When I recently upgraded a couple of computers to the latest version of Adobe Reader I discovered something very disturbing. The download installs software from McAfee (of all people) that amounts to Scareware (a type of Malware that tries to scare you into downloading software). This software (McAfee Security Scan Plus) is useful in that it performs a security scan on your system, but how it does so and presents itself to users is quite objectionable.
After installation McAfee Security Scan Plus runs and presents a screen that is basically intended to scare you into switching your anti-malware solution to McAfee. For example, I rely on IE9’s SmartScreen rather than a 3rd party solution to protect myself from malware-infested and phishing websites. As a result, McAfee Security Scan Plus reports my system as not having URL-filtering software installed and presents the same insistent warnings and button to upgrade as one finds in Rogue AV Scareware. If you press the button it will uninstall your current anti-malware software and install McAfee (of course). And it will re-run automatically and do this every week by default. You can change settings to have this Scareware run every day or every month, but there is no option to disable it! To make matters worse, I just had a random pop-up trying to get me to purchase McAfee software. So this ugly beast is not only Scareware it is Adware as well!
The Adobe Reader download page does have an opt-out of the McAfee Security Scan Plus Scareware download, but it is very hard to notice (it is in the upper right corner). The requirement that you must opt-out (rather than opt-in) of this download just adds to Adobe’s reputation as a distributor of unwanted software. They do the same thing with the Google Toolbar, although at least in that case the opt-out is positioned so you can more easily find it. But every time you patch an Adobe product you have to make sure to uncheck the box (now boxes) for any unwanted products they’ve attached to their distribution. This is not only a pain (because if you miss them you have to go uninstall the unwanted software), it is also slowing the deployment of security patches. Because Adobe’s “patches” are actually re-installs with significant user interaction I see users ignoring/deferring them for long periods of time.
Shame on Adobe for their horrible practices of distributing unwanted software. It makes me align with Steve Jobs in wanting Flash obliterated from the web so I can eliminate one Adobe download. I’m also happy to see the growth in alternative PDF rendering engines so that hopefully soon we can also eliminate Adobe Reader from the list of near mandatory downloads as well.
And Double Shame on McAfee for designing McAfee Security Scan Plus to behave and look like Malware. Having a (formerly?) legitimate security vendor adopt the techniques of the Rogue AV vendors is a sad milestone in the software industry. And frankly, anyone looking to buy security software should now seriously question the appropriateness of having McAfee as their vendor.
Hal's (Im)Perfect Vision 
I’m so po’d at Adobe. just did the install and got this Mcafee cr@P! I spent a good deal of time choosing security software only to have this cr@p installed over the top of my security software.
NEVER will I trust an Adobe updater again. I clearly need security software that warns me any time an Adobe install is pending.
I will never do business with Adobe unless I absolutely have to anymore. They now fall into the “Junk Software” filter in my brain and they are to be avoided at all costs.
As of May 2013 Adobe reader 11, I lost 45 minutes until I found this option to update without McAfee crapware. I totally agree that with this post that Adobe is not to be trusted, and has also gone on my list of vendors I will avoid whenever possible.
Pingback: Crapware, and how we got here | Hal's (Im)Perfect Vision
Just found your article haveing had the same thing happen to me today. Abode Reader is still bundling McAfee Security Scanner AND Google Chrome with it’s updates. I too spent unneccasry time removing this nefariously installed software from the computer BUT I MADE sure I also turned off the services (services.msc) for Adobe updater and for all Google updaters too.
This really is a shameful practice by Adobe and to continue with this underhanded method for so long just go to show that they really couln’t give a monkeys cuss about customer relations.
I thought McAfee was a respectable brand. Now I see they can’t be trusted. Surprising.
April 2014 and the b*******s at Adobe are still bundling McAfee scareware. I was NOT asked if I wanted it. I use Kaspersky and I am perfectly happy with it. Why so Adobe think they have the right to decide which protection I buy?
Because McAfee pays them to.