General discussion

When is it safe to click on "install updates" pop-ups?

Question:

When is it safe to click on "install updates" pop-ups?


One question I have not seen addressed here regarding computer security
that I hope you will consider is: How safe is it to click on "install
updates" when pop-ups appear from Microsoft, Adobe, Java, and the many
other software providers who know you have their product? What
prevents hackers from using look-alike pop-ups to infect with malware?
What if I'm not sure; how can I check? Thanks.

--Submitted by: John M.

Here are some featured member answers to get you started, but
please read all the advice and suggestions that our
members have contributed to this question.

When is it Safe??? Excellent Question --Submitted by: charleswsheets
http://forums.cnet.com/7726-6132_102-5009281.html

Good Question. --Submitted by: webserf
http://forums.cnet.com/7726-6132_102-5009287.html

WHEN IS SAFE TO ACCEPT UPDATE POP-UPS NOTIFICATIONS --Submitted by: GEO2003
http://forums.cnet.com/7726-6132_102-5009401.html

Be careful --Submitted by: davefrombc
http://forums.cnet.com/7726-6132_102-5009320.html

NEVER --Submitted by: ruggb
http://forums.cnet.com/7726-6132_102-5009622.html

Thank you to all who contributed!

If you have any additional advice, tips, or recommendations for John, please click on the reply link below and submit away. Please be as detailed as possible when submitting your answer. Thanks!

Discussion is locked

Follow
Reply to: When is it safe to click on "install updates" pop-ups?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: When is it safe to click on "install updates" pop-ups?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
When is it safe to install updated pop ups?

Never is a the best answer that was submitted but when updates are for programmes that are used by my computer I do not seem to have any choice.

- Collapse -
Mozilla Firefox

How much trust can I put into a sort of shareware browser? I usually trust Firefox updates but the last one had a small box pop up saying that Firefox itself thinks that the update was malicious so I just ignored it and closed Firefox, rebooted and then opened Firefox again and that update offer did not come back. About 1 week later I got another update from Firefox but this time there was no warning update and when I tried to allow the update nothing happened and I am still using the previous version.
I have an up to date very good AV program and it could not find anything so I wonder if the attempt with the pop up warning actually did some harm to the version of Firefox I am using. I think I should follow some advice I read here and go directly to Firefox and look for their latest updates or newer version. I am using XP with all the latest updates.

- Collapse -
Simple answer

Never!
Always turn off updates, auto update features, if they offer a "notify of new", do that, if not you will find out when an update is needed by visiting websites, personally I just remember to check every so often and subscribe to sites like her at cnet they have Webware.com and things of this nature you can also subscribe to US-CERT.

- Collapse -
This site for advice

I posted a reply hoping to see if others had similar problems or results and agreed to get emails concerning my post to find out more about a problem.
I got a bunch of email alerts that all brought me to the main topic where my post is GONE; so what happened?
I canceled the email notifications because why bother to get involved in some thing like this if the site removes the post but still bothers to send useless email notifications.
If you can prove me wrong I will apologize.

- Collapse -
Pop ups

I use Secunia PSI. It checks your programs versus its data base and will give you a quick way to install the new updates. And it is free.

- Collapse -
How do you get rid of 'em? And more questions.

Is there any general advice for getting rid of pop-ups? I don't need them, whether they're legit or malware.

From what I've read here, it seems the main concern is pop-ups while using one's browser. But I'm suspicious of a couple of recurring ones that happen on bootup.

One is for Norton 360. It's a window -- don't even know if I'd call it a pop-up -- that occurs immediately upon bootup and says there are a bunch of tracking cookies that should be deleted. It looks legit enough, but I've been moderately suspicious of it and afraid to delete the cookies through this window. When I go to Norton 360 itself, it says my computer is "protected" in all four main areas.

There is a pop-up for a Norton 360 update, and I'm very suspicious of it. The titlebar is slightly truncated, and it appears Norton 360 is up to date when I go to the program. I've been putting up with this pop-up for about a year and have always been afraid to click on it. Not sure if this one occurs while the browser is open or not, but I'd sure like to get rid of it.

I have another mystery pop-up outside of the browser. It's relatively nonintrusive, but the only information is, "Update is ready to install. Click here for details." No logos or company name. This has been happening for quite a while, but I have never clicked it.

(I have XP Pro, updated, and usually use Firefox.)

Thanks to John for starting this excellent thread.

- Collapse -
You should be able to disable them..

in the Norton console. Check the site or Google for it. CCleaner by Piriform, is a better way to get rid of cookies anyway. It gets cookies most don't - like those nasty Flash cookies!

I always run it first, then do a scan; this saves scan time too.

- Collapse -
Use CCleaner

Thanks! I've used CCleaner for a few years. Great, free program, and it seems relatively safe considering I'm messing around with the registry. I'm quite a fan of CCleaner. Alas, CCleaner has not cleaned up the pop-ups (or update windows) I mention.

- Collapse -
Pamelad.. Considering All The Problems You're Experiencing..

Pamela..

It might help, if you're having all these problems, to start a new thread, where it won't be buried within 3 pages worth of posts. In other words, the members and/or moderators can focus on helping you, with your individual problems.

Something you might want to consider. It might be in your best interest.

Just a thought..
Carol

- Collapse -
Norton is your cause..

From what you relate in you're question Norton is the cause of the popups. When I used NIS2010, I simply went to silent mode if I didn't want alerts. Your console should have controls for that.

Google will find the way to do this faster than going to the Symantec web site. Nobody's web site searches better.

- Collapse -
Google is your friend..

Did a search for "Update is ready to install. Click here for details", and guess what? It is AOL causing the problem. If you can get off AOL, do it as soon as possible, if not you got problems.

I totally destroy all AOL installations on my clients PCs using REVO uninstaller, but I don't recommend using it unless you know what you are doing. You could use CCleaner's uninstaller, then reboot, then do a registry clean recursively and save all backups; then reboot again, and hope this fixes the @hole problem!

The Google search did put some good ideas out there for you though:

http://answers.yahoo.com/question/index?qid=20080310232537AAsZ5l2

I repeat - Google is your friend!

- Collapse -
I don't have AOL

I saw AOL implicated when I searched before posting here Wink But I don't have a scrap of AOL on my computer.

- Collapse -
Okay - but...

I've had clients tell me that and I find remnants of it in the system folders and registry. In each occasion, I saw some kind of weird behavior as AOL tried to recreate itself from the restore files in just the manner you describe. I had forgotten about this, because I've not run into it for a while.

It could be a fake pop-up that is trying to emulate AOL, but I suspect AOL system remnants are guilty. AOL comes as crap-ware on many PCs and people uninstall it only to have it haunt them at a later date.

I personally would try downloading MBAM, SuperAntiSpyware, or AdAware Free, and see what the scans by those show - in that order. They are very good at detecting crap-ware remnants as well as malware. Seriously - AOL is considered malware by IT technicians, it is so nasty and misbehaving. I won't let any of my clients join AOL because of this. Besides the competitors are cheaper anyway; if they are available in their market. REVO uninstaller can find such pesky things, the free version may find it where CCleaner can't. There again, carefully read the instructions for using REVO, or get a geek buddy to help you, it can bite the hand that feeds it!

AdAware is the only freebee malware utility that has anykind of real-time protection on it - this is called AdWatch. All of these solutions are safest if you download them from CNET/download.com - either one - they are both the same place anyway. Spybot Search and Destroy was an old time freebee that used to be good, but I can't recommend it anymore.

WinPatrol is another process guard that watches what is running on your PC, it is a free utility available here, and is an old time favorite. If you watch what is running on it, you may find the offending file or execution process that is irritating you. I haven't used it since the DOS days, but present day IT technicians give it a big thumbs up. I use Microsoft Sys-Internals Process Explorer, but newbies may have a hard time interpreting what is going on with all the processes shown on its consol. It is really for PC technicians, but not impossible for folks to learn about and properly use.

I didn't intent to bomb you with so much information, but I like helping folks with their PC problems, especially if it thwarts any of the bad guys.

Good luck! Happy

- Collapse -
When is it safe......

Lee: Maybe you can ask CNET security experts but I do NOT see this question answered correctly. The question does not concern a phony browser patch stated you need to update but it is possible to spoof your task bar pop-ups on your known install software stating you need to update...and the main areas are (1) Windows Update (2) Adobe update (flash/reader) (3) Javea update and (4) Your security suite. I have not seen task bar pop-up updates from my known installed applications spoofed. I bet that communications between OS and application is impossible to spoof. BUT Yes never auto update, not just for seecurity but simply for convience.

- Collapse -
Maybe you haven't seen it - but I have..

Run a honey pot lab for a while, and you will see things you can't believe!

- Collapse -
Actually ..

..auto-updating may be the safest way to go. The software that you setup to auto-update, is almost ALWAYS software you've chosen to have on your computer, and therefore any auto updates WOULD be from that software alone.
IF you auto update, then ANY software that "Asks", would be suspect.

Really the answer is not simple, and requires one to be in tune with his/her computer and software..

- Collapse -
NEVER !

I got scammed and it locked up my computer...cost me a bunch of $$ to get it cleared.

Never again. "Fool me once, shame on you...fool me twice, shame on me"

- Collapse -
LIke I said...

It is entirely possible that "paying" for some people, hence the "ransom", gets them back on the road faster than calling a professional to clean out the computer.

I had one person (a lawyer, who didn't want to lower all her client info) tell me just that, "I don't have time to leave my computer with "geek-squad", all but to have them "WIPE-OUT", my computer (for $200) and hand it back to me with nothing, (a clean OS) on it. Paying the $49, gets me back to work, and I accept it", as part of the consequences of being online.

This could be true for those who just don't know options, or are completely reliant on the computer, but haven't taken time to learn maintenance and/or protection options.

- Collapse -
Safe or not Safe

Hi, John:

This is a very good question and I may add, not an easy one to answer. The popup a person may run across while surfing, or not, while connected to the internet, or not, is extremely hard to determine. Why? A couple of reasons...

1. The vast amount of popup (They are everywhere)

2. Numerous pop up variants ( Many different types)

In my opinion, these 2 things in combination are the best defense...

1. Knowledge (Read up, research, know what you are facing)

2. Security (Keep security software functional and up to date)

(KNOWLEDGE)

First of all, pop-ups can be very difficult to distinguish, good, bad, how is a person to know?
I mentioned about pop-ups when online or not, the reason, yes, you can still get pop-ups, perhaps from a software you installed that may be malicious, or not, or something someone else installed on your PC.

Some pop-up variants do not need internet access when installed on the computer itself and these pop-ups can be most annoying and\or destructive, depending on the software and intent of.

As with Avira Anti-Vir, which I use, it has a pop-up window when it updates advertising it's full version software for purchase, you click ok, it's gone. This may be the price we pay for a free software at times but I know it's legit, I know the intent.

If you begin getting numerous aggressive pop-ups on the desktop or items that attempt to open your browser, this would be a sign that the intent isn't all to friendly.

Of course they are most commonly seen while browsing the internet, where all the action and access truly lies. It's hard to find a site that does not have a pop-up these days.

Most pop-ups are JavaScript based.

A very basic description of a Script is a program or sequence of instructions.

JavaScript is not to be confused with Java and is not part of the Java platform. JavaScript was actually developed by Netscape in 1995 and was intended for interaction on websites and are typically embedded in web pages. The problem comes in when these Javascripts are malicious and can cause many problems from hijacking your browser, infecting your computer through your browser or attacking routers and networks.

There is also AJAX, "Asynchronous JavaScript and XML" which is not new by the way and in a short description, can give surfers a speedy, almost instant interaction on a web page like Google Maps.

The bad news is the fact that AJAX can be used to create an attack in not only more ways but at a faster, more intrusive,constant rate. It does have it's good points and like anything, can be used for good or bad.

Pop-ups can be whatever their creators intend them to be. They can be a legit survey box, sign in box, a butterfly that follows your mouse around, or they can be malicious, attempting to get users to interact with them with false survey windows, false Windows update scams, even simply having the mouse hover over a script is enough to get that script to activate which can bring up numerous other pop-ups, redirect you to other malicious sites or inject code. Most notable I'm sure are adult web sites where people become overwhelmed by pop-ups, hijackings, and malware attempts.

So how are we to know for sure what is a malicious pop-up or what is the real deal? A few hints and tips I can give you are these...

The no.1 mistake people make and means of getting infected, not to mention the most disturbing aspect, is to click simply because a pop-up tells them they should, be it to update or to scan their infected computer or because they won a million dollars.

If you know your securities on your system or browser, there is no need to click on anything that tells you otherwise. In other words, a pop-up of this type from outside sources is likely bogus and should be ignored.

Be extra cautious. If you are on a site that requires you to sign in but suddenly a different log in box pops up, perhaps over the other one, asking for the same information but doesn't seem the standard log in, stop, don't type in your name and password. Instead, close out of the site. When you go back to it, if you get the same thing and still have doubts, contact the site administrator or whoever is in charge of running the site if possible, ask them if there have been any changes made that require a different log in. I have in fact done this and found that the site itself was compromised.

Common sense. Don't go to malicious sites, if you are getting pop-ups and infections from these sites, leave them and stay away. If you know a site could more than potentially be a hazard, do not visit it.

Be careful of what you download. While most will warn against bogus freeware which is understandable, there are also supposed paid for software that can be just as malicious. Many times these are the ones that will show a pop-up, telling you how infected you are and to scan and purchase their software. Some of these can in fact be purchased, downloaded, and installed like normal software but do nothing to help you and may instead steal your information and infect your PC and cause a bombardment of pop-ups.

Microsoft will not pop up on a web site telling you that you need to update, nor will it have a red icon telling you to update and to install Anti virus 2010. Firefox updates are installed fairly quietly and usually install on start up so if you get an update box for your browser while browsing, likely it's fake.

This brings me to my next point, know what is on your computer, run the Windows update take notice what the icon looks like, Java or Adobe updates too. Keep in mind the standard update icons, set your computer to update at specific times so you get an understanding of when it may update.

On the other side of the coin, they can be duplicated to fool a user into allowing a fake update to run but you will get used to knowing what is real or not and there are typically noticeable differences.


Look at your add\remove programs, or currently Programs and Features to view what is installed on your system. Some software even have a separate update installation below it. This is a good indication the update is probably legit.
Read up on Cnet or other site articles that explain what a user can do to protect themselves. subscribing to RSS security feeds are a good way to read current news and tips.

Arm yourself with knowledge!

WHAT TO DO?

Closing a pop-up window is just as dangerous as clicking it! If you find yourself stuck you can take a couple of steps...

Hitting the Ctrl, Alt, Del buttons simultaneously will bring up Task Manager, where you can view the applications running under Applications tab, click on the site link and end process or alternatively, shut the whole browser down.

Hitting Ctrl, Shift, Esc, keys simultaneously will bring up the task manager directly as well. From there you take the same steps.

Personally, if I feel there is a threat, I shut my whole browser down instead of just the links that may be causing the issue. The reason is, and once again just my own personal security reasons,I feel if there's a chance the browser could be compromised, I'd rather shut it right off.

As far as updates and pop-ups on the PC itself..

You can get software like HijackThis to scan for browser hijacks, tools like Windows Task Manager or 3rd party tools to view running processes if you are in doubt on an update or something running or bringing up a pop-up window on your PC. Along with this, there are sites like Uniblue process library which explain processes. See link...

http://www.liutilities.com/products/wintaskspro/processlibrary/



SECURITY
Of course the other aspect of this is the software defense. Knowledge is great but you still need something to help protect you.

First of all, the much needed basics:

1. At very least, Windows Firewall, preferably 3rd party firewall to help prevent malicious attacks from reaching your computer through your connection or sending our personal information if on your computer.


2. Anti virus. There are a lot of opinions on what to use and many would never agree so my suggestion is to have any legit type of AV installed and all are better than nothing. There are a lot of great free versions of AV software out there and absolutely no reason to be without.


3. Anti-spyware, like Ad aware, SpywareTerminator, Spybot... to name a few which can aid in keeping malicious attacks at bay.


4. Then we come to something that has a more direct relationship to your question, pop-up blockers. Internet Explorer can be set to block pop-ups as well as Firefox and there is Ad-Block plus, a Firefox ad-on that has a more in depth user interface for blocking pop ups.

Here is a list of some blockers on Cnet...
http://download.cnet.com/windows/popup-blocker-software/

and...

Firefox ad-on
http://adblockplus.org/en/

5.Keep up with all the latest updates and patches! Very important! This helps to keep a solid wall between you and an attacker.

6.You can disable JavaScript in your browser. The downside to this of course is that you may not be able to access most of a web site's content, functionality can be near 0 and isn't the best course of action to take in my opinion.

It would be a good idea to do updates and security scans before getting into what's on your computer and what to trust. You don't want to trust an infected PC's processes or programs.

No security software is 100% and pop-ups will still get through, you can still get infected or hacked, however, with securities in place, your chances of this happening just became low enough to enjoy your computer again.

Aside from needing security, brushing up on security software is a big help. No need to become a security expert but take some time, read opinions, ratings, whatever you can about security software in your spare time.


There is an ongoing argument that people with pop-up blockers set tightly are robbing sites, decent sites, of income. This in some ways true.
On the other hand, even known good sites can be infected and many users do not know what is malicious or not and their only recourse is to block everything possible. In time, a user will learn what to allow or not and this is an unfortunate gray area.


The truth is, no one can be 100% protected all the time from malicious attacks regardless of what we do but I hope this at least gave you some insight as to what to look for John.


Good Luck,

Paul K. Gladstone, Mi

CNET Forums

Forum Info