---

GTF wrote:

Quads has distracted from primary message here which is that Norton and all others who claim to provide security on the web should be blocking, or at least warning, users when they enter a site that foists foistware or malware on unsuspecting customers and visitors. Warn them that they need to look for prechecked check boxes or implied acceptance of unrequested software downloads. Warn them that the site has misleading buttons. Warn them that the page may redirect them to some other site or open other sites in new but in the background windows. Warn them that site has hidden hotspots or even page wide invisible hotspots. Warn them that the site will try to stop them from leaving the page once they have entered it. Warn them of anything undesirable the site may be doing whether it it is doing it legally or not. Give users the option to permanently block such sites.

---

Norton does block and warn about known malicious and phishing sites, as well as sites that pose ecommerce safety threats.  What you have described, however, are issues that can happen at any website you visit, even the ones that are usually considered "safe."  Therefore, what you are asking to be warned about are things that anyone surfing the web should already be taking steps to mitigate as a matter of course.  I am not defending some of the deceptive practices that some bundled software uses, but I am suggesting that nearly all of the dire consequences can be avoided if a user simply pays attention and reads what the installation screens are telling them. 

That being said, there is a list of "unwanted add-on software" maintained by Calendar of Updates that you can use.  The first thing you will notice is that Google and Yahoo! do a lot of piggybacking.  As Quads mentioned, most of this stuff involves high-profile, legitimate companies, and I really don't see how a security company could possibly start blocking these things without running into accusations of trade interference.  The user, on the other hand, always has a choice about accepting an offer or rejecting it.

http://www.calendarofupdates.com/updates/index.php?app=calendar&module=calendar&section=view&do=showevent&event_id=44514

SendOfJive writes: ..."a list of "unwanted add-on software" maintained by Calendar of Updates that you can use"

Good list. That cover all the dodgy installers I'm aware of plus many more.

SendOfJive writes: "The user, on the other hand, always has a choice about accepting an offer or rejecting it."

Technically yes, in practice it just doesn't work like that.

• We are often in a hurry and click through quickly and I suppose you can blame that on the user but pre checkbox checking or implied consent if the user doesn't uncheck make them more responsible.
•  The page is commonly designed to distract the user's attention away from the things they should be seeing and responding to, the things they would respond to if the saw them.
•  Then there's the whole deceptive button placement stratergy - there is no way that can ever be justified and there is no way that could ever be blamed on the user. The user has clicked what appears to be the right button to perform the required action.

I like the list though, thanks for that. 

New on my wish list, now that I've seen this, is to have an option in the Security applications that allows the user to have listing on the hall of shame flagged whenever the user encounters them. That is leave it up to the user, they decide if they want to be notified about sites others have added to the Hall of Shame and when an alert is raised they can decide whether to view the hall of shame entry and whether to proceed with their current action or not. Ideally there would be an option to allow the users to permanently validate and not reject specific listings in the Hall Of Shame (recorded on their own system of course) and maybe add their own entries to the there own personalised list whenever they encounter something they don't like.

---

SendOfJive wrote:

[...]

I am not defending some of the deceptive practices that some bundled software uses, but I am suggesting that nearly all of the dire consequences can be avoided if a user simply pays attention and reads what the installation screens are telling them. 

 

That being said, there is a list of "unwanted add-on software" maintained by Calendar of Updates that you can use.  The first thing you will notice is that Google and Yahoo! do a lot of piggybacking.  As Quads mentioned, most of this stuff involves high-profile, legitimate companies, and I really don't see how a security company could possibly start blocking these things without running into accusations of trade interference.  The user, on the other hand, always has a choice about accepting an offer or rejecting it.

 

http://www.calendarofupdates.com/updates/index.php?app=calendar&module=calendar&section=view&do=showevent&event_id=44514

---

Hi SendOfJive

I agree with you;  the 'consequences can be avoided if a user simply pays attention and reads what the installation screens are telling them.'.

That said, the issue can easily be addressed by simply reframing the problem.

If users have previously found that the unwanted piggybacked software is difficult to uninstall, then Norton should simply detect the program in question as 'Difficult to Uninstall' and block it's installation. This places the obligation back on the affected software vendors to prove to Symantec that their software can be easily uninstalled via the Windows Control Panel.

What are your thoughts on this?

soj:

> The user, on the other hand, always has a choice about accepting an offer or rejecting it.

The problem is that (somewhere around) two-thirds of users don't have the technical skills and experience to make an informed decision.

Perhaps many in this forum don't interact much with users who are not at their level. [I'm not referring to soj.] They need to help their elderly aunt with her computer some time. Or their grandmother. It provides an additional perspective.

There are people who have never in their lives clicked on Tools -> Manage Add-ons and disabled anything. They don't even know it exists.

>http://www.calendarofupdates.com/updates/index.php?app=calendar&module=calendar&section=view&do=show...

That's an interesting list.

I have a question about one of the entries:

"Norton products - Ask Search in Norton toolbar.

_No option to remove and it was pushed by including in a Norton patch._"

Is that true? I don't remember it. But there are lots of Symantec/Norton products.

I lay the root problem on Microsoft.

Users should be able to delete add-ons.

It's their computer. They bought it with their money.

It should be their decision.

MS or a developer should not force them to live with some add-on for the rest of their computer's life.

Hey, I've got friends who have no clue about how to surf the web safely; and I'm not that many years away, myself, from being swindled out of my entire life's savings by some con man preying on the elderly, selling phony investments guaranteed to earn 60% per year.  But there are bad deals and there are illegal deals.  They are not the same.  Cash advance loans offer horrible terms - yet, they are legal and people sign up for them, willingly.  Should we prevent people from spending money on state lottery tickets because their odds of winning are so astromomicaly small as to be essentially zero?  The world is full of things that people intentionally volunteer for, even though by any rational appraisal, the perceived benefits are far outweighed by the disadvantages.  If you read the interest rates, the lotto odds, or the software installer screens, you know what you are getting.

Insofar as PUPs are legitimate software offering some benefit, albeit often in exchange for some annoyance, you can't just go around blocking their installation or trying to dissuade people from accepting a particular offer, unless the program crosses the line into malicious behavior.   It's true that some people don't have the skills to avoid getting the Google Toolbar along with their Adobe Flash Player.  But it's also true that some people don't have the math skills to figure out that the lotto advertising slogan, "If you don't play, you can't win," is as deceptive as an inconspicuous opt-out button on an installer screen.   

All you can do is arm people with education, tell people what to look for and what sorts of things to avoid, advocate for more transparency and rules against pre-selected opt-in buttons and the like.  As long as a transaction is legal, you can't block it for everyone, just because some people lack the ability to evaluate the terms of the deal.  Asking Norton to interfere with a business arrangement between Google and Adobe, or any other legitimate vendors just does not seem like a viable approach to fixing the problem.  Just making people aware of "foistware" in general should be sufficient in most cases to allow them to make informed choices,  For those in our care, who are incapable of making informed decisions on their own, there are limited user accounts.

With a lottery ticket pretty much everyone allowed to buy them knows the odds are stacked against them. More significantly, excluding those with a mental illness (like a gambling addiction) most of will not be spending enough on the tickets to have any impact on our future well being. It is illegal to sell lottery tickets to minors because they can't weigh up the risks - it is assumed they are not yet competent enough to understand what they are doing. I don't know what the law is regarding the mentally infirmed (age related or otherwise) but if it is not illegal it should be - I'll check on that.

Most computer users are not equipped to evaluate the risks associated with downloads from most sites - that's why they more than anyone need security software to do it for them. They software may allow them to accept the download if they wish but it should inform them of the risk they are otherwise incapable of evaluating and leave the choice to them. They should have the option to block or allow once or to make this default behavior for such sites and for particular sites.

When most people buy a lottery ticket they know they odds are bad even they don't fully appreciate how bad, but if the cost is trivial to them that doesn't really matter - they bought their ticket knowing they almost certainly won't win.

When many people download from these foistware sites they don't know it will be coming with extras and if it do they don't know how to evaluate the risks those extras pose, are they good, do they want them, are they bad, will they disclose personal information, will they damage or impede the computers performance?  They don't know, so how can they make an informed decision? They can't; they need an advisor. If they have Norton or McAfee or Trend or any similar product then they have an advisor, an advisor they paid for, and that advisor should do the job it was paid to do. If they then choose to ignore their advisor then it's their own fault and they must accept the responsibility.

Again I say, it is common practice on these sites to distract the user attention away from any notices the site gives regarding foistware products and it is common practice to use misleading button placement. Would it be fair to hide speed limit signs behind trees or to place parking signs so high on poles that you are unlikely to see them? If you were fined because of such practices you would certainly win an appeal in court.

You cannot hold someone to a contract if you can't show with reasonable certainty that they were aware of the contract - no knowledge = no contract.

Hopefully as our understanding of human cognition improves the laws governing these disreputable business practices will be tightened bringing an end to such practices. The law is already far behind the science and all too frequently one has to resort to the courts.

---

GTF wrote:

When most people buy a lottery ticket they know they odds are bad even they don't fully appreciate how bad, but if the cost is trivial to them that doesn't really matter - they bought their ticket knowing they almost certainly won't win.

---

Studies have shown that this is not true.  A disproportionately high  percentage of lottery ticket buyers are poor and/or uneducated - precisely the people who can least afford it.  The cost is not trivial: the lower the income, the higher the effective cost of a lottery ticket.  But we digress.....

On the topic of foistware, downloading and installing software is one of the primary tasks that all computer users face.  Don't you think these users should actually know how to do this safely, rather than having a third-party constantly nagging them to pay attention?  Shouldn't they already know the basic precautions one should take when downloading any software?  Isn't it their responsibility to learn?  Besides, uninformed users already click through and override Norton malicious page blocks and Norton file warnings all the time.  What makes you think they would pay any more attention in cases where the threat is software that is merely annoying, rather than truly malicious?

Back to the original topic, has the poster tried this solution for AVG Security Toolbar removal?

http://www.avg.com/ww-en/faq.num-5200

Regards,

Kelly

SendOfJive writes: "On the topic of foistware, downloading and installing software is one of the primary tasks that all computer users face.  Don't you think these users should actually know how to do this safely, rather than having a third-party constantly nagging them to pay attention?  Shouldn't they already know the basic precautions one should take when downloading any software?  Isn't it their responsibility to learn?"

Caveat emptor then? Let the buyer beware - To some extent this is still applies in the modern world but it has largely been replaced with caveat venditor - Let the seller beware. It is the seller these days who must be sure his products meet the claims made of them. If sellers are found to have mislead their customers they will be held accountable, they will lose out not the customer.

Ideally users would have know how to download and install safely but that isn't the reality. Ideally we would all drive safely through all intersections without having to be controlled,  but we don't and we do have to be controlled - thus we have traffic lights and stop signs and give ways to make it safe or safer. Most of us drive but most drivers have not the slightest idea about the workings of their car, they won't detect warning signs or know how to fix them. They happily drive on everyday in ignorant bliss knowing their mechanic is looking after the car's wellbeing at every service.

SendOfJive writes: "Besides, uninformed users already click through and override Norton malicious page blocks and Norton file warnings all the time."

I covered that in my last post (in the blue typeface) - and yes if they ignored the warnings than it would their fault. The difference is these warnings would be clear and unmistakable.

SendOfJive writes: "uninformed users already click through and override Norton malicious page blocks"

You can change how Norton manages these - you can have it ignore them, warn and ask you, or simply block it. The user can set the default behavior to suit their knowledge and the level of security they want.

Incidentally, after comparing both Norton Internet Security and Norton 360 I find that Norton 360 has all the same options and switches as Norton Internet Security but just under a different menu structure. So they are the same but for the Backup and tweaking utilities included with 360. Most forums suggest that Internet Security is more customizable but it seems that is not the case.

Kelly writes: "Back to the original topic, has the poster tried this solution for AVG Security Toolbar removal?"

He couldn't erase one group of registry entries so he wiped all the discs and reinstalled everything from scratch and that, of course, did work.

---

Kelly wrote:

Back to the original topic, has the poster tried this solution for AVG Security Toolbar removal?

 

http://www.avg.com/ww-en/faq.num-5200

 

Regards,

Kelly

 

 

 

 

---

I dont believe the OP has any need for that, he posted this in message 9 of this thread:

P.S. Fresh installation of everything and windows and explorer are running nicely. It took all night but now no trace of AVG left anywhere. Now to take a disk image so I don't have to go through that again in this ever happens again.

---

SendOfJive wrote:

 

[...]

 

Insofar as PUPs are legitimate software offering some benefit, albeit often in exchange for some annoyance, you can't just go around blocking their installation or trying to dissuade people from accepting a particular offer, unless the program crosses the line into malicious behavior.   It's true that some people don't have the skills to avoid getting the Google Toolbar along with their Adobe Flash Player.  But it's also true that some people don't have the math skills to figure out that the lotto advertising slogan, "If you don't play, you can't win," is as deceptive as an inconspicuous opt-out button on an installer screen.   

 

All you can do is arm people with education, tell people what to look for and what sorts of things to avoid, advocate for more transparency and rules against pre-selected opt-in buttons and the like.  As long as a transaction is legal, you can't block it for everyone, just because some people lack the ability to evaluate the terms of the deal.  Asking Norton to interfere with a business arrangement between Google and Adobe, or any other legitimate vendors just does not seem like a viable approach to fixing the problem.  Just making people aware of "foistware" in general should be sufficient in most cases to allow them to make informed choices,  For those in our care, who are incapable of making informed decisions on their own, there are limited user accounts.

  

---

Hi SendOfJive

How exactly does the user education/foistware awareness that you mentioned above actually come about? Symantec has already built a friendly Download Intelligence interface into the Norton products that could potentially manage this issue. The question remains however; why hasn't that interface been enabled by default?

You mentioned above that “asking Norton to interfere with a business arrangement between Google and Adobe, or any other legitimate vendors just does not seem like a viable approach to fixing the problem”. Norton products will actually do this if the Download Intelligence “Alert on Poor Stability” setting is enabled.

For example, the following Microsoft application is considered ‘Very Unstable’ by Norton:

With the “Alert on Poor Stability” setting enabled, then if a user downloaded this application and chose to run it, then they would be prompted as follows:

• First, acknowledge the Windows User Account Control (UAC) prompt to run the file (Windows Vista Operating System and above);
• And then weigh up the advice given below and then subsequently choose an appropriate option presented by this Norton Download Insight prompt:

If the user chooses the ‘Cancel run’ option above, then the program will be blocked:

So, if Norton products can already manage poor program stability while disregarding any “business arrangements” with any other vendor(s), then why can’t Norton notify users in the same way that the program that they are about to run will potentially install unwanted programs if they don’t pay attention during the installation process?

If the Norton products did this, then wouldn't Symantec be proactively raising awareness and educating users about the inherent dangers present in many software installation processes?