It's not. It is embedded in the installer with a sha1 of 692a2bd8cce1c4ac62f7cd505907aa8e21ab3b69, which you would have known had you actually studied the suspicious file at hand, rather than just go with the narrative posted in the blog.
Well, they’re right, and they did the work to verify they were right, as opposed to the other people in this thread blindly making assumptions. They care more about the truth than the other posters.
Makes them more decent than the others, in my book.
Sure, the installer ships a font file, and sure, the most obvious answer is that it's just installed as is.
But my app also ships a bunch of templates, and it doesn't mean users will always see the same thing when they're loaded. The font binary could have some magic number that's replaced with a fingerprint ID.
Most likely it isn't, but the work to verify would actually involve installing TV in two different machines, and comparing the installed files.
If you think they're going through the hassle to ship a font file but sleight-of-hand install a different font, then why do you think they wouldn't also go through the hassle of further hide what they're doing? For instance, replace a preexisting font you wouldn't think to look at?
If you think it's honest-to-god malware, then provide evidence that it's malware. Installing a font does not make software malware. Checking for the presence of an installed font is not malware.
I don't have Windows near me to rub tests myself.