MacUpdate, we have a problem: MacUpdate Installer and the PUA.OSX.InstallCore

MacUpdate, a very helpful resource that’s led users to discover our applications and kept them up-to-date for the last 13 years, has a plan to make the entire update process easier for users.  When you download from MacUpdate now, you may receive a MacUpdate Installer disk image, which includes a single application, MacUpdate Installer, that you double-click to install the desired update.  Here’s what you’ll see:

Audiobook Builder MacUpdate Installer

This all might be easier for some (really?), but it comes with one very concerning caveat:

Malware scanners, like ClamXav and Avast, can report MacUpdate Installer is infected with something named similarly to PUA.OSX.InstallCore.

At first glance, this could send a shiver down your spine.  After all, news outlets have been telling you for 30 years on that infection means your data is at risk, your identity could be stolen, and your bank accounts are about to be drained.  This time around, none of that is true.

PUA means Potentially Unwanted Application, and that’s the case with MacUpdate Installer.  It comes with potentially unwanted software that advertises other products you might be interested in, like much of the rest of today’s free digital experience.  It’s not enough anymore that you trade seconds of your life viewing ads on MacUpdate itself, you’re craving an extra dose of selling your self while drumming your fingers waiting for that update to install.  Right?  Yeah, didn’t think so.

And, while PUA.OSX.InstallCore means something to us, to the average person it still looks an awful lot like their Mac is about to get jacked.  So, last week, when one of our users reached out to us for some kind of explanation and immediate resolution, thank you very much, we reached out to MacUpdate, in turn.  Here’s how that went down:

 

Hi Keith,
Thank you for providing me with that. I am still not showing on the listing that the installer is present. Either way, the installer is not an “infection” it is used to help users get the app installed instead of it sitting in their downloads folder.
There is nothing harmful about the installer and it is something that we use and create ourselves.
Please let me know if you have any other questions.
Cheers,
Joel
Content Editor/Support
MacUpdate
Click this link to view frequently asked questions: http://deals.macupdate.com/faq

On Fri, 1 Apr at 10:26 AM , Keith Gugliotto <keithg@splasm.com> wrote:

Hi Joel!  Thanks for getting back to us.

We downloaded ClamXav and only used it to scan the MacUpdate Installer.app on the MacUpdate Installer disk image.  The issue only occurs with the MacUpdate Installer version of the download.  Here’s a screenshot showing the infection:

I’ve also come across reports that this has happened with other developers’ applications delivered via MacUpdate Installer.
Keith Gugliotto
Primordial Sea Captain
On Apr 1, 2016, at 8:48 AM, Joel L – MacUpdate <support@macupdate.com> wrote:
Hi Keith,
Thanks for reaching out to us. Are you referring to this listing:http://www.macupdate.com/app/mac/23162/audiobook-builder?
If so, when downloading it I as unable to replicate the issue that you mentioned in the email. Do you have any screenshots of this issue?
Please let me know if you have any other questions.
Cheers,
Joel
Content Editor/Support
MacUpdate
Click this link to view frequently asked questions: http://deals.macupdate.com/faq

 

On Tue, 29 Mar at 11:20 AM , Keith Gugliotto <keithg@splasm.com> wrote:

Topic: Developer Question

Hi there!

We updated our application, Audiobook Builder, yesterday and had a user report ClamXAV says the disk image they downloaded is infected. We tested a download from your site this morning and found the same issue – MacUpdate Installer.app is infected with PUA.OSX.InstallCore. It looks like users of other applications have recently found the same, and that it may be related to how MacUpdate now wraps developer updates with the MacUpdate Installer and presents ads. Is this something you can address?

Thanks for your help!

Keith Gugliotto
Primordial Sea Captain
Splasm Software


Member Information:
Name: Keith Gugliotto
Username: 
Email: keithg@splasm.com

System Information: 
Browser: Safari 9.1
OS: OS X 10.11
MacUpdate Desktop Version #: 

This e-mail was sent from the contact form on MacUpdate Support

 

So, the official word from MacUpdate is MacUpdate Installer is intended to be helpful.  We can’t argue with good intentions.  Simply opening a disk image and copying the included application to the Applications folder may be harder than using MacUpdate Installer and sitting through an advertisement.  With the range of experience levels out there, who knows?  What matters right now, though, is if you read between the lines, MacUpdate isn’t planning to do anything about how some folks out there may experience that dreadful shiver I mentioned earlier when they perceive PUA.OSX.InstallCore is a bona fide threat to their data, identity, and finances.  Causing users any kind distress is not cool with us.

I’m gonna throw http://www.macintouch.com/readerreports/security/topic4743-013.html into the mix.  Search for “MacUpdate” on that page and you’ll find it occurs 82 times, with some pretty clear indications this isn’t just our imagination – others aren’t really taking to MacUpdate Installer, either.  Alarm, disgust, distrust.  All reactions you want associated with your brand, right?

Joel is right about one thing, though.  We can’t get the Audiobook Builder update from MacUpdate to come down as the MacUpdate Installer disk image we saw last Tuesday.  Was it a fluke?  Seems doubtful.    But, as long as our users are getting the original disk image from us when they click the Download button at MacUpdate, we’ll continue to release our updates there.  If that changes, or if it becomes clear they’re spot testing, delivering the original disk image in some cases and the MacUpdate Installer disk image in others, we’ll likely have to break up with MacUpdate.

Here’s hoping MacUpdate updates MacUpdate Installer so that it doesn’t trip alarms in common malware scanners, or they get in touch with those malware scanner developers to see if they can prevent MacUpdate Installer from being called out as truly infected.  Either way works for us.  As long as they save users from the anxiety of imagining their digital life might go up in smoke, we’re cool.

This entry was posted in Audiobook Builder, General, Opinion. Bookmark the permalink.

Comments are closed.