|
 Badware Behavior |
|
| Claims to have "no spyware," but is bundled with software that is considered malware, spyware, or Trojan horses (Deceptive Installation) |
|
| Advertisement masquarades as a system warning and uses deceptive means to install (Deceptive Installation) |
|
| Attempts to install software deceptively during uninstallation (Deceptive Installation, Unacceptable Uninstallation) |
|
| Uninstalling FunCade does not remove bundled adware and spyware (Unacceptable Uninstallation) |
|
| Installs Trojan horse (Deceptive Installation) |
|
| Adds bundled software to Windows startup folder (Modifies Other Software) |
|
 Behavior to Be Aware Of |
|
| Installs adware (Deceptive Installation) |
|
| Changes the default 404 and DNS error pages in Internet Explorer (Modifies Other Software) |
|
| Bad or Undisclosed Behavior |
| Claims to have "no spyware," but is bundled with software that is considered malware,
spyware, or Trojan horses |
|
The multiple components of the Exact Advertising install bundle that come with FunCade are identified as a
Trojan horse, adware, or spyware by other spyware researchers. In particular the "Downloader" component can, without the
user's knowledge, download and install new components onto the user's system.
|
| Advertisement masquarades as a system warning and uses deceptive means to install |
|
During the installation process, an advertisement from "ErrorFree" may pop up (one of many possible ads that FunCade
appears to rotate through for inclusion in its installation). This advertisement looks like an
alert from Internet Explorer, but instead is a download of a third party application.
Selecting "Cancel" on this alert box will deceptively lead the user to download the application.
|
| Attempts to install software deceptively during uninstallation |
|
At the end of the uninstall process an html pop-up appears, alerting the user that they may have "other unwanted
applications" on their computer and offering to scan their computer for free. This html pop-up appears to be part of
the uninstallation process, since it uses graphics that look like the standard uninstall windows.
Clicking "Yes" to the scan ("No" is greyed out) will prompt the user to download the "mycleanerpc.exe" application.
MyCleanerPC claims to be a "spyware detection and removal tool."
|
| Uninstalling FunCade does not remove bundled adware and spyware |
|
Although FunCade itself has an uninstaller, the bundled adware and spyware is not removed when the uninstaller is run.
Instead, the user must uninstall each component individually via the add/remove function on the Windows control panel.
|
| Installs Trojan horse |
|
FunCade is bundled with a component called "Downloader" that can, without the user's knowledge, download and
install new components onto the user's system. The inclusion of this component, and its ability to function as a
Trojan horse, are not disclosed to the user.
|
| Adds bundled software to Windows startup folder |
|
The adware software that is bundled with FunCade is automatically added to the Windows startup folder without
notifying the user during the installation process. These programs run continuously on the user's machines
and cannot be easily be disabled or quit by the average user.
|
| Disclosed Behavior to Be Aware of |
| Installs adware |
|
FunCade is bundled with BullsEye Network, which provides ads based on the user's surfing habits. The bundling of
adware and appearance of pop-ups is disclosed to the user on the download page of FunCade and in the EULA.
|
| Changes the default 404 and DNS error pages in Internet Explorer |
|
NaviSearch, one of the applications bundled with FunCade, changes the default 404 and DNS error pages in Internet
Explorer. This means that if a user mistypes a URL, then they will be redirected to another website. This behavior is
disclosed to the user on the download page of FunCade and in the EULA.
|
| Recommendations |
| We recommend that eXact Advertising, the producer of Funcade, do the following: |
- Provide a more standard, interactive software installer which clearly outlines any potentially unexpected
effects of installation and requires the user's explicit consent to any such effects (such as adding
bundled software to the Windows startup folder and installing a Trojan horse).
- Provide a more comprehensive uninstaller that removes the bundled software in addition to FunCade and that
does not deceptively attempt to get the user to install new programs.
- Remove all deceptive advertising, such as the claim that FunCade has no spyware and any advertisement
that appears to be a system warning.
|
|
We currently recommend that users do not install the version of Funcade that we tested,
unless the user is comfortable with the level of risk we identify or until the application
is updated consistent with the recommendations in this report.
|
|
|
|
