InstallCore

Last updated
InstallCore
Developer(s) IronSource
Initial release2009
Website www.installcore.com

InstallCore (stylized as installCore) was an installation and content distribution platform created by ironSource, including a software development kit (SDK) for Windows and Mac OS X. [1] The program allowed those using it for distribution to include monetization by advertisements or charging for installation, and made its installations invisible to the user and its anti-virus software. [2]

Contents

The platform and its programs have been rated potentially unwanted programs (PUP) or potentially unwanted applications (PUA) by anti-malware product vendors since 2014, [3] and by Windows Defender Antivirus since 2015. [4]

The platform was primarily designed for efficient web-based deployment of various types of application software. As of August 2012, InstallCore was managing 100 million installations every month, [5] offering services for paid, unpaid, and free software by using the SDK version. [6] InstallCore was a product of ironSource, which is headquartered in Tel Aviv with offices in San Francisco, California, and Beijing, China. [7]

InstallCore was discontinued as part of a company flotation in late 2020. [8]

History

The InstallCore team introduced the first version of the SDK at the beginning of 2011. [9] The SDK was a fork of the FoxTab installer and had only basic Installation features.

The first version only includes three files: system.js, application.js, and packages.js, which support over-the-web software packages delivery and basic system modifications. The second version introduced debug capabilities, support for the different Windows versions, and web forms support; it also enabled the integration of JQuery and CSS 2.1 for better UI design.

Features

InstallCore's software development kit (SDK) is based on JavaScript and HTML 5.0.

JavaScript and HTML based user interface

Version 2.1 introduced a fully customizable design interface based on HTML, CSS, and a JavaScript SDK.[ citation needed ]

<head><metahttp-equiv="Content-Type"content="text/html;charset=utf-8"/><!-- sdk - include here the minimum required scripts --><scripttype="text/javascript"src="sdk/debug.js"></script><scripttype="text/javascript"src="sdk/form.js"></script></head><body><divid="irsoForm"irsoTransition="fade"irsoWidth="620"irsoHeight="380"irsoBorderStyle="bsNone"irsoStayOnTop="true"><divid="main"><divid="topPanel"class="irsoDragHandle"><divid="closeIcon"onclick="closeWindow()"></div><divid="TOP_TITLE"class="irsoDragHandle"style="display:none"></div><divid="logo"class="irsoDragHandle">Hello World!</div></div></div></body>

Since InstallCore version 4.10, the SDK integrated 12 fully pre-designed templates and a customization tool to create a WYSIWYG design.

Compiler make script

The InstallCore compiler program HtmlUiMaker uses a make script, shown below, in order to compile a JavaScript and HTML skin into executable installation programs.

; Example Make script - Set Parameters[APP_MAKER]; App_Maker parameters used to create output EXE fileSKIN="\skin"; Set installer iconAPP_ICON="\resources\installer.ico"RAW_EXE=Setup32.exeCOMPRESS=1OUT_EXE=\release\%EXE_CODE%Setup_v%VI_FILE_VER%.exe

Criticism and malware classification

InstallCore and its software packages have been classified as potentially unwanted programs (PUP) or potentially unwanted applications (PUA), by anti-malware product vendors [3] and Windows Defender Antivirus [4] from 2014–2015 onwards, with many stating that it installs adware and other additional PUPs. [10] Malwarebytes identified the program as "a family of bundlers that installs more than one application on the user's computer". [11] It has been described as "crossing the line into full-blown malware" and a "nasty Trojan". [12]

Multilingual support

As of version 3.1, InstallCore fully supported both Unicode and RTL, but depended on Windows 2000 with SP 4 as a minimum requirement to accurately present the UI. [13]

See also

Related Research Articles

<span class="mw-page-title-main">Windows Script Host</span> Automation technology for Windows

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows operating systems that provides scripting abilities comparable to batch files, but with a wider range of supported features. This tool was first provided on Windows 95 after Build 950a on the installation discs as an optional installation configurable and installable by means of the Control Panel, and then a standard component of Windows 98 and subsequent and Windows NT 4.0 Build 1381 and by means of Service Pack 4. The WSH is also a means of automation for Internet Explorer via the installed WSH engines from IE Version 3.0 onwards; at this time VBScript became means of automation for Microsoft Outlook 97. The WSH is also an optional install provided with a VBScript and JScript engine for Windows CE 3.0 and following and some third-party engines including Rexx and other forms of Basic are also available.

Extensible Application Markup Language is a declarative XML-based language developed by Microsoft for initializing structured values and objects. It is available under Microsoft's Open Specification Promise.

Installation of a computer program, is the act of making the program ready for execution. Installation refers to the particular configuration of software or hardware with a view to making it usable with the computer. A soft or digital copy of the piece of software (program) is needed to install it. There are different processes of installing a piece of software (program). Because the process varies for each program and each computer, programs often come with an installer, a specialised program responsible for doing whatever is needed for the installation. Installation may be part of a larger software deployment process.

<span class="mw-page-title-main">FileZilla</span> Free software, cross-platform file transfer protocol application

FileZilla is a free and open-source, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Clients are available for Windows, Linux, and macOS. Both server and client support FTP and FTPS, while the client can in addition connect to SFTP servers. FileZilla's source code is hosted on SourceForge.

CNET Download is an Internet download directory website launched in 1996 as a part of CNET. Initially it resided on the domain download.com, and then download.com.com for a while, and is now download.cnet.com. The domain download.com attracted at least 113 million visitors annually by 2008 according to a Compete.com study.

Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.

Christopher Boyd, also known by his online pseudonym Paperghost, is a computer security researcher.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.

An HTML Application (HTA) is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explorer, such as VBScript or JScript. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the internet browser security model; in fact, it executes as a "fully trusted" application.

<span class="mw-page-title-main">SpySheriff</span> Spyware

SpySheriff is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

A browser toolbar is a toolbar that resides within a browser's window. All major web browsers provide support to browser toolbar development as a way to extend the browser's GUI and functionality. Browser toolbars are considered to be a particular kind of browser extensions that present a toolbar. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one. All browser toolbars must be installed in the corresponding browser before they can be used and require updates when new versions are released.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors. They flagged OpenCandy due to its undesirable side-effects. It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

ironSource Ltd. is an Israeli software company that focuses on developing technologies for app monetization and distribution, with its core products focused on the app economy.

<span class="mw-page-title-main">FreeFileSync</span> Free and open-source file synchronization program

FreeFileSync is a free and open-source program used for file synchronization. It is available on Windows, Linux and macOS. The project is backed by donations. Donors get access to a Donation Edition that contains a few additional features such as an auto-updater, parallel sync, portable version, and silent installation. FreeFileSync has received positive reviews.

SweetLabs is a software distribution company based in San Diego and Seattle. SweetLabs has raised at least $21.5 million in venture capital from Bessemer Venture Partners, Google Ventures, Intel Capital, and O’Reilly AlphaTech Ventures.

Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.

A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software. The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks. Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.

References

  1. "ironSource's installCore launches Mac OS installer to offer comprehensive, cross-platform solution for developers". Software Developer Times. 25 November 2014. Retrieved 25 November 2014.
  2. "Automated Malware Analysis Report".
  3. 1 2 "Detailed Analysis - Install Core - Adware and PUAs - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent Threats | sophos.com - Threat Center". www.sophos.com. Retrieved 2023-07-03.
  4. 1 2 PUA:Win32/InstallCore - Windows, Mar 11 2015
  5. "InstallCore Hits New High With 100 Million Monthly Installs". www.prnewswire.com (Press release).
  6. "installCore Introduces Super Targeting for Freemium-Model Desktop Applications". PRWeb. Retrieved 9 January 2014.
  7. Xiang, Tracey (Jun 6, 2014). "Israeli Application Distribution Service ironSource Set up Office in China to Help the Chinese Go Global". technode.
  8. Gilead, Assaf (29 June 2021). "Giving up its cash cow paved ironSource's way to NYSE". Globes. Retrieved 15 July 2022.
  9. "The InstallCore SDK | InstallCore – Professional installation creation platform". August 20, 2011. Archived from the original on 2011-08-20.
  10. Macgregor, Jody (14 July 2022). "Unity is merging with a company who made a malware installer". PC Gamer. Retrieved 15 July 2022.
  11. "Adware.InstallCore". Malwarebytes Labs. Retrieved 15 July 2022.
  12. Paul Wagenseil (May 20, 2015). "Mac Adware Trojan Can Install Anything on OS X". Tom's Guide.
  13. "List of languages supported in Windows 2000".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.