There’s a saying—"there’s no such thing as a free lunch." On the Web, however, it sure seems like there is. In the time span of a lunch break, a few keywords in a search engine promise free entertainment, just several clicks away. We all know the catch, though. These freebies can come with freeloading adware, malware, and other unwanted programs and plugins. This was particularly true in the Internet’s early days, but in the past decade, tech giants such as Google, Microsoft, and Yahoo—the three major players in search today—have deployed significant resources to prevent adware and malware from compromising their Web browsers, e-mail services, and websites. It can't be that bad in 2013, right?
Answering this question required a little experiment, one inspired by the documentary Super-Size Me. That film chronicles Morgan Spurlock’s month-long fast food “diet” during which he limited his exercise and knowledge about healthy eating, had to order everything on the McDonald’s menu at least once, and never said no to an upgrade offer.
The Web version of this is simpler and better for an individual's (physical) health. From a clean computer fresh off an OS install, enter some of the most popular, plausible generic free keyword searches on a popular Web browser. Next, open all of the links in the search results (ads and otherwise) and download the first thing on the landing pages, recording where it went and what it did. Like Spurlock, I would limit my knowledge about what was safe or risky and take no (Internet) precautions beyond the default settings. The same rules applied for installing the program afterward. And in the Web's version of "would you like to super-size that?" I had to say yes to whatever was offered. There would be no avoiding a Web culture of excess and extras.
More programs included with the installation? MOAR! After each keyword search and installation was complete, I’d run several (free) popular antivirus programs to detect unwanted programs and record the installed programs, browser plugins, and extensions. That way it's easy to check later for Internet notoriety.
Time to travel back to 2008
After a little research, I decided to search for free games, music, e-cards, a wallpaper, and a screensaver for my new computer. This appears to cover a spectrum of entertainment options available on the Web, but several ground rules guided me in selecting these items:
- The content had to be plausibly free (“free” had to be the leading keyword) and legal (no purposefully targeting torrents, P2P).
- To replicate the high bounce rates common for Internet browsing, I exited if I needed to create an account or provide an e-mail or login. I also exited if there was no immediate download option from the landing page, although I was happy to click through several pages or redirections if it promised a free download (though it couldn’t be an unrelated third-party ad).
- The searched-for content had to be entertainment-oriented (no malware/spyware/antivirus searches), but it could not come from adult sites (online gambling, porn, webcams). In other words, the idea was to look for fun, free stuff—not trouble directly.
To no one's surprise, the keywords I selected were popular. However, they were also really, really dangerous. Each search qualified for the "Top 50 Most Riskiest Search Terms in the US" list from McAfee's 2008 roundup, The Web’s Most Dangerous Search Terms report. This experiment even included a pair of No. 1 ill-advised searches:
Search Term Claim to Fame
"free e-cards," listed in the McAfee Top 50, US
"free game cheats," “game cheats” qualifies as a McAfee Top 50
"free games," noted as popular generic search query
"free lyrics," “lyrics," and “song lyrics” were among the McAfee Top 50
"free music downloads," the No. 1 term for Average Risk, McAfee Top 50
"free screensaver," noted as a popular generic search query
"free wallpaper," “wallpaper” is a McAfee Top 50
"free word unscrambler," the No. 1 term for Maximum Risk, McAfee Top 50
In the McAfee report, "free" had the highest category risk. When you run software from an untrusted source, it exposes information about your operating system to the installer, such as your computer model, your IP address, your programs, and what browser you have. And if you are installing software from an adware kingpin, revealing this information is not good. Your information is directly on its way to the adware server.
A computer security expert I consulted beforehand pointed out a potential foil to my experiment. Since I would be installing many adware programs in a short time period—some likely from the same source through different adware networks controlled by the same entity—there was a chance my IP address would be flagged as a particularly gullible user. Other devices using that same IP address later could be vulnerable to a targeted attack if I used a fixed IP address or a narrow range. This required a simple shift. To increase anonymity, free public Wi-Fi was used (and it's likely where you could typically expect some of the downloading behavior I was about to replicate). Combine this with a clean install containing no personal information, and the experiment was as safe as anything involving McAfee may get.
And so it begins...
So were these search risks, like human gullibility and those looking to profit from it, timeless or just trends of 2008?
Since Windows is the dominant operating system today, I used a MacBook Pro with a Windows 7 64 bit OEM virtualization via Parallels 7. This functioned basically as a PC petri dish and a sandbox for the potentially dangerous software. I could revert to the original pre-search image after each query—back to default programs with only Mozilla Firefox (one of the three most widely used Internet browsers) and two free popular malware detection programs, Microsoft Security Essentials and Lavasoft’s Ad-Aware.
For each search, I opened a new browser window in Mozilla Firefox—in private browsing mode—and navigated to Google’s search homepage. I saved the image of the clean computer state to Parallels, allowing me to run each search term in a standardized fashion before reverting to the beginning again.
Let the games (and lyrics, and other downloads) begin.
reader comments
232