 Badware Behavior |
|
| Installs additional software without disclosure (Deceptive installation) |
|
| Installs Trojan horses (Deceptive installation) |
|
| Installs adware (Deceptive installation) |
|
| Displays pop-up ads (Interferes with computer use) |
|
| Bundled software cannot easily be closed (Interferes with computer use) |
|
| Bundled applications automatically run on startup (Modifies other software without disclosure) |
|
| Adds additional icon to default Internet Explorer toolbar (Modifies other software without disclosure) |
|
| Adds new link to the Windows Desktop (Modifies other software without disclosure) |
|
| Difficult or impossible to uninstall (Unacceptable uninstallation) |
|
| Bad or Undisclosed Behavior |
| Installs additional software without disclosure |
|
The FreeWire installer allows the user to choose whether to install several bundled components (namely, 180Solutions
n-CASE and Bargain Buddy). However, it also installs several applications -- including BookedSpace, Downloadware,
HitBox, Lycos Sidesearch, and Pacimedia -- without informing the user or offering them any chance to decline.
Installation of these applications without the user's knowledge is highly deceptive. What's more, several of these
applications behave as badware, making their secret installation even more unacceptable.
|
| Installs Trojan horses |
After installing FreeWire, we detected components that are reported to behave as Trojan horses, including Booked Space
and Bargain Buddy. Both of these applications are remote access Trojans, which means they run without the user's
knowledge and allow attackers unrestricted access to the infected system. They also add themselves to the startup
folder, allowing them to run as soon as Windows starts.
While users can choose whether to install Bargain Buddy, the Trojan horse capabilities of this application are never
disclosed to the user, so it would be impossible for the user to make an informed decision. The installation of
Booked Space is not disclosed to the user at all, so the user has no opportunity to reject its installation. In any
case, any disclosure would be seen as inadequate, as no valid reason exists for bundling such inherently harmful and
deceptive applications.
|
| Installs adware |
FreeWire secretly installs a number of additional applications and components that reportedly behave as adware,
including BookedSpace, Downloadware, HitBox, Lycos Sidesearch and Pacimedia. The amount of pop-ups we observed on
our infected system after installing FreeWire confirmed these reports. The installation of these adware applications
is not disclosed to the user during or after the installation process.
Users also have the option of installing optional components as part of the FreeWire bundle, including the adware
applications 180Solutions n-CASE and Bargain Buddy. However, at no time during the installation process is the
nature of these applications disclosed to the user -- that is, the user can "choose" whether or not to download
180Solutions and Bargain Buddy, but they will have no idea that these applications behave as adware.
|
| Displays pop-up ads |
|
The adware that is bundled with FreeWire causes pop-up ads to appear on the user's desktop while they are running
Internet Explorer. These ads do not include any information that identifies which application is generating the
pop-ups. Without such identification, the user has no way of knowing what application to uninstall in order to get
rid of the pop-up ads.
|
| Bundled software cannot easily be closed |
|
Most of the bundled components installed along with FreeWire run in the background of the user's system and cannot be
easily closed. This is particularly worrisome since many of these processes reportedly connect to the internet and
are capable of downloading additional badware to the user's computer. This behavior is not disclosed to the user
during installation or otherwise. As a result, the average user would not be aware that these processes are running
on their computer, and would not be able to close them even if they did.
|
| Bundled applications automatically run on startup |
|
In addition to installing additional badware applications without disclosure or user consent, FreeWire also adds badware
components to startup, thereby causing them to run in the background as soon as Windows starts. This behavior is
particularly worrisome since some of these processes reportedly connect to the internet and are capable of downloading
additional badware to the user's system. This behavior is not disclosed to the user.
|
| Adds additional icon to default Internet Explorer toolbar |
|
The Lycos Sidesearch adds a new icon to the default Internet Explorer toolbar. Since the user is never notified that
Lycos itself will be installed, Lycos's modification of Internet Explorer's toolbar is also undisclosed.
|
| Adds new link to the Windows Desktop |
|
Lycos Sidesearch, one of FreeWire's bundled applications, adds a new shortcut to the Windows Desktop. The addition of
this link, like the installation of Lycos Sidesearch itself, is not disclosed to the user during the installation process.
|
| Difficult or impossible to uninstall |
|
The FreeWire application that we tested did provide an uninstallation tool to remove the application itself. However,
it does not offer to uninstall any of the bundled components that were installed with FreeWire. Two of these bundled
applications -- Bargain Buddy and Lycos Sidesearch -- do have entries in the Add/Remove Programs list; however, since
Lycos was installed without the user's knowledge, it is unlikely that they would know to uninstall it as part of the
FreeWire bundle. The rest of these applications have no uninstaller or entry in Add/Remove Programs, making it
virtually impossible for the user to uninstall them.
|
| Recommendations |
| We recommend that the producers of the FreeWire do the following: |
- Do not install additional applications without seeking the user's informed consent.
- Do not install adware without informing the user and seeking their consent.
- Do not install Trojan horse applications.
- Clearly disclose any and all changes made to previously installed software on the user's computer and give the user an option to accept or decline these changes.
- Make all bundled applications easy to close.
- Clearly disclose any and all components that run on startup.
- Disclose to the user during installation that links that will be added to the Windows Desktop.
- Provide the user with simple, effective uninstallation of the software, including bundled apps.
|
|
We currently recommend that users do not install the version of Freewire that we tested,
unless the user is comfortable with the level of risk we identify or until the application
is updated consistent with the recommendations in this report.
|
|
|
