Google Ramps Up Fight Against Deceptive Software Installations, Aims For 'Clean Software' Industry Standards

Google’s Safe Browsing service, used by Chrome, Firefox, and Safari, generates 60 million monthly warnings to users about deceptive software installations. This is three times more than the number of warnings shown by the service for malware. Google and New York University (NYU) performed a study on all types of deceptive software and ads out there in order to better identify how to fight against them.

Over the course of a year, Google and NYU discovered that four of the largest pay-per-install (PPI) advertising networks routinely distributed unwanted ad injectors, browser settings hijackers, and scareware flagged by over 30 antivirus engines. These bundles were promoted through fake software updates, phony content lockers, and spoofed brands. All of these methods were being discussed openly on underground forums.

Google reminded us that not all software in a bundle can be classified as unwanted software. Users may want to install only one of the programs in the bundle, but they often get stuck with multiple other programs and tools on their PCs that they didn’t intend to install.

This usually happens when users try to “express install” a program, only to later realize that multiple programs and other tools suddenly appeared on their PCs. It’s only when they choose “custom installation” that they can see all the programs that will be installed as well. That’s where the users can also stop those programs from installing, by unchecking them from the list.

Google and NYU determined that there are three parties that enable the pay-per-install distribution model: advertisers, affiliate networks and publishers.

Advertisers

The advertisers are usually the developers of software tools. They care about having a good return on their advertising investment, and bundling provides such returns. The cost per install ranges fro $0.10 in South America to $1.50 in the United States. When they can’t recover their investment, they take advantage of practices such as ad injection, selling search traffic, or levying subscription fees. Google identified 1,211 such advertisers paying for installs.

Affiliate Networks

The affiliate networks are the middlemen between the advertisers and the publishers willing to bundle their software with other programs. The affiliate networks provide the tracking technology to check how many installs were performed, but also the tools to avoid Google’s Safe Browsing and anti-virus detection. The researchers found at least 50 such affiliate networks.

Publishers

The publishers are the ones who make available the bundles and promote them on download portals, through organic page traffic, or even through deceptive ads. The study found 2,518 publishers distributing through 191,372 web pages.

For a year, the researchers monitored four of the top pay-per-install affiliate networks and collected 446K offers related to 843 unique software packages. The most commonly bundled software in those packages were unwanted ad injectors, browser settings hijackers, and scareware that asked users for $30-$40 to fix urgent issues in their machines, as seen in the image below:

The researchers found that 59% of the pay-per-install bundled offers were flagged by at least one antivirus as potentially wanted software. The publishers of such bundled software have also resorted to password-protecting their files so Google’s Safe Browsing can’t detect what type of files are in the archives.

Other Safe Browsing-avoiding tactics include fake video codecs, software updates and misrepresented brands.

Google has been constantly improving the Safe Browsing service, which is one of the reasons why Mozilla is adopting its protections against unwanted software. It also has an aggressive policy against advertisers that try to mislead users into downloading unwanted software.

Beyond that, the company is also trying to work with other stakeholders in the industry, including anti-virus companies and bundling platforms, to distribute “clean software.” The initiative aims to create industry-wide standards that give users clear choices when installing software, while at the same time blocking deceptive ads.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • manleysteele
    ROFL.
    Reply
  • jimmysmitty
    So does this mean that we will no longer get the offer to install Google Toolbar with other software? Because that is just as bad to me.

    Even better, will they stop offering me Chrome every time I use Google Maps on FF or IE/Edge? Tired of saying "No Thank You".
    Reply
  • jackt
    google is a spyware, in theyr installations there are no option. And you CAN'T disable the automatic updates ! Same for Windows 10 installation, the 'custom installation' is hidden. This should not be legal.
    Reply
  • 3ogdy
    Google is the main problem. Leave that spyware alone. First there are people making a living off fixing PCs.
    Second: Google doesn't fight hijackers...it's fighting competition - we all get sick of Google's Toolbar bullexcrement and Chrome offers and filtering of search results without asking its users if they want their searches filtered....sick of Google providing links to shops that pay them money first, instead of being honest......you know what, atomic bombs over Google would do the world a favor.
    Reply
  • anbello262
    I don't get you people, saying 'Google is the problem'.
    I fix computers and earn money from that. But I would definitively like this to be successful.
    There is no way you can comoare google toolbar with these browser hijackers. Google toolbar is usually clearly shown, and even if you install it, just 1-click uninstall it and everything is back to normal.
    Try to do the same with any browser hijacker, and as soon as you restart it will be right back, you need ither kind of tools.

    And for the persln who said 'There are people making a living fixing PCs', it's the same as saying 'let people be sick, doctors need patients'. Just because people profit from some misfortune, doesn't mean we shouldn't try to fix the root problem.

    On some particular software installs, you have to look for 3-4 hidden 'decline' buttons, and read everything very carefully, and even then you might make a mistake.
    Reply
  • LORD_ORION
    "Do as we say, not as we do."

    Knocking off the competition is what the mafia does.
    Reply
  • wifiburger
    lmao, good read, brings back memory of browsing the web on a windows pc ah good times NOT
    Reply
  • 3ogdy
    18386875 said:
    I don't get you people, saying 'Google is the problem'.
    I fix computers and earn money from that. But I would definitively like this to be successful.
    There is no way you can comoare google toolbar with these browser hijackers. Google toolbar is usually clearly shown, and even if you install it, just 1-click uninstall it and everything is back to normal.
    Try to do the same with any browser hijacker, and as soon as you restart it will be right back, you need ither kind of tools.

    And for the persln who said 'There are people making a living fixing PCs', it's the same as saying 'let people be sick, doctors need patients'. Just because people profit from some misfortune, doesn't mean we shouldn't try to fix the root problem.

    On some particular software installs, you have to look for 3-4 hidden 'decline' buttons, and read everything very carefully, and even then you might make a mistake.

    I see you clearly understand what I mean - yes, it's the exact same thing. As a doctor, I wouldn't want a planet with no patients.
    Yes, I want a certain amount of people to be sick, because my survival depends on that. It's the trophic chain.
    As a fisher I wouldn't want a sea with no fish.
    As a cab driver I wouldn't want autonomous cars.
    Tell eagles not to wish they had a dead animal's body to devour. Tell worms not to wish organisms died.

    Of course solutions to a problem will eventually bring other problems we'll eventually be paid to solve, but I don't like Google eating into my bread. And Microsh*t definitely shouldn't have made the Windows install process easier. They shouldn't have included Windows Defender as an antivirus either.
    As an antivirus company, I wouldn't want a virus-free world (cough, cough, COUGH...it's how they're making a living, cough...by creating viruses only their own software can immediately detect and block, COUGH).

    The moment I pirate something, prostitutes (unholywood, to name a sect) go crazy over how I'm taking money from them.
    Well, I hope these guys face the same fate as pirates do, since they're taking money from me.
    And this leads to creating demand in order to get where you need to get. They do it everyday, who says we shouldn't?
    Reply
  • amk-aka-Phantom
    Pathetic. All of you who are upset that this will take away from you "make a living", grow up. And grow professionally, more important. Removing toolbars from people's PCs is the sewage cleaning of the IT world. Don't you WANT this crap gone so you can break free from fixing it and move in to more interesting things and have a cleaner world? You remind me of the street lamp lighters who protested against electrify lighting being introduced simply because thst would cost them their jobs. Jobs are only relevant for as long as society needs them, if you try to artificially restrict progress just so you can "make a living", you are a cancer.

    Oh, and I guess this means Google will not longer try to sneak Chrome on my system by bundling it with CCleaner or something like that... OH WAIT!
    Reply
  • jimmysmitty
    18387608 said:
    Pathetic. All of you who are upset that this will take away from you "make a living", grow up. And grow professionally, more important. Removing toolbars from people's PCs is the sewage cleaning of the IT world. Don't you WANT this crap gone so you can break free from fixing it and move in to more interesting things and have a cleaner world? You remind me of the street lamp lighters who protested against electrify lighting being introduced simply because thst would cost them their jobs. Jobs are only relevant for as long as society needs them, if you try to artificially restrict progress just so you can "make a living", you are a cancer.

    Oh, and I guess this means Google will not longer try to sneak Chrome on my system by bundling it with CCleaner or something like that... OH WAIT!

    This will never change so they shouldn't be upset. I am just tired of telling Google that no I don't want Chrome and to not try to install a useless toolbar.
    Reply