|
 Badware Behavior |
|
| Installs additional software without disclosure. (Deceptive installation) |
|
| Bundled software reportedly behaves as badware. (Deceptive installation) |
|
| Fails to uninstall bundled badware. (Unacceptable uninstallation) |
|
| Redirects valid URLs. (Modifies other software without disclosure) |
|
| Changes the user's homepage. (Modifies other software without disclosure) |
|
| Bad or Undisclosed Behavior |
| Installs additional software without disclosure |
|
After installing Acez Jukebox, we detected a program called IncrediFind. The initial detection was made by
an anti-badware tool, which located an executable inside a folder named "IncrediFind" in the Program Files
directory. IncrediFind reportedly installs a Browser Helper Object (BHO) on the user's computer, which is
corroborated by the existence of a dll file called BHO.dll inside the IncrediFind folder. Installation of
IncrediFind is not disclosed to the user at any point during the installation process, nor is IncrediFind
listed in Add/Remove Programs, which means the average user may never realize that this program is present on
their system.
|
| Bundled software reportedly behaves as badware |
|
IncrediFind is reported to be adware that installs a Browser Helper Object and changes the Internet Explorer
error page to SirSearch.com. It is also reported to cause numerous popups to appear, and to force users to
install other spyware and adware. None of these behaviors is disclosed to users during installation. Also,
during the installation of Acez Jukebox, users can choose to install the PowerSearch toolbar, which advertises
itself as a way to "[s]earch the Web from anywhere online." According to other anti-badware groups,
PowerSearch reportedly gathers information about user's surfing habit and provides that information to third
parties. This spyware behavior is not disclosed to the user during installation. Both of these applications
appear to be variants of KeenValue, a reported Trojan horse.
IncrediFind and PowerSearch appear to be badware applications that have been abandoned by their parent
companies. As a result, many of the badware behaviors noted above were not visible during our tests; however,
there is no guarantee that their badware behaviors will remain dormant in the future.
|
| Fails to uninstall bundled components |
|
Acez Jukebox comes with its own uninstaller; however, using this uninstaller or Add/Remove Programs to
uninstall Acez Jukebox will only remove the main application, not the bundled applications (i.e., IncrediFind
and PowerSearch). In fact, IncrediFind and PowerSearch aren't even visible in Add/Remove Programs, making
these applications difficult for the average user to detect and remove. Failing to remove applications via
an included uninstaller or not making them removable via Add/Remove programs is unacceptable.
|
| Redirects valid URL |
|
Installing Acez Jukebox results in the addition of an entry for search.netscape.com in the user's host file.
This means that anytime the user enters "search.netscape.com" into their web browser, they will be redirected
to another site (in this case, 12.129.205.209). This behavior is not disclosed to the user at any point during
the installation.
|
| Changes the user's homepage |
|
If the user chooses to install PowerSearch, their homepage is changed to http://www.searchnugget.com. This
modification is not disclosed to the user during the installation process, nor does the user have the
opportunity to consent to or decline this change.
|
| Recommendations |
| We recommend that the producers of the NAME OF APPLICATION do the following: |
- Do not install additional applications without seeking the user's informed consent.
- Do not install applications that have badware behaviors without informing the user and seeking their consent. Also, do not install Trojan horse applications at all.
- Provide the user with simple, effective uninstallation of the software.
- Disclose any and all changes made to previously installed software on the user's computer, including redirected URLs and changed homepages.
|
|
We currently recommend that users do not install the version of Starware News Toolbar that we tested,
unless the user is comfortable with the level of risk we identify or until the application
is updated consistent with the recommendations in this report.
|
|
|
|
