Abstract
We present a large-scale study of Windows freeware installers. In particular, we look for potentially unwanted programs (PUP) and other potentially unwanted modifications to the target system made by freeware installers. The analysis is based on almost 800 installers gathered from eight popular software download portals. We measure how many of them drop PUP, such as browser plugins, or make other modifications to the system. In addition to these results, we find that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks, which in the worst cases may be used to execute arbitrary code with elevated privileges on the target system. Moreover, serious man-in-the-middle vulnerabilities are found in application managers provided by download portals.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Potentially Unwanted Application (PUA) is another often used term.
- 2.
CNET’s downloader VT report available at https://virustotal.com/it/file/9961ebc9782037f68b73096bcff3047489039d6dc5c089f789b3dbff4109e21b/analysis/.
References
Böhme, R., Köpsell, S.: Trained to accept? A field experiment on consent dialogs. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2010, pp. 2403–2406. ACM, New York (2010)
Boldt, M., Carlsson, B.: Privacy-invasive software and preventive mechanisms. In: International Conference on Systems and Networks Communications, ICSNC 2006, p. 21, October 2006
Bruce, J.: Defining rules for acceptable adware. In: Proceedings of the Fifteenth Virus Bulletin Conference (2005)
Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, USENIX Association, Berkeley (2011)
Emm, D., Unuchek, R., Garnaeva, M., Ivanov, A., Makrushin, D., Sinitsyn, F.: It threat evolution in Q2 2016. Technical report (2016). https://securelist.com/files/2016/08/Kaspersky_Q2_malware_report_ENG.pdf
Esposito, D.: Browser helper objects: the browser the way you want it. https://msdn.microsoft.com/en-us/library/bb250436(v=vs.85).aspx. Accessed 29 Dec 2016
Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., Konstan, J.: Stopping spyware at the gate: a user study of privacy, notice and spyware. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS 2005, pp. 43–52. ACM, New York (2005)
Goretsky, A.: Problematic, unloved and argumentative: what is a potentially unwanted application (PUA)? Technical report, November 2011. Accessed 03 June 2016
Heddings, L.: Stop testing software on your PC: use virtual machine snapshots instead. http://www.howtogeek.com/206286/stop-testing-software-on-your-pc-use-virtual-machine-snapshots-instead/
Heddings, L.: Yes, every freeware download site is serving crapware (here’s the proof). Technical report. http://www.howtogeek.com/207692/yes-every-freeware-download-site-is-serving-crapware-heres-the-proof/
Kotzias, P., Bilge, L., Caballero, J.: Measuring PUP prevalence and PUP distribution through Pay-Per-Install services. In: Proceedings of the USENIX Security Symposium (2016)
Kotzias, P., Matic, S., Rivera, R., Caballero, J.: Certified PUP: abuse in authenticode code signing. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 465–478. ACM (2015)
McFedries, P.: Technically speaking: the spyware nightmare. IEEE Spectr. 42(8), 72–72 (2005)
Microsoft: VERSIONINFO resource. https://msdn.microsoft.com/en-us/library/aa381058.aspx. Accessed 05 Jan 2017
Microsoft: Windows installer and logo requirements. https://msdn.microsoft.com/en-us/library/windows/desktop/aa372825(v=vs.85).aspx. Accessed 30 Dec 2016
Microsoft: Run, RunOnce, RunServices, RunServicesOnce and Startup, November 2006. Accessed 08 Dec 2016
Motiee, S., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege? Investigating user account control practices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 1. ACM (2010)
Slade: Mind the PUP: top download portals to avoid. Technical report, March 2015. http://blog.emsisoft.com/2015/03/11/mind-the-pup-top-download-portals-to-avoid/
Statcounter: Desktop operating system market share worldwide, June 2017. http://gs.statcounter.com/os-market-share/desktop/worldwide/#monthly-201706-201706-bar
Thomas, K., Crespo, J.A.E., et al.: Investigating commercial pay-per-install and the distribution of unwanted software. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 721–739. USENIX Association, Austin, August 2016
Wood, P., Nahorney, B., Chandrasekar, K., Wallace, S., Haley, K., et al.: Symantec internet security threat report trends for 2016. Technical report, April 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Geniola, A., Antikainen, M., Aura, T. (2017). A Large-Scale Analysis of Download Portals and Freeware Installers. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds) Secure IT Systems. NordSec 2017. Lecture Notes in Computer Science(), vol 10674. Springer, Cham. https://doi.org/10.1007/978-3-319-70290-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-70290-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70289-6
Online ISBN: 978-3-319-70290-2
eBook Packages: Computer ScienceComputer Science (R0)