![]() Another I talked to also removed it, then recently put it back in again! Thankfully, I like his software or I’d clobber him. One developer I talked to acknowledged the tracking cookie injection and kindly removed it from his application. But there they are, surveilling you when you are on the net. Of course, they’re harmless if you’re not surfing the net. One thankfully rare but ongoing issue for Mac users are applications that install tracking cookies. Hi Thomas! Thanks for another great article. I have, therefore, updated my Adware Removal Tool to find and remove Awesome Screenshot. However, when a program’s website does not make any mention of ad injection, and the injection is turned on by default, that’s enough for me to classify this as adware. If a user wants to knowingly install a program that has a setting to allow ad injection, that’s his or her business, not mine. In all, if the Awesome Screenshot website had owned up to its advertising ways right up front, I’d have had no problem with it. Most users would not agree that these are “value-added” features, and it’s clearly not the case that all these features are disabled by default in Safari, at least, where the “price comparison” feature is enabled by default: Please also note that these features are disabled by default unless you enable them. This extension also integrate some additional features such as “Discover Similar Sites” and “Price Comparison While You Shop.” These are value-added features, and definitely are not “Malware” or “Adware” as some may mistakenly believe. The only place where the developers reveal this behavior is on the Mozilla add-ons page, where the description of the extension includes the following: On the Chrome web store, the description also does not mention advertising, although it does make a vague reference to an “optional search enhancement feature,” of which the developer says, “Since many users don’t like it, we remove this feature.” ![]() The Awesome Screenshot site does not indicate anywhere that advertising is going to be used, nor does the description on Apple’s Safari Extensions site. There’s absolutely no legitimate reason for this extension to be injecting a Presto Savings JavaScript into my web page! ![]() This doesn’t seem to happen all the time, but once was enough for me. Simply loading my own site and examining the page source quickly revealed an injected JavaScript: So I started looking for evidence of modifications. Code libraries often contain code that may not be used. The presence of nasty code is a very bad thing, but it doesn’t prove that that code is actually in use. I’ve seen adware that contained inactive code before, though. This code has a number of functions that inject code into web pages… something that a simple screenshot extension should not be doing. However, I then found a set of scripts that seemed to belong to a company called Presto Savings. This was concerning, but wasn’t proof of anything, since the function of this code was so thoroughly hidden. This is a common technique used by people who create malicious JavaScripts, since it’s nearly impossible to figure out what this kind of code does without lengthy analysis by a JavaScript expert. What was seen here was more than that, using a confusing mishmash of single-letter function names and encoded parameters. It is common to “minify” JavaScripts, to make the files smaller, but minifying just involves removing all unnecessary whitespace (spaces, returns, tabs, etc) and comments. I’m hardly an expert at analyzing Safari extension source code, but it didn’t take long to find some very concerning things.įirst, I found a strange JavaScript file containing code that had been obfuscated to the point of illegibility. I started by examining the source code for the Awesome Screenshot Safari extension. However, there was no arguing with the results my reader had. This seems like something that should be okay, especially since I couldn’t duplicate the ads when testing in a controlled environment. It also seems to be quite respectable… it can be found on Apple’s Safari Extensions page, has been rated 4 out of 5 stars on the Mozilla add-ons page, and in the Chrome web store it has been given 4.5 out of 5 stars by more than 35,000 people. I visited the Awesome Screenshot website, which is extremely polished and professional-looking. Of course, this led to a whole new kind of investigation! After almost a week of working on the problem, it turned out to be caused by one particular Safari extension: Awesome Screenshot. One of my readers was recently having problems with advertisements being injected into web pages, and none of my ad removal instructions or my Adware Removal Tool helped. June 19th, 2014 at 7:55 AM EDT, modified
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |