When I recently upgraded a couple of computers to the latest version of Adobe Reader I discovered something very disturbing. The download installs software from McAfee (of all people) that amounts to Scareware (a type of Malware that tries to scare you into downloading software). This software (McAfee Security Scan Plus) is useful in that it performs a security scan on your system, but how it does so and presents itself to users is quite objectionable.
After installation McAfee Security Scan Plus runs and presents a screen that is basically intended to scare you into switching your anti-malware solution to McAfee. For example, I rely on IE9’s SmartScreen rather than a 3rd party solution to protect myself from malware-infested and phishing websites. As a result, McAfee Security Scan Plus reports my system as not having URL-filtering software installed and presents the same insistent warnings and button to upgrade as one finds in Rogue AV Scareware. If you press the button it will uninstall your current anti-malware software and install McAfee (of course). And it will re-run automatically and do this every week by default. You can change settings to have this Scareware run every day or every month, but there is no option to disable it! To make matters worse, I just had a random pop-up trying to get me to purchase McAfee software. So this ugly beast is not only Scareware it is Adware as well!
The Adobe Reader download page does have an opt-out of the McAfee Security Scan Plus Scareware download, but it is very hard to notice (it is in the upper right corner). The requirement that you must opt-out (rather than opt-in) of this download just adds to Adobe’s reputation as a distributor of unwanted software. They do the same thing with the Google Toolbar, although at least in that case the opt-out is positioned so you can more easily find it. But every time you patch an Adobe product you have to make sure to uncheck the box (now boxes) for any unwanted products they’ve attached to their distribution. This is not only a pain (because if you miss them you have to go uninstall the unwanted software), it is also slowing the deployment of security patches. Because Adobe’s “patches” are actually re-installs with significant user interaction I see users ignoring/deferring them for long periods of time.
Shame on Adobe for their horrible practices of distributing unwanted software. It makes me align with Steve Jobs in wanting Flash obliterated from the web so I can eliminate one Adobe download. I’m also happy to see the growth in alternative PDF rendering engines so that hopefully soon we can also eliminate Adobe Reader from the list of near mandatory downloads as well.
And Double Shame on McAfee for designing McAfee Security Scan Plus to behave and look like Malware. Having a (formerly?) legitimate security vendor adopt the techniques of the Rogue AV vendors is a sad milestone in the software industry. And frankly, anyone looking to buy security software should now seriously question the appropriateness of having McAfee as their vendor.