.

[pillbug]

.

[lanux128]

i like this idea! many times i had abandoned apps that uses these kind of installers.

[mouser]

I think the DLL is really the way to go..

The dll should export a callable function that returns TRUE if the installer is being run inside a 3rd party "wrapper".
It would be nice if there were options for displaying a (text customizable) alert box if so, and providing a button to visit a specific webpage.

As far as detecting whether the installer is being run via a 3rd party wrapper, the ideal case would be if you could detect the parent launching process and easily detect all wrappers.  A less ideal solution if that is impossible would be to detect specific company wrappers.

By my way of thinking, it's not important if this detection happens before or after the wrapper tries to install any adware or bundled crap.  The point of this DLL is not to prevent the wrapper from running -- it's to let your installer detect this case and decide what to do.  Some coders may decide that the best thing to do is warn the user, exit, and send the user to the REAL program web page.  Other coders may decide that the best thing to do is let the install complete but warn the user.

Ideally just the use of this dll will be enough to trigger these websites automatic wrapping tool to give up and not wrap the program.

[pillbug]

.

[mouser]

I sent you a link to a zip with some wrapped installers, check your pm.

[TaoPhoenix]

By my way of thinking, it's not important if this detection happens before or after the wrapper tries to install any adware or bundled crap.  The point of this DLL is not to prevent the wrapper from running -- it's to let your installer detect this case and decide what to do.  Some coders may decide that the best thing to do is warn the user, exit, and send the user to the REAL program web page.  Other coders may decide that the best thing to do is let the install complete but warn the user.

Ideally just the use of this dll will be enough to trigger these websites automatic wrapping tool to give up and not wrap the program.

-mouser (November 22, 2014, 08:47 PM)

Something bothers me here. I think if we're going to be proactive enough to spread a tool, we might want to be more aggressive. I think the detection should certainly trigger before the wrapper does anything; trigger as fast as possible. Most people have no idea how nasty the wrappers are.

It's practically a game of Minefield to unclick all the junk the wrapper wants to do, and that's assuming it even plays quasi fairly. (I think I saw a few stories, some don't!)

[mouser]

I think the detection should certainly trigger before the wrapper does anything;

This is almost certainly not realistic/practical.
The wrapper is going to do its own thing, and then unpack and launch your original pristine installer after it has offered up its bundled adware, etc.

If you wanted to physically stop the wrappers from running, the only solution is to have some other software already running (like an antivirus) that detected it and stopped it.  And if you are the kind of person who would run such a tool constantly in the background, you are also the kind of person who won't get bit by these wrapped installers in the first place.


However, I believe that the solution with the dll preventing your program from installing from a wrapper and telling the user why will accomplish the same goals.

The most likely result of having this dll prevent the wrapper from completing its installation, is that it will never be wrapped in the first place.

First, it's quite likely that the automated wrapper creation tool will abandon trying to wrap your program, meaning you will stop this problem before it ever gets to the user.  Second, if it they do try to distribute your wrapped program, it won't be long before they get enough complaints from users that downloaded it that they will remove the wrapper and put back your original.

[TaoPhoenix]

I think the detection should certainly trigger before the wrapper does anything;

This is almost certainly not realistic/practical.
The wrapper is going to do its own thing, and then unpack and launch your original pristine installer after it has offered up its bundled adware, etc.

If you wanted to physically stop the wrappers from running, the only solution is to have some other software already running (like an antivirus) that detected it and stopped it.  And if you are the kind of person who would run such a tool constantly in the background, you are also the kind of person who won't get bit by these wrapped installers in the first place.


However, I believe that the solution with the dll preventing your program from installing from a wrapper and telling the user why will accomplish the same goals.

The most likely result of having this dll prevent the wrapper from completing its installation, is that it will never be wrapped in the first place.

First, it's quite likely that the automated wrapper creation tool will abandon trying to wrap your program, meaning you will stop this problem before it ever gets to the user.  Second, if it they do try to distribute your wrapped program, it won't be long before they get enough complaints from users that downloaded it that they will remove the wrapper and put back your original.

-mouser (November 23, 2014, 01:06 PM)

Maybe this is a double barreled problem. For example, with me as your test case, "Anti-Virus" programs do nothing about junk installers. So what if you just spread a second project dll/file that looks for the top twelve junkware installers and sorta acts like an Anti-Virus addon? Aka "No they're not viruses, exactly, but they're mean. You probably shouldn't be running that. So whatever cool little tool you just tried to download was scooped up. Try to find the original copy."

Twist - sometimes the wrapped copy is the only one left after a few years. Web volatility and all.

It's like I want this utility to "scan inside itself" to see whatever it will *eventually* install, then notice that's not the same as the wrapped mess, then do something. It sounds easy in concept logic, prob tricky to really do.

Edit: I just installed a new copy of Java. They used to have a nasty installer, but I forgot what was bundled with it. Today the new one "just did what apparently it was supposed to". (We'll see!!)

[IainB]

Not sure if this is true today but I think Oracle's Java and/or Adobe/Macromedia Flash Player installs used to (and may still do) come bundled with the Ask.com web browser search installer.
From memory, I recall that MBAM (Malwarebytes) is able to detect some candyware as PUPs (Potentially Unwanted Programs) that it has recorded in its virus signature database. It detects the signature files for PUPs in software installers and I think (but am not sure) that it may even sometimes be able to isolate/remove the PUP components from the main software install, leaving the basic software installer intact.

I shall post a query for clarification about this in the MBAM support forum and drop the answer in this thread.

[TaoPhoenix]

Not sure if this is true today but I think Oracle's Java and/or Adobe/Macromedia Flash Player installs used to (and may still do) come bundled with the Ask.com web browser search installer.
From memory, I recall that MBAM (Malwarebytes) is able to detect some candyware as PUPs (Potentially Unwanted Programs) that it has recorded in its virus signature database. It detects the signature files for PUPs in software installers and I think (but am not sure) that it may even sometimes be able to isolate/remove the PUP components from the main software install, leaving the basic software installer intact.

I shall post a query for clarification about this in the MBAM support forum and drop the answer in this thread.

-IainB (November 23, 2014, 03:23 PM)

That's what I meant Iain, today it didn't seem to be there.

[IainB]

...That's what I meant Iain, today it didn't seem to be there.

-TaoPhoenix (November 23, 2014, 03:40 PM)

Yes, I realised that. I was posting not so much to agree with you as to say that I thought it used to be there (until very recently).
By the way, I forgot to mention that, depending on the source one used to download Java/Flash from, it could make a difference as to whether it had a PUP installed.

[TaoPhoenix]

...That's what I meant Iain, today it didn't seem to be there.

-TaoPhoenix (November 23, 2014, 03:40 PM)

Yes, I realised that. I was posting not so much to agree with you as to say that I thought it used to be there (until very recently).
By the way, I forgot to mention that, depending on the source one used to download Java/Flash from, it could make a difference as to whether it had a PUP installed.

-IainB (November 23, 2014, 06:51 PM)

Oh you're right, it def used to be there. It made one of my rants because it wasn't even a wrapper, it was "the official source" from Oracle, with stuff bundled into it. But today it seemed to be gone. (I say seem, because it didn't show me anything, and I don't see strange toolbars in my browsers, but you never know with Oracle! But one lil' ol' Angry Bird ... uh ... couldn't have been the only one screaming at them for bundling. )

[wraith808]

...That's what I meant Iain, today it didn't seem to be there.

-TaoPhoenix (November 23, 2014, 03:40 PM)

Yes, I realised that. I was posting not so much to agree with you as to say that I thought it used to be there (until very recently).
By the way, I forgot to mention that, depending on the source one used to download Java/Flash from, it could make a difference as to whether it had a PUP installed.

-IainB (November 23, 2014, 06:51 PM)

It was.  I always wondered how they got away with it.  And this was not getting it from a 3rd party... but as an upgrade direct.

[pillbug]

.

[IainB]

Saw this today and thought it could be of interest:
Unchecky Trusted Freeware download and reviews - SnapFiles.com

Prevent accidental installations of third party offers.
Unchecky is a small tool that can help you prevent accidental acceptance of third party sponsor offers during software installations. The program runs as a background service and monitors your software installations. If it detects any unrelated offers, it automatically unchecks them for you, so you don't accidentally install any unwanted software. We tested Unchecky with a handful of different installers and it worked particularly well with OpenCandy, AVG and some others (see our screenshots). Keep in mind that there are many different types of third party offers and installation schemes and Unchecky will not work with all of them - it missed a few during our tests. Nonetheless, Unchecky works well with most of the popular installers and uses very little resources. If you frequently find yourself overlooking third party offers and end up with unwanted toolbars or application, you definitely want to give Unchecky a try! The current version has a rather minimalist interface without any additional configuration options. We'd like to seem some logging features or notification options that keep the user informed of Unchecky's actions.

It is described briefly on the developer's website, and there's some interesting discussion/comment about it:
Unchecky v0.3
(Copied below sans embedded hyperlinks/images.)

Introducing Unchecky v0.3!

The new version of Unchecky provides you with more visual feedback:

    A tray icon is visible as long as the Unchecky service is running.
    When an offer is rejected, a notification message is shown (see screenshot below).

unchecky_0.3_notification_icon

Also, Unchecky v0.3 has an activity log, which was the most requested feature on UserEcho. You can see which installers were handled by Unchecky, how many offers were rejected, and how many warnings were displayed:

unchecky_0.3_activity_log
As you can see from the above screenshot, there are also social network buttons, which allow you to tell your friends and family about Unchecky. Please use them! We have great plans about Unchecky, and we need your help to spread the word.
Posted in Software, Updates by RaMMicHaeL at October 7th, 2014.
Tags: unchecky

[wraith808]

I just had to make a Java update today.  The offer to install the Search App by Ask was still there, and checked by default.

[Ath]

The offer to install the Search App by Ask was still there, and checked by default.

-wraith808 (November 25, 2014, 02:44 PM)

Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

[tomos]

The offer to install the Search App by Ask was still there, and checked by default.

-wraith808 (November 25, 2014, 02:44 PM)

Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

-Ath (November 25, 2014, 03:04 PM)

thanks Ath
that will make life a lot easier, especially helping family that dont know what & when to untick the box.

[wraith808]

The offer to install the Search App by Ask was still there, and checked by default.

-wraith808 (November 25, 2014, 02:44 PM)

Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

-Ath (November 25, 2014, 03:04 PM)

Thanks!  I didn't know about that... which brings to mind the question... should it even be necessary?  Are there different categories of adware distributors?  Why do they get a pass?

[Ath]

which brings to mind the question... should it even be necessary?

-wraith808 (November 25, 2014, 03:44 PM)

I  agree with your objections and second your questions. Especially when knowing that these 'sponsors' are only added to the JRE installers, and not to the JDK installers (not even the JRE installer included with those) AFAICS. But all a developer needs is a JDK (without the extra JRE), after all

[hamradio]

Think you can also download the offline installers of JAVA...not sure about recent versions but use to the offline installers didn't have the offers.

[Ath]

not sure about recent versions but use to the offline installers didn't have the offers.

-hamradio (November 25, 2014, 11:18 PM)

I'm quite sure recent versions have them, but you may have disabled the settings from the Control panel gadget that gets installed with the JRE. I only get the off-line installers, though I currently tend to no longer install a separate JRE (space-saver when having 3 installed JDK's).

[TaoPhoenix]

I just had to make a Java update today.  The offer to install the Search App by Ask was still there, and checked by default.

-wraith808 (November 25, 2014, 02:44 PM)

This confuses me because it *wasn't* there in my copy a few days ago!
Holy Schrodinger offers!

[TaoPhoenix]

The offer to install the Search App by Ask was still there, and checked by default.

-wraith808 (November 25, 2014, 02:44 PM)

Oracle actually offers a solution for disabling those 'sponsor offers': https://www.java.com...q/disable_offers.xml

-Ath (November 25, 2014, 03:04 PM)

This feels like a lawsuit-avoidance tactic. "Starting with version ... and ..." - and it's buried at the bottom of control panel / java / advanced?! /I didn't even know that control panel existed!

See my Fake Nany post in the basement - disabling and wiggling out of these offers is like a bad version of minesweeper! "Look! It's a game! If you win you can install only the program you wanted! But if you lose, you get to spend hours removing junk from your system!"

[Ath]

I  agree with your objections and second your questions.

-Ath (November 25, 2014, 04:10 PM)

This feels like a lawsuit-avoidance tactic. "Starting with version ...

-TaoPhoenix (November 26, 2014, 02:35 AM)

The above combination makes me really wonder why in earth's name a big multinational, like Oracle pretends to be, has to include crapware for some infamous minority like "Ask"