Pinterest Stumbleupon Whatsapp
Ads by Google

MacUpdate has joined the dark side, bundling adware into free downloads like Firefox. If you want to avoid this completely, stop downloading apps from MacUpdate – download directly from the official homepages of the software you want.

If that’s not realistic for some reason, here’s what to look out for.

“But I Thought MacUpdate Was Safe!”

Long seen as a safe website for Mac users to download apps not found in the Mac App Store, MacUpdate has recently joined a seemingly endless number of previously trusted sites that decided to cash in on that goodwill.

It’s particularly jarring in this case, because most Mac software doesn’t require an installer: just drag the app to the Applications folder and you’re done. That doesn’t allow for a monetization moment, however, so MacUpdate created an entirely unnecessary installer – complete with impulse-driving “Next” buttons – just to trick you into changing your default search engine and install some browser extensions.

macupdate-installer-stupid-unnecessary-malware

MacUpdate says their desktop app, which keeps your apps up-to-date Get Easier Updates With These Alternative App Stores For Mac Get Easier Updates With These Alternative App Stores For Mac Tired of manually installing and updating Mac apps? Check out these alternatives to the Mac App Store, offering downloads and updates the App Store can't. Read More , doesn’t use these bundles. And not every piece of software on the site uses the unnecessary installer – we could only find it by downloading Firefox. But in case you’re worried, here’s what the installer looks like – and how to avoid it.

Ads by Google

When Free Downloads Aren’t Free

After hearing about MacUpdate’s scheme from Thomas Reed of Malwarebytes, I thought I’d investigate myself. I downloaded Firefox both from the Firefox homepage and MacUpdate, and ended up with two different DMG files.

firefox-installer

Open the official Firefox installer, titled “Firefox 42.0” in the screenshot above, and you’ll see this:

firefox-actual-installer

Installing is simple: just drag the Firefox icon to the Applications folder and you’re done. So what’s the MacUpdate installer look like? Here’s what you see when you open their “Firefox Installer.dmg”:

mac-update-installer

The Firefox branding is gone, and there’s no icon to change: just an application to launch. Open it, and you’ll be asked for your root password before a Windows-style installer runs.

macupdate-installer-running

As far as I can tell, there is no reason for this installer other than getting you to click “Next” without reading so you can end up with unwanted changes to your system. MacUpdate says the installer makes things “easier”, while also allowing them to “offer another app offer that users may be interested in”.

Tell me: does this look like they’re “offering another app” to you?

installer-next

The onus is on the user to work out how not to end up with the “app” that’s being “offered” – in this case switching my default search engine to Yahoo.

installer-advanced

If you click next without reading this text, or clicking “Advanced” – something MacUpdate knows users will do without meaning to – you’re going to find out that every browser installed on your computer (Chrome, Firefox and Safari) not only default to Yahoo Search, but also uses Yahoo as the homepage and new tab page.

mac-update-firefox

To repeat: this was true not only for the Firefox instance I installed using MacUpdate, but for every browser installed on my computer. Google’s Chrome was set to use Yahoo for search, and my new tab page was replaced. The same was true for Safari.

I didn’t even know it was possible to change the new tab page in Safari, so I guess at least I learned something.

installer-homepage-chrome

I also ended up with a Safari extension called “SearchTrust”, and I’ve no idea what it does. Revert my search settings if I try to change them, maybe? I uninstalled it rather than find out.

Tell me: do you think this is something MacUpdate users want? Do you think MacUpdate did an intensive study of their userbase, and discovered they’re all unhappy with their default search engine? That they would be better off with Yahoo? Do you think users want every browser on their system messed with?

Does that seem likely to you? Or do you think MacUpdate knows enough users will click “Next” without noticing, and end up using a search engine they get kickbacks from?

Note: After Reed’s post about this, MacUpdate stopped using their installer for Skype – the program he used as an example. It’s possible that this article will prompt MacUpdate to stop using it for Firefox, so if you don’t see the installer that’s probably why.

It Happened Before, It Will Happen Again

PC users know all about this sort of bundled crapware. From OpenCandy’s unwanted bundles OpenCandy: The Reason You Should Never Just Click "Next" OpenCandy: The Reason You Should Never Just Click "Next" Clicking "next" repeatedly is the quickest way of installing apps on Windows - until you find you installed other programs on your computer without realizing it, thanks to OpenCandy. Let's do something about that. Read More to the crap bundled by the likes of Download.com, they’ve basically come to expect these tactics.

For as long as there has been free software on the Internet, there have been sites that offer one-stop shops for downloading it. Some of these can be trusted to offer the downloads without any nonsense, a tendency that helps them build a reputation and a userbase.

It’s disturbingly common for such sites to eventually see the trust and userbase they’ve built up as a commodity, something that can be exploited for revenue. It usually starts small: maybe letting in some ads that looks like download buttons How To Spot, And Avoid, Ads Disguised As Download Buttons How To Spot, And Avoid, Ads Disguised As Download Buttons Read More slip in, just to help pay for bandwidth. It’s frustrating for confused users, sure, but most adjust and it’s hard to argue with the money. But many such sites find that this isn’t enough either, so they start bundling crapware with free downloads. That’s what SourceForge started doing earlier this year The SourceForge Controversy, and the Ongoing Fall of Slashdot Media, Explained The SourceForge Controversy, and the Ongoing Fall of Slashdot Media, Explained Over the past few days, one of the world's premier download portals has been in the middle of a controversy – and one of the web's first geek communities is being dragged down with it. Read More , and the pushback for them has been brutal.

This can pay off massively, of course: Divx famously made $15.7 million in nine months by bundling the Yahoo Toolbar 4 Annoying Browser Toolbars & How To Get Rid Of Them 4 Annoying Browser Toolbars & How To Get Rid Of Them Browser toolbars just don't seem to go away. Let's look at some common nuisances and detail how to remove them. Read More . You can argue that this isn’t hurting anyone, and provides the sites a way to make a little bit of extra money; but the entire scheme is built on exploiting the users who don’t know better. This makes their computing experience just a little bit harder, and a little less effective – all in the name of adding another revenue stream.

I’m not sure how such sites should monetize themselves – it’s a big problem. But this sort of scheme usually proves to be self destructive. In this case, longtime MacUpdate users – some of whom were paying for the service previously – aren’t happy.

MacUpdate: It’s Not Too Late

I’d hate for MacUpdate, a site I find useful quite frequently, to go further down this path. Trust is impossible to get back once you’ve lost it, and it’s possible that trust is already damaged beyond repair in this case. But that doesn’t mean MacUpdate should just go all-in: they should notice the pushback, admit that they’re wrong unambiguously, and step back from the brink.

Till then you should probably get all your free downloads from their official sources (or the Mac App Store) — which may take a little longer, and require some more searching, but is much less likely to result in adware infecting your system.

Now we want to know what you think. Will you be using MacUpdate in the future?

  1. first
    September 16, 2016 at 5:53 am

    Nope - not gonna use an installer that bypasses the Apple Store.

  2. Taz Wilkins
    September 5, 2016 at 7:24 am

    MacUpdate desktop, for me, is still my go-to app for quickly updating apps on my own and my clients' machines. It's an easy way to search for and automatically install updates, and I (at this moment, at least) will not be abandoning them for another updating app, as it is too convenient for this utility. I am distressed, tho, to hear about the dark elements; had not encountered this because of how I use their service. Nor was I watching for subterfuge, but of course, will now pay closer attention. I hope they return to being a 'clean' site, as I have been a happy MU'er for many years. Would be so disappointed if I had to try to replace the service... Get with it, MacUpdate! You guys have been great for many years, I've happily paid your yearly fees for the desktop service, but will feel inclined to split if you cannot play nice in the Mac community. I've already turned off the auto-renew, just in case...

  3. Cynical Optimist
    June 13, 2016 at 6:37 pm

    Thank you for the quick info. I had a nagging feeling that I shouldn't have ignored, but continued on to try and install a tiny app. *facepalm*

    Ran into a "You really want this app, right?" screen and clicked through after selecting no. The "install screen" showing progress stayed at zero for a couple of minutes before I got alarmed and tried to quit. No quit option in menu. Tried to close window, and got something like "You can't do that until install is complete". Force-quit killed it, and now I'll be spending a little while trying to figure out what it was doing for those couple of minutes.

    With all due respect to MacUpdate and the "negative PR this initiative has caused" (poor misunderstood souls), someone who runs into this the first time will never give them a second look.

    Postscript/protip: When defending your company's bad move, try to steer clear of business-speak buzzwords. Like calling it an "initiative", and calling valid criticism "negative PR". But to their credit, it's nowhere near as bad as Crunchyroll's "very actively working on new systems for better communication in coming iterations" (after their manga server went down completely twice, for a total of four days in a couple of weeks - and ignoring everyone asking about it in the forums - then defending it first as "maintenance" and later "technically maintenance").

  4. Joep
    March 28, 2016 at 3:44 pm

    I "accidently"installed "IPNetMonitorX Installer.dmg"
    By clicking it installed "mac update installer" but I cannot find it, what did it install and how do I get rid of it?

    • Justin Pot
      March 28, 2016 at 4:05 pm

      I'm not familar with that particular piece of software. I'm assuming you can't find the application in Spotlight; what about Activity Monitor?

      • Joep
        March 28, 2016 at 4:39 pm

        Cannot find anything, al the process in Activity Monitor seems to be legit..
        So what does "mac update installer" install?? and where?

        Stupid to just hit continue but as you say "Thought Mac Update was safe"

        (Downloaded IPNetmonitorX at their website and seems to be working ok)

        • Justin Pot
          March 28, 2016 at 6:00 pm

          If you can't find anything you should be okay, but be on the lookout for suspicious popups. If you see one, come back here with a screenshot and we'll chat. Sound good?

        • Justin Pot
          March 28, 2016 at 6:01 pm
        • Joep
          March 28, 2016 at 8:04 pm

          Thanks,
          malwarebytes didn't find anything, gets I'm good....
          Keep my eyes open...

        • Justin Pot
          March 28, 2016 at 8:22 pm

          Stay safe out there!

  5. User
    February 12, 2016 at 3:43 pm

    now only fit to view information on the software, but not to install programs from this site. Now we have to turn to more honest sites for information and to download the software.

    • Justin Pot
      February 12, 2016 at 4:40 pm

      I'd thought you were talking about MakeUseOf in a comment I wrote before, have since deleted that. Sorry about any confusion.

      Yes: MacUpdate is still useful for finding information about applications, but probably not ideal for actually downloading them.

  6. Zenon
    December 24, 2015 at 5:26 pm

    Even when you go the Advanced route and uncheck everything there, it will install Mackeeper, a malware far worse than the Yahoo toolbar. It happened to me.

    • Justin Pot
      December 27, 2015 at 6:06 pm

      If that's true, that's awful.

  7. Geoff Heys
    December 17, 2015 at 2:21 pm

    I am a paid subscriber to MacUpdate. The downloads (through the MacUpdate Desktop app or when logged into the web site) do not include anything other than the developers' product.

    The app is extremely useful to me for checking whether my installed apps are up-to-date. While I would love to get everything from the Mac App Store, that's just not feasible (yet ... maybe never). And don't suggest using the built-in "check for updates" function in every installed application, that's also not feasible.

    MacUpdate is the only service left for ensuring everything is current. While I appreciate their need to run a business, I hope they can reconcile that with all the negative PR this initiative has caused.

    • Justin Pot
      December 17, 2015 at 2:33 pm

      I've enjoyed the MacUpdate software itself every time I've tested it, there's a few bugs but overall it's a good service.

  8. Me
    December 16, 2015 at 5:08 pm

    "PC users know all about this sort of bundled crapware."

    I think you meant Windows users not PC users. Life in good in Linux land.

    • Justin Pot
      December 16, 2015 at 7:19 pm

      The word "PC" is generally understood to refer to Windows computer. There's no definition of "PC" that includes Linux rigs that also shouldn't include Macs. They're identical in all ways but operating system.

  9. Bill
    December 16, 2015 at 4:30 pm

    The above should read "there is an updater available"....

  10. Bill
    December 16, 2015 at 4:28 pm

    But MacUpdate already monetizes its site. There are ads on the site which can be removed with a subscription and there is an prated available, also with a pay subscription.

    • Justin Pot
      December 16, 2015 at 7:20 pm

      Not monetized enough, apparently...

Leave a Reply

Your email address will not be published. Required fields are marked *