Adobe, Skype and CCleaner top Hall of Shame list

[NewsBot]

Recently Ed Bott released his list of Foistware Hall of Shame programs. It's a bit hard to say what foistware is since there is no official definition for this term. But the basics of it is that it is software installers that also try to install potentially unwanted software onto the users computer. These are things like toolbars, browsers and other things that some users will think they have to install in order to install the application.

Sadly this sort of thing has been allowed to go on for a very long time. In fact, it's almost impossible to find quality software that does not want to install some kind of unwanted garbage. I've noticed that avast unfortunately wants to install Google Chrome and I've also heard numerous times that Apple's iTunes wants to install their Safari browser. In the near future I plan to start a project within the Lunarsoft Wiki that will list off many of these applications that are popular, well known and want to install toolbars and/or browsers. So keep with us to find out more.

View the full article

[greenknight]

While CCleaner has been guilty of this in the past, they're not now. I just checked by downloading the Standard installer, no extras came bundled with it. I just hope it stays that way.

I have no problem with being offered an extra program along with the one I'm after - but when the option is checked by default so that those who just click through wind up with junk they don't want, that's unacceptable.

[Tarun]

I'm sorry but that's not true, sadly. I just downloaded the Standard build and with Firefox as my default browser it offered to download Google Chrome.

[James_A]

It all depends where on the website you download CCleaner from. The Standard build, to which you are steered on the download page, has "extras". If you bypass the download page and go, instead, to the "builds" page than you can find the "no toolbar" version.

.

[Tarun]

Oh, that's interesting to know. For research sake here's the link I used: http://www.piriform.com/ccleaner/download/standard

[greenknight]

Oh, that's interesting to know. For research sake here's the link I used: http://www.piriform.com/ccleaner/download/standard

Odd, that's where I went (just for research, usually I do like James said and go to the "builds" page). Tried again just now, still no extra junk. I wonder why - I used to get that stuff, same as you.

[James_A]

Maybe you've been offered it in the past and refused?

If so, check out the following two Registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Toolbar Offer Until

HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until

The first one is for Internet Explorer users, the second is for other browser users.

I'd be interested to know if they exist and, if so, what the DWORD data for the value "Piriform Ltd" is.

.

[Tarun]

HKLM\SOFTWARE\Google does not exist here.

Ah, it's since I'm on 64 bit. So check here too:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until

I have one listed as AVAST Software - REG_DWORD.

[Eldmannen]

Sadly this sort of thing has been allowed to go on for a very long time. In fact, it's almost impossible to find quality software that does not want to install some kind of unwanted garbage.

While this is generally true, I believe it to be less so for open source software.

Around open source software there is often a community with a 'no bul*****' attitude. People speak up against that, and it is heavily criticized and can lead to the codebase being forked.

This 'foistware' (bundled stuff) phenomena, does not exist in the Linux software ecosphere.

[Tarun]

This 'foistware' (bundled stuff) phenomena, does not exist in the Linux software ecosphere.

Because there's no profit for those who distribute toolbars/etc. But I'm sure you can find some open source with junkware being offered.

[greenknight]

Tried the Standard download again with the 3.07 update, and this time Google Chrome was pushed with it.

@James - I don't have either of those registry entries; not now, anyway.

[James_A]

As far as I can tell, those entries are associated with being "offered" the relevant piece of Google-ware.

As Tarun has pointed out, the key is in a slightly altered location if you are running a 64-bit OS.

If the key exists, then the company bundling the "offer" will have its name present and the REG_DWORD should decode as a Date (in hexadecimal packed decimal).

That's why I asked if "Piriform Ltd" was present (makers of CCleaner).

However, Tarun, has one for "AVAST Software", which means they must be bundling the stuff as well.

You can also look out for others, such as "PC Tools", or "Skype Technologies SA".

The theory is that encoding a date with the year 2099 in it should prevent the offer -- for the forseeable future, anyway.

.

Edited May 27, 2011 by James_A

[James_A]

The date is packed in the format Year * 10000 + Month * 100 + Day, giving YYYYMMDD, as a REG_DWORD.

So changing the entry to Ox1404895 (= 20990101) should fix it for now.

.

[Tarun]

It looks like they set it to not ask for six months. Since I updated CCleaner yesterday it added one for Piriform Ltd 132df16 (20111126).

Funny thing about it adding Avast since I didn't install avast, merely tested to see what was bundled.

[0_0]

You can add FocksIt(Up) Reader 5 to the list of foistware.

CyberLink has Name: GoogleInstallStatus, Type: Reg_SZ, Data: NOTINSTALL

and I also have an Avast entry.

HKLM\SOFTWARE\Google\No Chrome Offer Until: Name: ALWIL Software, Type: REG_DWORD, Data: 0x0132b86c (20101228)

This must be from version 4 based on the date.

I think K-Lite has added something to their MegaPack installer, it's buried in the very busy menu of items to select (or deselect), when I update again I will pay closer attention. Also, there are other codec packs that are doing this as well (if what others say is true) - Windows 7 Codec Pack, Shark007 etc. Hell, even MediaInfo uses OpenCandy. It is best to suspect all your favorite apps/tools are humping you big time with foistware, be thankful if they aren't.

Strangely, doing a search of my registry for Google I find this - maybe nothing to worry about:

HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer -> Name: UseGoogle, Type: REG_DWORD, Data: 0x00000000 (0)

[greenknight]

As far as I can tell, those entries are associated with being "offered" the relevant piece of Google-ware.

As Tarun has pointed out, the key is in a slightly altered location if you are running a 64-bit OS.

If the key exists, then the company bundling the "offer" will have its name present and the REG_DWORD should decode as a Date (in hexadecimal packed decimal).

That's why I asked if "Piriform Ltd" was present (makers of CCleaner).

However, Tarun, has one for "AVAST Software", which means they must be bundling the stuff as well.

You can also look out for others, such as "PC Tools", or "Skype Technologies SA".

The theory is that encoding a date with the year 2099 in it should prevent the offer -- for the forseeable future, anyway.

.

I checked after I got the "offer", a regedit search for those found nothing.

Might be due to a glitch, though. When I ran the CCleaner install and the window headed "Install Google Chrome!" (or however it was worded) came up, it was blank. There was no checkbox I could uncheck to refuse it. Waited a minute, nothing appeared, so I clicked through - thinking I could easily kill the download afterward. Turns out it's not so easy; I wound up rebooting. Since I'm on dial-up, waiting for the download to finish would have been a big waste of time.

It was almost like a trojan. There was no sign of Google except a new Google Update autorun. A svchost process was the only thing CurrPorts found that was downloading; a whois search verified it was downloading from Google. Tried closing the port it was using, since I wasn't sure it was safe to kill that process - it just opened another one. Rebooting put a stop to it, though.

That's just evil. Bad enough they push this stuff on you, but hijacking your computer if you click through the install dialog is going way too far.

[greenknight]

You can add FocksIt(Up) Reader 5 to the list of foistware.

CyberLink has Name: GoogleInstallStatus, Type: Reg_SZ, Data: NOTINSTALL

and I also have an Avast entry.

HKLM\SOFTWARE\Google\No Chrome Offer Until: Name: ALWIL Software, Type: REG_DWORD, Data: 0x0132b86c (20101228)

This must be from version 4 based on the date.

I think K-Lite has added something to their MegaPack installer, it's buried in the very busy menu of items to select (or deselect), when I update again I will pay closer attention. Also, there are other codec packs that are doing this as well (if what others say is true) - Windows 7 Codec Pack, Shark007 etc. Hell, even MediaInfo uses OpenCandy. It is best to suspect all your favorite apps/tools are humping you big time with foistware, be thankful if they aren't.

Strangely, doing a search of my registry for Google I find this - maybe nothing to worry about:

HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer -> Name: UseGoogle, Type: REG_DWORD, Data: 0x00000000 (0)

I think that last entry just means that if you use the "search online" function in Process Explorer it will use Google.

[James_A]

It looks like they set it to not ask for six months. Since I updated CCleaner yesterday it added one for Piriform Ltd 132df16 (20111126). ....

Six months is exactly right...

I've seen the (Windows) source code:

  // Set expiration date for offer as six months from today,

  // represented as a YYYYMMDD numeric value.

  SYSTEMTIME timer = now;

  timer.wMonth = timer.wMonth + 6;

.

[James_A]

... <snipped> ...

Strangely, doing a search of my registry for Google I find this - maybe nothing to worry about:

HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer -> Name: UseGoogle, Type: REG_DWORD, Data: 0x00000000 (0)

I think that last entry just means that if you use the "search online" function in Process Explorer it will use Google.

Well, I thought that too, but right-clicking on a process and selecting Search Online... Ctrl+M in the context menu, opened a Google search and I have UseGoogle = 0x00000000, not UseGoogle = 0x00000001. The only info I've found online suggests that Process Explorer should, therefore, be using MSN => Bing.

.

[greenknight]

Appears I guessed wrong - I have nothing at "HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer" at all. No idea why you do.

Turns out I do have "no chrome offer until..." entries - for Alwil and RealNetworks. Seems I messed up my search before. Nothing there about CCleaner, though.

[James_A]

Appears I guessed wrong - I have nothing at "HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer" at all. No idea why you do. ....

I've since found out that this entry (which is pretty much undocumented) may be obsolete, because it goes way back to when you could select the Search Engine in Process Explorer. Later versions of Process Explorer use the default browser and default search engine for that browser with no choice. I suppose Mike and I have it because we've been running Process Explorer since before version 11.

.