MALWARE: Flash player installs McAfee without permission

Report · Sep 24, 2016

My browser (Firefox) claimed that my flash player was out of date. I clicked the install button to make the browser happy(1), and it install McAfee antivirus and Intel True Key as well. I have no particular objection to True Key except that it should not be installed without the user's permission. But I have no idea what Adobe thinks it is doing, installing an antivirus program without the user's permission.

I promptly uninstalled McAfee, of course. I hate to think what would have happened if I'd needed to reboot and had _two_ antivirus programs running. My past experience is that having two or more AV programs makes the system pretty much unusable until you boot into Safe Mode and remove one of them. Uggh!

Installing software that is likely break the user's machine is MALWARE in my view. A naive user would have no idea what is going on, and not even be able to reach the web to get support from a forum like this.

I hope that in the near future Adobe will stop doing this. If not, I may have to search for an alternate player.

(1) The flash game I wanted to play has been on my hard drive for years, so it's unlikely to have any recently-discovered exploits, nor to have any malware at all.

Report · Sep 26, 2016

The offers are not installed without permission. They display in the center of the download page and the user has the option to not accept the offers:

Certain ad-blockers and disabling JavaScript will hide the offers.

Report · Sep 26, 2016

Here's what my browser window looks like after choosing "Adobe Flash Player" from the dark gray list at the right side of the list of available downloads. As you can see, there's nothing about the options there.

AFAIK I'm not running a popup blocker -- some sites do pop up windows. And I use sites that need Javascript, so that works too.

This shows the problem with turning on additional software by default -- especially software that can damage a user's machine (like two conflicting anti-virus products). If your page is too complicated, the option may not show up at all.

Report · Sep 26, 2016

Thank you for posting the screenshot. I'll forward it to the team that handles the online installer.

I'm not sure what you mean by "Here's what my browser window looks like after choosing "Adobe Flash Player" from the dark gray list at the right side of the list of available downloads." The get.adobe.com/flashplayer page (the one in your screenshot) doesn't provide the ability to select a specific Flash Player to download. It auto-detects the OS and browser and offers the corresponding Flash Player for that OS/browser combination.

Report · May 09, 2018

Today I've installed an Adobe Flash Player update, and automatically I've unchecked the useless McAfee installation and than I thought "wait, why do I have to do it every time?". It's not that I have a problem with one click twice a year, but it's just stupid. Adobe is one of the most serious and professional companies out there and yet you sneak in an app this way. I really think no one wants to get or should get their anti-virus as a accidental installation. For one reason it may conflict with an anti-virus that someone already has. It's like you'd have to uncheck a browser toolbar every time you get a Photoshop update - it's just unprofessional.

If you want people to value this, you can give McAfee licences for free as long as one has Photoshop subscription. That would be an actual gift that people would consider as something worth not just installing, but paying for.

Report · Nov 24, 2018

The most valuable and limited asset we have is our human time. ANYONE, most especially corporate "persons", who would abuse my time in such a way does not deserve any more of my time. When the marketing boys overrule the QA testing results this is the end result. Mediocrity. Flash has always been a security risk only now it is the malware itself.

The clock is ticking and I now must take additional time to uninstall this crap. Time I will never have again.

BTW: I no longer own their stock either because I see the momentum of over-complexity leading to fragility and eventual collapse. Beware the Ides of March.

Report · Oct 28, 2016

I have experienced this as well.

I'm not going to give any screen shots. What I am going to do, is say that I've been using photoshop since 5, and been a creative cloud subscriber and defender since the first version. I got an email from adobe to install a flash update, which I did, after navigating to adobe on my own to make sure there was no malware attack. I then installed a flash update, from your site. A day later, mcafee is installed on my computer, without any permission given by me.

I don't give a flying f- if you have an 'opt out' option in there, and it was somehow hidden by ad blocking. As any designer who is worth their salt knows, opt out is basically just a way of funneling 90% of users to an option while maintaining an argument that you aren't 'forcing' the option. I'm a paying customer who loves and evangelizes your product, and you just stabbed me in the back. F- you. If this ever happens again, I'm done. End this shit right now. You know it is morally indefensible, no matter what the economic reasoning by some f-wit manager. No, I'm not going to be reasonable. This is not acceptable behavior. Fix it.

Report · May 01, 2018

This is 100% correct and I couldn't have said it better myself. I guess Adobe has done absolutely nothing about removing this sneak install since it is now May 2018 and I just updated Adobe and found myself with TWO programs installed without my permission. I don't want to hear the same "You can opt-out" bullsh*t because you know it's wrong. If I order a new iPad on Amazon they don't also charge me for a book on whales and a designer t-shirt and then say "Oh you didn't opt out of it on the order form!" I lose complete respect for a company when they do this sort of backhanded trickery, and especially when their employees on their Adobe public forum respond with (basically) "I don't know what you are talking about by your browser not seeing it."

2 years later and still this bulls*it is happening. Double F- you. I help make IT decisions at my company and I will be sure not to recommend Adobe.

Adobe Community

MALWARE: Flash player installs McAfee without permission