Sneakware   Leave a comment

When we install a program and end up with one or more unexpected apps, this is sneakware. These are not malware, they don’t replicate like viruses or report sensitive data back to some remote hacker. Sneakware are apps pushed by vendors searching for a bigger audience. Sneakware do a lot of good for the vendor and do less for you.

Sneakware generally is not malicious in nature and usually is software that a number of users may choose to install. There’s no great secret to how sneakware gets onto your system. Consider the classic sneak play involved in a Nexus Radio installation. After executing the downloaded installation file, the user sees a buxom bass player, perfect for  distracting the attention and getting a quick hit of the Next button, which is already pre-selected. All the user has to do
is hit Enter another six times and the program is installed. Is anyone still paying attention by the sixth screen? Nexus Radio hopes not, because hitting Enter here will result in acceptance of the license, installation of the Ask toolbar, and making Ask the browser’s default search provider.

Nobody downloads Nexus Radio looking for the Ask toolbar, but the unwary will end up with it anyway. Only  unchecking the two Ask option boxes will prevent the sneakware installation.

In most cases, sneakware is not malicious. One arguable exception is software that persuades someone to install it through devious or misleading means, even though that software ostensibly has no malicious impact. The classic example of this is the antivirus warning message that pops up during a Web browsing session, warning the viewer that his system is in danger and that a scan for threats is urgently needed. Most of us think of a “scan” as something that runs from a remote location and doesn’t install anything locally. In this case, that belief is wrong. Clicking anywhere in the message, perhaps even clicking the red X in the corner, launches a background download and installation of some sort
of antimalware software.

This fits the strict definition of sneakware because the antimalware application (a) installs through a sort of unwitting assent and (b) doesn’t cause damage, steal anything, or sacrifice system security. You didn’t want it, but it’s there anyway, and getting rid of it could be every bit as difficult as expunging a virus. Still, sneakware is not malware, and companies such as Symantec and Trend Micro are unlikely to ever treat it as such because users inevitably give some form of permission when installing it. Thus the burden of caution stays with users, whether they want it or not.

For better or worse, it’s common for people in the Internet age to assume that everything digital either is or should be free. Isn’t this the basis of freeware and things like Wikipedia? Free, however, is not usually the case. Inevitably, money has to enter into the equation in order to keep electricity flowing and food on people’s tables.

In the case of a small software vendor trying to carve out a name and market presence through freeware, it’s hard to  begrudge some application bundling as long as the sneakware is fairly marked and the uninstallation process is  straightforward. These  companies have to make money somehow, and it’s obviously not happening from retail purchases.

On the other hand, some might object to receiving the same (or worse) handling from a company such as AOL, which generated nearly $2.5 billion in 2010 revenue. AOL’s famously popular Winamp media player not only features  sponsored ads in the main UI of the free Standard version, but it also runs the user through sneakware pages for AOL Search, eMusic, and DriverHive, which users might assume was needed for Winamp since it is “recommended.”



Posted August 17, 2011 by Anoop George Joseph in Uncategorized

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: