Adware Goes Rogue

Perhaps it’s no coincidence that “adware” and “annoying” both start with the letter A, because really, what could be more annoying than trying to surf the internet while silly, useless ads appear on screen? You close one ad and another one opens up on its heels. Not a moment later,  there’s a flashy banner ad, making your head swim and your eyes dart. Your internet-surfing zen, effectively killed by the disco experience.

 

What is adware?

Adware is ad-display software that comes bundled with legitimate software. Developers looking to make extra bucks off free software make deals with other software developers working on the “I’ll scratch your back, you scratch mine” principle – Adware developers pay the legit software creators money to bundle their wares with the legit programs, thus making sure the delivered ads are  seen by a larger amount of people and the legit developers get to line their pockets a bit, creating the perfect little symbiotic relationship… aw, how cute.

 

Okay, cute it’s not. But the thing about adware is that, typically speaking, as annoying as it is, it’s not dangerous. But like Dr.Jekyll and Mr. Hyde, adware has two faces. There is the just plain annoying one, and then there is the one that borders on menacing. This is the kind of adware that actually collects data on users and phones it home to third parties who use that information to deliver targeted banner ads and such.

 

And then there is the new adware dubbed ”Faster Internet”, just discovered by the famed Bleeping Computer moderator, Lawrence Abrams, which takes data collecting to a whole new level of privacy invasion – Faster Internet actually takes a picture of your computer display and sends that and information about the computer’s hardware back to the adware’s creators to be used for unknown purposes. But one can only imagine what rogue developers might do with such information. As Abrams hypothesizes, “What if the victim had his password manager open to their online bank account or their tax return showing their social security number or address?” Scary stuff, right?

 

But it seem to be part of a larger trend in which privacy-invaders are using the guise of “adware” to conduct some very malware-like actions. For example, this past winter we saw the already-annoying Vonteera adware program go rogue. Vonteera has been around for some time using intrusive methods to get onto users computers, displaying unwanted ads, but recently they upped their game. The program began disabling a number of popular antimalware and antivirus programs by tricking operating systems into marking the security programs as malicious so that it could run undetected. Now why would a program want to do something as evil as that? Hmmm…

 

PUPs – Not the brown and white, fluffy kind

While we’re on the topic of stuff you don’t want hanging around on your computer or device, we should mention PUPs which are nowhere as cute and cuddly as they sound. In this case, PUPs stands for Potentially Unwanted Programs, but they could also go by the name “Programs you would have to be a fool to actually want on your computer” and it would be a bit closer to the truth. In reality, all adware falls under the category of PUPs, because, well you would have to be a fool to want adware running on your PC. So ya got that? All adware is a kind of PUP, specifically one designed to deliver ads, but not all PUPs are adware.There are other kinds of PUPs out there, like worthless games, toolbars that are pure garbage and browser hijackers. None of them help you in any way and they all come with a very real potential to steal your information and track your actions online.

 

PUPs and adware vs malware

Now you might be thinking, “Yeah, this all sounds bad, but heck, isn’t this just malware? And wouldn’t my antivirus program get rid of them?” True, both PUPs (including all adware) and malware are rotten little buggers but here is the difference – malware by definition, accesses computers without the owner’s permission. PUPs have actually been invited in. As we mentioned above in regard to adware, PUPs come bundled with legitimate software programs. Somewhere in the installation process for that perfectly innocent piece of software, there was a End User Licensing Agreement that you probably didn’t actually read before you installed the program. Had you read it with a hefty dose of critical thinking, you might have noticed a blurb about changes to existing programs. What, you didn’t notice that clause, buried there on line 562!? Well, that was the part where you agreed to run the said PUP on your PC, unless you opted-out, of course, which you didn’t do because you didn’t bother to read the EULA carefully (which is what PUP creators are banking on anyway). This way, PUP creators can argue that the end-user wanted the program to run and therefore it’s not malicious. And as such, typical antivirus programs don’t touch them.

 

At the end of the day, they are all bad and can cause damage to your digital identity and infringe on your privacy, no matter what name they go by. If you want to keep the baddies at bay, construct a plan to take your digital security to the next level. We recommend the following:

 

  • Stay away from shady downloads and attachments. As we have mentioned before, they often harbor malware and clicking on them can cause your computer or device to install rogue programs.
  • When installing any new program, keep away from freeware download sites. These sites are well-known for giving users much more than they bargained for when downloading desired programs. You’re better off paying for software, or if you must use a freeware site, read through the EULA very carefully to make sure you don’t get more than you bargained for. To be really sure you don’t get walloped with PUPs, including adware and more, make sure you have RCS’s very own Unchecky installed, which will uncheck any checkboxes that have already been opted-in for you by software developers.
  • Make sure you have a solid antimalware program like RCS installed which blocks adware including Faster Internet and Vonteera fully.

It’s a good idea to fully assess your digital security habits every now and then, making sure you keep your nose out of trouble. Ask yourself “ Do I open any and all attachments my friends and contacts send me? Do I take the time to read through end user agreements? Do I stay away from shady sites that could track my actions?” These are good evaluation questions to start with. If you see that you aren’t using as much caution as you should be, it’s time to change your habits. And remember, just because something sounds cute and unassuming, it doesn’t mean it’s safe. PUPs and adware might not be malware but they can compromise your security and privacy all the same.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s