topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 6:46 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: .  (Read 30544 times)

pillbug

  • Member
  • Joined in 2014
  • **
  • default avatar
  • Posts: 15
    • View Profile
    • Donate to Member
.
« on: November 22, 2014, 08:18 PM »
.
« Last Edit: January 01, 2015, 07:36 PM by pillbug »

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #1 on: November 22, 2014, 08:24 PM »
i like this idea! many times i had abandoned apps that uses these kind of installers.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #2 on: November 22, 2014, 08:47 PM »
I think the DLL is really the way to go..

The dll should export a callable function that returns TRUE if the installer is being run inside a 3rd party "wrapper".
It would be nice if there were options for displaying a (text customizable) alert box if so, and providing a button to visit a specific webpage.

As far as detecting whether the installer is being run via a 3rd party wrapper, the ideal case would be if you could detect the parent launching process and easily detect all wrappers.  A less ideal solution if that is impossible would be to detect specific company wrappers.

By my way of thinking, it's not important if this detection happens before or after the wrapper tries to install any adware or bundled crap.  The point of this DLL is not to prevent the wrapper from running -- it's to let your installer detect this case and decide what to do.  Some coders may decide that the best thing to do is warn the user, exit, and send the user to the REAL program web page.  Other coders may decide that the best thing to do is let the install complete but warn the user.

Ideally just the use of this dll will be enough to trigger these websites automatic wrapping tool to give up and not wrap the program.

pillbug

  • Member
  • Joined in 2014
  • **
  • default avatar
  • Posts: 15
    • View Profile
    • Donate to Member
.
« Reply #3 on: November 23, 2014, 09:18 AM »
.
« Last Edit: January 01, 2015, 07:37 PM by pillbug »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #4 on: November 23, 2014, 12:28 PM »
I sent you a link to a zip with some wrapped installers, check your pm.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #5 on: November 23, 2014, 12:49 PM »
By my way of thinking, it's not important if this detection happens before or after the wrapper tries to install any adware or bundled crap.  The point of this DLL is not to prevent the wrapper from running -- it's to let your installer detect this case and decide what to do.  Some coders may decide that the best thing to do is warn the user, exit, and send the user to the REAL program web page.  Other coders may decide that the best thing to do is let the install complete but warn the user.

Ideally just the use of this dll will be enough to trigger these websites automatic wrapping tool to give up and not wrap the program.


Something bothers me here. I think if we're going to be proactive enough to spread a tool, we might want to be more aggressive. I think the detection should certainly trigger before the wrapper does anything; trigger as fast as possible. Most people have no idea how nasty the wrappers are.

It's practically a game of Minefield to unclick all the junk the wrapper wants to do, and that's assuming it even plays quasi fairly. (I think I saw a few stories, some don't!)


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #6 on: November 23, 2014, 01:06 PM »
I think the detection should certainly trigger before the wrapper does anything;

This is almost certainly not realistic/practical.
The wrapper is going to do its own thing, and then unpack and launch your original pristine installer after it has offered up its bundled adware, etc.

If you wanted to physically stop the wrappers from running, the only solution is to have some other software already running (like an antivirus) that detected it and stopped it.  And if you are the kind of person who would run such a tool constantly in the background, you are also the kind of person who won't get bit by these wrapped installers in the first place.



However, I believe that the solution with the dll preventing your program from installing from a wrapper and telling the user why will accomplish the same goals.

The most likely result of having this dll prevent the wrapper from completing its installation, is that it will never be wrapped in the first place.

First, it's quite likely that the automated wrapper creation tool will abandon trying to wrap your program, meaning you will stop this problem before it ever gets to the user.  Second, if it they do try to distribute your wrapped program, it won't be long before they get enough complaints from users that downloaded it that they will remove the wrapper and put back your original.
« Last Edit: November 23, 2014, 01:11 PM by mouser »

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #7 on: November 23, 2014, 02:17 PM »
I think the detection should certainly trigger before the wrapper does anything;

This is almost certainly not realistic/practical.
The wrapper is going to do its own thing, and then unpack and launch your original pristine installer after it has offered up its bundled adware, etc.

If you wanted to physically stop the wrappers from running, the only solution is to have some other software already running (like an antivirus) that detected it and stopped it.  And if you are the kind of person who would run such a tool constantly in the background, you are also the kind of person who won't get bit by these wrapped installers in the first place.



However, I believe that the solution with the dll preventing your program from installing from a wrapper and telling the user why will accomplish the same goals.

The most likely result of having this dll prevent the wrapper from completing its installation, is that it will never be wrapped in the first place.

First, it's quite likely that the automated wrapper creation tool will abandon trying to wrap your program, meaning you will stop this problem before it ever gets to the user.  Second, if it they do try to distribute your wrapped program, it won't be long before they get enough complaints from users that downloaded it that they will remove the wrapper and put back your original.

Maybe this is a double barreled problem. For example, with me as your test case, "Anti-Virus" programs do nothing about junk installers. So what if you just spread a second project dll/file that looks for the top twelve junkware installers and sorta acts like an Anti-Virus addon? Aka "No they're not viruses, exactly, but they're mean. You probably shouldn't be running that. So whatever cool little tool you just tried to download was scooped up. Try to find the original copy."

Twist - sometimes the wrapped copy is the only one left after a few years. Web volatility and all.

It's like I want this utility to "scan inside itself" to see whatever it will *eventually* install, then notice that's not the same as the wrapped mess, then do something. It sounds easy in concept logic, prob tricky to really do.

Edit: I just installed a new copy of Java. They used to have a nasty installer, but I forgot what was bundled with it. Today the new one "just did what apparently it was supposed to". (We'll see!!)



IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #8 on: November 23, 2014, 03:23 PM »
Not sure if this is true today but I think Oracle's Java and/or Adobe/Macromedia Flash Player installs used to (and may still do) come bundled with the Ask.com web browser search installer.
From memory, I recall that MBAM (Malwarebytes) is able to detect some candyware as PUPs (Potentially Unwanted Programs) that it has recorded in its virus signature database. It detects the signature files for PUPs in software installers and I think (but am not sure) that it may even sometimes be able to isolate/remove the PUP components from the main software install, leaving the basic software installer intact.

I shall post a query for clarification about this in the MBAM support forum and drop the answer in this thread.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #9 on: November 23, 2014, 03:40 PM »
Not sure if this is true today but I think Oracle's Java and/or Adobe/Macromedia Flash Player installs used to (and may still do) come bundled with the Ask.com web browser search installer.
From memory, I recall that MBAM (Malwarebytes) is able to detect some candyware as PUPs (Potentially Unwanted Programs) that it has recorded in its virus signature database. It detects the signature files for PUPs in software installers and I think (but am not sure) that it may even sometimes be able to isolate/remove the PUP components from the main software install, leaving the basic software installer intact.

I shall post a query for clarification about this in the MBAM support forum and drop the answer in this thread.

That's what I meant Iain, today it didn't seem to be there.



IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #10 on: November 23, 2014, 06:51 PM »
...That's what I meant Iain, today it didn't seem to be there.
Yes, I realised that. I was posting not so much to agree with you as to say that I thought it used to be there (until very recently).
By the way, I forgot to mention that, depending on the source one used to download Java/Flash from, it could make a difference as to whether it had a PUP installed.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #11 on: November 23, 2014, 09:11 PM »
...That's what I meant Iain, today it didn't seem to be there.
Yes, I realised that. I was posting not so much to agree with you as to say that I thought it used to be there (until very recently).
By the way, I forgot to mention that, depending on the source one used to download Java/Flash from, it could make a difference as to whether it had a PUP installed.

Oh you're right, it def used to be there. It made one of my rants because it wasn't even a wrapper, it was "the official source" from Oracle, with stuff bundled into it. But today it seemed to be gone. (I say seem, because it didn't show me anything, and I don't see strange toolbars in my browsers, but you never know with Oracle! But one lil' ol' Angry Bird ... uh ... couldn't have been the only one screaming at them for bundling. )


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #12 on: November 23, 2014, 09:12 PM »
...That's what I meant Iain, today it didn't seem to be there.
Yes, I realised that. I was posting not so much to agree with you as to say that I thought it used to be there (until very recently).
By the way, I forgot to mention that, depending on the source one used to download Java/Flash from, it could make a difference as to whether it had a PUP installed.

It was.  I always wondered how they got away with it.  And this was not getting it from a 3rd party... but as an upgrade direct.

pillbug

  • Member
  • Joined in 2014
  • **
  • default avatar
  • Posts: 15
    • View Profile
    • Donate to Member
.
« Reply #13 on: November 24, 2014, 08:04 AM »
.
« Last Edit: January 01, 2015, 07:38 PM by pillbug »

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #14 on: November 24, 2014, 07:48 PM »
Saw this today and thought it could be of interest:
Unchecky Trusted Freeware download and reviews - SnapFiles.com
Prevent accidental installations of third party offers.
Unchecky is a small tool that can help you prevent accidental acceptance of third party sponsor offers during software installations. The program runs as a background service and monitors your software installations. If it detects any unrelated offers, it automatically unchecks them for you, so you don't accidentally install any unwanted software. We tested Unchecky with a handful of different installers and it worked particularly well with OpenCandy, AVG and some others (see our screenshots). Keep in mind that there are many different types of third party offers and installation schemes and Unchecky will not work with all of them - it missed a few during our tests. Nonetheless, Unchecky works well with most of the popular installers and uses very little resources. If you frequently find yourself overlooking third party offers and end up with unwanted toolbars or application, you definitely want to give Unchecky a try! The current version has a rather minimalist interface without any additional configuration options. We'd like to seem some logging features or notification options that keep the user informed of Unchecky's actions.


It is described briefly on the developer's website, and there's some interesting discussion/comment about it:
Unchecky v0.3
(Copied below sans embedded hyperlinks/images.)
Introducing Unchecky v0.3!

The new version of Unchecky provides you with more visual feedback:

    A tray icon is visible as long as the Unchecky service is running.
    When an offer is rejected, a notification message is shown (see screenshot below).

unchecky_0.3_notification_icon

Also, Unchecky v0.3 has an activity log, which was the most requested feature on UserEcho. You can see which installers were handled by Unchecky, how many offers were rejected, and how many warnings were displayed:

unchecky_0.3_activity_log
As you can see from the above screenshot, there are also social network buttons, which allow you to tell your friends and family about Unchecky. Please use them! We have great plans about Unchecky, and we need your help to spread the word.
Posted in Software, Updates by RaMMicHaeL at October 7th, 2014.
Tags: unchecky

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #15 on: November 25, 2014, 02:44 PM »
I just had to make a Java update today.  The offer to install the Search App by Ask was still there, and checked by default. :(

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,610
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #16 on: November 25, 2014, 03:04 PM »
The offer to install the Search App by Ask was still there, and checked by default.
Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,958
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #17 on: November 25, 2014, 03:25 PM »
The offer to install the Search App by Ask was still there, and checked by default.
Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

thanks Ath :Thmbsup:
that will make life a lot easier, especially helping family that dont know what & when to untick the box.
Tom

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #18 on: November 25, 2014, 03:44 PM »
The offer to install the Search App by Ask was still there, and checked by default.
Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

Thanks!  I didn't know about that... which brings to mind the question... should it even be necessary?  Are there different categories of adware distributors?  Why do they get a pass?

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,610
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #19 on: November 25, 2014, 04:10 PM »
which brings to mind the question... should it even be necessary?
I  agree with your objections and second your questions. Especially when knowing that these 'sponsors' are only added to the JRE installers, and not to the JDK installers (not even the JRE installer included with those) AFAICS. But all a developer needs is a JDK (without the extra JRE), after all :)

hamradio

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 825
  • Amateur Radio Guy
    • View Profile
    • HamRadioUSA.net
    • Read more about this member.
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #20 on: November 25, 2014, 11:18 PM »
Think you can also download the offline installers of JAVA...not sure about recent versions but use to the offline installers didn't have the offers.

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,610
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #21 on: November 26, 2014, 01:45 AM »
not sure about recent versions but use to the offline installers didn't have the offers.
I'm quite sure recent versions have them, but you may have disabled the settings from the Control panel gadget that gets installed with the JRE. I only get the off-line installers, though I currently tend to no longer install a separate JRE (space-saver when having 3 installed JDK's).

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #22 on: November 26, 2014, 02:28 AM »
I just had to make a Java update today.  The offer to install the Search App by Ask was still there, and checked by default. :(

This confuses me because it *wasn't* there in my copy a few days ago!
Holy Schrodinger offers!
:tellme:

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #23 on: November 26, 2014, 02:35 AM »
The offer to install the Search App by Ask was still there, and checked by default.
Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

This feels like a lawsuit-avoidance tactic. "Starting with version ... and ..." - and it's buried at the bottom of control panel / java / advanced?! /I didn't even know that control panel existed!

See my Fake Nany post in the basement - disabling and wiggling out of these offers is like a bad version of minesweeper! "Look! It's a game! If you win you can install only the program you wanted! But if you lose, you get to spend hours removing junk from your system!"


Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,610
    • View Profile
    • Donate to Member
Re: NANY 2015 Pledge: Installer Crapware Wrapper Detection DLL
« Reply #24 on: November 26, 2014, 02:53 AM »
I  agree with your objections and second your questions.
This feels like a lawsuit-avoidance tactic. "Starting with version ...
The above combination makes me really wonder why in earth's name a big multinational, like Oracle pretends to be, has to include crapware for some infamous minority like "Ask" :(