Tuesday, November 3, 2015

A Reply From MacUpdate
+ A Short Term Workaround
++ The Best Adware Removal Tool


Following my suggestion, I wrote to the staff at MacUpdate.com about their new adware installer infestation strategy. You know my opinion of the situation, so I'm not going to critique what they said except to point out that it is an extremely polished reply, indicating that someone such as an ad agency is holding their hand through this despicable transition. That's very interesting.
Hi Derek,

This is a new way were approaching a select few of of our apps by adding special offers to the downloads. The feedback helps us out a lot.

If you're a paid member at MacUpdate, you can go to the Preferences tab of your profile and deselect the "Show Banner Ads," then click "Apply All Changes." This will turn off the banner ads that are on our website, as well as the special offers that appear in a few of our downloads. The download links only show you offers and nothing is installed without your permission. You're able to decline the offers if you do not wish to have them.

If you're a user of MacUpdate Desktop, you can perform one-click installs, which eliminates the special offers. If you're not a member of MacUpdate Desktop you can learn more about it and become one here: http://www.macupdate.com/desktop

Please let us know if you have any further questions.


Joel Lockard
 PLEASE: Write your own message to MacUpdate regarding their adware installer. Their contact URL is:


~ ~ ~ ~ ~

So, brainstorming what to do amidst this LOSS of the last bastion on dedicated Mac software updates, outside of the Apple App Store, here are some concepts:

I) Watch what you receive as downloads from MacUpdate. Typically, the page for an application at MacUpdate lists the size of the installer download.  If what you get is NOT that size, or more specifically if what you get is between 1.6 and 1.8 MB in size, you most likely got screwed with the MacUpdate Installer of adware.

It doesn't hurt to open the .DMG file and verify that you've been screwed with MacUpdate Installer.

If you got screwed, I highly recommend ejecting the .DMG and trashing the adware installer. I NEVER suggest navigating your way through the minefield of adware installers. You want the real, source installer for your applications. That is NOT what you got. Therefore...

II) Go back to the application's page on MacUpdate and click on the developer's link. You may get shuffled off to some page at MacUpdate about the developer. That's not what you want. Typically, the REAL link to the developer is on such pages. Go THERE instead, find and download the actual update installer.

III) Before you download the actual update installer, grab the URL for the download page from your web browser (typically small site icon on the far left side of the URL listing in the browser) and drag the resulting .webloc link file to a folder that accompanies the application. 

I've done this sort of thing for years. Every application on my Macs either has its own devoted folder with the application and all related files, OR I leave the application in the root of the Applications folder and create a 'stuff' folder specific to the application. For example:

Firefox is kept in the root of my Applications folder. But sitting next to it in List View is a folder I created called "Firefox stuff". Inside that folder I keep notes about Firefox add-ons, documentation I've found on the net... and a .webloc file for the downloads page for Firefox over at Mozilla.org. If I want to download the latest Firefox version, I just double-click the .webloc file and it opens the page in my default web browser. Simple.

IV) Theoretically, we as a group of Mac security fanatics could create a simple blog page somewhere that is a simple list of all Mac applications and the corresponding developer download page for each of those applications. To begin with, we could list the Mac applications that are being screwed with at MacUpdate. If we're confronted with an adware installer, we could go to that simple page, search for the application we want, then click the link to its downloads page.

The result is that MacUpdate can continue to be used for its non-screwed over functionality, such as listing new updates, new release notes, reviews and comments. But the nasty adware installer process can be entirely avoided.

Note: I personally don't have the time or interest in doing the work required to maintain such a page. I'm happy to play admin, but I'd leave the updating and expansion of such a page to fellow admins.

~ ~ ~ ~ ~
Adware = Malware. That's the fact of the matter. I'm not going to debate the issue.

In the case of the 'MacUpdate Installer' adware vehicle, its particular malware name is:


As per usual, some may anti-malware providers give it a different name. But that is the most commonly used 'official' name. 

I've seen references to it going back to August of this year. I note that it has been infested into fake installers for many different applications, but also into WAREZ and KEYGEN software. So if you're pirating stuff, surprise. 

Reading through its installer dialog, it is quite clear that it was NOT written by someone whose first language is English. The spelling and grammatical errors suggest to me someone in Eastern Europe or Israel. But that's not for certain. Rather than guess any further, I'm going to wait for further analysis of this thing from the security experts. It may be associated with an adware distribution company or an advertising agency.

So You've Installed Adware. Now What?!

 You download and run the free version of Malwarebytes Anti-Malware. The majority of it was developed by my colleague Thomas Reed. He now works for Malwarebytes and his excellent AdwareMedic application has become Malwarebytes Anti-Malware. You can download it from here:

Malwarebytes Anti-Malware 

Install it. Run it. Let it update its malware definitions off the Internet. Then hit the 'Scan' button. It will go searching through your system to find all reported Mac adware and help you remove the awful stuff.

If you've used AdwareMedic before, you'll notice that Malwarebytes Anti-Malware takes a bit longer to run. That's because the proliferation of adware on Mac has been accelerating.

If your adware infestation hasn't been removed, be sure to click 'Next Steps' inside Malwarebytes Anti-Malware for documentation about what to try next, including sending a system summary to Malwarebytes in order to track down new adware and where it infects itself.

The 'Get Help' button in Malwarebytes Anti-malware offers its 12 page User Guide.

Note that most of the other commercial anti-malware applications will also identify this adware, including my fave, Intego VirusBarrier. 

I'll continue to watch this situation and provide further information and suggestions when I believe they'd be relevant and helpful.

Stay safe and free of marketing morons! (As opposed to beloved marketing mavens).



No comments:

Post a Comment