Why do Windows users put up with this crap?

[Blue Mountain]

Yesterday I assisted a friend clean up yet another infestation of malware / adware on her computer. Somehow--she has no idea how--within the space of a few minutes the following software installed itself on her computer:

• Conduit Search Bar (no idea where this came from)
• Internet Updater (via Conduit)
• Install Converter (probably via Conduit; no idea what it does)
• McAfee Security Scan Plus (probably via Adobe Reader update)
• AVG AntiVirus Free Edition (no idea where it came from)
• Websteroids (no idea where it came from)

It cost her 1 hour of my time (I bill people for this work to keep the number of requests manageable.)

What the ... ? Suppose you went to a restaurant and the waiter put buns(with butter) on the table and two cups of coffee, then after the dinner gave you ice cream. But when you get the bill you discover you've been charged extra for the buns and the butter, the coffee and the ice cream, because the waiter didn't tell you these were not complimentary but instead items you'd be charged for if you consumed them! Would you eat there again? Would you recommend the restaurant to your friends?

With two other friends, the Avast! antivirus software decided the user would like to have Chrome browser and made it their default browser.

Why is it that Windows users the world over put up with this sort of crap without raising holy hell with (first) Microsoft for not more diligently trying to distinguish between user-requested software installs vs drive-by installs, and (second) the software vendors for sending thsi sort of crap along with their software? Why is it that every time a user want to add a program to their system they have to run a gauntlet of onerous licensing agreements and check diligently to ensure only the software they want installed gets installed?

This is a huge reason why I run Linux. I've never has a piece of software on Linux up and decide I wanted to get another program as well. I realise that could well change if Linux ever became really popular. But Apple has long been a strong competitor to Microsoft and I've not heard many Apple OS users complaining about drive-by installs. Why does it seem only Windows has this problem, and why have its users put up with this?

 

[Sideroxylon]

Anytime you install free software you must read every screen to ensure you are not getting anything extra like menu bars or new applications - Read those checkboxes! This would surely have happened with the Avast installation.

Also, be careful with USB sticks - viruses and malware like to hitch a ride on them. And if you don't know what you are doing and not prepared to do deal with viruses yourself then you should not be adventurous in visiting dodgy websites or messing about with torrents.

 

[icerat]

Not sure about Websteroids, but every single one of the other installs requires the user to agree to installing it.

It got installed because your friend said to install it.

What would you have MS do? Prevent users being able to install software?

I understand the problem. I regularly have to do similar cleans for family members who swear black and blue they've never installed anything - yet I've seen them just mindlessly click OK without bothering to read what's right in front of them. What's the option?

And yes, the problem exists on Macs as well.

 

[SumDood]

Theoretically, don't these software manufacturers keep cost down by 'bundling' the extras? That's why I put up with it. Free is nice.

 

[aggle-rithm]

Anything Microsoft does to make its software foolproof will result in the Universe providing bigger and better fools. It's a freaking arms race.

 

[Lerxst]

Yesterday I assisted a friend clean up yet another infestation of malware / adware on her computer. Somehow--she has no idea how--within the space of a few minutes the following software installed itself on her computer:

• Conduit Search Bar (no idea where this came from)
• Internet Updater (via Conduit)
• Install Converter (probably via Conduit; no idea what it does)
• McAfee Security Scan Plus (probably via Adobe Reader update)
• AVG AntiVirus Free Edition (no idea where it came from)
• Websteroids (no idea where it came from)

It cost her 1 hour of my time (I bill people for this work to keep the number of requests manageable.)

What the ... ? Suppose you went to a restaurant and the waiter put buns(with butter) on the table and two cups of coffee, then after the dinner gave you ice cream. But when you get the bill you discover you've been charged extra for the buns and the butter, the coffee and the ice cream, because the waiter didn't tell you these were not complimentary but instead items you'd be charged for if you consumed them! Would you eat there again? Would you recommend the restaurant to your friends?

With two other friends, the Avast! antivirus software decided the user would like to have Chrome browser and made it their default browser.

Why is it that Windows users the world over put up with this sort of crap without raising holy hell with (first) Microsoft for not more diligently trying to distinguish between user-requested software installs vs drive-by installs, and (second) the software vendors for sending thsi sort of crap along with their software? Why is it that every time a user want to add a program to their system they have to run a gauntlet of onerous licensing agreements and check diligently to ensure only the software they want installed gets installed?

This is a huge reason why I run Linux. I've never has a piece of software on Linux up and decide I wanted to get another program as well. I realise that could well change if Linux ever became really popular. But Apple has long been a strong competitor to Microsoft and I've not heard many Apple OS users complaining about drive-by installs. Why does it seem only Windows has this problem, and why have its users put up with this?

Why do you blame Windows? It happens because of the large installed base to work with, and because people are not very smart when it comes to this sort of thing and software designers exploit that.

 

[Axiom_Blade]

Theoretically, don't these software manufacturers keep cost down by 'bundling' the extras? That's why I put up with it. Free is nice.

Or you could get software that is free (as in price) and free (as in freedom) and get nothing bundled extra.

Why do you blame Windows? It happens because of the large installed base to work with, and because people are not very smart when it comes to this sort of thing and software designers exploit that.

Microsoft could have repositories containing vetted software, so that users wouldn't have to worry about it so much. Android and iOS have app stores, Linux has used software repositories for, what...over a decade now? Why can't MS do this?

 

[Sideroxylon]

Or you could get software that is free (as in price) and free (as in freedom) and get nothing bundled extra.



Microsoft could have repositories containing vetted software, so that users wouldn't have to worry about it so much. Android and iOS have app stores, Linux has used software repositories for, what...over a decade now? Why can't MS do this?

 

[jeremyp]

Or you could get software that is free (as in price) and free (as in freedom) and get nothing bundled extra.



Microsoft could have repositories containing vetted software, so that users wouldn't have to worry about it so much. Android and iOS have app stores, Linux has used software repositories for, what...over a decade now? Why can't MS do this?

Yes, if only Microsoft had an App Store

Free Software is not the answer because the people who write Free Software still have to eat and so they need a revenue stream from somewhere. I don't see why binary downloads of Free Software are necessarily more immune to unwanted bundled software than any other kind.

 

[DGM]

Why can't MS do this?

I suspect people would say they're "controlling our software" if they did and search elsewhere to escape the MS grip.

People like to hate Windows/MS.

 

[Blue Mountain]

Anytime you install free software you must read every screen to ensure you are not getting anything extra like menu bars or new applications - Read those checkboxes! This would surely have happened with the Avast installation.

I installed Avast myself on those computers be cause at the time I was a fan of it. I do not recall agreeing to an installation of Chrome. But later, when Avast updated itself, it (probably) asked the user slyly if she wanted Chrome with it, and so gave it to her.

Also, be careful with USB sticks - viruses and malware like to hitch a ride on them. And if you don't know what you are doing and not prepared to do deal with viruses yourself then you should not be adventurous in visiting dodgy websites or messing about with torrents.

Good advice in general. However I doubt my clients, mostly senior citizens and a large portion of them female, are visiting websites much dodgier than The Shopping Channel. And they're certainly not downloading torrents.

Not sure about Websteroids, but every single one of the other installs requires the user to agree to installing it.

It got installed because your friend said to install it.

What would you have MS do? Prevent users being able to install software?

I understand the problem. I regularly have to do similar cleans for family members who swear black and blue they've never installed anything - yet I've seen them just mindlessly click OK without bothering to read what's right in front of them. What's the option?

And yes, the problem exists on Macs as well.

It's partly user stupidity, but mostly what I'm railing against is the culture of current software vendors that makes opt-out then norm instead of opt-in. Here in Canada many provinces have banned negative-option billing. However, that's for paid-for services, not free services.

In addition, the unwanted software did not come from a program the user downloaded and then installed, but from an update to a program that was preinstalled on the computer. So simply by doing routine maintenance, which is a good idea, the user risks getting a bunch of crapware he/she probably doesn't want and certainly doesn't need.

Imagine taking your car to a dealer or a garage for spring maintenance. In addition to all the stuff you actually ask for, in small print between the work order body and the signature line there's a line that reads, "Initial here if you do not want our mechanics to place fluorescent orange bumper stickers front and back reading 'I love Joe's Garage, 133 Main Street.'" I'm pretty sure the local consumer protection office would be talking to the owner of that garage in short order.

And you're right, it's probably technically difficult for the OS as a whole to distinguish between components that are required for a program to run and components that are used by a totally different program. However, for sure the MSI installer could prevent any single installation package from installing more than one entry to the Programs and Features list without alerting the user. I propose an idea below. Whether or not it's workable is another issue.

I'm not surprised to see the issue is on Macs as well, although probably on a smaller scale due to the smaller installed base.

Theoretically, don't these software manufacturers keep cost down by 'bundling' the extras? That's why I put up with it. Free is nice.

That's true. But at times free comes at a high cost.

Anything Microsoft does to make its software foolproof will result in the Universe providing bigger and better fools. It's a freaking arms race.

Sad but true. There's also "Maake a system that even a fool can use and only a fool would want to use it."

Why do you blame Windows? It happens because of the large installed base to work with, and because people are not very smart when it comes to this sort of thing and software designers exploit that.

Yes, my post waffled between blaming Microsoft and blaming the providers that supply the software that runs on Windows. In my opinion, Windows can help out by alerting users when it's installing a sub-package from a different provider than the main package. That should be easier now that a lot of providers are getting digital signatures for their software.

Perhaps make not installing second-party software the default. If a company needs to bundle second-party software (e.g. the Blink VoIP softphone client requires the Bonjour toolkit from Apple,) Windows should force the end user to jump through an extra hoop or two to get it installed. For example:

Windows has detected an attempt to install the "Bonjour" toolkit. The request to install the toolkit came from the following program: blink_installer.exe
Click the "Install Bonjour Toolkit" checkbox below and click OK to let the installation proceed.​

(I'm assuming Windows can tell the difference between an installer launched from a program vs an installer launched from a directory window or the command line.) Note that clicking OK without selecting the checkbox would cause the installation to be bypassed, which would help resolve the issue of user blindly clicking OK. It would be more up-front work for the "Blink" installer to explain why the user needs to install "Bonjour" as well, but it would help prevent users from blindly clicking "OK" to install something they don't need.

 

[geni]

Or you could get software that is free (as in price) and free (as in freedom) and get nothing bundled extra.

Nothing extra? You mean like the ads for firstime firefox users.

Microsoft could have repositories containing vetted software, so that users wouldn't have to worry about it so much. Android and iOS have app stores, Linux has used software repositories for, what...over a decade now? Why can't MS do this?

The problem you hit fairly quickly is that MS users are used to the idea that decidedly non mainstream software will run. By comparison Linux users seem to be prepared to accept that outside the mainstream they will have to start messing around with having the right version of C++ installed and some rather odd libraries. This result in a situation where MS would need to have a far broader app store than anyone else.

 

[GlennB]

Not sure about Websteroids, but every single one of the other installs requires the user to agree to installing it.

I've exprienced roughly what the o/p describes. It wasn't because I agreed to install it, it was because I failed to disagree with its installation. Agreeing was the default, and I didn't spot it. And it's not as if there was check-box saying "We will install other stuff unless you check this", it was that I needed to follow a procedure that wouldn't occur to many non-savvy people.

Not quite the same as "requires the user to agree to installing it".

 

[DGM]

Windows should force the end user to jump through an extra hoop or two to get it installed.

I would suspect this would annoy more people then help. Windows already asks if your sure you want to install and most people click that little box that asks "don't show this in the future".

The "opt-in" would be nice but, so would no telemarketers.

 

[Blue Mountain]

Yes, if only Microsoft had an App Store

Free Software is not the answer because the people who write Free Software still have to eat and so they need a revenue stream from somewhere. I don't see why binary downloads of Free Software are necessarily more immune to unwanted bundled software than any other kind.

Well, a lot of people doing FOSS (Free and Open Source) software are doing it for the love of the craft instead of the money. This can work two ways:

• The software is worked on by a large number of people, all of whom have their own day jobs and contribute to FOSS outside of work hours. I think a lot of software from Apache and GNU work like this.
• The software is sponsored by a company: Google writes Chrome and helps support Firefox; the Blink softphone client I mentioned above is written by a Dutch company that also make a lot of ther communications software (and some hardware too, IIRC.)

Both of the above make it less attractive for people to want to bundle unwanted apps with their software. Often there's a big backlash if they try. In addition, because the source code is available, major Linux distributions can compile a clean package from source and put it into their repositories.

One Open Source product that has had problems is VLC (Video Lan Controller). VLC is pretty popular and a lot of unscrupulous download sites package VLC with an adware-laden installer, and then game the search engines to ensure that when you search for "VLC" you get their results above that of VLC's own download site, which has a clean installer.

Now, imagine if MS had run an app store ever since the days of, say Windows 2000 or XP. People going to the store would know that you'd be getting the proper package for your version of Windows, as close as possible to the original supplier as you could get without actually downloading it from the supplier's site yourself. (In fact, the site itself need not actually supply the app; it could link to the installer at official download site.) That would pretty much eliminate the problem I've just described.

However that would not resolve a problem such as Oracle putting its latest version of Java on to the MS Software Site with the Ask! toolbar bundled in. At that point the only thing Microsoft could do is to threaten to not host that piece of software until they supplied a clean installer. And now you're into a situation where MS can be accused of acting as the gatekeeper for all Windows software, which I don't think is a job they want.

 

[Blue Mountain]

I would suspect this would annoy more people then help. Windows already asks if your sure you want to install and most people click that little box that asks "don't show this in the future".

For installation of a second-party application, there would be no "Do not show me this in the future." Programs that require second-party packages (like Blink requiring Apple's Bonjour) are, in my experience, relatively rare. Not that I have a huge amount of experience installing software on Windows. I'm the tech lead for a company that has 15 - 20 Windows systems running, but most users install the packages they need without getting me involved.

The "opt-in" would be nice but, so would no telemarketers.

In my proposal, the "opt in" would be enforced by the operating system. Shady malware installers shouldn't be able to work around it.

 

[Blue Mountain]

I've exprienced roughly what the o/p describes. It wasn't because I agreed to install it, it was because I failed to disagree with its installation. Agreeing was the default, and I didn't spot it. And it's not as if there was check-box saying "We will install other stuff unless you check this", it was that I needed to follow a procedure that wouldn't occur to many non-savvy people.

Not quite the same as "requires the user to agree to installing it".

I agree completely. Refer to my example above of a automobile owner having to disagree to a garage adding bumper stickers to car when taking it in for service, and having said opt-out clause buried among a bunch of boilerplate text on the work order.

 

[DGM]

In my proposal, the "opt in" would be enforced by the operating system. Shady malware installers shouldn't be able to work around it.

You're not that naive. It's a problem in Windows and Macs because their the most used. If Linux was more popular it to would be targeted. Remember when Macs never got viruses?

 

[DGM]

I agree completely. Refer to my example above of a automobile owner having to disagree to a garage adding bumper stickers to car when taking it in for service, and having said opt-out clause buried among a bunch of boilerplate text on the work order.

But isn't your plan also asking the cars manufacturer to make it so the stickers wont stick?

 

[icerat]

How quickly people forget. One of the reasons Windows Vista "failed" was because in it's initial release they locked it down a lot tighter with strict User Account Control and it just p***ed people off.