Pay-per-install scareware is the bane of many companies

If you’ve ever installed a piece of software from the Internet and suddenly found yourself plagued by ads, “scareware,” or programs that take over your browser and direct it to other sites, you’re not alone. This happens every day, even when a user downloads software that appears legitimate.

This model of attack is actually much more common than malware. Google tracks more than 60 million attempted installs each week—three times the number of attempted malware installs. Most computer security programs are designed to protect against malware, not adware, scareware, and the like.

The problem, according to a team of researchers from Google and the NYU Tandon School of Engineering, lies in pay-per-install (PPI) programs, wherein distributors of legitimate software are paid for each download that includes unwanted software. Because users need to agree to terms and conditions in order to install the software, and they typically don’t read those terms before installing, they may be agreeing to download unwanted software as well.

PPI is a lucrative business, but it occupies a legal gray area. Because consumers agree to the terms of service, it isn’t illegal, but it certainly causes many problems both for businesses and for individual users.

This research is the first of its kind, and it implies that software companies are often working with the creators of these programs, agreeing to bundle unwanted software with their own legitimate products.

“We’re hoping to expose these business practices so people are less likely to get duped into flooding their computers with programs they never wanted,” says Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon and co-leader of the research team.

There are also companies that bundle third-party software their own products, and that third-party software contains the pay-per-install software. In this scenario, the original developer isn’t party to the scam but may suffer from negative feedback as a result of the unwanted software.

Google watches for websites known to harbor unwanted software, and it continually updates its Chrome browser in order to keep its users away from those sites. However, even as the technology to protect users from such attacks improves, the unwanted software developers create new ways to continue their attacks.

The best advice to prevent unwanted software is to only download products from trusted sites and to carefully read the terms and conditions before installing those products.