Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PDF-XChange update includes ask.com Tracker Toolbar by default

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
libove PDF-XChange update includes ask.com Tracker Toolbar by default
Member 18th Mar, 2013 16:04
Ranking: 31
Posts: 70
User Since: 12th Feb, 2008
System Score: N/A
Location: N/A
PSI (as integrated into Secunia Small Business) just updated PDFX-Change on my PC ... and automatically included the ask.com Tracker Toolbar.
That is NOT cool.

Post "RE: PDF-XChange update includes ask.com Tracker Toolbar by default" has been selected as an answer.
E.Jeppesen RE: PDF-XChange update includes ask.com Tracker Toolbar by default
Secunia Official 19th Mar, 2013 09:57
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Last edited on 19th Mar, 2013 09:58
Hi
You have not mentioned which specific program you had this experience with but I believe you must be referring to either PDF-XChange 4.x or PDF-XChange Viewer 2.x.

We currently do not offer any SPS package for PDF-XChange 4.x. Instead we provide a download link to the vendor website. So if you have still gotten a toolbar installed it would be out of our hands and you would need to complain to the vendor of the program.

As for PDF-XChange Viewer 2.x our SPS package does not run silently. So to get the toolbar installed the user will have to actively choose the toolbar during the installation.
libove RE: PDF-XChange update includes ask.com Tracker Toolbar by default
Member 19th Mar, 2013 12:08
Score: 31
Posts: 70
User Since: 12th Feb 2008
System Score: N/A
Location: N/A
This is the Viewer, indeed.

The curious thing is that I have extensively communciated with Tracker about this; they say that the only way for the Ask.com Tracker Toolbar to be installed is either:
1. By the user's interactive request; or
2. When the toolbar was already there before and an upgrade is being performed.
I believe them.

I also believe Secunia. My guess is that some weird interaction in the way PSI launched the PDFX-Change Viewer updater (speaking only figuratively here of course) gave the updater some kind of /YES-To-ALL /NO-Prompt options which resulted in it silently installing the Ask.com Tracker toolbar.

I am quite sure that I wasn't asked about the Ask.com Tracker Toolbar when Secunia PSI (SmallBusiness-integrated) launched the PDFX-Change Viewer update package. (I'm very attuned to these things, both because I work in security, and because they annoy the $#@$ out of me... heh heh).

I also am absolutely sure that the Ask.com Tracker Toolbar was not there before. Just after the update, the next launch of IE and of Firefox popped up the "you have a new toolbar from Ask.com, do you want to enable it". So the Ask.com Tracker Toolbar definitely was installed as part of the PDFX-Change viewer updater which was kicked off from PSI (SmallBusiness-integrated).

Is there any detailled log of exactly what options PSI gave when launching the PDF-XChange Viewer updater?

I ask that Secunia test by doing the following:
Install a slightly older PDFX-Change Viewer, then have PSI scan and launch the update.

thanks,
-Jay
Was this reply relevant?
+0
-0
sixsox RE: PDF-XChange update includes ask.com Tracker Toolbar by default
Member 19th Mar, 2013 14:43
Score: 0
Posts: 1
User Since: 19th Mar 2013
System Score: N/A
Location: DE
I have to disagree with the statement "...the installer does not run silently".
On my system PSI found a SDK component from Tracker-Software which is actually part of another program called "BKI viewer" [ http://bki.de/ ] and identified it as "PDF-XChange Viewer". It offered to update the PDF-XChange Viewer which then actually prompted the first installation of this program. It also installed the Ask-Toolbar without my input or permission. The SDK component for BKI-Viewer is still shown as an outdated version of PDF-Xchange Viewer, since the SDK component apparently has not been updated.

So there appears be a problem with Tracker-Software SDK components in third party products showing up as PDF-XChange Viewer in PSI.

Please fix.
Was this reply relevant?
+0
-0
E.Jeppesen RE: PDF-XChange update includes ask.com Tracker Toolbar by default
Secunia Official 19th Mar, 2013 15:01
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Thank you both for the clarification and further details. I have to correct myself as it turns out that our SPS package for PDF-XChange Viewer 2.x was indeed able to run silently.

As stated in our FAQ we strive to disable toolbars and third-party programs that comes bundled with the installers from the vendors. We have tried to do the same for PDF-XChange Viewer 2.x but in order to do so it has not been possible to offer an SPS package in this case, so we are now providing a link to the vendor website.

Thank you again. I appreciate that you have taken the time to point out this issue.

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability