“Trick or Treat” - It’s Not Just For Halloween
Whether it’s software you bought from a big-name source or something you got for free from a no-name, you have to be alert when you install it so you don’t open yourself up to some ghoul or pirate or other attacker who wants more from you than you expected. And those ghouls, pirates, etc., are always adding to their bag of tricks to use on you. It is a sad commentary on the ethics of some companies that they use this type of “software pushing”. It is also a fact of life that most of us just press NEXT when doing installs—and the unscrupulous ones take advantage of this!
One of their tricks is to present you with a small box that they hope you’ll ignore or miss, with an already-checked permission to allow their software to be inserted onto your computer. I wonder how many people who aren’t paid to do so take the time to really read all the garbage presented when they’re doing something as mundane as updating software.
If you have accidentally installed some junkware, go to ADD/REMOVE and delete it; your computer will run faster without it and you’ll have more “real estate” at the top of your browser. Also remove anything else that you are sure is no longer needed. If you don’t recognize a program, put its name into GOOGLE and see if the program is merely left over from some other software.
Secunia is a program that will check for the latest updates for non-Microsoft software. You should probably run the program’s scanner about every two weeks just to assure that your software is up-to-date.
Here are some examples of ghoulish tricks that are not treats.
Java
The “Java Setup - Yahoo Toolbar” has a check box labeled “Install the Yahoo Toolbar”.
You need to keep your Java Runtime Environment (JRE) current, but doing so shouldn’t be an invitation for the manufacturer to dump junk onto your computer and slow it even further.
Another Java updating trick is to display ”Java Setup – MSN Toolbar” right at the top. If you’re not careful, you’ll miss unchecking the boxed line titled “Install the new MSN Toolbar”. You don’t need this junk slowing down your computer. Remember OVERHEAD!
Adobe
Adobe has a number of items that they want to install.
When you’re trying to update Adobe Flash Player, Adobe—using some obscure logic—will ask if you want the “Free McAfee Security Scan” (with the permission box already conveniently checked).
Adobe presents at least two items (the other choice is “Free Google Toolbar”). Each time you update, Adobe evidently picks out something else to push to you in hopes you will miss the required unchecking of the box.
I wonder how many products Adobe has lined up to push onto our computers!
Apple
Basically you need to have QuickTime on your computer to handle some animated downloads and other generally useful presentations. But what does this have to do with their pushing a window at you that says: “Upgrade from Video Watcher to Video Maker”, with the default that your next mouse click goes to “GoProNow”?
Microsoft
When updating Microsoft software, do not click on that little yellow shield that appears at the bottom right of your screen when Microsoft has made patches available. The reason is that if you do click on that shield, Microsoft will go ahead and install ALL updates that could be applied, whether you wanted those updates to happen or not, or even had marked them as “Do Not Install”.
For example, IE8 is not yet ready for the big time as Microsoft is still patching it heavily. Thus I (and I hope you) have not permitted IE8 to be downloaded from Microsoft. But if you click on the yellow update indicator, you will not get the opportunity to block the installation of IE8 and you will have been out-foxed by Microsoft. It is fine to note that there are some updates for the Microsoft software, but go to Windows Update by clicking on TOOLS in IE to control the updating process yourself.
Enable DEP—Whether you’re updating or not
And finally, one argument for going to IE8 is the presence, natively, of DEP (Data Execution Prevention).
It has been stated that IE7 has DEP turned OFF by default, but I found that was it not only turned ON in IE7, but that there was a program that was already being accepted by my computer via DEP. Officially, DEP has been turned on since SP2, so hopefully, you will only have to check that it is ON.
All you have to do to check or turn on DEP in IE7 is right-click on “My Computer”, select “Properties” and “Advanced”, and then “Performance” and “Setting”. Then select “Data Execution Prevention” and you can then activate or find that DEP is already turned on – possibly by a Microsoft Download Patch. No matter what, it is in your best interests to have DEPON. Since it’s so easily done in IE7, there’s no good reason to install IE8 to get it.
You can find more DEP info from Microsoft via http://tinyurl.com/n4serv.
