Downloading software without bloatware

download spyware adware bloatware

10,010

Solution 1

I take it you're referring to windows programs? I circumvented the whole problem by using Linux Mint (and even keeping installed packages to a minimum with --no-install-recommends & a similar option in Synaptic/apt.conf).

It's got Firefox, Chromium, Opera, LibreOffice, Flash Player, GIMP, tons of excellent "evilware-free" software.

But if your heart's set on Windows... Can't believe I actually forgot about this Windows solution I read about last year (on How-To Geek or Lifehacker or MakeUseOf) for installing & updating freeware on Windows (but I don't use windows, so...) Here's an image & bit of the intro from the How-To Geek page:

https://ninite.com/

Image of ninite.com apps to choose

How-To Geek says " Ninite is the Only Safe Place to Get Windows Freeware":

Ninite is a free tool that automatically downloads, installs, and updates various Windows programs for you, skipping past the evil toolbar offers. For Windows users, Ninite is arguably the only really safe place to get freeware.

[Not sure if I should have added another answer for Ninite, but when I tried superuser.com urged me to edit this one -- I'll bet they'd get in trouble trying to sell freeware, though they have a paid auto-updater and network manager so that's how they stay in business, hopefully not by bothering us ;-) I have no connection to ninite.com - I've only used it once to help a friend, and it seems to answer the question very well for Windows]

Solution 2

In addition to what has been suggested, you'll find that by preferring open source software to closed source will generally take care of this problem for you. Instead of CNET, look on Sourceforge and GitHub and you'll find much better software.

Update

Many have also mentioned Chocolatey. It is definitely a big piece of the full puzzle. In general, command line installation is best for most applications because it allows you to write simple scripts to go from fresh install to a fully updated machine, unattended. Your script might look something like:

REM Add driver installation here or make that a separate script.

@powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

cd %ALLUSERSPROFILE%\chocolatey\bin
choco install googlechrome apache2 mysql php myadmin

REM You can even use it to install applications which can install from GitHub or Sourceforge:
choco install git
choco install svn

REM NOW YOU CAN
REM git clone https://github.com/WordPress/WordPress
REM **OR**
REM svn co http://core.svn.wordpress.org/trunk/ .

Note: This is just a rough outline of something you might use. Many tweaks are probably needed.

Solution 3

I would recommend using Chocolatey. I've not seen any bloatware in the installers used there as they are sometimes repackaged by package maintainers.

Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). It was designed to be a decentralized framework for quickly installing applications and tools that you need. It is built on the NuGet infrastructure currently using PowerShell as its focus for delivering packages from the distros to your door, err computer.

Solution 4

For sourceforge in particular, append ?nowrap to the URL - this will allow you to download the file without the sourceforge "wrapper" that adds crapware to the installer - for example use

http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.9.0.2/FileZilla_3.9.0.2_win32-setup.exe/download?nowrap

as opposed to the default

http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.9.0.2/FileZilla_3.9.0.2_win32-setup.exe/download

Solution 5

I totally empathize with you. I have my own approach and I'll happily share it. Some might think it's overkill but I have found it serves me very well.

These days I keep my PC ultra-clean. Windows 7, Firefox, Office, Visual Studio, and a handful of freeware I have come to trust over time. I don't do PC gaming so that's about it.

For anything and everything else, I use Virtual Machines. If this is new to you check these out:

http://en.wikipedia.org/wiki/Virtual_machine

http://lifehacker.com/5714966/five-best-virtual-machine-applications

I have three VMs set up running Linux Mint 17, Windows XP, and Windows 7. I can have them all running at the same time (very cool). By setting them to use bridged networking they appear on my LAN as independent machines alongside the host PC. And of course they all have internet access through the host PC's network connection.

Now for the fun part. VMs are isolated from your host PC. You can trash a VM and there is zero effect on your host PC.

While a VM is running you can take a snapshot. Then you can do terrible things within the VM like install nasty evil software, fiddle with the registry, delete system files, whatever you want. At your will you can revert to snapshot and your VM is instantly back to exactly how it was.

But perhaps most importantly, you can do real meaningful work in a VM just like on a real PC.

One thing you need to be aware of is OS/application licensing. Running a VM on your PC means you effectively have two PCs (host PC + the VM PC). I had to purchase a separate copy of Windows 7 to install on the VM. Linux Mint? Well it's free and open source so you can do what you like with that ;-)

EDIT: SECURITY CONCERNS

VMs are exceptionally well isolated from the host but they do still execute on the host. Malicious software could be designed to find a way to escape the VM and do things to the host:

http://en.wikipedia.org/wiki/Virtual_machine_escape

However, so far as I know, no such malicious software has been seen in the wild yet. That's probably because the folks creating malicious software don't see VMs as a big enough target. I mean, most people don't run VMs let alone know what a VM is.

Perhaps more importantly then, if you enable bridged networking on a VM like I do, it becomes part of your real LAN. That means malicious software running in a VM could attempt attacks on other devices on your LAN or other machines on the internet.

So even with VMs it pays to be careful. Keep everything up-to-date and use anti-malware software on your host PC and in each VM. Putting aside academic possibilities, 99.99% of the time when your VM gets trashed by malware your host will be totally unaffected and revert to snapshot will get you out unscathed.

View more solutions

10,010

Ola Eldøy

I wrote a game in assembly language for the Dragon 32/64 back in 1991. Dataflex developer since 1998. Twitter LinkedIn Data Access Worldwide Forums

Updated on September 18, 2022

Comments

Ola Eldøy almost 2 years

From time to time, I find myself needing a piece of software to perform a specific task. Download.com (CNET) used to be a good site. But now, I find that they bundle a lot of "evilware", i.e. bloatware/adware (spyware?). Despite my best efforts to decline the unwanted items, I frequently end up with a "modified web browser experience" afterwards.

Any sensible approach on how to go about this problem, things being what currently they are?
- Doktoro Reichard over 9 years
  
  Most programs available for download at Cnet can also be available elsewhere. Some open-source programs might also be available easier from the developers page.
- DavidPostill over 9 years
  
  Where possible I go the software authors website and avoid sites like download.com.
- AStopher over 9 years
  
  I find that most sites have two download links; one on their own site and the other on a sponsor site where they are paid on each click/download in return of allowing them to install your software with their (ad-infested) installer. I find the sponsor sites always say 'recommended' but I always go with the on-site installer as it's much safer.
- simonzack over 9 years
  
  I agree with @DavidPostill The mass download sites are really just link farms. Most of them don't even host the download, and worse, often attach some adware "downloader". Avoid them at all costs.
- Rocket Hazmat over 9 years
  
  I would avoid download.com, but in case you do download something with bundled crapware, check out unchecky.com It runs in the background and unchecks those boxes for you. I think it only works on certain installers, but I figured I'd throw it out there.
- Ismael Miguel over 9 years
  
  The official web page is always the best choice! There is no way around this. I would love a TRUSTABLE centralized place to get all my stuff, but there is none (I'm kinda paranoid here).... Except, obviously, the official website! And even there, you must be careful all the time as the developers might decide to addware the installers. One example is uTorrent which was ad-free and now is a huge source of malware and adware (like Search Protect). Be careful when installing ANYTHING!
- Doorknob over 9 years
  
  @IsmaelMiguel "centralized place to get all my stuff, but there is none" None for Windows, anyway. (Yet another reason to switch to Linux, where none of this would even be a problem.)
- Ismael Miguel over 9 years
  
  @Doorknob冰 That is valid IF there are already compiled binaries for your architecture AND linux distribution. Otherwise, either you search for the binaries on debian's repository for the new versions of those pesky dependencies or you "simply" compile it.
- Andrew Morton over 9 years
  
  I have the paid-for Malwarebytes installed on my PC, and it has caught some installers trying to install malware. Similar programs might do the same. Also, you might be able to open the installer program with something like 7-Zip and find the installer for the program you want is separate from the malware installers.
Ola Eldøy over 9 years

Yes, a Linux VM could be handy for various tasks.
Xen2050 over 9 years

That's true, windows does generally have excellent hardware support (sometimes lacking in linux). I sometimes run windows in a VM for the odd proprietary program or game.
Zombo over 9 years

chocolatey.org is a good option as well
reinierpost over 9 years

Yes, hardware support in Linux can be lacking, but I've seen cases where (old) hardware would work automatically on Linux while failing on Windows with no known fix.
Xen2050 over 9 years

True, that's an upvote :) And lots of the big-name programs in linux like Firefox, LibreOffice/OpenOffice, Google-stuff (Chromium, Earth) & others have windows versions. That was a major reason I switched to linux in fact, same programs + no windows licensing hassles or purchasing = :)
user694733 over 9 years

Apparently there has been these issues with Sourceforge in the past. Don't know the current situation...
Xen2050 over 9 years

The best hardware for most Linux's (linuxes?) seems to be 2 or 3 years old, even older's usually better, unless you want to run bleeding-edge like Debian Sid. But if you want to run a web/ftp server or vpn on a 12 year old router, piece of cake
usm over 9 years

@user694733 Just a few days ago, I had trouble with a Sourceforge project trying to trick me into installing adware/malware at almost every step of the installer. So the situation isn't any better.
krowe over 9 years

@usm Then someone should fork it and remove that fluff. Just a small glitch in the system. This can be avoided by sticking to the more popular apps. Both of the sites mentioned provide tools for doing this easily.
usm over 9 years

@krowe The app in question was FileZilla, which is one of the more popular ones. Their own web site only provides Sourceforge links. I don't think project size has anything to do with it.
krowe over 9 years

@usm Ohh yeah I'd forgotten about that horrible app. WinSCP is much better and GNU licensed.
krowe over 9 years

@usm You could also use: choco install filezilla if you have chocolately installed.
Ramhound over 9 years

<sarcastic>If its on "How-To Geek" then it must be true</sarcastic>. All most installers require is reading each screen before clicking. For those I don't trust. I launch and install with Sandboxie first.
Xen2050 over 9 years

Could've been Lifehacker or MakeUseOf... Speaking sarcastically, if you can't trust random bloggers who can you trust?
tvdo over 9 years

Be warned that VM isolation is not 100%, and far less so if you have it connected to the network or running the guest tools. While it's still decent isolation, it is not an excuse to run "nasty evil software" if you think it really is malicious - without further hardening, a basic VM can still leak malware onto the host.
Admin over 9 years

@Bob I would argue that malicious code can break the VM wall and infect the host OS or even BIOS. However, your typical payload of a browser toolbar or McAfee trial is not malicious and should not do that.
simonzack over 9 years

If you really want to be minimal, arch is a fine choice.
misha256 over 9 years

@Bob this is an excellent point and I will edit my post to reflect this.
Testerhood over 9 years

For added security, it wouldn't be a bad idea to use an application called Sandboxie in Windows-based virtual machines for this kind of hardening. It should limit the threat even more, since it then needs to breakout of the sandbox as well.
Daniel Labonté over 9 years

I just did choco install cyg-get. Chocolatey is great.
user2813274 over 9 years

portableapps does NOT work well in my experience, everything there requires an install, whereas a truly portable program will allow you to simply run it (or perhaps extract first) - stuff like eclipse and putty, but NOT anything found on portableapps
user3459110 over 9 years

@Xen2050 Linux does NOT lack hardware support. Windows has just as much issues with different kinds of hardware as do Linux distros, if not more. FTR, most modern and old hardware would function out-of-the-box on distros like Ubuntu, while Windows users would have to install the drivers and/or updates.
Darwin over 9 years

@krowe It was a joke. My software is actually awesome. Heh...
user2813274 over 9 years

@JamesGecko that's good to know, but they should provide a regular compressed archive like .zip or .7z as an option if that's really the only thing it does - as it stands right now, it requires running an executable file (which requires admin rights if I remember correctly on windows) in order to get anything there
user2813274 over 9 years

@usm see this - I believe that the authors get money from using the source-forge distribution system as opposed to their own, thus a reluctance to provide alternatives
JamesGecko over 9 years

@user2813274 Sorry, I gave you bad info. They used to be self-extracting zip files (which could also be extracted manually with a normal zip application). It looks like they're using a different installer now. Same principle, though; it doesn't touch anything outside the extraction directory. Running an exe doesn't normally require admin rights on Windows, although IIRC administrators have the option to disallow executing unknown executables.
JamesGecko over 9 years

(But yes, I agree with you, an option for downloading a plain old zip file would be nice!)
WernerCD over 9 years

To my knowledge, as others have alluded, you can move the folder and nothing is "permanently" installed (with the exception of maybe the launcher?). The implementation details (glorified zip vs "PortableApps Installer" - whatever that means) isn't where I wanted to focus, and maybe I can tone those parts down or clarify if needed (maybe my understanding is outdated as well - I moved from PortableApps to Ninite awhile ago). The important parts to me are the available programs and lack of "bloat"/toolbars with those programs.
Cole Tobin over 9 years

Worth mentioning Windows 10 will come with some kind of package manager outside of the Windows Store.
Xen2050 over 9 years

@simonzack Arch has some EXCELLENT help web pages on wiki.archlinux.org but Ubuntu/Mint (Debian too?) are very user-friendly
Xen2050 over 9 years

@AwalGarg Ok, I believe you, it's just when I check hardware manufacturer's websites many have no support for linux, leaving it up to linux users/devs to DIY... so maybe hardware support lacks linux?
Henk Langeveld over 9 years

chocolatey is good, but the makers warn you to not blindly install anything from it before making sure what it is. Example: choco install astley
user3459110 over 9 years

@Xen2050 Haha I can agree to that. For instance, my USB Internet Dongle has no support at all for linux, and they official guy told me to use Windows. Later, I discovered that just plugging in the device is enough, Ubuntu automatically recognized it, I just had to click the connect button! :p
Mario over 9 years

Also important to mention that Sourceforge has (and still does?) bundle some open source downloads with the same crapware, that will install toolbars and whatever stuff you probably don't want.
O. R. Mapper over 9 years

@Mario: That is what is mentioned in previous comments above, referring to FileZilla. SourceForge offers the bundling as an opt-in system, and some projects decide to enable it (and thus, to remove themselves from the pool of software one would reasonably want to try and download).
ps2goat over 9 years

The good news about filezilla is that once it's installed, it'll update itself without all the extra fluff.
Admin over 9 years

The only fact that the site adds crapware is enough for me to look elsewhere, no matter if I can opt out.
Alexander over 9 years

THe most radical and useless solution. If I want to batch-convert my holiday photos into a certain format, I can download a trusted converter tool from the maker, install it on my PC, taking precautions against added Toolbars, and go for it. Or I can set up a VM, and then drop all precautions, download a converter from a malwware-infested site, and after I am done converting, scrap the VM. Now, all my batch-changed holiday photos are either scrapped along with the VM, or they contain a malware that the converter injected into the new images. Now, which solution is better?
misha256 over 9 years

@Alexander In my post I explained that, on my PC, I do install "a handful of freeware I have come to trust over time". The VMs are not useless. They allow me to use and test software I do not yet trust. For example, I love CutePDF Writer. But when I first discovered CutePDF I did not trust it. So I tested it thoroughly in a VM first. Now I'm happy to install it on any PC (of course you have to de-select/decline the stupid toolbars and registry optimizers during install).
Erik Hart over 9 years

The FZ developer deliberately participates in a SourceForge program named DevShare, to make money with the adware installs, and is long aware of all the problems with unwanted installs of intrusive adware.
Erik Hart over 9 years

Just look out if auto-updates from ?nowrap downloads are clean, IF you decide to stay with FZ, despite the developer deliberately participating in spreading malicious adware!
Erik Hart over 9 years

I saw one blog entry at Malwarebytes where they found that InstallCore (the download manager and adware installer used by Sourceforge, download.com and others) detects if running on a VM and then skips the adware installs :-). Probably not to waste bandwith on temporary installs, or to escape detection by anti-malware companies using VMs or sandboxes.
Erik Hart over 9 years

Won't help here, the developer cooperates with SourceForge to make money with adware/spyware/PUP/malware installs. BTW, download.com/CNET and SourceForge (the last depending on developers' consent) use the same download manager (InstallCore) for their crapware.
krowe over 6 years

Sometime in the last 3-4 years Filezilla has finally removed all of those garbage apps. Just installed it and not only are the apps not installed by default but they aren't even an option anymore. Still not as good as WinSCP IMHO though.