You did the right thing. If the software is truly optional, then saying “no” should have no impact on your ability to use the software you actually want.
Software installations have become more and more aggressive in attempting to get you to install add-ons that are unrelated to the software you’ve actually purchased.
Become a Patron of Ask Leo! and go ad-free!
Always choose “custom”
If you take away only one thing, let it be this:
When installing software, never choose the Default or “Express” option; always choose “Custom”, “Advanced”, or the equivalent.
Then watch carefully for offers of software that is unrelated to what you’re installing, and make the choice not to install it.
The cost of software
I used to have mixed feelings on this. On one hand, I understood the motivation: the cost of developing and distributing software is high, and must be recouped somehow. That’s pretty obvious when software is free, but even when purchased, the price you pay may not cover the actual cost of development.
But this practice has gotten out of hand.
Not only is it difficult to make informed decisions, it’s also clear that the distributors – who get paid by the installation for including these “extras” – are counting on it.
There’s a term for this type of software installation: “foistware” – software that’s being foisted on you whether you actually want it or not.
And that’s not a good thing.
How it works
The short version is very simple. A software manufacturer or distributor is offered additional revenue for including a toolbar or other application with their installation.
That revenue may be based on the number of people who see the recommended offer, or it may be the number of people that actually install the recommended offer. These days, I’m pretty sure it’s usually the latter.
Whether the actual offer is related to the software that you’re installing is often unclear.
To be honest, I can’t say I’ve ever seen foistware that has been required, necessary, or even related to the software I was installing. In almost all cases, it was completely unnecessary.
Why it’s bad
These kinds of tag-along offers can be very bad in a couple of different ways:
- Malicious. We have seen what many consider to be actual malware installed as foistware.
- Intrusive. More commonly, the additional software is intrusive in some way – getting in the way of other operations, changing search engines, toolbar behavior, adding pop-up ads, or worse.
- Cumulative. After installing just a few otherwise legitimate downloads, people often find their machines slowing down and their screens cluttered with things they never wanted or asked for.
The way these “offers” are presented is what sets them apart, and has tipped the scales to their being considered inappropriate and even evil:
- Installed by default. You should never be able to accidentally install one of these. Some vendors pre-check the option box by default in the hope that you’re not paying attention; you’ll simply click “Next”, and install the software you didn’t realize you asked for.
- Installed without choice. I’ve seen some vendors remove the choice and install “optional” software whether you wanted or not. In my opinion, this is evil, and I’ve rescinded recommendations in the past because of it. You should know what you’re getting and you should get only what you ask for.
- Installed by deception. The word “recommended” is severely overused in advertising, including in this scenario. It’s often used to imply an endorsement when there isn’t one. If it’s truly optional, the text should say so. There should be nothing to indicate that the software is somehow required, or related to, the software that you’re actually interested in using. Misleading text is almost, but not quite, as evil as not giving you a choice at all.
- Installed at update time. Unfortunately, it’s not uncommon for updates to once again offer these optional software installations. My position is that I made a decision not to install the offer when I installed the software the first time; I should not have to remember to pay attention so I don’t accidentally install additional software every time there’s an update.
In short, if the installation of the software that you want causes you to unintentionally install software that you don’t, it’s just plain wrong.
What to do
Unfortunately, there is no blanket remedy for the problem of foistware. Sometimes, the software you want offers additional software. Hopefully, they make the offer with some amount of integrity.
The only true solution is to pay careful attention to software installations.
As I mentioned earlier, always choose Custom or Advanced Options if it’s offered as an option during the installation process. Occasionally, these offers of additional software are hidden behind these advanced options, and may very well be defaulted to install whether you want it or not, if you choose the Default or Quick Installation path.
If you find software that has surreptitiously installed foistware without your knowledge, complain. Uninstall the software, stop using it, find an alternative, and complain to the original vendor that you are no longer using their software specifically because of the foistware they included.
And to be completely fair, if you find the additional offer attractive, interesting, or potentially useful, then by all means, accept it. I certainly don’t want to imply that all such offers are unnecessary.
It’s just that in my experience, they usually are.
An additional approach
Ninite is an online service that simplifies downloading and installing popular utilities and other programs.
One of the benefits of using Ninite is that the software is vetted and delivered without foistware.
I plan to review and formally recommend Ninite soon.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 7:21 — 6.8MB)
Subscribe: Apple Podcasts | RSS
37 comments on “Do I Need this Add-on Recommended by this Software Installation?”
ahh….good old Ask.com….what a sad internet story that is.
Excite.com was once a respected search engine and one of the key players in the early days of web. Then about ten years ago, the conversational search engine Ask Jeeves was a revolutionary idea with so much potential. But something must have been mishandled. Somehow this once-great company has sunk so as to become nothing more than one of the bottom feeders of the internet.
You may have seen those documentaries on CNBC about successful companies like Coca-Cola and KFC. I think they should do one on Ask.com about how NOT to run an internet company. It would probably be both educational and interesting.
If a company would be a bit more forthcoming about the reasons for installing additional software, I would be much more likely to go along. Something along the lines of “To be honest, we make a little extra money each time someone installs this particular toolbar. So please help us and try it out. If it doesn’t meet your needs, you are free to uninstall it later.” But I’ve only seen messages like this from individual programmers or small software companies. The big boys can’t seem to bring themselves to this level of honesty.
I found some game software I wanted, and the site said it had to load its software to install it. Did that – then it said I had to load Realplayer to before I could install the software. After I loaded Realplayer, I did the research I should have done to begin with. I found out on the web that the internet company makes money by having users install foistware. It never did have the original software it promised. It just said it did so it could sucker me into loading other software. Uninstalled Realplayer, and it asked why in the installation process, so I posted about the company. When I tried uninstalling the original companies installation software, it hosed my system. None of my video or music editing software would work. I rebuilt my system and learned a lesson at the same time. Research everything before you try loading software. See if there is anything on the internet about companies that promise good deals, because you might be getting more than you asked for while not getting anything you wanted.
“Unfortunately, there is no blanket remedy for the problem of foistware.” The blanket remedy – and best option – is to completely avoid foistware-supported apps. There’s really no reason to be using them. (Almost) without exception, there’s a clean alternative that’s just as good. Selecting a custom install will not necessarily ensure that people avoid the foistware. While some apps make it very clear how to opt-out, that’s not always the case and install processes are often extremely deceptive, which is why antivirus and antimalware programs often flag/block installations.
It’s also best to avoid freeware download sites, none of which are a trustworthy source:
I use this little program called Unchecky that is very lightweight and doesn’t get in the way. Yeah Unchecky automatically unchecks unrelated offers, saving you mouse clicks and making it less likely to miss a checkbox for a PUP. Try it out: http://unchecky.com/.
FYI: It’s in partnership with the Reason Company or is one of their many projects. If you don’t recognize the name, you may recognize these programs websites or just their unique programs: http://www.shouldiremoveit.com/index.aspx and https://www.herdprotect.com/.
I have somewhat mixed feelings about Unchecky. On the one hand, it works pretty well; on the other hand, it’s not 100% effective and could lull people into a false sense of security. It’s worth noting that while Unchecky is extremely effective at blocking the relatively benign extras that may be included with apps from well-known companies – the Ask Toolbar that’s bundled with Java, for example – it’s less effective at blocking the extras may be included with apps from less well-known companies, which sometimes have extremely deceptive install processes (I’ve seen installer that require a person first uncheck a box and then check another box in order to opt out – and both dialog boxes were very ambiguously worded!).
As I said above, I think the best option is simply to avoid foistware-supported apps. There’s (almost) always a clean – and safer – alternative.
I use Unchecky. So far the little program as work for me and save my computer couple times when I missed a foistware check box. Why does Adobe flasher download have Mcafee web tool on download page? IF you miss this option then Mcafee gets installed. Just like Java. There for while CCleaner had foistware click item (if I remember right it was Ask toolbar or like program.) since they are selling Pro editions this foistware was removed. Note on Ninite: Yes I used Ninite but they are missing some great freeware and watch out some of their packages are no free but demos or shareware like Winrar.
True, but Ninite has about 100 programs and a couple like WinRAR and TeamViewer are trialware, but TeamViewer is totally free for non-commercial use, and the trial version WinRAR lets you to ‘test’ it forever (let your conscious be your guide). I’m personally using about 35 programs which I have downloaded through Ninite. The other freeware I just install very carefully. I also make sure I only install programs which are know to be reliable. I’ve completely avoided foistware with that approach. And if you do get foistware, AdwCleaner and MalwareBytes can usually remove it.
I personally hate when software is forced upon me.
I have been in situations where a program installation aborts if i ‘refuse’ their foistware, or installs the foistware anyway, even if I choose ‘no’.
Worse still, I have had programs not run correctly once I remove the stuff they installed without my approval or consent.
I have also had technical support for some programs go on about ‘false positives’ when my anti-malware prevents their installation.
No. Simply no. In my opinion there is no such thing as a ‘false positive’ – legitimate programming should never use techniques that make anti-malware suspicious.
Actually, sometimes antivirus programs label legitimate programs as malware, because they access certain system areas that malware often attacks. There are some diagnostics programs which need to access those areas, but the AV tags them as displaying malware like behavior.
“I have also had technical support for some programs go on about ‘false positives’ when my anti-malware prevents their installation.” – While the developer may have claimed it to be a false-positive, it almost certainly was not. By far the most likely explanation is that the maker of your security program considered the app – or whatever was bundled with it – to be unwanted/malicious. Security companies consider a number of factors when making these decisions, for example: https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx
“Almost certainly” is incorrect. There are absolutely valid applications that occasionally get flagged by anti-malware tools resulting in a true false positive. Typically the anti-malware tools are eventually updated to account for it, but that’s not always the case. As with all things, assuming the worst is the safest thing to do, but it’s not always accurate.
“There are absolutely valid applications that occasionally get flagged by anti-malware tools resulting in a true false positive.” Indeed. But, assuming that Bob was talking about an installation that came with bundled extras, then it’s extremely likely to have been an accurate detection rather than a false-positive.
Java is a big offender of this, every update it tries to add something on.
Yeah, Java is a pain in the butt. Not only because of the bundled extras, but also because of it’s extremely poor security record. The good news is that the majority of people don’t need Java and can simply remove it: http://www.howtogeek.com/210598/what-functionality-would-i-lose-if-i-disable-browser-based-java/. Some other good news is that Oracle recently announced that the next version of Java will not plug directly into the browser, which will make it much more secure: http://krebsonsecurity.com/2016/02/good-riddance-to-oracles-java-plugin/
permission to forward this to my step son. He works with IT and is a Danish citizen and lives in Copenhagen.
We were exchanging emails about this very subject earlier in the day, He speaks English as he grew up in
Atlanta, Ga. I would like him to read Ask Leo #585. He knows how to browse the net; but knows nothing about
what sites are trust worthy. I do not know if he is eligible to subscribe to your newsletters or not; but it would
give him a good source of information.
Anyone can subscribe, and you’re welcome to share any article I’ve posted publicly by sharing the link to that article.
This is one practice that really annoys me. Due to a poor experience with a “respected” (and expensive) security program, I went back to the free version with no bells, whistles, or much else. One of the programs asked if I wanted to install their search engine and toolbar. When I clicked on “no”, it aborted the installation. This was a well known firewall program that I had previously used for years, and trust its performance. So, I resigned myself to having extra and unnecessary add-ons to get the main program.
This was also installed from the COMPANY website, not one like “2 female bovines”. I believe I did disable the toolbar in the view options, but it still pops up as the default if I add pages to my browser.
Another related practice that I dislike is when I get a notice that I need to update one of these programs, and get the notification from the taskbar. When I click on update, I get dumped to a page that tries to trick me into downloading the PAID version on a 30 day trial. If I could find a way to comment to the company, I would. Unfortunately, lately more and more customer contact info is hidden or withheld, so finding the right URL is difficult.
Both of these practices should be banned, but likely won’t be, because as was pointed out, these companies make money on this practice.
If you do end up installing UPs (Unwanted programs, I drop the first P from PUPs as they are rarely Potential), they can usually be removed using AdwCleaner and/or Malwarebytes:
As for the upsell, I believe that’s a reasonable price to pay for free software. A lot of work goes into “free” software, and they do want to get something for their effort.
“As for the upsell, I believe that’s a reasonable price to pay for free software.” – I think that really depends on the add-on and the installation mechanism. As I said, while some installers are very clear about the extras and make it easy to opt out, others use misleading/confusing dialogs to trick people into installing the additional software.
When I said upsell, I was referring to programs like CCleaner which bring you to their website and tell you the virtues of the paid version. I’m not talking about boxes that come prechecked or which send you directly to the paid version, and you have to search for the free version. Those are evil.
The ad-supported app model has (largely) died and I think the foistware model will go the same way. And good riddance too. Overall, it does developers more harm than good.
I believe (as the company / program is not mentioned) I have experienced this from the exact same company – and the ‘toolbar’ in question was Search Protect – something every other security firm tags as Malware and tries to remove.
I quickly stopped using ALL of that company’s software and went back to Windows’ free security software.
Company’s not mentioned because it’s WAY WAY WAY more than just one company that does this. :-(
This problem is especially prevalent if one downloads software via a “third party” site. I recall once downloading Adobe Reader, bit NOT from adobe.com. This download didn’t even ask if I wanted to change my home page, or search engine, or include options, it just did it. When I questioned the site, their comment was, “In the Agreement, which you had to click, “I Agree” to get Adobe, you’ll see that you also agreed to let us change certain things” NOW, I only download from the official site of the software I want.
Terry, I think you’ve put your finger on the biggest loophole, and one that’s rarely mentioned. A software vendor can install *anything* it wants if it’s in the user agreement and you click “Agree”, no matter what you opt out of in the installation process. Who reads the agreement? Nobody I know, and that’s by design, at least by the unscrupulous vendors. The EULA can be written in impenetrable language designed to be unreadable, and unintelligible if read.
To my mind the one and only failsafe is to have a current full-image backup, so if something goes wrong you can wipe the harddrive and do a complete reinstall.
“To my mind the one and only failsafe is to have a current full-image backup” – Or, better yet, to simply avoid software that comes with extras. On the whole, such apps tend not to be necessary anyway and there’s almost always a clean alternative available.
I have also had very frustrating experiences downloading supposed updates. I think one was Java and the other Shockwave. I was forced to a screen I couldn’t get out of without downloading a program. I was being held hostage by the update! I finally figured out a work around, but it took many tries. Too many. Thank goodness Ask Leo is around to help!
While checking Ninite, don’t ignore “PatchMyPC”. I switched from Ninite to PatchMyPC about a year ago. Simple to use – green is OK, red needs an update. Options let the program NOT update anything you tell it. For instance I don’t need Skype updated until I want to use it, every month or so.
Unfortunately, “recommended” is a word that’s being exploited; like the “one weird trick” tries to get you to click and accept. Have you noticed that?
I’d like to add a pitfall I saw once or twice while installing software:
Similiar to the “click agree” tactic mentioned in an earlier comment, I have seen the “check the box to install” option reversed. I’ve seen this on more than one occasion, and it’s usually presented after other “offers” that are presented normally. Then, hoping you will be in a groove and will miss the reversal of the choice, the option is presented as “UNcheck to install.” So, having made sure the the previous offers were not accepted by unchecking (or leaving unchecked) the box, leaving the box blank will now accept this installation.
I haven’t yet come across a forced installation, but thanks to your article I will definitely be on the lookout for those.
“Similar to the “click agree” tactic mentioned in an earlier comment, I have seen the “check the box to install” option reversed.” – Yup, and this is exactly the kind of behavior that results in apps/installers being categorized as unwanted/malicious by security companies. As I’ve said, the best option by far is to completely avoid apps that come with bundled extras. When you install an app, you basically give it unrestricted access to everything on your PC – contacts, financial data, etc., etc. Why take that risk? It’s like letting a suspicious-looking stranger who’s wearing a mask, striped jersey and carrying a bag marked “swag” into your home!
Regardless, a complete re-image isn’t always an option. As Mark correctly points out, and the track record of the AdwCleaner/Malwarebytes approach seems to support, there are valid scenarios where PUPs can be cleaned out. (And I disagree that “Uninstall” is typically an option – I’ve seen too many that simply don’t offer it, or don’t completely uninstall.)
“And I disagree that “Uninstall” is typically an option – I’ve seen too many that simply don’t offer it, or don’t completely uninstall.” – It very much depends on what’s bundled. In the case of the relatively innocuous extras that come with software from reputable developers – like the Ask Toolbar/Java – it’s absolutely option. In the case of the nastier extras that come with software from less reputable developers – like OpenCandy/ImgBurn – it’s likely not an option.
“Regardless, a complete re-image isn’t always an option.” – It’s the only option if want to be 100% sure that your PC is clean. If you don’t reimage or clean install, you run the risk that your PC is still compromised.
Sometimes a company offers a free version which contains a specific tool (as part of the main program) that you really want. When you update it later (because it urges you to), then you suddenly find that the specific tool is no longer available. It can only be obtained again by buying the “premium” version or by reverting to the previous version (which is no longer available). The “what’s new in this new version?” dialogue often omits this change – it just tells you about bugs which had been fixed, support for xyz added, etc. Is this non-disclosure not also a form of misleading?
One of the main reasons I don’t like Google Chrome is that it arrives on many computers as foistware. I fact I firmly believe thatpart of the reason Chrome gained market share over Firefox is that Google foisted it upon unsupecting non-technical users and what’s more it not only installed itself, it set itself as the default browser. I don’t know which is the most evil empire – Microsoft tricking people in to creating Microsoft accounts with Windows 8 & 10 and collecting data on Win 10 and foisting Windows 10 on people who don’t want it, or Google using foistware tactics to push Chrome on top PCs and trying to control all the data in the world. I don’t trust either company.
I’ve not seen one case of Chrome appearing as foistware. I’ve love to hear specifics of exactly where and how this is happening. (Specifics, please.)