16 June 2013

PDFCreator installs malware

I have been using a free software called PDFCreator to save files as PDF on my Windows XP machine. Being a SourceForge hosted project, I was quite confident that it was not one of those free software with crippled features which you only get when you buy the "Full" version or that it would be a clean software without any malware.

However, I noticed something odd today when I had to install it on a VM, during the installation process, it "asks" the user for installing an add-on "DefaultTab" (giving you an addon called Search Settings in your IE/Firefox/Chrome browsers).

In the screenshot below, you will notice the sneaky way that they try to make you install this malware:
  • The options to uncheck the three browsers are in a "greyed out" colour to appear disabled
  • The cancel button is also in a grayed out hue 
The only options that seem obvious are 1) to scroll down the Terms of Use and Privacy Policy text - which I'm sure more than 99% of users never read, and 2) the Next button.
Search Settings window while installing PDFCreator

Advice: when installing software, choose "Advanced" install rather than default and read the prompts at each step.

Another user found the inclusion of the malware distasteful for this open source project. His investigation contains more information, you can read it on the blog post.

PS: As it was a VM on which I installed it, it was easy to revert back to original state after creating the PDFs.