What Else Have You Just Downloaded? [1]

These days, more and more programs are being bundled with extra components such as the Ask toolbar or Open Candy which Gizmo has written about here [3].

There are varying opinions about the nature of these add-ons, but without joining the argument about how developers choose to fund their existence, how can users ensure that what they download is what they get, and nothing more?

Here’s are a few simple steps.

1. First decide if you really need the software at all. Quite naturally these things are promoted to offer “benefits” of one kind or another, but sometimes a quick look around the forums will reveal issues you might not want to risk.
2. Enter the name of the program into your preferred search engine and add “bundled software” at the end. The results should show if and what might have been added as others will have already encountered them and posted about it online. You can then decide if you still want the program, and if so be forewarned about what else might show up during the install process.
3. Only download from a reputable source. As suggested by member ichabod, "reputable" is not always the same as "recognized". Cnet (Download.com) for example is a recognized source, yet it is hardly reputable [4]. If the vendor is new or unknown, or you have any other doubts about their web site (we recommend WOT [5] as a safety check), go to Softpedia [6] or one of the other recognized download sites instead. Softpedia in particular always adds a warning note if they are aware of extra components being bundled with a program. We provide a list of recommended download sites here [7]. 
4. Use an ad-blocker for your browser e.g: Chrome [8]-Firefox [9]. This will hide most of those flashy "Download!" buttons from the page you are navigating, many of which are nothing to do with the program you want and designed instead to lead you down a completely different and often unwanted path.
5. Make sure the program number you are downloading is the one you want (usually the most recent). Sometimes the independent download sites take a while to catch up with the vendors development cycle and may not have the latest version. You can even take this a stage further by performing an MD5 “checksum” [10].
   
   If the latest program contains unwanted “extras”, a previous version which doesn’t might still be available. Often an older version will still perform well enough. If this is what you want, one place to look is here [11].
6. Read the program EULA. Boring yes, but without reading it you cannot blame anyone else for what “extras” might arrive in your computer. Understand too that the vendor’s online agreement might be different to that included with the program.
7. Scan the host website and the file in question before downloading it. To analyze a website for threats you can use VirusTotal [12], URLVoid [13] and Zulu [14]. For the file you would like to download, you can use the Dr.Web Anti-Virus Link Checker browser extension [Chrome [15]] [Firefox [16]].
8. Scan the downloaded file before you execute it. Even if your resident anti virus [17] already does this, you can still use HitmanPro [18] or Malwarebytes [19] for a second opinion. This might not help to reveal adware but it’s a necessary check for true nasties.
9. Take your time during the install process. Often the options necessary to avoid something are purposely made confusing because the third party vendors don’t want you to :)
10. Make sure you have a security program installed which will prompt when sneaky add-ons try to install or connect to the internet. Most third party firewalls [20] will do this providing they include a HIPS [21] component. WinPatrol [22] is a useful standalone of this type. This is an example [23] of a huge mess having WinPatrol installed could have prevented. These aids are not a panacea though and can’t be guaranteed to spot everything you might not want.
11. Often, things become clearer second time around. Unfortunately, by then you might already have the Beanfest Toolbar and Magic Wallpaper Changer installed and ticking away nicely in your tray. :D Some programs offer the ability to install something “virtually” which means you can check it out first and then decide if you want it before letting it loose in your real system. How this is achieved varies between programs, and some are more complicated than others to manage and understand. My personal favorite is Toolwiz Time Freeze [24] (free). I only activate the Virtual Mode when I’m installing a program. (Please note this is not suitable for programs that require you to reboot during the install process). You will also have to repeat the install outside of Virtual Mode if you wish to keep the program permanently, but as already mentioned, this is not always a bad thing. 
    
    Another program to consider might be Sandboxie [25] . See also our main review of Browser Protection Software [26].