User:BBirke/sandbox

=my sandbox...= <!--

Criticism
Malware researchers and Harvard Business School professor Ben Edelman independently documented deceptive installation practices and malicious program techniques in installers using InstallCore. They show download processes of Google Chrome, Adobe Flash and a nonexisting Snapchat app for Windows - the last was also offered through a download portal using Installcore.

Videos taken show the installation processes with InstallCore: The download manager asks for administrator rights through Windows UAC long before downloading and installing the desired software or adware offers, thus enabling the adware installers to run with full administrator rights. Multiple deceptive EULA windows, pretending to be for the original download at first glance, but hiding the actual adware install in fine print, easily luring users into an erroneous "accept" click for the expected Flash Player EULA. Most have Accept/Decline buttons, but they also include the abovementioned Vosteran offer which forces an "Accept" to proceed.

Suspicious and malicious features documented in the blog article: an install process of Adobe Flash Player wrapped in an InstallCore download manager (coming with a certificate by Fried Cookie Ltd., Tel Aviv) by a third-party download provider, including a number of suspicious features.
 * The program detects when running on a virtual machine and then skips the adware offers. As one possible reason, the author names the purpose to appear clean on automated sandbox environments used by security software researchers.
 * A disguised offer for the Vosteran browser hijacker has only an "Accept" button and can't even be opted out. The software is presented under the headline "Adobe Flash Player" and it's logo, but the fine print discloses that it is another software which changes search and default home page of web browsers and prevents "unauthorized changes" to these settings.
 * Another offer has its origin obscured: the domain "updateweb.org" is registered by a "Privacy Protection Service INC". A research on his mail address points to a person and another company in St. Petersburg, Russia, which is not mentioned in the offer. A postal address is declared in Cyprus, described as a "safe haven for offshore companies".
 * Advertisements for alleged "system cleaners" point to a "securedshopgate.com", which has its domain holder obscured through a registrant company "Domains By Proxy LLC". The SSL certificate shows an address, also in Cyprus.

Fried Cookie Ltd. state on their blog that InstallCore has full control over the selection of offers displayed in the downloader/installer, that InstallCore uses "Super Targeting" to display user specific offers, and that they monetize their software on a pay-per-install basis.

Similar, malicious effects have been observed for multiple download sources using InstallCore download managers and installers, including download.com and SourceForge. -->