Google Research Finds Free Software Bundles Come with Security Cost

Unwanted software installation is not only annoying, but also a huge security issue for users. This is according to researchers at Google who say that they are working with the anti-virus industry and the Clean Software Alliance to call out deceptive practices in unwanted software delivery.

Done in partnership with the New York University Tandon School of Engineering, the research found a correlation between commercial pay-per-install (PPI) - which enables companies to bundle applications with more popular software in return for a fee – and unwanted software, including some that silently tracks users’ browsing behavior.

Researchers analyzed 446,000 offers related to 843 unique software packages and found that the most “commonly bundled software included unwanted ad injectors, browser settings hijackers, and scareware purporting to fix urgent issues with a victim’s machine for $30-40.”

According to the report, the PPI ecosystem drove over 60 million weekly download attempts, with tens of million installs detected in the last year. PPI networks “actively interfere with or evade detection” from anti-virus software and browsers.

Google said that “while not all software bundles lead to unwanted software, critically, it takes only one deceptive party in a chain of web advertisements, pay-per-install networks, and application developers for abuse to manifest.”

You can see the full report here.