Saturday, November 21, 2015

MacUpdate Interviewed By MacNN:
What's up with the 'MacUpdate Installer'?

--

MacNN has published an excellent story, well worth reading, about the changes going on at MacUpdate.com. Specifically discussed is the switch out of actual application installers for the 'MacUpdate Installer' that attempts to install more than what the user intended, to be gentle about the issue. Our pal Thomas Reed of Malwarebytes is featured as well as the founder of MacUpdate, J. Mueller:

MacUpdate tests changes in face of challenging specialist market
Optional additional installs, app discovery at forefront of changes
- updated 04:00 pm EST, Fri November 20, 2015
. . . "Fear not," Mueller said in response to a question about whether long-time users should be concerned about MacUpdate's testing of similar techniques. "We are not planning to go in the same direction [as CNET and Softonic]. We are learning about this process ... and testing it on only one percent of our hosted apps. We are focused on problem-solving, and the Mac community is very important to us." He added that more information would be made available to users once the testing phase is further along, but that the goal of the optional install offers is to learn about how the process works, how users who see it respond to it, and how to avoid the mistakes rivals have made."
I hope that is indeed the case.

Apart from the unintended installations foisted on MacUpdate users and the scary requirement of your admin password, both highly NOT recommended practices, what I don't like is that the user does NOT end up with the actual application installer. The 'MacUpdate Installer' does all the installing for the user. There is no opportunity to KEEP the desired installer. I personally do not deal with that.

Why do I want to keep the actual update installer?

1) I have three Macs I run simultaneously with a total of five different partitions I maintain. I don't typically install applications on just one Mac. I usually install on two Macs. Going through the MacUpdate Installer adware foisting process twice is not in my interest.

2) I archive ALL the current update installers for applications. I collect them on my main Mac in a 'Move Out' folder, along with all the contemporary research I've been collecting from the net. I usually weed out the older update installers and only keep the latest. Periodically, I then write all of this data out to optical disk for permanent storage. I then catalogue each new disk collection into a database of my entire collection. Whenever I want some piece of software from back in the past, I search the catalogue and it tells me where to find it. This system has saved me many headaches and has often saved my backside.

Needless to say, hanging onto a bunch of MacUpdate Installers that do NOT incorporate the desired actual installer is NOT going to work for me. I want nothing to do with them.

Thankfully, as you'll read in MacNN's article, paying (and at the moment logging-in) members of MacUpdate are kindly prevented from having to deal with the MacUpdate Installer rubbish. For now, I can entirely avoid the problem by simply logging in. MacUpdate also know I've bought piles of software through them as a member. I have no reason to feel I am not contributing to their financial success.

Would I become a full fledged, fee paying member of MacUpdate.com? I don't know of any valid reason to do so. I would never use their MacUpdate Desktop software specifically because of the reasons I want to keep update installers. Recently, MacUpdate Desktop has greatly improved and can be VERY useful! I'm grateful MacUpdate finally got it into good shape. (It used to be extremely clunky). But I don't need it or want it.


~ ~ ~ ~ ~

This situation will play out in the months to come. I'm grateful that the folks at MacUpdate are being professional about this situation and at least promise not to inadvertently or purposely install crapware of hardcore malware onto user's Macs. There are good intentions. But I personally find nothing to appreciate about the MacUpdate Installer system.

As for MacUpdate.com, the website, as long as there is a convenient and friendly way for me to avoid the MacUpdate Installer, I'm happy and will continue to help them out with reviews and purchase their deals whenever possible. They've been a terrific asset to the Mac community.

:-Derek


--

Wednesday, November 11, 2015

Adobe Update Day:
Flash v19.0.0.245,
AIR v19.0.0.241

--

Another second-Tuesday-of-the-month, another set of Adobe updates. Happily, at this time there are no zero-day exploits out in the wild. Hurray.

The Adobe Security Bulletin is HERE.
Vulnerability Details
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).
  • These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).
You can download the latest version of Adobe Flash HERE.

You can  download the latest version of Adobe AIR HERE.

As usual, if you don't need Adobe Flash, it is extremely wise to UNinstall it. Flash is the single most dangerous software on the Mac platform. Instructions for uninstalling Adobe Flash are HERE.

 Stay safe out there kids.

-- 

Friday, November 6, 2015

Updating List Of MacUpdate
Adware Infested Installers


 

[Updates: 
- Chrome and Calibre added. Thanks to Morse and mrflick! 
- Dropbox added. List alphabetized. Direct links to developer download pages added.
Please add more in the comments as you find them.
- 2015-11-18: MacUpdate swapped "Install" vs "Download" on ALL their product pages. Apparently, this is some marketing strategy to shove people into using their MacUpdate Desktop application. This verifies that they have some marketing moron helping them to ruin their website. I personally suggest getting rid of said marketing moron influence ASAP, dear MacUpdate, before they kill you.]

November 5th, it was determined that MacUpdate has stopped foisting their 'MacUpdate Installer' adware installer on users who have logged in.

November 6th, I was able to verify ongoing adware infestations and add a couple more infested installers to the list by NOT logging in to MacUpdate. Therefore...

Advice: Log into MacUpdate to avoid the adware installers (at least for the time being!).

Here is the updating list of adware infested installers at MacUpdate, in chronological order of discovery:

AppCleaner
BetterTouchTool 
Calibre
Chrome 
Cyberduck 
Dropbox
FileZilla
Firefox
GitHub Desktop
iBackup Viewer
MPlayerX
Onyx
Skype
VLC

Link to this article if you'd like to keep track of the list. I'll be adding to it as I find or verify reports of adware infested installers at MacUpdate. The current list is thanks to reports from Thomas Reed, Neartheredrocks and myself. Please comment if you find further infested installers. Thanks.

Please remember to NEVER install anything via an obvious adware installer. What is really installed CANNOT be trusted. The fact that these adware installers require your Admin password makes them potentially dangerous to the welfare of your Mac.

Instead, go to the website of the software developer directly and download from there. Direct links to developer download pages are provided in the list above.

-- 

[Footnote: I have ALL of the adware installers I note in this list. I've verified them. I can provide these adware installers to anyone interested in further verification or conducting research. :-Derek]


-- 

Thursday, November 5, 2015

Further Observations Regarding
The Adware Infestation At MacUpdate

--
My colleague Thomas Reed was the one who first tipped me off about the beginning of the adware infestation at MacUpdate. He and I are part of a group started by Mark Thomas of ClamXav who share and consult with one another regarding Mac security. Thomas, as I hope many of you know, has been at the forefront of studying, detecting and removing adware within the Mac community. He's been a constant asset to myself and others for many years. His AdwareMedic application was a breakthrough. His addition to the team at Malwarebytes has been a well deserved accolade. His software is now part of Malwarebytes Anti-Malware for Mac.

Thomas Reed has been keeping track of MacUpdate adware in his own blog at Malwarebytes. It's well worth reading his article here. You can read about the initial discovery of what's going on at MacUpdate along side Thomas' useful insights:

Has MacUpdate fallen to the adware plague?
Following Mr. Urdaneta’s hints, I sought out the Skype page on the MacUpdate site and downloaded the app. The result was a file named Skype Installer.dmg, which seems legit on first glance. However, opening this disk image file results in a MacUpdate installer,
very similar to the adware-riddled custom installers used by sites like Download.com and Softonic. . . .
 Note that between Thomas and myself, we've found that the MacUpdate adware installer flips between a number of different adware installations. I've witness the attempt to install Yahoo! adware as well as MacBooster.

The nightmare of the matter is that this installer asks for your ADMINISTRATOR PASSWORD, which means you're giving this malware access to the deepest depths of your Mac home. DON'T DO IT! Anything-at-all could be installed after you've provided that password to the malware.

I have a name I use for people who foist nastiness on potential customers:

Marketing Morons.

The marketing folks who seriously care about the welfare of their collaborators, their customers, are called:

Marketing Mavens. 

~ ~ ~ ~ ~

I'll be adding further observations of the infestation as I find them and consider them helpful and relevant.
--

Tuesday, November 3, 2015

A Reply From MacUpdate
+ A Short Term Workaround
++ The Best Adware Removal Tool

--

Following my suggestion, I wrote to the staff at MacUpdate.com about their new adware installer infestation strategy. You know my opinion of the situation, so I'm not going to critique what they said except to point out that it is an extremely polished reply, indicating that someone such as an ad agency is holding their hand through this despicable transition. That's very interesting.
Hi Derek,

This is a new way were approaching a select few of of our apps by adding special offers to the downloads. The feedback helps us out a lot.

If you're a paid member at MacUpdate, you can go to the Preferences tab of your profile and deselect the "Show Banner Ads," then click "Apply All Changes." This will turn off the banner ads that are on our website, as well as the special offers that appear in a few of our downloads. The download links only show you offers and nothing is installed without your permission. You're able to decline the offers if you do not wish to have them.

If you're a user of MacUpdate Desktop, you can perform one-click installs, which eliminates the special offers. If you're not a member of MacUpdate Desktop you can learn more about it and become one here: http://www.macupdate.com/desktop

Please let us know if you have any further questions.

Cheers,

Joel Lockard
Content/Support
MacUpdate
 PLEASE: Write your own message to MacUpdate regarding their adware installer. Their contact URL is:

http://support.macupdate.com/contact/

~ ~ ~ ~ ~

So, brainstorming what to do amidst this LOSS of the last bastion on dedicated Mac software updates, outside of the Apple App Store, here are some concepts:

I) Watch what you receive as downloads from MacUpdate. Typically, the page for an application at MacUpdate lists the size of the installer download.  If what you get is NOT that size, or more specifically if what you get is between 1.6 and 1.8 MB in size, you most likely got screwed with the MacUpdate Installer of adware.

It doesn't hurt to open the .DMG file and verify that you've been screwed with MacUpdate Installer.

If you got screwed, I highly recommend ejecting the .DMG and trashing the adware installer. I NEVER suggest navigating your way through the minefield of adware installers. You want the real, source installer for your applications. That is NOT what you got. Therefore...

II) Go back to the application's page on MacUpdate and click on the developer's link. You may get shuffled off to some page at MacUpdate about the developer. That's not what you want. Typically, the REAL link to the developer is on such pages. Go THERE instead, find and download the actual update installer.

III) Before you download the actual update installer, grab the URL for the download page from your web browser (typically small site icon on the far left side of the URL listing in the browser) and drag the resulting .webloc link file to a folder that accompanies the application. 

I've done this sort of thing for years. Every application on my Macs either has its own devoted folder with the application and all related files, OR I leave the application in the root of the Applications folder and create a 'stuff' folder specific to the application. For example:

Firefox is kept in the root of my Applications folder. But sitting next to it in List View is a folder I created called "Firefox stuff". Inside that folder I keep notes about Firefox add-ons, documentation I've found on the net... and a .webloc file for the downloads page for Firefox over at Mozilla.org. If I want to download the latest Firefox version, I just double-click the .webloc file and it opens the page in my default web browser. Simple.

IV) Theoretically, we as a group of Mac security fanatics could create a simple blog page somewhere that is a simple list of all Mac applications and the corresponding developer download page for each of those applications. To begin with, we could list the Mac applications that are being screwed with at MacUpdate. If we're confronted with an adware installer, we could go to that simple page, search for the application we want, then click the link to its downloads page.

The result is that MacUpdate can continue to be used for its non-screwed over functionality, such as listing new updates, new release notes, reviews and comments. But the nasty adware installer process can be entirely avoided.

Note: I personally don't have the time or interest in doing the work required to maintain such a page. I'm happy to play admin, but I'd leave the updating and expansion of such a page to fellow admins.

~ ~ ~ ~ ~
Adware = Malware. That's the fact of the matter. I'm not going to debate the issue.

In the case of the 'MacUpdate Installer' adware vehicle, its particular malware name is:

Adware.OSX.InstallMiez.A

As per usual, some may anti-malware providers give it a different name. But that is the most commonly used 'official' name. 


I've seen references to it going back to August of this year. I note that it has been infested into fake installers for many different applications, but also into WAREZ and KEYGEN software. So if you're pirating stuff, surprise. 

Reading through its installer dialog, it is quite clear that it was NOT written by someone whose first language is English. The spelling and grammatical errors suggest to me someone in Eastern Europe or Israel. But that's not for certain. Rather than guess any further, I'm going to wait for further analysis of this thing from the security experts. It may be associated with an adware distribution company or an advertising agency.


So You've Installed Adware. Now What?!

 You download and run the free version of Malwarebytes Anti-Malware. The majority of it was developed by my colleague Thomas Reed. He now works for Malwarebytes and his excellent AdwareMedic application has become Malwarebytes Anti-Malware. You can download it from here:

Malwarebytes Anti-Malware 

Install it. Run it. Let it update its malware definitions off the Internet. Then hit the 'Scan' button. It will go searching through your system to find all reported Mac adware and help you remove the awful stuff.

If you've used AdwareMedic before, you'll notice that Malwarebytes Anti-Malware takes a bit longer to run. That's because the proliferation of adware on Mac has been accelerating.

If your adware infestation hasn't been removed, be sure to click 'Next Steps' inside Malwarebytes Anti-Malware for documentation about what to try next, including sending a system summary to Malwarebytes in order to track down new adware and where it infects itself.

The 'Get Help' button in Malwarebytes Anti-malware offers its 12 page User Guide.

Note that most of the other commercial anti-malware applications will also identify this adware, including my fave, Intego VirusBarrier. 

I'll continue to watch this situation and provide further information and suggestions when I believe they'd be relevant and helpful.

Stay safe and free of marketing morons! (As opposed to beloved marketing mavens).

:-Derek 


--

Monday, November 2, 2015

DANGER! MacUpdate.com Is Now Foisting Adware

--

 [UPDATE: I have added 5 further adware installer replacements the list.]

This is profoundly sad.

• On October 30, 2015, MacUpdate.com pulled the link to the real Skype update installer and substituted their adware installer entitled 'MacUpdate Installer'. I have a copy of this adware installer if folks would like a look at it. MacUpdate has since removed the adware installer and returned the link for Skype.

• Today, November 2, 2015, MacUpdate.com has now removed the link to Firefox and replaced it with their adware installer, again entitled 'MacUpdate Installer'. Adding hurt to harm, the Firefox page is three versions out-of-date! It lists Firefox v41.0, doesn't acknowledge the two updates since then and is clueless about the fact that Firefox 42.0 was released today!

• Further research at the MacUpdate.com website has revealed that direct links to downloads have been replaced with the 'MacUpdate Installer' adware installer:
  • AppCleaner
  • BetterTouchTool
  • FileZilla_3
  • MPlayerX
  • Picasa
MacUpdate.com has lost its professionalism.

MacUpdate.com no longer provides up-to-date software update links.

MacUpdate now hurts its users with an adware installer. IOW its users are now its product. It is selling its users to ad agencies via adware installation.

I've written this post as a brief alert:

MacUpdate.com Users BEWARE!

In further posts, I'll be covering this horrific corruption of MacUpdate.com in detail.

SUGGESTION:
Write to the staff of MacUpdate.com and tell them what you think of their adware installer:

http://support.macupdate.com/contact/


--