Pinterest Stumbleupon Whatsapp
Advertisement

MacUpdate has joined the dark side, bundling adware into free downloads like Firefox. If you want to avoid this completely, stop downloading apps from MacUpdate – download directly from the official homepages of the software you want.

If that’s not realistic for some reason, here’s what to look out for.

“But I Thought MacUpdate Was Safe!”

Long seen as a safe website for Mac users to download apps not found in the Mac App Store, MacUpdate has recently joined a seemingly endless number of previously trusted sites that decided to cash in on that goodwill.

It’s particularly jarring in this case, because most Mac software doesn’t require an installer: just drag the app to the Applications folder and you’re done. That doesn’t allow for a monetization moment, however, so MacUpdate created an entirely unnecessary installer – complete with impulse-driving “Next” buttons – just to trick you into changing your default search engine and install some browser extensions.

macupdate-installer-stupid-unnecessary-malware

MacUpdate says their desktop app, which keeps your apps up-to-date Get Easier Updates With These Alternative App Stores For Mac Get Easier Updates With These Alternative App Stores For Mac Tired of manually installing and updating Mac apps? Check out these alternatives to the Mac App Store, offering downloads and updates the App Store can't. Read More , doesn’t use these bundles. And not every piece of software on the site uses the unnecessary installer – we could only find it by downloading Firefox. But in case you’re worried, here’s what the installer looks like – and how to avoid it.

Advertisement

When Free Downloads Aren’t Free

After hearing about MacUpdate’s scheme from Thomas Reed of Malwarebytes, I thought I’d investigate myself. I downloaded Firefox both from the Firefox homepage and MacUpdate, and ended up with two different DMG files.

firefox-installer

Open the official Firefox installer, titled “Firefox 42.0” in the screenshot above, and you’ll see this:

firefox-actual-installer

Installing is simple: just drag the Firefox icon to the Applications folder and you’re done. So what’s the MacUpdate installer look like? Here’s what you see when you open their “Firefox Installer.dmg”:

mac-update-installer

The Firefox branding is gone, and there’s no icon to change: just an application to launch. Open it, and you’ll be asked for your root password before a Windows-style installer runs.

macupdate-installer-running

As far as I can tell, there is no reason for this installer other than getting you to click “Next” without reading so you can end up with unwanted changes to your system. MacUpdate says the installer makes things “easier”, while also allowing them to “offer another app offer that users may be interested in”.

Tell me: does this look like they’re “offering another app” to you?

installer-next

The onus is on the user to work out how not to end up with the “app” that’s being “offered” – in this case switching my default search engine to Yahoo.

installer-advanced

If you click next without reading this text, or clicking “Advanced” – something MacUpdate knows users will do without meaning to – you’re going to find out that every browser installed on your computer (Chrome, Firefox and Safari) not only default to Yahoo Search, but also uses Yahoo as the homepage and new tab page.

mac-update-firefox

To repeat: this was true not only for the Firefox instance I installed using MacUpdate, but for every browser installed on my computer. Google’s Chrome was set to use Yahoo for search, and my new tab page was replaced. The same was true for Safari.

I didn’t even know it was possible to change the new tab page in Safari, so I guess at least I learned something.

installer-homepage-chrome

I also ended up with a Safari extension called “SearchTrust”, and I’ve no idea what it does. Revert my search settings if I try to change them, maybe? I uninstalled it rather than find out.

Tell me: do you think this is something MacUpdate users want? Do you think MacUpdate did an intensive study of their userbase, and discovered they’re all unhappy with their default search engine? That they would be better off with Yahoo? Do you think users want every browser on their system messed with?

Does that seem likely to you? Or do you think MacUpdate knows enough users will click “Next” without noticing, and end up using a search engine they get kickbacks from?

Note: After Reed’s post about this, MacUpdate stopped using their installer for Skype – the program he used as an example. It’s possible that this article will prompt MacUpdate to stop using it for Firefox, so if you don’t see the installer that’s probably why.

It Happened Before, It Will Happen Again

PC users know all about this sort of bundled crapware. From OpenCandy’s unwanted bundles OpenCandy: The Reason You Should Never Just Click "Next" OpenCandy: The Reason You Should Never Just Click "Next" Clicking "next" repeatedly is the quickest way of installing apps on Windows - until you find you installed other programs on your computer without realizing it, thanks to OpenCandy. Let's do something about that. Read More to the crap bundled by the likes of Download.com, they’ve basically come to expect these tactics.

For as long as there has been free software on the Internet, there have been sites that offer one-stop shops for downloading it. Some of these can be trusted to offer the downloads without any nonsense, a tendency that helps them build a reputation and a userbase.

It’s disturbingly common for such sites to eventually see the trust and userbase they’ve built up as a commodity, something that can be exploited for revenue. It usually starts small: maybe letting in some ads that looks like download buttons How To Spot, And Avoid, Ads Disguised As Download Buttons How To Spot, And Avoid, Ads Disguised As Download Buttons Read More slip in, just to help pay for bandwidth. It’s frustrating for confused users, sure, but most adjust and it’s hard to argue with the money. But many such sites find that this isn’t enough either, so they start bundling crapware with free downloads. That’s what SourceForge started doing earlier this year The SourceForge Controversy, and the Ongoing Fall of Slashdot Media, Explained The SourceForge Controversy, and the Ongoing Fall of Slashdot Media, Explained Over the past few days, one of the world's premier download portals has been in the middle of a controversy – and one of the web's first geek communities is being dragged down with it. Read More , and the pushback for them has been brutal.

This can pay off massively, of course: Divx famously made $15.7 million in nine months by bundling the Yahoo Toolbar 4 Annoying Browser Toolbars & How To Get Rid Of Them 4 Annoying Browser Toolbars & How To Get Rid Of Them Browser toolbars just don't seem to go away. Let's look at some common nuisances and detail how to remove them. Read More . You can argue that this isn’t hurting anyone, and provides the sites a way to make a little bit of extra money; but the entire scheme is built on exploiting the users who don’t know better. This makes their computing experience just a little bit harder, and a little less effective – all in the name of adding another revenue stream.

I’m not sure how such sites should monetize themselves – it’s a big problem. But this sort of scheme usually proves to be self destructive. In this case, longtime MacUpdate users – some of whom were paying for the service previously – aren’t happy.

MacUpdate: It’s Not Too Late

I’d hate for MacUpdate, a site I find useful quite frequently, to go further down this path. Trust is impossible to get back once you’ve lost it, and it’s possible that trust is already damaged beyond repair in this case. But that doesn’t mean MacUpdate should just go all-in: they should notice the pushback, admit that they’re wrong unambiguously, and step back from the brink.

Till then you should probably get all your free downloads from their official sources (or the Mac App Store) — which may take a little longer, and require some more searching, but is much less likely to result in adware infecting your system.

Now we want to know what you think. Will you be using MacUpdate in the future?

Leave a Reply

Your email address will not be published. Required fields are marked *