English: A download symbol.

Malware and Injected Advertising – You may be downloading more than you bargained for. 

Malware has a younger brother and he’s after your personal data. You are probably familiar with malware – it’s software that’s intended to disrupt or destroy the operation of your computer. Injected advertising deposits additional software on your computer while you’re downloading the software that you’ve requested. And it’s legal, at least so far.

To be clear where not talking about viruses or keystroke reading technologies. Injected media, which generally gather your data, actually lives on your computer with your permission. OK, here’s the deal. When you download free software, via a site like download.com (owned by CNET and CBS Interactive – more on that later) or softpedia.com, you have to agree to “Terms of Service.” You don’t read them, and neither do I. You just click.

Buried in those terms of service is your permission for the software provider to inject other programs on to your computer. In turn, some of those programs inject other programs on your computer. Before you know it your toolbar has changed and you’re seeing pop-ups galore.

I first became aware of the phenomenon when I was cleaning up my mother-in-law’s computer. I happened to notice that there were tons of programs on her hard drive that she would never have downloaded (no not pornography, thank you – multiple small time search engines and tool bars). Some quick research revealed that many of them had been injected along with free virus detection tools. In many cases, you didn’t even get the tools, you received a limited trial or a very limited free version.

I also noticed that something similar was happening when I attempted to download a browser like Chrome or Safari. I was getting the browser but it seemed to come a third party that I had never heard of that was putting up an unfamiliar toolbar or becoming my default homepage. It took a couple visits back to Google before I realized what was going on. I hadn’t clicked on the official Google or Safari page. I was on another page, that looked a lot like the original, but just a little different. It was a case of bait and switch.

It was quite difficult to actually get rid of some of the programs. Even when I attempted to delete them, they would come back with questions and responses that actually kept the programs intact. You can in many cases head off the injection of advertising through third party programs by requesting the “advance settings” or “custom settings” when you’re preparing to download the program that you do want. Using the advance settings you have the ability to opt out.

The big surprise is that injected media is actually being used by CNet and its parent CBS Interactive, among others. They’re one of the players in injected media. It turns out that in an age where users have come to expect free or very low cost software that there’s no longer much of a market for some software companies to simply sell their products. So, CBS Interactive uses their products – I imagine they’re buying or licensing it – to inject on to computers to obtain consumer data. This last piece of the puzzle I had no idea about until I happened to hear Leo Laporte talk about it on this week’s This Week in Technology poscast. Interesting timing.

Enhanced by Zemanta