Automated analysis of freeware installers promoted by download portals

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en Geniola, Alberto Antikainen, Markku Aura, Tuomas 2018-12-10T10:26:23Z 2018-12-10T10:26:23Z 2018-08-01
dc.identifier.citation Geniola , A , Antikainen , M & Aura , T 2018 , ' Automated analysis of freeware installers promoted by download portals ' Computers and Security , vol. 77 , pp. 209-225 . DOI: 10.1016/j.cose.2018.03.010 en
dc.identifier.issn 0167-4048
dc.identifier.other PURE UUID: ac270550-676f-402b-9785-5b82e1fc68db
dc.identifier.other PURE ITEMURL:
dc.identifier.other PURE LINK:
dc.identifier.other PURE FILEURL:
dc.description.abstract We present an analysis system for studying Windows application installers. The analysis system is fully automated from installer download to execution and data collection. The system emulates the behavior of a lazy user who wants to finish the installation dialogs with the default options and with as few clicks as possible. The UI automation makes use of image recognition techniques and heuristics. During the installation, the system collects data about the system modification and network access. The analysis system is scalable and can run on bare-metal hosts as well as in a data center. We use the system to analyze 792 freeware application installers obtained from popular download portals. In particular, we measure how many of them drop potentially unwanted programs (PUP) such as browser plugins or make other unwanted system modifications. We discover that most installers that download executable files over the network are vulnerable to man-in-the-middle attacks. We also find, that while popular download portals are not used for blatant malware distribution, nearly 10% of the analyzed installers come with a third-party browser or a browser extension. en
dc.format.extent 17
dc.format.extent 209-225
dc.format.mimetype application/pdf
dc.language.iso en en
dc.relation.ispartofseries Computers and Security en
dc.relation.ispartofseries Volume 77 en
dc.rights openAccess en
dc.subject.other Computer Science(all) en
dc.subject.other Law en
dc.subject.other 113 Computer and information sciences en
dc.title Automated analysis of freeware installers promoted by download portals en
dc.type A2 Katsausartikkeli tieteellisessä aikakauslehdessä fi
dc.description.version Peer reviewed en
dc.contributor.department Department of Computer Science
dc.contributor.department University of Helsinki
dc.contributor.department Professorship Aura T.
dc.subject.keyword Man-in-the-middle Malware
dc.subject.keyword Pay-per-install
dc.subject.keyword Potentially-unwanted program
dc.subject.keyword UI-automation
dc.subject.keyword Computer Science(all)
dc.subject.keyword Law
dc.subject.keyword 113 Computer and information sciences
dc.identifier.urn URN:NBN:fi:aalto-201812106217
dc.identifier.doi 10.1016/j.cose.2018.03.010
dc.type.version publishedVersion

Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication


My Account