One of my assistants recently alerted me to a new (new to me, anyway) source of PUPs (Potentially Unwanted Programs).
In fact, it was new enough that I didn’t pay close enough attention while investigating it, and almost ended up installing software I didn’t want or need.
Let’s use this as an opportunity to review what you need to look for when downloading software or software updates.
PUPs as a business model
PUPs represent a way for software vendors to make money when you download and install their programs. In fact, for free software, it can be a significant source of revenue – it’s part of what allows free software to be free.
Vendors often get paid for each download, or each install, of whatever extra software they might get you to install along with theirs.
PUPs work because they’re sneaky. The vendors won’t admit to this – they’ll say the options are there for you to make whatever choices you want. In a sense, they’re right, but there are several issues that make them appear less than completely above-board.
- The software being offered is typically unrelated to the software you’re downloading and installing.
- The option to install the unrelated software is explicitly hidden in some way. Perhaps it’s an option that requires scrolling down (most people don’t), or it’s hidden in a set of “Advanced” or “Custom” options that most people never see.
- The option to install the unrelated software is passively hidden by making the other options that people are looking for – like an “Install” button – bigger and more eye-catching. In their quest to just get things done, people gloss over what’s on the screen and just click the big button to move on.
- The option to install the unrelated software defaults to “yes”. Unless the user reads carefully and unchecks a box, the software is installed.
As a result, it’s very easy to install software you don’t need and don’t want.
There’s nothing “potentially” unwanted about it.
The latest: choices before you even download
Downloading an update to Adobe Flash from the Adobe website, I was presented with this screen:
In my rush to install the update, I just clicked the “Install now” button. I was surprised when two additional installations were queued in addition to the Flash update.
So, I looked closer.
In the center of the screen were two very non-descript checkboxes in a section labeled “Optional offers”. They were checked by default.
I had “accepted” two PUPs before even starting the download. I’d not seen that before.
Traditional PUPs happen on install
More commonly, PUPs are installed after the download, when you run the downloaded installation or setup program.
The setup program typically encourages you to select the “Default” or “Most common” options to make installation easier. Unfortunately, it makes the installation process easier for them. Buried in the options you bypassed are checkboxes for similar “optional offers” that are almost always enabled by default.
The default is to install PUPs whether you want them or not.
Vigilance is required
My experience was particularly frustrating because:
- It was a mainstream component: Adobe Flash.
- I was downloading it directly from the vendor’s site, not via some third party download site.
- It was an update, not a new install.
In the past, those factors could be relied on to be a sign of safety; a sign that perhaps we didn’t need to be quite as vigilant.
Clearly, that’s not the case. Vigilance is always required.
- Only download directly from the original vendor.
- Check for options before the download.
- Check for options during the install.
- Never choose Default; always choose Custom or Advanced or whatever else it might be called.
To be clear, this is certainly not limited to Adobe or Adobe Flash. Many software downloads suffer from this type of tack-on revenue opportunity.
Vendors do this because it works. Vigilance, and making explicit choices of our own, is how we avoid installing programs we never really wanted in the first place.