience viruses. It's that I've tired of
being paranoid on the one hand and updated by apps on the other. Psychic
weight and distraction are two things of which I want less.

\---

Clarification: Windows has a great ecosystem for commercial software and in a
business context often has the best options for solving domain specific
problems.

------
jacquesm
Download.com took an executable I made, unpacked it, added a whole bunch of
spyware and malware to the archive and re-packed it. I hate them with a
passion.

------
gleenn
The article, while informative, feels like a subtle Avast advertisement. It's
mentioned 16 times in the damn article, and the author even vindicates it for
not preventing problems and also compares it to AVG saying its better.

~~~
3minus1
it's almost like he's covertly bundling it into his article

~~~
TheHypnotist
My world has just been shattered.

------
mkohlmyr
I had to use download.com recently. More than anything the experience
solidified to me that using Windows is unpleasant. Finding and installing
software is a bit like going on an episode of "the dating game" knowing that
2/3 of your bachelors keep a rag and a bottle of chloroform handy in the glove
compartment.

------
jenscow
This is the #1 reason Windows is no longer on my kid's computers; it's too
easy to install crap-ware no matter what security package you use.

~~~
mcx
Recently I visited my dad and his laptop was just full of crapware. I noticed
the only thing he uses is the web browser, maybe editing the occasional word
doc. So I just wiped the machine, put on ElementaryOS and hopefully there will
be less problems. Haven't heard any complaints so far.

~~~
squeaky-clean
I did this for my sister this Christmas. Every holiday she visits and hands me
her laptop to be fixed or reformated. So I got fed up, installed eOS and the
tweaks plugin, got Netflix and mp3/aac support working, and told her I had
installed Mac OSX on her laptop.

If I had told her it was Linux, she would be too scared to touch the thing,
but she honestly believes she has a Mac now (in a Dell laptop), and hasn't
complained at all so far.

~~~
mcx
Absolutely, that was a huge reason I decided to make the switch to Linux.
Coming home and getting a stack of laptops from family and friends, becomes a
hassle. I didn't come here to spend my day reinstalling Windows!

After I reformatted the machine, I just handed it over and didn't even mention
that it was running Linux, just to see if there be any reaction like, "this is
not Windows!" and the only question I was asked was "what is the password to
unlock the screensaver".

It's a real drag having to go to like Dell to find and download all the
drivers, and then download and install things like Java, Flash, etc.

Having a package manager is a huge win, I can write a ansible playbook to
configure the machine and make sure the packages are always up to date with
something like unattended-upgrades and then call it a day.

I'm just glad my parents don't use online banking, so I get some peace of mind
there.

------
bbayer
The thing is you don't actually know what these programs are doing behind the
scenes. Hijacking browser home page is the most innocent thing.

~~~
simonh
A colleague managed to get one of thse toolbar things on his computer. It was
a nightmare. It installed a second hidden browser plugin to keep re-installign
the toolbar and re-setting your default search engine every time the browser
restarts. Then there was a startup exe installed to re-install the plugins and
toolbar on system restart. Then there was something else rooted in there
somewhere that kept downloading and re-enabling that if you disabled it in
msconfig.

We had to do some serious registry hacking and manual system32 folder cleanup
to finally kill the blasted thing.

Not that I've had to deal with anything like that at home since 2007. OSX all
the way baby! I've probably got back a couple of weeks of my life over the
last 7 years, when you add in time spent messing with device driver version
issues and general system tuning.

~~~
TeMPOraL
On Windows, Restore Point are (still) a good one-stop solution against this
kind of crap.

The most annoying malware I've removed this way was one that automatically
killed any instance of cmd.exe and regedit.exe that you opened.

~~~
acdha
Malware routinely hides in the restore points – it avoids anything which is
configured not to scan them (this was surprisingly widespread a few years
back, although I hope it's improved) and might even get someone to reactivate
it if you restore for any other reason.

Trying to bolt security on after the fact like this is a losing game.

------
Anthony-G
Soon after I got my first computer in the late 90s, I figured out that free
(gratis) / shareware proprietary software can’t be trusted and that I should
be wary of sites such as Download.com. After a couple of years, I moved to
GNU/Linux as my regular OS but I’d still use Windows in a work environment and
after working in an Internet cafe, I became an expert in removing malware.

Since then, the situation has got much worse: you used to be reasonably safe
downloading FOSS software but nowadays you can’t trust Windows binaries from
Sourceforge. Even serious software producers such as Oracle have been bundling
Ask.com crapware with Java updates. I feel sorry for new Windows users who
want to get more functionality out of their PC.

I thought the battle of the malware to dominate the home near the end of the
article was funny.

------
etix
The VLC team experienced the same kind of crapware in 2013 but on Sourceforge
and decided to move away.

[https://blog.l0cal.com/2013/05/02/rethinking-vlc-mirrors-
inf...](https://blog.l0cal.com/2013/05/02/rethinking-vlc-mirrors-
infrastructure/)

------
alexhektor
The irony of the article is that it gets even worse if you're not in a VM.
Some adware companies try to detect that for fraud-preventing purposes.

------
talklittle
Relevant discussion about YC-funded "InstallMonetizer" from 2 years ago:
[https://news.ycombinator.com/item?id=5092711](https://news.ycombinator.com/item?id=5092711)

------
woah
Can somebody tell me again about how awful web apps are? I've used hundreds of
those of the most dubious provenance and they have never done anything to my
os.

------
JamesBaxter
When my relatives get confused by IE or Firefox I tell them just to use
Chrome, partly because they ALWAYS already have copy installed due to tactics
like this.

------
Maarten88
Funny, at the bottom of this article there's a Google Adsense Ad for a "Free
Malware Removal installer". Even their own site needs monetization and is part
of the problem.

This article shows pretty well how polluted the Windows software ecosystem has
become, it is a huge problem for Microsoft. I hope the Windows Store situation
will improve with the next version of Windows.

------
ZoFreX
> And no matter how technical you might be, most of the installers are so
> confusing that there’s no way a non-geek could figure out how to avoid the
> awful.

Or even a geek who is in a hurry. I came very close to accidentally installing
crapware when I was downloading things from Sourceforge the other day. It's no
wonder regular end-users end up with all this crap.

~~~
nmeofthestate
I installed crapware on a brand new laptop a few weeks ago. I searched for
"chrome" in IE, clicked the _top paid link on bing.com_ \- malware.
Unbelievable.

System restore worked well to fix that screw-up.

~~~
nmeofthestate
By the way, I just checked and this is STILL happening on bing.com:

Top paid result for "chrome" is the following crapware site:

[http://google-chrome-uk.download-assist.com/](http://google-chrome-
uk.download-assist.com/)

------
mark_l_watson
For the first time in 10 years, I just ordered a Windows 8.1 laptop (I live in
a small town, I want to start teaching some free classes at our library, and
thought I better also have a Windows laptop).

Someone commented on Amazon that he had to spend 2 hours removing crap-ware
from the model I ordered and said he wished he would have bought directly from
Microsoft. I looked, and Microsoft sells the same laptops with "signature"
branding: this means that they sell you a crap-ware free system. So, I stopped
the Amazon order and for the same money bought from Microsoft. I intend to
only install Java 8, IntelliJ, git, ssh, and probably Pharo Smalltalk when I
receive my new laptop.

A little off topic, but a few weeks ago I wiped my MacBook Air clean by
reformatting the disk, did a fresh install, and just installed what I need for
writing and development work. Now my MacBook Air runs faster and I recovered a
lot of disk space.

------
accounthere
With so many Windows users and developers how come there is nothing like
Debian's apt? With zip-like packages instead of executable files, signed by
the maintainers and with a uniform installation ui. The closest thing I know
is Chocolatey and it doesn't even comes close.

Even if only open source applications used it, it would be so useful.

------
xroche
And sometimes the crapware is bundled with legit free/open-source softwares :(
(I ranted about that some time ago:
[http://blog.httrack.com/blog/2013/11/24/i-do-not-want-
your-s...](http://blog.httrack.com/blog/2013/11/24/i-do-not-want-your-search-
bar/))

~~~
hereonbusiness
Oracle is bundling the Ask toolbar and McAfee Security Scanner as "optout
adware" with java runtime updates, the whole windows 3rd party software
ecosystem is nothing but a cesspit.

------
cturhan
I really wonder why people prefer some other websites to download the product
instead of its own website. When you type "ccleaner", "kmplayer" etc on
google, the first one is always the product website. The second and third ones
are the websites distributing product with adware/spywares.

~~~
libria
Maybe they're looking for a trusted curator or the "user" reviews give them a
sense of reassurance. As an exercise, try to find the right download button on
Imgburn's own website:

[http://www.imgburn.com/](http://www.imgburn.com/)

Even during installation, you still have to navigate the "Uncheck spyware"
minefield.[1]

[1] [http://www.jdhodges.com/blog/safe-version-imgburn-without-
op...](http://www.jdhodges.com/blog/safe-version-imgburn-without-opencandy/)

~~~
Lewton
I installed imgburn, I was careful to uncheck everything, yet I still ended up
with OpenCandy. I -probably- fucked up, but I don't see why someone who is
shady enough to bundle OpenCandy wouldn't also be shady enough to ignore what
people choose during installation as they will usually only blame themselves.

------
Aoyagi
The moral of the story is that average users shouldn't use or have access to
the administrator account, but that's nothing new, is it?

Oh, and that words like "client", "program", or "utility" are dead. Too bad.
I'm surprised they don't call malware "malapp".

------
jmilloy
I agree that there is a lot of useless software, malware, and annoying
bundling on download.com and in the Windows software ecosystem at large.

But seriously, it's not hard to avoid installing a lot of bundled software.
I'd be more interested in what happens when you install the Top Download.com
Apps _without_ the obviously bundled crap. And I'm certainly not interested in
hearing complaints about what the programs do (it's just distracting),
considering that you picked them arbitrarily and some of them seem to be doing
exactly what they say they will do.

If we're going to bash a software ecosystem, let's at least try to do it
intelligently.

~~~
tsaoutourpants
How is it unintelligent to point out that downloading a few apps from a
(formerly) reputable source of free apps results in your computer being
basically unusable? What the article showed shouldn't happen, and it did
despite download.com's assurances that it wouldn't.

~~~
jmilloy
The article is objectively misleading. The title reads "What happens when you
install x", but instead they proceed to install x, y, and z. Is it so
surprising that when you "click next to install program y", that program y is
installed? Download.com doesn't promise not to bundle software, it promises
not to install bundled software without the user's consent, which is obscured
in this demo. I'm not saying that Download.com is doing the right thing; _I 'm
saying that this article is failing to isolate where the problem really is._

Furthermore, they complain about things that aren't related to Download.com at
all. For example, they install YAC and then complain that YAC is installed and
working as advertised. Again, it obscures the actual investigation. Consider
that this isn't Download.com's recommended apps; it's simply the most
downloaded applications. Just because a lot of people download something isn't
an assurance that it does something useful. Go to the Editor's Picks for that,
which includes many useful and clean programs. Or even the Top Downloads of
all time, rather than Last Week.

By obscuring the results of the demo and failing to distinguish between things
that should happen and things that shouldn't, HTG makes it harder for us
intelligently discuss the Download.com ecosystem. They fail to educate users
about bundled software and how to avoid it. Instead, we're just regurgitating
vague opinions that the Windows ecosystem is terrible.

The title should read something more like "What happens when you blindly
install applications a lot of other people installed" which makes it much
easier to discuss whether Download.com is really at fault here, or who/what
is. For example, does Download.com have a responsibility _not_ to report and
index statistics such as most downloads last week, so that users can't be
tricked into thinking that Download.com recommends they install those programs
arbitrarily?

------
apetrovic
Microsoft dropped the ball with lack of App Store. With all app store's
drawbacks, that's the place where regular user can pay easily without thinking
will someone steal his/her credit car number, the place where applications
should be harmless, and the place where (and this is important) the user can
compare prices between similar applications.

Windows doesn't have the app store. And nobody (read: very, very small
percentage) is willing to type the credit car number on some unknown site to
pay for some utility. So shareware died, and shareware authors went to the
dark side.

~~~
noonespecial
The one who dropped the ball is CNet. _They_ could have used their good name
to establish a curated software marketplace and done subscription, app sales,
freemium... anything at all other than giving their reputation a giant flush
for a few bucks and earning themselves a 127.0.0.1 in the hosts file of
computers I work on.

~~~
jenscow
Back in the day, I probably would have made use of that - instead they made
developers bid to have their products higher in the listings.

------
ikeboy
Driver booster happens to be very useful for what it does. It's the only
driver updater that ever worked for me.

Most are useless, and try to charge money, but not Driver Booster. (And you
can find a pro key for free if you look around, but even non pro is still
pretty good.)

And that stuff in the linked article about drivers updating from Windows
Update: many driver updates take a long time to make it there, if at all. I've
seen many times that a driver has an update from the manufacturer but it
doesn't update automatically.

------
paule89
Could remove all of this malware with Malwarebytes Anti Malware. Buz still had
zo reset the proxy settings, because they had been changed. The change was
also removed but i had to unclick a checkbox so it doesn't use a proxy
anymore. It is so frustrating. I don't know if Windows can sustain it's
software model like this. It is just unbearable. Ninite and chocolatey would
be great solutions i think.

------
rndn
That makes me wonder why anti virus software does not have crapware detection.
That would actually be a good task for them.

------
Kiro
How can these be legal?

~~~
TeMPOraL
I don't know. But I wonder how is that those sites haven't yet ended up on
Chrome/Firefox "Malware-serving Site" blacklist?

~~~
TorKlingberg
Google itself pays to have Chrome installed as bundleware. I for got which,
but it comes with either Adobe Reader, Flash or Java in some geographical
locations.

~~~
jeltz
Google has also bundled Picasa in the past.

------
grandalf
Reading this makes me well up with empathy for the unfortunate person who
installs one of these bundles.

Sites like download.com are fraud sites, which install programs that are
essentially viruses. I'm surprised Google doesn't crack down more heavily on
them the way it does on warez sites.

------
kbenson
It would be fairly humorous if the #1 download.com app, Avast, then proceeded
to block every other download.com link (instead of just a few of them, which
in itself is funny).

------
kristofferR
Unchecky ( [http://unchecky.com](http://unchecky.com) ) should be auto-
installed by Windows.

------
jtn_001
They are doing it for years now especially after 2009 or something, before
that download.com is not so much awful as nowadays.

------
z3t4
Selling to private persons is a bureaucratic nightmare in EU! If you managed
to market your app and managed to get paid, you now have to be registered for
VAT in the country you are selling to. And there are tons of rules like 10 day
money back return that are enforced by law in most countries.

If you serve adds (or crapware) instead, you get a monthly paycheck witch
require minimal accounting work or customer support.

------
gesman
Did anyone else noticed how quickly this story was buried off the first page
of HN?

:)

------
Siecje
ninite.com does bundle anything with another application.

------
SimplyUseless
Just plain nightmare

------
biomimic
Who still installs those standalones?

------
biomimic
Nevermind.

