current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Super User is a question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.
up vote 88 down vote favorite
33

From time to time, I find myself needing a piece of software to perform a specific task. Download.com (CNET) used to be a good site. But now, I find that they bundle a lot of "evilware", i.e. bloatware/adware (spyware?). Despite my best efforts to decline the unwanted items, I frequently end up with a "modified web browser experience" afterwards.

Any sensible approach on how to go about this problem, things being what currently they are?

share|improve this question
49  
Most programs available for download at Cnet can also be available elsewhere. Some open-source programs might also be available easier from the developers page. –  Doktoro Reichard Dec 10 '14 at 9:40
59  
Where possible I go the software authors website and avoid sites like download.com. –  DavidPostill Dec 10 '14 at 9:42
4  
I find that most sites have two download links; one on their own site and the other on a sponsor site where they are paid on each click/download in return of allowing them to install your software with their (ad-infested) installer. I find the sponsor sites always say 'recommended' but I always go with the on-site installer as it's much safer. –  cybermonkey Dec 10 '14 at 11:28
24  
I agree with @DavidPostill The mass download sites are really just link farms. Most of them don't even host the download, and worse, often attach some adware "downloader". Avoid them at all costs. –  simonzack Dec 10 '14 at 17:49
5  
I would avoid download.com, but in case you do download something with bundled crapware, check out unchecky.com It runs in the background and unchecks those boxes for you. I think it only works on certain installers, but I figured I'd throw it out there. –  Rocket Hazmat Dec 11 '14 at 16:13

9 Answers 9

up vote 64 down vote accepted

In addition to what has been suggested, you'll find that by preferring open source software to closed source will generally take care of this problem for you. Instead of CNET, look on Sourceforge and GitHub and you'll find much better software.

Update

Many have also mentioned Chocolatey. It is definitely a big piece of the full puzzle. In general, command line installation is best for most applications because it allows you to write simple scripts to go from fresh install to a fully updated machine, unattended. Your script might look something like:

REM Add driver installation here or make that a separate script.

@powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

cd %ALLUSERSPROFILE%\chocolatey\bin
choco install googlechrome apache2 mysql php myadmin

REM You can even use it to install applications which can install from GitHub or Sourceforge:
choco install git
choco install svn

REM NOW YOU CAN
REM git clone https://github.com/WordPress/WordPress
REM **OR**
REM svn co http://core.svn.wordpress.org/trunk/ .

Note: This is just a rough outline of something you might use. Many tweaks are probably needed.

share|improve this answer
6  
chocolatey.org is a good option as well –  Steven Penny Dec 10 '14 at 10:56
23  
Apparently there has been these issues with Sourceforge in the past. Don't know the current situation... –  user694733 Dec 10 '14 at 11:21
21  
@user694733 Just a few days ago, I had trouble with a Sourceforge project trying to trick me into installing adware/malware at almost every step of the installer. So the situation isn't any better. –  usm Dec 10 '14 at 11:34
6  
@krowe The app in question was FileZilla, which is one of the more popular ones. Their own web site only provides Sourceforge links. I don't think project size has anything to do with it. –  usm Dec 10 '14 at 11:45
25  
"...look on Sourceforge and GitHub and you'll find much better software.". I know for a fact this isn't true. My software is also on GitHub and it's pretty shitty. –  Darwin Dec 11 '14 at 8:35
up vote 74 down vote

I take it you're referring to windows programs? I circumvented the whole problem by using Linux Mint (and even keeping installed packages to a minimum with --no-install-recommends & a similar option in Synaptic/apt.conf).

It's got Firefox, Chromium, Opera, LibreOffice, Flash Player, GIMP, tons of excellent "evilware-free" software.

But if your heart's set on Windows... Can't believe I actually forgot about this Windows solution I read about last year (on How-To Geek or Lifehacker or MakeUseOf) for installing & updating freeware on Windows (but I don't use windows, so...) Here's an image & bit of the intro from the How-To Geek page:

https://ninite.com/

Image of ninite.com apps to choose

How-To Geek says " Ninite is the Only Safe Place to Get Windows Freeware":

Ninite is a free tool that automatically downloads, installs, and updates various Windows programs for you, skipping past the evil toolbar offers. For Windows users, Ninite is arguably the only really safe place to get freeware.

[Not sure if I should have added another answer for Ninite, but when I tried superuser.com urged me to edit this one -- I'll bet they'd get in trouble trying to sell freeware, though they have a paid auto-updater and network manager so that's how they stay in business, hopefully not by bothering us ;-) I have no connection to ninite.com - I've only used it once to help a friend, and it seems to answer the question very well for Windows]

share|improve this answer
    
Yes, a Linux VM could be handy for various tasks. –  Ola Eldøy Dec 10 '14 at 10:04
1  
That's true, windows does generally have excellent hardware support (sometimes lacking in linux). I sometimes run windows in a VM for the odd proprietary program or game. –  Xen2050 Dec 10 '14 at 10:06
    
Yes, hardware support in Linux can be lacking, but I've seen cases where (old) hardware would work automatically on Linux while failing on Windows with no known fix. –  reinierpost Dec 10 '14 at 11:02
    
The best hardware for most Linux's (linuxes?) seems to be 2 or 3 years old, even older's usually better, unless you want to run bleeding-edge like Debian Sid. But if you want to run a web/ftp server or vpn on a 12 year old router, piece of cake –  Xen2050 Dec 10 '14 at 11:29
3  
<sarcastic>If its on "How-To Geek" then it must be true</sarcastic>. All most installers require is reading each screen before clicking. For those I don't trust. I launch and install with Sandboxie first. –  Ramhound Dec 10 '14 at 13:01
up vote 21 down vote

I would recommend using Chocolatey. I've not seen any bloatware in the installers used there as they are sometimes repackaged by package maintainers.

Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). It was designed to be a decentralized framework for quickly installing applications and tools that you need. It is built on the NuGet infrastructure currently using PowerShell as its focus for delivering packages from the distros to your door, err computer.

share|improve this answer
    
Worth mentioning Windows 10 will come with some kind of package manager outside of the Windows Store. –  Cole Johnson Dec 12 '14 at 1:08
up vote 16 down vote

For sourceforge in particular, append ?nowrap to the URL - this will allow you to download the file without the sourceforge "wrapper" that adds crapware to the installer - for example use

http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.9.0.2/FileZilla_3.9.0.2_win32-setup.exe/download?nowrap

as opposed to the default

http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.9.0.2/FileZilla_3.9.0.2_win32-setup.exe/download

share|improve this answer
2  
The only fact that the site adds crapware is enough for me to look elsewhere, no matter if I can opt out. –  user256743 Dec 15 '14 at 16:51
    
Just look out if auto-updates from ?nowrap downloads are clean, IF you decide to stay with FZ, despite the developer deliberately participating in spreading malicious adware! –  Erik Hart Jan 22 at 15:31
up vote 11 down vote

I totally empathize with you. I have my own approach and I'll happily share it. Some might think it's overkill but I have found it serves me very well.

These days I keep my PC ultra-clean. Windows 7, Firefox, Office, Visual Studio, and a handful of freeware I have come to trust over time. I don't do PC gaming so that's about it.

For anything and everything else, I use Virtual Machines. If this is new to you check these out:

http://en.wikipedia.org/wiki/Virtual_machine

http://lifehacker.com/5714966/five-best-virtual-machine-applications

I have three VMs set up running Linux Mint 17, Windows XP, and Windows 7. I can have them all running at the same time (very cool). By setting them to use bridged networking they appear on my LAN as independent machines alongside the host PC. And of course they all have internet access through the host PC's network connection.

Now for the fun part. VMs are isolated from your host PC. You can trash a VM and there is zero effect on your host PC.

While a VM is running you can take a snapshot. Then you can do terrible things within the VM like install nasty evil software, fiddle with the registry, delete system files, whatever you want. At your will you can revert to snapshot and your VM is instantly back to exactly how it was.

But perhaps most importantly, you can do real meaningful work in a VM just like on a real PC.

One thing you need to be aware of is OS/application licensing. Running a VM on your PC means you effectively have two PCs (host PC + the VM PC). I had to purchase a separate copy of Windows 7 to install on the VM. Linux Mint? Well it's free and open source so you can do what you like with that ;-)

EDIT: SECURITY CONCERNS

VMs are exceptionally well isolated from the host but they do still execute on the host. Malicious software could be designed to find a way to escape the VM and do things to the host:

http://en.wikipedia.org/wiki/Virtual_machine_escape

However, so far as I know, no such malicious software has been seen in the wild yet. That's probably because the folks creating malicious software don't see VMs as a big enough target. I mean, most people don't run VMs let alone know what a VM is.

Perhaps more importantly then, if you enable bridged networking on a VM like I do, it becomes part of your real LAN. That means malicious software running in a VM could attempt attacks on other devices on your LAN or other machines on the internet.

So even with VMs it pays to be careful. Keep everything up-to-date and use anti-malware software on your host PC and in each VM. Putting aside academic possibilities, 99.99% of the time when your VM gets trashed by malware your host will be totally unaffected and revert to snapshot will get you out unscathed.

share|improve this answer
2  
+1 for the radical solution –  Sarge Borsch Dec 10 '14 at 13:48
3  
Be warned that VM isolation is not 100%, and far less so if you have it connected to the network or running the guest tools. While it's still decent isolation, it is not an excuse to run "nasty evil software" if you think it really is malicious - without further hardening, a basic VM can still leak malware onto the host. –  Bob Dec 10 '14 at 13:57
    
@Bob I would argue that malicious code can break the VM wall and infect the host OS or even BIOS. However, your typical payload of a browser toolbar or McAfee trial is not malicious and should not do that. –  Snowman Dec 10 '14 at 17:50
    
@Bob this is an excellent point and I will edit my post to reflect this. –  misha256 Dec 10 '14 at 18:17
    
For added security, it wouldn't be a bad idea to use an application called Sandboxie in Windows-based virtual machines for this kind of hardening. It should limit the threat even more, since it then needs to breakout of the sandbox as well. –  Testerhood Dec 11 '14 at 2:10
up vote 8 down vote

Related to Ninite (GUI to download apps without installation procedures) and Chocolatey (command line program more geared for scripting installs): http://portableapps.com/

Tons of apps: from Antivirus, to notepad++, to games like minesweeper, to XAMPP server packages, etc - with the added ease that they aren't "installed" per-se. It's akin unzip and run. They are "built" to be portable. No bloat/tool-bars are installed when you unzip use portableapps installer for something. (technically not a zip/unzip process, but they install files to a single folder so the outcome is the same. Correct me if my understanding is outdated.)

You can run the "Launcher", which lists apps in it's installed folder and links, but it isn't required. You also don't need to use flash or cloud drives (although synchronizing apps between computers or taking your apps with you via a flash drive is or can be handy in their own rights).

Alternative "Portable App" options: http://lifehacker.com/5389421/five-best-portable-apps-suites

share|improve this answer
2  
portableapps does NOT work well in my experience, everything there requires an install, whereas a truly portable program will allow you to simply run it (or perhaps extract first) - stuff like eclipse and putty, but NOT anything found on portableapps –  user2813274 Dec 11 '14 at 17:44
    
@user2813274 The portableapps "install" you're referring to is a self-extracting zip file. It doesn't touch the registry or anything outside the directory you tell it to extract to, and you can move the extracted directory later. I suspect they do it because with plain zip files, some people try to run applications directly from the zip (without extracting all the required supporting files) and get error messages. –  JamesGecko Dec 11 '14 at 20:54
    
@JamesGecko that's good to know, but they should provide a regular compressed archive like .zip or .7z as an option if that's really the only thing it does - as it stands right now, it requires running an executable file (which requires admin rights if I remember correctly on windows) in order to get anything there –  user2813274 Dec 11 '14 at 20:58
2  
@user2813274 Sorry, I gave you bad info. They used to be self-extracting zip files (which could also be extracted manually with a normal zip application). It looks like they're using a different installer now. Same principle, though; it doesn't touch anything outside the extraction directory. Running an exe doesn't normally require admin rights on Windows, although IIRC administrators have the option to disallow executing unknown executables. –  JamesGecko Dec 11 '14 at 21:09
    
(But yes, I agree with you, an option for downloading a plain old zip file would be nice!) –  JamesGecko Dec 11 '14 at 21:21
up vote 3 down vote

You may also want to check out Unchecky..

Have you ever felt, while installing software, that the installer tries to push additional unwanted programs at all cost? Ever missed a checkbox, and spent hours afterwards removing adware? Ever opened your browser after an installation, only to find out that you have a new homepage, a new search engine, or even a new browser? Unchecky aims to keep potentially unwanted programs out of your computer.

Unchecky automatically unchecks unrelated offers, both saving you mouse clicks and making it less likely to miss a checkbox of an unwanted offer.

Installers often try to sneak additional programs as a natural part of the installation. Unchecky warns you when you try to accept a potentially unwanted offer, which makes it less likely to be accepted accidentally.

Install and forget. Unchecky automatically updates whenever a new version is available, so you don't have to worry about running the latest version.

http://unchecky.com

share|improve this answer
up vote 2 down vote

What you have to do is ALWAYS downloading software from their official website and NEVER from downloading sites just like CNET (or everywhere else depending on your country). You will avoid lots of bloatware with this kind of habit. These sites are the main source of additional crapwares in installers. Some installers will still have bloatware (Oracle's JRE and JDK for example), but most of time they will not have bloatware any longer.

Be also careful while installing software, by unchecking checkboxes asking for installing software which is not related to the one that you are installing for example. This will avoid you to have Google Chrome as your default web browser if you do not want to use it, for example.

share|improve this answer
    
Won't help here, the developer cooperates with SourceForge to make money with adware/spyware/PUP/malware installs. BTW, download.com/CNET and SourceForge (the last depending on developers' consent) use the same download manager (InstallCore) for their crapware. –  Erik Hart Jan 22 at 15:40
up vote 1 down vote

Some sites have several download buttons, the larger ones next to "we recommend" text, and one little button to download what you really want (I might be thinking of download.com, but I haven't used windows in a few months). On my desktop with adblockplus and noscript enabled the bundle download buttons disappeared. In fact I only noticed how intrusive they were when I went to download the same package from the same link on a shared machine with vanilla firefox. No doubt it's an arms race so the benefit will come and go but it's worth a try. This will mainly deal with the bloat and toolbar-type rubbish rather than the purely malicious stuff, as that doesn't tend to be served up by the legitimate (if annoying) sites.

share|improve this answer

protected by Nifle Dec 26 '14 at 22:41

Thank you for your interest in this question. Because it has attracted low-quality answers, posting an answer now requires 10 reputation on this site.

Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged or ask your own question.