Google: Unwanted Software Is Worse Than Malware

An anonymous reader writes from a report via The Stack: A year-long study between Google and New York University has determined that unwanted software unwittingly downloaded as part of a bundle is a larger problem for users than malware. Google Safe Browsing currently generates three times as many Unwanted Software (UwS) warnings than malware warnings -- over 60 million per week. Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands. While estimates of UwS installs are still emerging, studies suggest that ad injection affects 5% of browsers, and that deceptive extensions in the Chrome Web store affect over 50 million users. 59% of the bundles studied were flagged by at least one anti-virus engine as potentially unwanted.

Re:It took a year to figure this out?

[diamondmagic]

It took a study to figure out the magnitude of the problem.

The number being 20% or 80% could mean the difference between spending a thousand or a million dollars on the problem.

Re:

[arglebargle_xiv]

I'm a big confused here though, is Windows 10 "unwanted software" or "malware"? The study doesn't really make it clear.

Re:

[Cro Magnon]

I'm a big confused here though, is Windows 10 "unwanted software" or "malware"?

Yes, it is.

Hypocrisy

[Anonymous Coward]

If Google truly believed this, they would use the licensing of Google Mobile Services to force manufacturers of Android devices and carriers to stop loading up the devices with unwanted software. As long as Google keeps tolerating the bloatware, they are hypocrites. This "do as I say, not as I do" attitude of Google is quite common and is a massive departure from not being evil.

Re:Hypocrisy

[sexconker]

If Google truly believed it, they wouldn't pay people to bundle Chrome (or their toolbar, or their search engine preference, etc.) into installers for shit.

Re:

[mcswell]

And I wouldn't get ads from Google telling me Chrome is better for searching (it isn't) every time I do a search in a competing browser. And I mean *every* time.

Re:

[lgw]

If Google truly believed this, I could update Flash without the risk of unwanted Google software if I forget to uncheck some boxes. Heck, Google might be a lot more serious about getting Flash off the web if they weren't using it as a (worse-than) malware vector!

Re:

[AmiMoJo]

Are you confusing Google for McAfee? Flash comes bundled McAfee "security scan" which is really just an advert for their shitty anti-virus. They also seem to be bundling some Intel crapware these days.

Re:

[lgw]

Every flash update want to install Chrome and/or some Google searchbar trash. Presumably if you already use Chrome you get some different, additional malware by default.

Re:

[toddestan]

I don't have Google's shovelware installed on my computer, but going to https://get.adobe.com/flashplayer/ [adobe.com] in IE yields an offer to install both Chrome (and make it my default browser) as well as Google Toolbar. Going to that same URL in Pale Moon or Firefox I get the McAfee offer.

Re:

[taustin]

Given how many other things that Chrome comes bundled with, usually with "make default browser" pre-checked, what do you expect?

Re:

[AmiMoJo]

Chrome doesn't bundle any other software. Proof: go try the official download right now. Not the dodgy Softpedia one, this one [google.com].

The only third party component it includes is Flash player, which is built in to the browser and updated along with it. It doesn't install Flash on your system or in other browsers, it's just an internal plug-in.

Re:

[toddestan]

No, but tons of other software comes bundled with Chrome. Including Flash Player itself, though I think only if you download it from IE. Chrome is exactly the kind of unwanted software Google is talking about.

Re:

[Palinchron]

If Google truly believed this, three quarters of the Android base operating systems would be individually installable and removable packages.

Re:

[Big Hairy Ian]

Never mind that does anyone remember the google toolbar that used to get bundled with just about everything!

Re:

[DrXym]

Google tried to launch Android "silver" handsets which were basically stock Android devices free of crapware (except Google's own of course), but the interest wasn't there from OEMs to buy into it. So we're stuck where we are.

Personally I couldn't really give a damn about crapware if only it wasn't baked into firmware and eating up space that could be in the user partition. I don't see why it can't be installed to the user partition so it can be removed completely if the user chooses to remove it.

Re:

[Xenx]

It almost sounds like you're saying the problem doesn't exist on WM or iOS. I can tell you that iOS comes with multiple apps I don't care about. I don't know enough about WM to make that claim. However, I do know that different people want different things. It wouldn't shock me if some people don't like all the stock apps for WM.

Not iPhone is not same as Android--AT ALL

[Anonymous Coward]

Android lets the phone company add unremovable adds.

My android phone has about 25 applications I can't remove, unless I wanted to root it.

IPhones do not come with AT&T or Verizon or Sprint garbage ware.

And by saying "Oh I like Android and hate Apple so I'll say iPhone has lots crapware too" is deflecting from the true concerns about all the forced crapware on Android phones.

Google says "your check is in the mail".

Re:

[cfalcon]

> iOS comes with multiple apps I don't care about

What basic utilities does Apple include that you don't want?

Re:

[Xenx]

I can only remember hiding apps that I didn't want. I really don't care enough to find an iPhone to figure it out. Quick list would be things like iBooks, stocks, podcasts, safari.

Re:

[Blaskowicz]

For what it's worth, I read a clickbait article that says iOS 10.0 will let you delete built-in apps you don't care about.
Minimum hardware specs are the iPhone 5 and iPad 4 though.

I still thinks it's a bit "evil" (lack of freedom and all) but I grew a bit sympathetic to the iPhone users, which include many students and proletarian.

Re:

[david_thornley]

Apple tries to give users a reliable and safe experience, at the cost of some freedom. This is a trade-off, and I don't blame people for choosing which they want.

Re:

[Xenx]

I saw that as well. I'm glad they're at least taking steps to improve on that front.

Re:

[DrXym]

Some Apple apps are moving out the firmware. I suspect that's because they're running short of space and are freeing some up by moving less core apps out to user-land.

Re:

[johanw]

Windows mobile is dead. Even the bloatware makers ignore it. If you root Android, you can easily remove bloatware like Hangouts and the like.

Re:

[Anonymous Coward]

And you can get hit by a car walking across the street... And you can slip in the shower and brain yourself...

Re:

[SeriousTube]

You say that like braining myself would be a bad thing.

Re:

[present_arms]

He's a Brit, braining yourself does not mean putting a brain in your head.

Re:

[tepples]

If you sell your phone that you cannot root and use the money to buy a phone that you can root, the second phone will almost certainly have less CPU, RAM, and storage. Is it still an upgrade?

Re:

[Opportunist]

Yes, because the first phone owns you, but you own the second one. Personally, I prefer to be the owner of something crappy to being the property of something awesome.

Re:

[david_thornley]

In what way does my iPhone own me? It mostly does what I want it to, as do my Android tablet, Windows 10 laptop, and Ubuntu desktop. Different devices for different purposes, not all of which require full control of the device.

Re:

[Opportunist]

If you don't have full control, all you have is privileges that can be revoked whenever the actual owner so pleases.

Re:

[david_thornley]

That wasn't the claim. The claim was (to put it in more specific terms) that my iPhone owns me. I'll admit I don't have full control, and if Apple ever did act way out of character I'd likely regret that, but it doesn't own me. I can ditch it any time I like, if I see fit, and get something else.

Re:

[Opportunist]

"I can stop at any time" is a claim I heard before. :)

But seriously. Can you? Can you really just do without a cellphone anymore?

Re:

[mcswell]

"Windows mobile is dead." Well, I hope not. A year or so ago, I ditched my old Android phone for a Nokia with Windows8, and I much prefer Windows to Android. Many reasons, but one of them is exactly apps that you're told you shouldn't remove from Android, lest it go belly-up. I've had no such problem on my Windows phone.

Re:

[rsborg]

"Windows mobile is dead." Well, I hope not. A year or so ago, I ditched my old Android phone for a Nokia with Windows8, and I much prefer Windows to Android. Many reasons, but one of them is exactly apps that you're told you shouldn't remove from Android, lest it go belly-up. I've had no such problem on my Windows phone.

You get the opposite problem - very few worthwhile apps, or native experiences.

Re:

[mcswell]

I have all the apps I need/ want. Not sure what "native experiences" means. I've lived with Mayan natives in Mexico, does that count? They didn't have cell phones, though.

Re:

[Mondor]

Watch Windows Phone losing more apps from 1st of October this year. Since many, if not most, developers have abandoned the sinking ship (because, you know, good developers are writing software for money, and there's no money in WM), Microsoft added some policies for app certification to make the market alive. However, not everyone cares about that and failure to re-certify the app till the end of September will un-publish these apps.

And, indeed, there is enough bloatware in Windows Phone too, both Nokia (RI

Re:

[Ed Tice]

This got modded into oblivion, but Google does not install bloatware on Nexus-branded devices. iOS devices can definitely be bought with only the Apple software. Now some of it feels like bloatware but that's not the discussion here. And apple seems to be getting better in that area too, not forcing their software on you. The problem is that non-carrier devices are expensive and people would rather get the bloatware subsidy. But even this is a far cry from things that install surreptitiously after purc

Re:

[q4Fry]

This got modded into oblivion, but Google does not install bloatware on Nexus-branded devices.

As an owner of a Nexus 5, I call bullshit. I have Google Books, Google Music, Google+, Google Movies, Google Newsstand, and Google Games, not to mention the applications I actually want like Gmail and Maps. I also have "News and Weather" and probably some other ones I can't identify. None of them can be uninstalled without root.

Re:

[Zontar The Mindless]

How would I know which countries have Samsung phones preloaded with their MS crapware??

You can add Sweden to the list, unfortunately.

What pisses me off is that, following a recent update, Skype on Android now insists on running continuously, and restarts itself after I've shut it down in the process manager. There's no longer any Exit option in the program, either. WTF?

Re:

[cfalcon]

> Why should *I* be required to fix an obvious piece of spyware from them?

Play Microsoft games, win Microsoft prizes.

Of course, you shouldn't be required to do that. But you *should* be aware enough of the state of the industry, as a slashdot poster, to be familiar enough with the various downsides of each phone alternatives. Maybe you give up privacy, maybe you give up security, maybe you spend a lot, maybe you give up functionality. There's a rainbow of bullshit here, and you have to pick your least

Re:

[Blaskowicz]

Nexus must be a special brand, perhaps one that caters to the US mostly. When I got to my go-to web retailer, there's ton of brands in the list, even Xiaomi, Meizu, Acer, Asus etc. but no Nexus.

So.. you can buy whatever, unlocked, with no carrier bloat. It's better, but you have smartphone-vendor bloat to worry about then, or the possible lack of updates, alternate ROM, rooting method. And Google bloatware, for example if you don't have a gmail account, why have a gmail app at all?

Re:

[david_thornley]

Nexus is the Google brand, and comes with less crapware than most Android devices. (Google doesn't manufacture them, AFAIK, but buys the equipment from companies that do and rebrands it.)

Just Like

[Virtucon]

Yeah like come bundled on every Android device and oh BTW which rely on Google location tracking, snooping and other APIs.
Facebook et al. shouldn't take rooting to get rid of them, stop the bloat abuse.

Re:

[drinkypoo]

Yeah like come bundled on every Android device

Uh no. When you buy your Android device from a telco, sure. When you buy it direct, like I did with my Moto G 2nd, no. It had zero crapware. Just some Motorola apps which were easy to remove, and which actually did stuff.

Facebook et al. shouldn't take rooting to get rid of them, stop the bloat abuse.

Stop buying phones from carriers, noob

Re:

[Opportunist]

Steam forced you to install those games, they ran by default and you could neither uninstall them nor keep them from restarting when you kicked them out of RAM?

That's harsh.

stop letting carriers force there builds on you

[Anonymous Coward]

stop letting carriers force there builds on you and let people load the base roms with out that BS.

Re:Captain Obvious?!?

[tomhath]

That depends on what the meaning if "is" is. Any software I don't want that wastes my time by displaying ads or using machine cycles is malware.

Re:

[Opportunist]

Any unwanted software is malware. The least damage it does is to take up space in your storage that could instead be used for something useful.

Re:

[Zontar The Mindless]

Apps Guy, is that you?

Windows 10 Unwanted Software

[Anonymous Coward]

"Google and New York University has determined that unwanted software unwittingly downloaded as part of a bundle is a larger problem for users than malware"

I figured that out when I had the Windows 10 update go in with Cortana and all the other "Apps" that I didn't want.

Re:

[Sperbels]

You're overlooking perhaps the biggest unwanted software....Windows 10 itself.

Re:

[Anonymous Coward]

lmao. Never heard that one, buddy. You are so funny.

Re:

[Opportunist]

Windows 10 isn't so bad. Switch out the UI for that of Win 7, remove the spying and you essentially have Windows 7 with longer support and a new DirectX version.

Which is pretty much what I'd want instead of having to deal with Mint now.

Re:

[iampiti]

But the problem is precisely that the mobile-like UI and apps, Cortana, the spying and all that crap are considered by Microsoft as essential features of Windows 10, and thus your chance of getting the version you describe is zero.

Re:

[Opportunist]

That was pretty much the point, yes.

Re:

[penguinoid]

It's hard for unwanted software to hit all 5 major categories, but apparently not impossible.

Types of unwanted software fall into five categories: ad injectors,

Windows 10, now with ads served directly from your operating system

browser settings hijackers,

Edge+Bing, of course.

system utilities,

a whole operating system, in fact

anti-virus,

Windows Defender

and major brands.

Microsoft is as major as it gets

take a hint google.

[bloodhawk]

Perhaps then google you will take note of your own study and stop bundling shit in with lots of other product installs that nobody wants. hint if I wanted your fucking browser I would have gone and installed it.

Re:

[swillden]

Perhaps then google you will take note of your own study and stop bundling shit in with lots of other product installs that nobody wants. hint if I wanted your fucking browser I would have gone and installed it.

What software is Chrome bundled with? Are you talking about the licensing of the Google Android apps as a group, or something else?

Re:

[bloodhawk]

It is bundled with a shitton of software from Avast to Adobe Reader and it is nearly fucking always ticked to install by default so you have to actively opt out.

Re:

[bloodhawk]

I would not be caught dead using shit from Apple retard and installing chromium won't stop Google bundling its garbage with every app it strikes a partnering deal with. grow a brain retard.

Re:

[swillden]

The AC's poor grammar and word choice aside, he seems to be saying that Adobe bundles Chromium, not Chrome. Are you sure it's Chrome?

I don't have access to a Windows machine or I'd check myself.

Re:

[bloodhawk]

It bundles Chrome and google toolbar, definitely not chromium

Re:

[drinkypoo]

This install Chromium, dumbass.

Nice sentence, asshole.

Why are you even on /.? Shilling for Apple, trolling, MS zealot?

Why are you even breathing? Please stop.

Re:

[Opportunist]

But that's something different! Everyone loves our browser so it's not unwanted. We just completed an internal study and 99% of the people asked said they love Chrome, 1% could not be reached because the survey webpage requires Chrome to run.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bite The Pillow]

Some assjack blocked his source code downloads for desktop Firefox. So I went to get Chrome, thinking it was browser sniffing or something. And it took 3 different attempts to download. One did nothing, I got an installer that would only crash, then a zero byte installer.

Finally used IE, which spawned one of those things where you can't just download, probably ActiveX bullshit.

I cancelled that, opened wget, and everyone is happy. And yes the download works on chrome mobile, and HTC's shitbrowser from years

"Pestware"

[Tablizer]

There's no clear-cut distinction between malware and problematic software that tricks you into using or installing it through various shades of misleading techniques, or carries with it unpleasant side-effects even if it has a useful side. I thus lump them all together under "pestware" to avoid a vocabulary or categorization debate.

Wait, what?

[93 Escort Wagon]

"Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands."

How are the first two items not classified as malware? Perhaps the real problem is you're too close to the source, Google.

Re:Wait, what?

[swillden]

"Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands."

How are the first two items not classified as malware?

They're not classified as malware because maintaining clear and firm definitions is a good thing. Malware is software that actively tries to harm the user (steal from them, hold their data for ransom, etc., take over their machine for arbitrary future badness, etc.). Showing ads or directing the user to a different -- but still effective -- search engine, etc., are bad, but they're a lesser form of badness, and it makes sense to me to give them a different name.

But, maybe I'm just pedantic. Well, no maybe about it. I also dislike it when people mix up trojans, viruses and worms. They're different things and have distinct names for a reason, damnit!

Re:

[93 Escort Wagon]

Okay, if we're going to be pedantic - by definition, malware would be just a subset of "unwanted software", wouldn't it? I can't imagine anyone wants malware, after all...

Any software which takes surreptitious action in the interests of some third party and contrary to what the end user would reasonably expect to happen qualifies as malware, in my opinion.

Re:

[swillden]

Okay, if we're going to be pedantic - by definition, malware would be just a subset of "unwanted software", wouldn't it?

Per the literal meaning of "unwanted software", sure. But clearly this term was coined here to identify a category that isn't malware, but yet isn't wanted.

I can't imagine anyone wants malware, after all...

I work with a bunch of people who avidly seek out all the malware they can find, actually. To analyze, not to run, but they definitely want malware, the more the better :-)

Any software which takes surreptitious action in the interests of some third party and contrary to what the end user would reasonably expect to happen qualifies as malware, in my opinion.

And you're welcome to your opinion, but don't be surprised if the industry doesn't redefine long-established terms just because you think they should.

Re:

[Anonymous Coward]

The long-established definition of malware absolutely includes browser settings hijackers. There's no reasonable debate about that. It's overriding the user's settings. Malware.

You can maybe debate about ad injectors, but there's a reason that "display unwanted advertising" is in the wikipedia definition for malware.

I'm going to go ahead and advance the notion that malware was always the nonspecific term for software that is both unwanted and detrimental. The specific terms include keyloggers, viruses,

Re:

[xtsigs]

They're not classified as malware because maintaining clear and firm definitions is a good thing. Malware is software that actively tries to harm the user (steal from them, hold their data for ransom, etc., take over their machine for arbitrary future badness, etc.). Showing ads or directing the user to a different -- but still effective -- search engine, etc., are bad, but they're a lesser form of badness, and it makes sense to me to give them a different name.

But, maybe I'm just pedantic. Well, no maybe about it. I also dislike it when people mix up trojans, viruses and worms. They're different things and have distinct names for a reason, damnit!

That is your definition of Malware. Many consider ad injectors and browser hijackers as damaging, so they also fall under the malware definition. System utilities than run in the background and interrupt, slow, or compromise my work day is damaging. Anti-virus software that pops up every 5 minutes and costs me several days and many reboots to remove is damaging. Something that does not work the way in which it was designed to work is damaged.

Generally speaking, if we buy a product expecting it perform to ce

Re:

[drinkypoo]

They're not classified as malware because maintaining clear and firm definitions is a good thing. Malware is software that actively tries to harm the user (steal from them, hold their data for ransom, etc., take over their machine for arbitrary future badness, etc.). Showing ads or directing the user to a different -- but still effective -- search engine, etc., are bad, but they're a lesser form of badness,

Ads and sketchy sites are often malware vectors. A piece of unwanted software which delivers malware is itself malware.

Re:

[sabbede]

I support your pedantry, but to the OP's other point about Google being too close they do still have a toolbar. Not malware, but certainly unwanted and utterly useless.

Re:

[allo]

the point is not the correct name, but the correct handling. They may still be called ad injectors, but my anti virus should eliminate them.

Does spybot s&d still exist?

Re:

[Dutch Gun]

That's because, from Google's perspective, you have to read that line: "money injectors, money generating hijackers, system utilities, anti-virus, and major brands."

You can understand how they'd have trouble seeing those first two items as a bad thing.

Re:

[Alumoi]

That's because, from Google's perspective, you have to read that line: "not our injectors, not our hijackers, not our system utilities, not our anti-virus, and other brands."
Fixed it for you.

Re:

[AmiMoJo]

They clearly do see them as a bad thing as they have gone to lengths to block them. There used to be a vulnerability in all browsers where local applications could just install plug-ins and change settings files. Chrome blocks that now, so locally installed plug-ins are ignored and settings are encrypted to prevent tampering.

It depends how you define "worse"

[mark-t]

Do you define worse as being simply larger in scale, and affecting more people in undesired ways? Or do you define worse as being a larger headache for those who must deal with it?

If the former, I'd agree. Unwanted software certainly affects more people, but if the latter, I'd have to dissent, and suggest that accidentally having malware get into your system is going to pose a much bigger problem for the end user than unwanted software is ever likely to represent.

The true reason for Google

[jeti]

If we can't have Java, we kill it.

Unwanted software?

[Sardokaur]

By unwanted software do you mean Google Chrome and Google Toolbar? That stuff is really bundled in many things. Please stop bundling it.

Time for the pot to clean itself

[simplypeachy]

Such as Google Chrome installing as default browser, Google Toolbar installing to IE?

Re:

[sabbede]

Hey! That toolbar gives you the valuable convenience of being able to search right from a box at the top of your browser!

Maybe in some mythical perfect future, browsers will be able to search from the address bar. Until that fantastical day arrives, the Google toolbar will remain a necessary extension.

Wow look who is talking

[Ilgaz]

You almost introduced unwanted, bundled software to the developers. Chrome doesn't count because you are supposed to be cool& nice guys? I don't think so.

Erratum in title

[philofaqs]

(Don't call me) Shirley the ": " in the title should be 's

Major brands?

[sabbede]

As in McAfee? Is Conduit being considered a major brand?

I hate Conduit.

Unwanted software bundled to installers ...

[allo]

Unwanted software bundled to installers ... ... like browsers?

What, like Chrome?

[Reziac]

Because about a month ago, Chrome installed a new version of itself without asking, without permission, and the first hint I had (since I don't use the nasty thing unless I have to) was a new icon on my desktop. (Didn't even put it in a sane location. It's somewhere down in User Application Data.)

Apparently if you have Google Talk installed, this is what Google does behind your back.

Re:

[toddestan]

Chrome installs a couple of services on Windows that run all the time and will keep updating Chrome even if you never use it. Those services aren't specific to Chrome, you'll get them if you install Google Earth and probably Google Talk too.

You can try stopping those services, but I've found that launching Google Earth will often turn them on again (can't say anything about Chrome or Talk because Earth is the only Google program I have).

Re:

[Reziac]

Yeah, I found that with Earth too... tho that had ceased to be an issue because Earth won't run anyway. But this automatically installing (NOT updating -- it installed entirely new and left the old install alone) wasn't happening til this little escapade, and I think the last time Earth ran before it decided not to was about a year ago. So the updater hadn't run since then.

But then I installed Talk, and yep, that's when the new Chrome dates to. Hadn't thought to look in Task Mangler and kill GoogleUpdate. :

The title has it wrong

[hoggoth]

Weird title and summary. Unwanted software that installs itself by riding along unnoticed with real wanted software thus tricking you into allowing it to install, then making your system do bad things you don't want it to do...? That's IS malware.

Re:

[Zontar The Mindless]

Dude, check the date--the rest of us knew about this 3 fucking years ago. Can you stop posting it to every story already?