Viperware
This icon marks software whose installation program may install extra software you may not want.
Many software installation programs will install not just the software you want, but also extra software you neither need nor want.
This page refers to an installation program as “viperware” if it the extra software slithers into your PC without telling you, or by default.
Something akin to viperware is an installation program which changes the configuration of the user’s PC and makes it hard
to undo the changes: an example is a program which hijacks the user’s home page.
Something else akin to viperware is a browser installation program which makes that browser the default browser, without first asking the user.
Such trickery preys on the human tendency to blindly accept defaults when installing software.
It also preys on the human tendency not to notice the unexpected.
Those who distribute viperware — and this includes the world’s major software makers — often defend their actions by claiming
that they do this as a convenience to users: the real reason, of course, is that the software makers want to force more people to use their products,
even if people neither want nor need them.
Viperware is bad not only because it does something the user doesn’t want, but also because it may install software which can
make a PC less reliable, or make a PC more vulnerable to security threats.
Tricks & Traps
Viperware trickery takes several forms:
- When the user selects an installation program, several installation programs may be offered, with the default being one which installs
extras.
- The installation program may list options to install extra software, with the default being to install the extras.
Often the extras are listed only when a user chooses a “Options” or “Custom Install” or “Advanced Install” option: thus many users would
not even know that the extras exist and could be refused. Sometimes an extra is described in a way which exaggerates its benefits or conceals its consequences.
Sometimes an extra is mentioned only in the license agreement, which many users don’t read.
- The installation program may secretly install extras, with users given no choice, or with choices ignored.
- The software installed may have an update function which installs extras during later updates.
- An updated installation program may install extras which earlier versions of the installation program did not, so
users who have learned to trust an installation program won’t expect to be betrayed when an update becomes viperware.
- An alternate installation program that doesn’t install the extras may exist, but be in a location which the typical user could
not find.
To avoid installing unwanted extras it’s important to go through the installation procedure very carefully, to read what each dialog box says,
to select any custom (advanced) install options which may be offered, and to uncheck options which are unwanted. It may also be prudent to check afterwards
to see whether unexpected extras were installed, and to uninstall extras which can be safely removed.
Viperware Examples
Here are a few examples of viperware which this author has personally encountered at some time. Note that this list isn’t intended to be exhaustive: instead it’s intended to illustrate how pervasive the
viperware problem is.
- Adobe (Acrobat) Reader 9: may install the unnecessary Adobe Download Manager (Adobe DLM) as well;
NB: in mid-2018, Adobe happily chose not to install unwanted software by default.
- Adobe Flash: may secretly install unwanted software, e.g.
in Feb 2011 it secretly installed McAfee software on a Windows XP PC; will also offer to install software from McAfee and/or Intel.
NB: in mid-2018, Adobe happily chose not to install unwanted software by default.
- Adobe Reader: will also offer by default to install software from McAfee and/or Intel.
- Adobe Shockwave: may try to install McAfee or Symantec products, or a Google toolbar, or Google Chrome;
and if Google Chrome is installed, the Shockwave installation program may want to make Chrome the default browser.
- Apple iTunes: also installed Apple Update Software, BonJour, and QuickTime, either without giving the user a choice,
or ignoring the user’s choice.
- Apple QuickTime: may install iTunes; also installed Apple Mobile Device Support, Update Software, and PictureViewer;
the user can choose not to install the Apple Update software, but the user’s choice is ignored, and this software is installed anyway;
if not wanted, the Apple Update software must be manually uninstalled afterwards.
- Apple Safari: may install Apple Update Software, Bonjour, and QuickTime;
the user could choose not to install the Apple Update Software, but the user’s choice is ignored, and this software is installed anyway.
- Microsoft Internet Explorer or Microsoft Live Messenger: may install a Microsoft toolbar
and hijack the home page.
- Microsoft Silvrlight: may try to make Bing the default browser search engine and MSN the default browser home page.
- Microsoft Update: may install a new version of Internet Explorer without sufficient notice. The notice that
the new version will be installed is buried in a list of legitimate security updates.
- Apple Java JRE: installed JavaFX (whether you want it or not), and
may install its own download manager and/or a Microsoft toobar. It has also installed a large list
of 3rd party software components: e.g., for Java 6u11, More
than three dozen items are listed which might also be installed, and it isn’t clear whether all are essential to Java.
