Google: Unwanted Software Is Worse Than Malware (thestack.com) 149
An anonymous reader writes from a report via The Stack: A year-long study between Google and New York University has determined that unwanted software unwittingly downloaded as part of a bundle is a larger problem for users than malware. Google Safe Browsing currently generates three times as many Unwanted Software (UwS) warnings than malware warnings -- over 60 million per week. Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands. While estimates of UwS installs are still emerging, studies suggest that ad injection affects 5% of browsers, and that deceptive extensions in the Chrome Web store affect over 50 million users. 59% of the bundles studied were flagged by at least one anti-virus engine as potentially unwanted.
Re:It took a year to figure this out? (Score:4, Interesting)
It took a study to figure out the magnitude of the problem.
The number being 20% or 80% could mean the difference between spending a thousand or a million dollars on the problem.
Re: (Score:2)
Re: (Score:2)
I'm a big confused here though, is Windows 10 "unwanted software" or "malware"?
Yes, it is.
Hypocrisy (Score:5, Insightful)
If Google truly believed this, they would use the licensing of Google Mobile Services to force manufacturers of Android devices and carriers to stop loading up the devices with unwanted software. As long as Google keeps tolerating the bloatware, they are hypocrites. This "do as I say, not as I do" attitude of Google is quite common and is a massive departure from not being evil.
Re:Hypocrisy (Score:5, Insightful)
If Google truly believed it, they wouldn't pay people to bundle Chrome (or their toolbar, or their search engine preference, etc.) into installers for shit.
Re: (Score:2)
And I wouldn't get ads from Google telling me Chrome is better for searching (it isn't) every time I do a search in a competing browser. And I mean *every* time.
Re: (Score:3)
If Google truly believed this, I could update Flash without the risk of unwanted Google software if I forget to uncheck some boxes. Heck, Google might be a lot more serious about getting Flash off the web if they weren't using it as a (worse-than) malware vector!
Re: (Score:2)
Are you confusing Google for McAfee? Flash comes bundled McAfee "security scan" which is really just an advert for their shitty anti-virus. They also seem to be bundling some Intel crapware these days.
Re: (Score:2)
Every flash update want to install Chrome and/or some Google searchbar trash. Presumably if you already use Chrome you get some different, additional malware by default.
Re: (Score:2)
I don't have Google's shovelware installed on my computer, but going to https://get.adobe.com/flashplayer/ [adobe.com] in IE yields an offer to install both Chrome (and make it my default browser) as well as Google Toolbar. Going to that same URL in Pale Moon or Firefox I get the McAfee offer.
Re: (Score:3)
Given how many other things that Chrome comes bundled with, usually with "make default browser" pre-checked, what do you expect?
Re: (Score:3)
Chrome doesn't bundle any other software. Proof: go try the official download right now. Not the dodgy Softpedia one, this one [google.com].
The only third party component it includes is Flash player, which is built in to the browser and updated along with it. It doesn't install Flash on your system or in other browsers, it's just an internal plug-in.
Re: (Score:2)
No, but tons of other software comes bundled with Chrome. Including Flash Player itself, though I think only if you download it from IE. Chrome is exactly the kind of unwanted software Google is talking about.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Personally I couldn't really give a damn about crapware if only it wasn't baked into firmware and eating up space that could be in the user partition. I don't see why it can't be installed to the user partition so it can be removed completely if the user chooses to remove it.
Re: (Score:2)
Not iPhone is not same as Android--AT ALL (Score:1)
Android lets the phone company add unremovable adds.
My android phone has about 25 applications I can't remove, unless I wanted to root it.
IPhones do not come with AT&T or Verizon or Sprint garbage ware.
And by saying "Oh I like Android and hate Apple so I'll say iPhone has lots crapware too" is deflecting from the true concerns about all the forced crapware on Android phones.
Google says "your check is in the mail".
Re: (Score:2)
> iOS comes with multiple apps I don't care about
What basic utilities does Apple include that you don't want?
Re: (Score:2)
Re: (Score:3)
For what it's worth, I read a clickbait article that says iOS 10.0 will let you delete built-in apps you don't care about.
Minimum hardware specs are the iPhone 5 and iPad 4 though.
I still thinks it's a bit "evil" (lack of freedom and all) but I grew a bit sympathetic to the iPhone users, which include many students and proletarian.
Re: (Score:2)
Apple tries to give users a reliable and safe experience, at the cost of some freedom. This is a trade-off, and I don't blame people for choosing which they want.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Windows mobile is dead. Even the bloatware makers ignore it. If you root Android, you can easily remove bloatware like Hangouts and the like.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
If you sell your phone that you cannot root and use the money to buy a phone that you can root, the second phone will almost certainly have less CPU, RAM, and storage. Is it still an upgrade?
Re: (Score:1)
Yes, because the first phone owns you, but you own the second one. Personally, I prefer to be the owner of something crappy to being the property of something awesome.
Re: (Score:2)
In what way does my iPhone own me? It mostly does what I want it to, as do my Android tablet, Windows 10 laptop, and Ubuntu desktop. Different devices for different purposes, not all of which require full control of the device.
Re: (Score:2)
If you don't have full control, all you have is privileges that can be revoked whenever the actual owner so pleases.
Re: (Score:2)
That wasn't the claim. The claim was (to put it in more specific terms) that my iPhone owns me. I'll admit I don't have full control, and if Apple ever did act way out of character I'd likely regret that, but it doesn't own me. I can ditch it any time I like, if I see fit, and get something else.
Re: (Score:2)
"I can stop at any time" is a claim I heard before. :)
But seriously. Can you? Can you really just do without a cellphone anymore?
Re: (Score:2)
"Windows mobile is dead." Well, I hope not. A year or so ago, I ditched my old Android phone for a Nokia with Windows8, and I much prefer Windows to Android. Many reasons, but one of them is exactly apps that you're told you shouldn't remove from Android, lest it go belly-up. I've had no such problem on my Windows phone.
Re: (Score:3)
"Windows mobile is dead." Well, I hope not. A year or so ago, I ditched my old Android phone for a Nokia with Windows8, and I much prefer Windows to Android. Many reasons, but one of them is exactly apps that you're told you shouldn't remove from Android, lest it go belly-up. I've had no such problem on my Windows phone.
You get the opposite problem - very few worthwhile apps, or native experiences.
Re: (Score:2)
I have all the apps I need/ want. Not sure what "native experiences" means. I've lived with Mayan natives in Mexico, does that count? They didn't have cell phones, though.
Re: (Score:2)
Watch Windows Phone losing more apps from 1st of October this year. Since many, if not most, developers have abandoned the sinking ship (because, you know, good developers are writing software for money, and there's no money in WM), Microsoft added some policies for app certification to make the market alive. However, not everyone cares about that and failure to re-certify the app till the end of September will un-publish these apps.
And, indeed, there is enough bloatware in Windows Phone too, both Nokia (RI
Re: (Score:2)
Re: (Score:2)
This got modded into oblivion, but Google does not install bloatware on Nexus-branded devices.
As an owner of a Nexus 5, I call bullshit. I have Google Books, Google Music, Google+, Google Movies, Google Newsstand, and Google Games, not to mention the applications I actually want like Gmail and Maps. I also have "News and Weather" and probably some other ones I can't identify. None of them can be uninstalled without root.
Re: (Score:2)
How would I know which countries have Samsung phones preloaded with their MS crapware??
You can add Sweden to the list, unfortunately.
What pisses me off is that, following a recent update, Skype on Android now insists on running continuously, and restarts itself after I've shut it down in the process manager. There's no longer any Exit option in the program, either. WTF?
Re: (Score:2)
> Why should *I* be required to fix an obvious piece of spyware from them?
Play Microsoft games, win Microsoft prizes.
Of course, you shouldn't be required to do that. But you *should* be aware enough of the state of the industry, as a slashdot poster, to be familiar enough with the various downsides of each phone alternatives. Maybe you give up privacy, maybe you give up security, maybe you spend a lot, maybe you give up functionality. There's a rainbow of bullshit here, and you have to pick your least
Re: (Score:2)
Nexus must be a special brand, perhaps one that caters to the US mostly. When I got to my go-to web retailer, there's ton of brands in the list, even Xiaomi, Meizu, Acer, Asus etc. but no Nexus.
So.. you can buy whatever, unlocked, with no carrier bloat. It's better, but you have smartphone-vendor bloat to worry about then, or the possible lack of updates, alternate ROM, rooting method. And Google bloatware, for example if you don't have a gmail account, why have a gmail app at all?
Re: (Score:2)
Nexus is the Google brand, and comes with less crapware than most Android devices. (Google doesn't manufacture them, AFAIK, but buys the equipment from companies that do and rebrands it.)
Just Like (Score:5, Insightful)
Yeah like come bundled on every Android device and oh BTW which rely on Google location tracking, snooping and other APIs.
Facebook et al. shouldn't take rooting to get rid of them, stop the bloat abuse.
Re: (Score:2)
Yeah like come bundled on every Android device
Uh no. When you buy your Android device from a telco, sure. When you buy it direct, like I did with my Moto G 2nd, no. It had zero crapware. Just some Motorola apps which were easy to remove, and which actually did stuff.
Facebook et al. shouldn't take rooting to get rid of them, stop the bloat abuse.
Stop buying phones from carriers, noob
Re: (Score:3)
Steam forced you to install those games, they ran by default and you could neither uninstall them nor keep them from restarting when you kicked them out of RAM?
That's harsh.
stop letting carriers force there builds on you (Score:1)
stop letting carriers force there builds on you and let people load the base roms with out that BS.
Re:Captain Obvious?!? (Score:5, Insightful)
Re: (Score:2)
Any unwanted software is malware. The least damage it does is to take up space in your storage that could instead be used for something useful.
Re: (Score:2)
Apps Guy, is that you?
Windows 10 Unwanted Software (Score:4, Insightful)
"Google and New York University has determined that unwanted software unwittingly downloaded as part of a bundle is a larger problem for users than malware"
I figured that out when I had the Windows 10 update go in with Cortana and all the other "Apps" that I didn't want.
Re: (Score:2, Informative)
Re: (Score:1)
lmao. Never heard that one, buddy. You are so funny.
Re: (Score:2)
Windows 10 isn't so bad. Switch out the UI for that of Win 7, remove the spying and you essentially have Windows 7 with longer support and a new DirectX version.
Which is pretty much what I'd want instead of having to deal with Mint now.
Re: (Score:2)
Re: (Score:2)
That was pretty much the point, yes.
Re: (Score:2)
It's hard for unwanted software to hit all 5 major categories, but apparently not impossible.
Types of unwanted software fall into five categories: ad injectors,
Windows 10, now with ads served directly from your operating system
browser settings hijackers,
Edge+Bing, of course.
system utilities,
a whole operating system, in fact
anti-virus,
Windows Defender
and major brands.
Microsoft is as major as it gets
take a hint google. (Score:5, Insightful)
Re: (Score:2)
Perhaps then google you will take note of your own study and stop bundling shit in with lots of other product installs that nobody wants. hint if I wanted your fucking browser I would have gone and installed it.
What software is Chrome bundled with? Are you talking about the licensing of the Google Android apps as a group, or something else?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
The AC's poor grammar and word choice aside, he seems to be saying that Adobe bundles Chromium, not Chrome. Are you sure it's Chrome?
I don't have access to a Windows machine or I'd check myself.
Re: (Score:2)
Re: (Score:2)
This install Chromium, dumbass.
Nice sentence, asshole.
Why are you even on /.? Shilling for Apple, trolling, MS zealot?
Why are you even breathing? Please stop.
Re: (Score:2)
But that's something different! Everyone loves our browser so it's not unwanted. We just completed an internal study and 99% of the people asked said they love Chrome, 1% could not be reached because the survey webpage requires Chrome to run.
Re: (Score:2)
Re: (Score:2)
Some assjack blocked his source code downloads for desktop Firefox. So I went to get Chrome, thinking it was browser sniffing or something. And it took 3 different attempts to download. One did nothing, I got an installer that would only crash, then a zero byte installer.
Finally used IE, which spawned one of those things where you can't just download, probably ActiveX bullshit.
I cancelled that, opened wget, and everyone is happy. And yes the download works on chrome mobile, and HTC's shitbrowser from years
"Pestware" (Score:1)
There's no clear-cut distinction between malware and problematic software that tricks you into using or installing it through various shades of misleading techniques, or carries with it unpleasant side-effects even if it has a useful side. I thus lump them all together under "pestware" to avoid a vocabulary or categorization debate.
Wait, what? (Score:5, Insightful)
"Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands."
How are the first two items not classified as malware? Perhaps the real problem is you're too close to the source, Google.
Re:Wait, what? (Score:5, Informative)
"Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands."
How are the first two items not classified as malware?
They're not classified as malware because maintaining clear and firm definitions is a good thing. Malware is software that actively tries to harm the user (steal from them, hold their data for ransom, etc., take over their machine for arbitrary future badness, etc.). Showing ads or directing the user to a different -- but still effective -- search engine, etc., are bad, but they're a lesser form of badness, and it makes sense to me to give them a different name.
But, maybe I'm just pedantic. Well, no maybe about it. I also dislike it when people mix up trojans, viruses and worms. They're different things and have distinct names for a reason, damnit!
Re: (Score:2)
Okay, if we're going to be pedantic - by definition, malware would be just a subset of "unwanted software", wouldn't it? I can't imagine anyone wants malware, after all...
Any software which takes surreptitious action in the interests of some third party and contrary to what the end user would reasonably expect to happen qualifies as malware, in my opinion.
Re: (Score:2)
Okay, if we're going to be pedantic - by definition, malware would be just a subset of "unwanted software", wouldn't it?
Per the literal meaning of "unwanted software", sure. But clearly this term was coined here to identify a category that isn't malware, but yet isn't wanted.
I can't imagine anyone wants malware, after all...
I work with a bunch of people who avidly seek out all the malware they can find, actually. To analyze, not to run, but they definitely want malware, the more the better :-)
Any software which takes surreptitious action in the interests of some third party and contrary to what the end user would reasonably expect to happen qualifies as malware, in my opinion.
And you're welcome to your opinion, but don't be surprised if the industry doesn't redefine long-established terms just because you think they should.
Re: (Score:1)
The long-established definition of malware absolutely includes browser settings hijackers. There's no reasonable debate about that. It's overriding the user's settings. Malware.
You can maybe debate about ad injectors, but there's a reason that "display unwanted advertising" is in the wikipedia definition for malware.
I'm going to go ahead and advance the notion that malware was always the nonspecific term for software that is both unwanted and detrimental. The specific terms include keyloggers, viruses,
Re: (Score:1)
They're not classified as malware because maintaining clear and firm definitions is a good thing. Malware is software that actively tries to harm the user (steal from them, hold their data for ransom, etc., take over their machine for arbitrary future badness, etc.). Showing ads or directing the user to a different -- but still effective -- search engine, etc., are bad, but they're a lesser form of badness, and it makes sense to me to give them a different name.
But, maybe I'm just pedantic. Well, no maybe about it. I also dislike it when people mix up trojans, viruses and worms. They're different things and have distinct names for a reason, damnit!
That is your definition of Malware. Many consider ad injectors and browser hijackers as damaging, so they also fall under the malware definition. System utilities than run in the background and interrupt, slow, or compromise my work day is damaging. Anti-virus software that pops up every 5 minutes and costs me several days and many reboots to remove is damaging. Something that does not work the way in which it was designed to work is damaged.
Generally speaking, if we buy a product expecting it perform to ce
Re: (Score:2)
They're not classified as malware because maintaining clear and firm definitions is a good thing. Malware is software that actively tries to harm the user (steal from them, hold their data for ransom, etc., take over their machine for arbitrary future badness, etc.). Showing ads or directing the user to a different -- but still effective -- search engine, etc., are bad, but they're a lesser form of badness,
Ads and sketchy sites are often malware vectors. A piece of unwanted software which delivers malware is itself malware.
Re: (Score:2)
Re: (Score:2)
the point is not the correct name, but the correct handling. They may still be called ad injectors, but my anti virus should eliminate them.
Does spybot s&d still exist?
Re: (Score:3)
That's because, from Google's perspective, you have to read that line: "money injectors, money generating hijackers, system utilities, anti-virus, and major brands."
You can understand how they'd have trouble seeing those first two items as a bad thing.
Re: (Score:2)
That's because, from Google's perspective, you have to read that line: "not our injectors, not our hijackers, not our system utilities, not our anti-virus, and other brands."
Fixed it for you.
Re: (Score:2)
They clearly do see them as a bad thing as they have gone to lengths to block them. There used to be a vulnerability in all browsers where local applications could just install plug-ins and change settings files. Chrome blocks that now, so locally installed plug-ins are ignored and settings are encrypted to prevent tampering.
It depends how you define "worse" (Score:3)
Do you define worse as being simply larger in scale, and affecting more people in undesired ways? Or do you define worse as being a larger headache for those who must deal with it?
If the former, I'd agree. Unwanted software certainly affects more people, but if the latter, I'd have to dissent, and suggest that accidentally having malware get into your system is going to pose a much bigger problem for the end user than unwanted software is ever likely to represent.
The true reason for Google (Score:2)
Unwanted software? (Score:1)
Time for the pot to clean itself (Score:2)
Re: (Score:2)
Maybe in some mythical perfect future, browsers will be able to search from the address bar. Until that fantastical day arrives, the Google toolbar will remain a necessary extension.
Wow look who is talking (Score:1)
You almost introduced unwanted, bundled software to the developers. Chrome doesn't count because you are supposed to be cool& nice guys? I don't think so.
Erratum in title (Score:1)
Major brands? (Score:2)
I hate Conduit.
Unwanted software bundled to installers ... (Score:2)
Unwanted software bundled to installers ... ... like browsers?
What, like Chrome? (Score:3)
Because about a month ago, Chrome installed a new version of itself without asking, without permission, and the first hint I had (since I don't use the nasty thing unless I have to) was a new icon on my desktop. (Didn't even put it in a sane location. It's somewhere down in User Application Data.)
Apparently if you have Google Talk installed, this is what Google does behind your back.
Re: (Score:2)
Chrome installs a couple of services on Windows that run all the time and will keep updating Chrome even if you never use it. Those services aren't specific to Chrome, you'll get them if you install Google Earth and probably Google Talk too.
You can try stopping those services, but I've found that launching Google Earth will often turn them on again (can't say anything about Chrome or Talk because Earth is the only Google program I have).
Re: (Score:2)
Yeah, I found that with Earth too... tho that had ceased to be an issue because Earth won't run anyway. But this automatically installing (NOT updating -- it installed entirely new and left the old install alone) wasn't happening til this little escapade, and I think the last time Earth ran before it decided not to was about a year ago. So the updater hadn't run since then.
But then I installed Talk, and yep, that's when the new Chrome dates to. Hadn't thought to look in Task Mangler and kill GoogleUpdate. :
The title has it wrong (Score:2)
Weird title and summary. Unwanted software that installs itself by riding along unnoticed with real wanted software thus tricking you into allowing it to install, then making your system do bad things you don't want it to do...? That's IS malware.
Re: (Score:2)
Dude, check the date--the rest of us knew about this 3 fucking years ago. Can you stop posting it to every story already?