It can happen to the best of us. You're on your PC and there's a pop up telling you to update your Windows Drivers for free. You click on it. Next thing you know when you go to do a search, there's some strange toolbar that takes you to Ask.com, or some other ad infested search engine instead of the search engine, like Google, you thought you were visiting. These annoying, distracting, toolbars can take hours to get rid of. And they are so cleverly insinuated onto your computer that it may take professional help to get rid of them. And if you thought your anti-virus software would protect you from these insidious attacks, you'd be wrong.
We spoke to representatives of anti-virus companies including Symantec, MacAfee, and Trend Micro and they all said pretty much the same thing. Kevin Haley, Director, Security and Response for Symantec told us that while these toolbars are generally installed by the user (almost always accidentally), and while they are considered adware and annoying, they are not considered harmful or malicious. Therefore, they don't qualify for anti-virus protection.
Here's how another anti-virus maker, Trend Micro responded:
According to the Trend Micro Titanium product team: our product - Trend Micro Titanium Security 2014 does not fully protect you from installing ad-filled toolbars. For example, the Ask toolbar and the Yahoo toolbar install without any Titanium interference. But Titanium will flag just about any malicious or questionable actions or links to toolbar downloads. We have browser exploit protection, which works to protect the user from secret SQL injections and the like. If there is something actually malicious and not just time-wasting or contributing to ad fatigue, Titanium should protect you.
McAfee sent us to their free Site Advisor site for ways of checking to see what sites may have nasty stuff lurking in them. But bottom line, they too don't necessarily see these toolbars as malicious. According to David Jackson, Director of Global Consumer Product Marketing at McAfee,
McAfee SiteAdvisor is there to protect the customer by warning the customer of known websites, which may distribute malware, before they click on that particular website. McAfee SiteAdvisor does not protect against websites that may deliver a poor end user experience.
When I asked McAfee if they considered two of the ad-filled demons to be malicious, Sweet Packs and Delta Search, they responded,
McAfee cannot officially comment on whether these particular sites are either adware or malware.... However, a handy tool to identify how other people rate a particular site is going to www.siteadvisor.com. Simply type in the web address of that particular website, within the 'View a Site Report' section on the right, and it will reveal additional information for that particular site.
And why not protect us? It's about money. And more money. For starters the companies who purvey these ad-ridden searches are themselves clients of the anti-virus makers, often buying hundreds or thousands of site licenses for their own employees. That's business the anti-virus guys don't want to jeopardize by blocking their own clients from spreading their ads. And then there's the collateral damage to you, the PC user. Yes, you can go online to find the removal instructions for these programs like Delta Search, SweetPacks, and Snap.do. But the process is quite complicated. And at the end of the day, many users throw up their hands, and then go to Norton where for a mere $100 they will take remote control of your computer and get rid of all the bad stuff. High price for one bad click.
There Ain't No Such Thing As A Free Lunch
The most common way to land up with one of these malicious toolbars is through unsafe surfing, or by responding to some free download that you thought was legit. So for example, say you need a particular driver for your audio system. You go online to find one. You see one for free and decide to download it. But if you stop to read the fine print, you'll see you are giving the program permission to install not only the driver you requested, but other items as well. That's when you get into trouble. Sometimes it can be from a program that looks quite legitimate like an update from Adobe or Java. But unless you go to one of those companies and specifically ask for an update, you should be very careful what you click for.
Symantec's Kevin Haley, tried to make the case that the only time one of these intrusive programs makes its way on to your computer is through user error. But that's not always the case. A couple of weeks ago my Internet went down, the results of an outage from the ISP (Internet Service Provider). Normally a quick phone call and a refresh signal to my cable modem can solve the problem. But not this time. The tech struggled for almost half an hour to get things going again. But when the Internet came back two of my machines had been invaded by Sweet Packs. Not only could I not get the search engine I wanted, but my Google Chrome browser was denied any Internet access. When asked why this didn't qualify as a malicious intrusion, Hanley said, "We'll have to look into that".
Breaking Up Is Hard to Do
The folks who promulgate this nastiness know what they're doing. And they know you'll try like the dickens to get rid of what they sent you. So they make it extremely tough to get rid of. For starters, they will use innocuous names that may make you think they're legit, things like MyPCBackup. No that's not really the program that's backing up your computer, just slowing it down. And some of them, like Snap.do, have the ability to bury itself in various places in your computer, wo even if you think you've uninstalled it, it can reappear. Another nasty thing these things do is attach themselves to your desktop icons. When you go to click the icon, not only do you initiate the program you wanted but another file, an ".exe" or executable file will be triggered at the same time and once again make your life miserable.
Tools for Recovery
Once you've been attacked there are variety of steps you can take to try to rid yourself of these. Fair warning: most will be very time consuming, and many probably won't work. The first thing you can do is look at the list of your installed programs. If there are any that you don't recognize, often with names like something or another "toolbar" in the title, you can try to uninstall it. Go to the pull down menu for your browser, like Chrome or Internet Explorer. Under tools you'll find a list of extensions. If it doesn't look like something you know you want, disable it. Next, you can look on the Internet for the particular problem toolbar and see if there are removal instructions. Often there are, but I have found them very complicated and time consuming. And if none of that works, and you're out of time and patience you can go to Norton or others and get a onetime virus removal. Norton will charge you just about $100, but if you already have a Norton anti-virus subscription it may be covered for no charge.
There's no question that this is a dirty business. And it's a dirty secret that the anti-virus programs you've paid good money for are not going to protect you.