Journal article Open Access

Costly Freeware: A Systematic Analysis of Abuse in Download Portals

Richard Rivera; Platon Kotzias; Avinash Sudhodanan; Juan Caballero


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <controlfield tag="005">20200120160504.0</controlfield>
  <controlfield tag="001">1295566</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">IMDEA Software Institute</subfield>
    <subfield code="a">Platon Kotzias</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">IMDEA Software Institute</subfield>
    <subfield code="a">Avinash Sudhodanan</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">IMDEA Software Institute</subfield>
    <subfield code="a">Juan Caballero</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">751987</subfield>
    <subfield code="z">md5:e20cfd9a6fa307cf3306293aa644b5a5</subfield>
    <subfield code="u">https://zenodo.org/record/1295566/files/IET-IFS.2017.0585.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2018-06-06</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-elastest</subfield>
    <subfield code="o">oai:zenodo.org:1295566</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">IMDEA Software Institute</subfield>
    <subfield code="a">Richard Rivera</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Costly Freeware: A Systematic Analysis of Abuse in Download Portals</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-elastest</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">731535</subfield>
    <subfield code="a">ElasTest: an elastic platform for testing complex distributed large software systems</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Freeware is proprietary software that can be used free of charge. A popular vector for distributing freeware are download&lt;br&gt;
portals, i.e., websites that index, categorize, and host programs. Download portals can be abused to distribute potentially unwanted&lt;br&gt;
programs (PUP) and malware. The abuse can be due to PUP and malware authors uploading their ware, by benign freeware&lt;br&gt;
authors joining as affiliate publishers of PPI services and other affiliate programs, or by malicious download portal owners. In this&lt;br&gt;
work, we perform a systematic study of abuse in download portals. We build a platform to crawl download portals and apply it to&lt;br&gt;
download 191K Windows freeware installers from 20 download portals. We analyze the collected installers and execute them in a&lt;br&gt;
sandbox to monitor their installation. We measure an overall ratio of PUP and malware between 8% (conservative estimate) and&lt;br&gt;
26% (lax estimate). In 18 of the 20 download portals examined the amount of PUP and malware is below 9%. But, we also find&lt;br&gt;
two download portals exclusively used to distribute PPI downloaders. Finally, we detail different abusive behaviors that authors of&lt;br&gt;
undesirable programs use to distribute their programs through download portals.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.1049/iet-ifs.2017.0585</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">article</subfield>
  </datafield>
</record>
56
58
views
downloads
Views 56
Downloads 58
Data volume 43.6 MB
Unique views 54
Unique downloads 57

Share

Cite as