Tuesday, April 8, 2014

The Politics Of: Foistware

Last night The Omnivore updated a piece of software on his computer. It was one that hadn't been loaded in a while and it asked the usual questions. Apparently it also asked (although The Omnivore cannot confirm this) if The Omnivore wanted AVG Anti-Virus and something called "Search Assist."

As The Omnivore clicked through the various screens in rapid succession trying to get to the install, this was all lost on me--and so it was a shock (kinda--sorta) when I saw that a new tab had been added to my browser start-up pages: AVG Search.

After a moment of checking: AVG Anti Virus was also on my machine.

This was annoying: I consider messing with my search or Chrome start conditions without explicitly asking me to be malware-like behavior even if the software itself isn't definitionally a virus. I also realized that I'd been had: my failure to read the various material had opened me to the "drive-by install" called variously foistware or PUP (Potentially Unwanted Programs).

Worse--much worse--was something called "search assist." Search Assist is a piece of software that is designed to (a) try to give you pop-ups based on key-words and (b) show you videos with sound in the lower corner of your screen. This--the video with sound thing--is a first-order betrayal. I was furious--I did some checking around and determined that the Search Assist software:
  • Came (originally) from a company called Conduit, now Perion
  • It is not technically a virus or worm--but it causes a lot of trouble
  • It is extremely hard to uninstall (I tried Malware Bytes, Spybot Search & Destroy, and Ad-Aware. I finally got it with HitMan Pro)
Follow The Money
What I couldn't understand was why anyone would do this. First and foremost, why would TuneUp--a (at the time) reputable piece of software, put drive-by install stuff on its installer? Now, I know that Adobe has done it (Google Toolbar), and Java has done it (McAfee)--so at that point, I guess, why not--but something like Search Assist is only technically not a virus. There's probably no human alive who wants it.

I'm sure it exists in the wild on 'grandma's' computer where she thinks "That's just how the web works." 

Well, it turned out, on some inspection, that TuneUp had gone out of business and then been acquired--the re-launch was, apparently, monetized.

What does that mean?

Here's how it works:
As The User Can Accept Or Decline, Hide That Shit So They Accept And You Get Paid
The image is from InstallMonitizer, a company with some fairly big name backing behind it (Y Combinator, apparently) that is trying to crack the code of how to make money when everyone wants everything on the Internet for free.

The solution is this: No one will ever install your shitty-ass software so you piggy back on something they may actually want and the person making software people might actually want gets paid around a dollar per install every time someone is duped into installing your stuff.

If your stuff is an innocuous little program that sits in their list of software and never gets launched? Probably a losing proposition. If your software is designed to make you money by hijacking search queries, playing ads, and other such miserable behavior? The buck--it was worth it.

This does, of course completely erode trust in downloads as you can get "virus like software" (and trust me, Search Assist was "virus like" in every way imaginable--especially its difficulty to uninstall)--with a completely legitimate download.

So the question isn't so much about the Search Assist garbage (note: most of the how-to-get-rid-of-it stuff on the web was dated) as AVG. Why the hell is AVG in the "no one would ever buy our software" position?

What's Wrong With AVG?
It isn't exactly market-share:

AVG clocks in with a healthy 9.1% of the 2013 AV percentage. Considering that Windows is made by Microsoft that isn't too surprising. Sure, 9.1% isn't awesome--but presumably the other groups make their money too. If you can run McAfee with 3.1% of the market, AVG should be rolling in dough with basically 3 times that.

The Answer: AVG Secure Search
What Do I Get? What You Get Is Hijacked, Son
I went looking through AVG's products to see if there was some other reason they would need to stealth-install on people and, lo, the answer was right there: Secure Search. Secure Search is the "product" where AVG sets your default search engine to theirs and then purports to tell you how safe a link is. 

The key, of course, is that by monitoring your surfing they're gathering data about you--data they can monetize. But wait, aren't they ... you know ... committed to privacy? Why yes--it's right their Privacy Policy. In fact, here's the important part:
  • Create content that is relevant to you
  • Provide you with special offers that may be of interest to you, including offers relating to third party products and services
  • Assist us in creating better, customized products and services to meet your needs
  • Allow you to purchase and download products, obtain access to services or otherwise engage in activities you select
  • Help you quickly find software, services, or product information important to you
There's other stuff they do with this--but the bolded bit is key: they're gonna advertise to you or just "advertise you" using their database of your web-surfing habits. That's why it's so hard to get rid of and that's why it has a 1-star review on

Basically that Search Assist malware? Same thing--slightly different business model. NOTE: AVG did, in fact, make their search product hard to uninstall in the past. They claim it's better now. The Omnivore isn't sure (it did uninstall, apparently, through normal channels--but not everyone knows how to do that either).

Needless to say, this is pretty appalling behavior and while The Omnivore will give points for bald-facing it, the sooner their market-share drops off the bottom of the list the better. 

Why We CAN Have Nice Things
Before The Omnivore goes, though, there's something you should consider: "selling" bottled water was considered a marketing coup--charging a premium on something you can really get 'for free.' The Internet works in reverse: you get everything 'for free' and the business strategy is how to drive corporate value out of that. Invariably, if the product is free, you are the product (not sure how that works for Avast!, though).

The ecology of drive-by installs is simply an outgrowth of that: you make a nice, clean, really cool app and (a) you gotta give it away for free because that's how Windows Apps work and then (b) you want to get paid. Your donations button brings in a few clicks here and there but it isn't quite enough--so what do you do?

The answer is that you find some way to partner with someone who wants what you've got: users and their eyeballs. You can suck-up their data and sell it? Good way to get lynched. You can show them ads? You know--maybe. If your service is a web page you can bet they're ad-blocking and feeling totally justified about it.

So what are your options? Well, if I just saw 1MM downloads go by and someone said "That'd be 1M dollars, dude--and your app is just getting started ... " I'd be tempted. I'm not made of stone, you know.

On the other hand, we have a perfectly working model that can make millions of dollars overnight: the App Store.

This is what Windows needs to move to (Apple already has)--and quickly. I'm already dismissing Java updates because I don't feel like taking the time to figure out what bundle-ware they've decided to put with the software update my computer (often) will need to run.

I don't begrudge anyone making an honest buck--but when the Anti-Virus is the Virus? I think even the most cynical of us should take notice.

Don't use AVG.


  1. "I'm not made of stone, you know."

    Wow, was the Omnivore channeling Krusty the Clown?

    -- Ω