A Chilling Find on an Awesome Care Check

Recently I did a remote computer check on the Awesome Care program for one of our Awesome Care customers. This was a Windows 7 machine and on the surface it seemed to be running just fine and were it not for the scheduled check, there was no reason that the owners would have been calling us about it.

It is a good thing we did this however, as I found the machine running with 55 Connections to the outside world. Yes you heard right, 55.

How many of these connections were from legitimate programs? About Two.

So what was the deal? The machine had a very strong AV on it that was mostly working (it had reached the point where it was crashing from time to time), and there actually were not any traditional Viruses or Trojans on it, nor was there any Rogue/Fake Antivirus (they might have seen that one) or Ransomware (like Cryptolocker/Cryptowall). Also found no active rootkits.

No, this was a collection of what we call in the Industry PUP or Potentially Unwanted Program(s). A big collection of them. These are programs that are not considered viruses so to speak (because they do not try to replicate and EMail themselves to everyone in the address book like viruses try to do), but they also serve no useful purpose whatsoever and they make a lot of connections to “back home” where they share who knows what with the home office. Many times they have very innocent sounding names, like “Ask Toolbar”. That particular one is one of the worst; and if gets installed by a drive by download when folks are trying to do something they should be doing, and that is updating Java. The checkbox to install that trash along with is always CHECKED by default; so that folks who are not paying attention end up with it every time.

And that is how the rest of them get on there as well. They come as drive by downloads from the installation of other programs that the user was trying to install. Anytime one is installing something that is “free” they need to be very conscious of every install screen and make sure to uncheck every single checkbox that is trying to add something else. For instance there is a utility program that I like to use but when it gets downloaded it tries to push a certain web browser different than what most folks use and worse than just installing what might be an unwanted program it is also automatically checking a box to make this new and unasked for program the DEFAULT web browser! Now the folks are certainly going to wonder what happened to their computer when their entire web browsing experience has suddenly changed for an unknown reason.

I take exception with every single one of these vendors who check these boxes by default. If you want income from your program then CHARGE for it. If it is useful then people will pay for it. Pushing all this crapware at people I do not believe is the right way to go. Not one computer user on the planet would be harmed in any way if the Ask Toolbar just completely disappeared.

What is the moral of this story? That there is much more to the security of your computer than just the virus checker. That is only the beginning not the end of the security focus for a PC. We recommend that you either hire us to check your machines that appear to be running fine or take the time to learn how to do it yourself. What I discovered here is a great example of what happens in today’s computing world when they are never checked because they seem to be running just fine.

Leave a Reply