I read an interesting article earlier this week regarding an iTunes install scam that ultimately loads a bunch of unrequested software before eventually directing you to the official iTunes download site. As bad as all that is, I was drawn to the last few paragraphs of the article.
Part of the problem with trying to warn people of the dangers of these types of misleading installers is the fact the Adobe and Oracle are both engaging in similar behavior, lending an air of legitimacy to the practice.
When Adobe release a critical update for Flash Player in February of 2014, it defaulted to installing Google Chrome and making it my default browser unless I opted out.
Oracle’s Java uses a similar tactic, offering to hijack your search engine to everyone’s preferred search provider, Ask.com.
With Oracle’s $37 billion of revenue in 2013 and Adobe’s $4 billion, I am not convinced they need to resort to bundling unwanted additional packages with plugin downloads.
The author went on to add some personal advice.
You need to approach software downloads with the same caution that you approach websites that may wish to phish your credentials.
Always go directly to the source. Don’t trust ads and don’t click links in emails. Instead, go directly to the manufacturer’s website.
Lastly, pay close attention to checkboxes and what you are agreeing to. Apparently even legitimate software vendors can occasionally betray your confidence.
Good rules to live by indeed.
You can find the entire article at Naked Security.