Journal article Open Access

Costly Freeware: A Systematic Analysis of Abuse in Download Portals

Richard Rivera; Platon Kotzias; Avinash Sudhodanan; Juan Caballero

Dublin Core Export

<?xml version='1.0' encoding='utf-8'?>
<oai_dc:dc xmlns:dc="" xmlns:oai_dc="" xmlns:xsi="" xsi:schemaLocation="">
  <dc:creator>Richard Rivera</dc:creator>
  <dc:creator>Platon Kotzias</dc:creator>
  <dc:creator>Avinash Sudhodanan</dc:creator>
  <dc:creator>Juan Caballero</dc:creator>
  <dc:description>Freeware is proprietary software that can be used free of charge. A popular vector for distributing freeware are download
portals, i.e., websites that index, categorize, and host programs. Download portals can be abused to distribute potentially unwanted
programs (PUP) and malware. The abuse can be due to PUP and malware authors uploading their ware, by benign freeware
authors joining as affiliate publishers of PPI services and other affiliate programs, or by malicious download portal owners. In this
work, we perform a systematic study of abuse in download portals. We build a platform to crawl download portals and apply it to
download 191K Windows freeware installers from 20 download portals. We analyze the collected installers and execute them in a
sandbox to monitor their installation. We measure an overall ratio of PUP and malware between 8% (conservative estimate) and
26% (lax estimate). In 18 of the 20 download portals examined the amount of PUP and malware is below 9%. But, we also find
two download portals exclusively used to distribute PPI downloaders. Finally, we detail different abusive behaviors that authors of
undesirable programs use to distribute their programs through download portals.</dc:description>
  <dc:title>Costly Freeware: A Systematic Analysis of Abuse in Download Portals</dc:title>
Views 164
Downloads 136
Data volume 102.3 MB
Unique views 160
Unique downloads 135


Cite as