Secret Foistware Blocker in Windows 10

by

Defender, the security software built into Windows 10, has a hidden setting that will block installation of programs that try to install themselves during another program’s installation. This feature is the answer to one of my most fervent tech prayers! I also have a solution for people still using Windows 7 or 8. Here’s what you need to know…

How to Block Unwanted Software

When I download and install a “free” program, I need the concentration of a brain surgeon. That’s because many free programs try all sorts of tricks to install other programs that come along with the free program’s installation file. I’m sure you know what I am talking about, but here is a clear-cut example:

The installer app of ImgBurn, a free optical disk burning program contains “InstallCore,” a program that tries to install additional software on your PC as you click through the ImgBurn installation screens. The PUA (Potentially Unwanted Apps) may or may not be things that you want or need. InstallCore inserts into ImgBurn’s installation screens tiny check-boxes already checked, which purportedly represents your conscious decision to allow the PUAs to be installed.

This dirty trick works on many people who don’t pay close attention to all of the tiny print, icons, check-boxes, “Install” buttons, and other distractions that appear during the installation of ImgBurn, and many other freebies. The more unwanted “foistware” that gets installed, the more money the authors of the software make. It’s an evil, underhanded tactic that should be stopped.

I’ve been warning folks about foistware for at least 5 years, but the problem is not going away. So it’s up to you to be aware, diligent, and equipped with the proper tools to prevent the installation of unwanted (and potentially malicious) software on your computer.

If you have Windows 10, you can configure Windows 10 Defender to block most apps that try to install themselves during another app’s installation. With this option enabled, you will (for example) get ImgBurn and nothing else. You can start ImgBurn’s installer and not have to watch it like a hawk, reading every character and inspecting every box or button that appears.

The trick is a registry modification. If the thought of tinkering with your system’s registry dismays you, I have you covered with a .REG file that automatically does the necessary without error.

If you know how to use the REGEDIT registry editing utility, open it and navigate to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Under Windows Defender create a new DWORD named PUAProtection (if it does not yet exist). Set the value of PUAProtection to 1 to enable blocking of Potentially Unwanted Apps (PUA). (A value of 0 will disable blocking.)

Reboot the computer to let the changes take effect. If you don’t want to mess with REGEDIT, just right-click to download this .reg file, and then click “Save link as…” Enable_Windows_Defender_PUA_protection.reg.

After downloading the .reg file, double-click it to apply the registry changes. Then restart the computer to let the changes take effect.

Pass the Caveat, Please

Microsoft’s tech support note on this obscure feature of Defender explains that blocked apps are placed in the quarantine section so they won’t run. BUT… there are some exceptions.

The tech support note goes on to say: “PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions: The file is being scanned from the browser; The file is in a folder with “downloads” in the path; The file is in a folder with “temp” in the path; The file is on the user’s Desktop; The file does not meet one of these conditions and is not under %programfiles%, %appdata%, or %windows%. ”

So if a PUA is a new one that Defender does not yet know about, or if it is not in any of the locations specified above, it will slip past this PUAProtection. But PUAProtection should catch most of the pesky toolbars, weather apps, and other junkware that useful free apps try to foist onto users.

Also important to note is that Defender defers to any third-party anti-malware program you may be running, so this junkware protection is inoperative unless Defender is your only security suite.

Another Option to Block Foistware

SO… if you’re not running Windows 10, or you don’t feel like fiddling with your Windows registry, or you are running Windows 10 with a third-party security tool such as AVG, Avast, Avira, Bitdefender, etc., then you will need another tool to block unwanted software. A nifty free service called Ninite, which makes it easy to safely install new software, and keep it all up to date.

Ninite lets you choose from a menu of about 100 popular free software titles (including ImgBurn), bundles them up into a single download, and installs them with a single click. Ninite will automatically say no to toolbars and extra junk, and will not bother you with any questions during the installations. It also skips any reboot requests from installers. For security, Ninite downloads each app from the publisher’s official site, and verifies the digital signatures.

Have a Great Week from all of us at ZI!