Confidential

Software Download

Last Updated: March 2019

1.User Choice and Control.

In addition to compliance with these policies, Web Search Provider also requires adherence to prevalent industry guidelines and best practices. Users must be provided with adequate choice and control both before, during and after installation. Software which does not provide adequate choice and/or control is prohibited.

 

Choice ensures that users are fully informed about how software may affect their experience on their devices, and that none of the functions of a program or settings on the device are altered without the user’s clear and informed consent. User notice must be clear, informed, unequivocal and not coerced or otherwise obtained through misleading claims, false representations or other fraudulent means. At a minimum, Partners must clearly identify the software that is being installed and its source; explain the effects on the user’s browser settings or operating system and its settings; and allow easy uninstall and disablement. In determining whether disclosures to users are acceptable, the totality of the experience on both the offer and the landing page and/or offer screen from the point of view of an average consumer is considered. Material terms cannot appear only within the End User License Agreement (“EULA”), but must be prominently displayed up front (that is, what an average user can read and understand) and must not be misleading or hidden (for example only under the “Custom Install” option).

 

Software is not permitted if it limits choice such as using the following practices (list not exhaustive):

  • Failure to provide prominent notice about the software’s behavior, its purpose and/or intent.
  • Failure to clearly indicate when the user software is active.
  • Attempting to hide or disguise its presence.
  • Installing, reinstalling, or removing software without user permission, interaction, or consent.
  • Installing other software without a clear indication of its relationship to the primary software.
  • Circumventing user consent dialogs from the browser or operating system.
  • Falsely claiming to be software from trusted entities.

 

Disclosures enable users to exercise choice. All relevant and material information must be clearly and prominently disclosed up front to end users on the landing page, offer screen or store listing (as relevant) before install. This includes, but is not limited to:

  • Origin and scope of the download, including if the download originates from a different domain.
  • All software that is included in the download. This includes each product name, source, key features and functionalities, and a link to the privacy policy and EULA (which shall include contact information).
  • Actions and effects that the software will have on the user’s device and settings, including changes to the

search providers, autocomplete, homepages, local file systems and other configurations and user’s settings.

  • Alteration of existing software on the user’s device.
  • Any variations from the official software.
  • Software uninstall information that includes instructions on reverting back settings that the software changes.

 

Software should obtain user consent before installing and must provide a clear and

straightforward way for users to install, uninstall, or disable it. Software is not permitted when it delivers a poor removal experience such as using the following practices (list not exhaustive):

  • Present confusing or misleading prompts or pop-ups while being uninstalled.
  • Fail to use standard install/uninstall features, such as Add/Remove Programs.

 

Offer screens must clearly disclose and identify to users all software included in the offer (including appropriate branding/logo usage).

  • The name of the software on the offer screen must match the name of the software as stored on the user device and uninstall dialogs. In other words, users must be able to clearly locate the software on their devices based on the original name presented in the offer screen at installation.
  • Add/remove details must be accurate (for example, install date must match the date of the program installation).
  • Offer screens must be presented to the user as either opt-in or opt-out.
  • Users must be able to decline all secondary offers, individually or in bulk (“Skip All”).
  • Accept and Decline options must be of equal prominence.
  • Repeat declines are disallowed. As users decline any or all secondary offers, the offer screen must not prompt users to decline the same offer(s) more than once.
  • Offer screens must clearly disclose to the users any changes to the settings, existing software and applications. For example, modifications to the search provider, homepage and/or new tab must be clearly disclosed to the user.

 

Control ensures that users are in full control of the overall experience on their device, including all software applications they download. Users must be in control at all times, including if and when they elect to revert back to previous settings or uninstall or disable any previously installed software.

 

Software is not permitted when it limits control such as using the following practices (list not exhaustive):

  • Prevent or limit a user from viewing or modifying browser features or settings.
  • Open browser windows without intent or authorization.
  • Redirect web traffic without giving notice to and getting consent from the user.
  • Modify or manipulate webpage content without a user’s consent.

 

2.Malicious Software.

Search Provider does not allow the promotion and distribution of malicious software.

 

Malicious software is software which performs malicious actions on the user’s device, such as compromising personal and financial information or security protocols. Malicious software includes, but is not limited to: trojan, worms, ransomware, trojanclicker, trojanspy, backdoor trojan, exploit, macro virus, virtool, dropper, rogue security software, password stealer, obfuscator, hacktool, virus, spyware (including recording actions performed on the user’s device such as keystroke logging) and scareware.

 

Search Provider utilizes a series of signals and classifications to determine whether software meets the definition of malicious software.

 

a. Types

 

Malware is the overarching name for applications and other code, i.e. software that Search Provider

classifies more granularly as malicious software or unwanted software. Malicious software is an application or code that compromises user security. Malicious software might steal a user’s personal information, lock a user’s device until they pay a ransom, use a user’s device to send spam, or download other malicious software. In general, malicious software tricks, cheats, or defrauds users, places users in vulnerable states, or performs other malicious activities.

 

Search Provider classifies most malicious software into one of the following categories:

  • Backdoor: A type of malware that gives malicious hackers remote access to and control of a user’s device.
  • Downloader: A type of malware that downloads other malware onto a user’s device. It needs to connect to the internet to download files.
  • Dropper: A type of malware that installs other malware files onto a user’s device. Unlike a downloader, a dropper doesn’t need to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself.
  • Exploit: A piece of code that uses software vulnerabilities to gain access to a user’s device and perform other tasks, such as installing malware.
  • Hacktool: A type of tool that can be used to gain unauthorized access to a user’s device.
  • Macro virus: A type of malware that spreads through infected documents, such as Search Provider Word or Excel documents. The virus is run when a user opens an infected document.
  • Obfuscator: A type of malware that hides its code and purpose, making it more difficult for security software to detect or remove.
  • Password stealer: A type of malware that gathers a user’s personal information, such as user names and passwords. It often works along with a keylogger, which collects and sends information about the keys a user presses and websites they visit.
  • Ransomware: A type of malware that encrypts a user’s files or makes other modifications that can prevent a user from using their device. It then displays a ransom note stating they must pay money, complete surveys, or perform other actions before the user can use their device again.
  • Rogue security software: Malware that pretends to be security software but doesn’t provide any protection. This type of malware usually displays alerts about nonexistent threats on a user’s device. It also tries to convince a user to pay for its services.
  • Trojan: A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn’t spread by itself. Instead it tries to look legitimate, tricking users into downloading and installing it. Once installed, trojans perform a variety of malicious activities, such as stealing personal information, downloading other malware, or giving attackers access to a user’s device.
  • Trojan clicker: A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on a user’s device.
  • Worm: A type of malware that spreads to other devices. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate.

 

b. Potentially Unwanted Software. “Potentially Unwanted Software,” including software or downloadable programs and as determined in Search Provider’s sole discretion, are not permitted.

 

 3.Disallowed Behaviors

    • Software must not include “malware” or “potentially unwanted software” (as such terms are determined by Search Provider).
    • Software must not create any unexpected behaviors. The software must behave consistently with the declared behavior and functionalities at install.
    • Software must not perform activities that are hidden to the user or otherwise attempt to hide its presence or operation on the device, unless for legitimate background processes (which would be disclosed to users at install). For clarity, this does not include activities that would normally be expected to be hidden as part of regular product functionality, such as calculations.
    • Software must not be designed to evade, circumvent or impair security checks, antimalware, operating system and browser security scans and protection, or spam filters.
    • Cloaking behaviors or technology, or any behaviors meant to elude scans or detection, is not allowed. The software must not behave differently in a virtual environment or otherwise attempt to elude browser protection, anti-malware detection or fraud filtering.
    • Downloads must not alter, reconfigure or disable existing software or settings installed on the user’s device

without clear disclosure and consent from the user before install.

  • Software must not inhibit or otherwise limit the user`s ability to control and change settings on the device.
  • Software that automatically dials a phone number or connects remotely to another device or system without legitimate reasons and/or user consent is not allowed.
  • Alerts or other technologies must not attempt to mislead users into believing something is wrong with their device that needs fixing when this is not the case (e.g., scareware), or otherwise misrepresent or make exaggerated claims about system health and performance (for example by claiming that the system performance will improve by removing files that do not positively affect system performance).
  • PC cleaner/optimization software should provide error details to further specify their claims, as opposed to merely stating the presence of a certain number of issues.
  • Free downloads must not be made conditional to any forms of consideration, including a sign up or the provision of a cellular phone number (except in the event where sign up/account creation needs to be validated by the user, such as an email account creation validated via text message, or a required app store account creation for example).
  • Software must not weaken or attempt to compromise the security and/or protection of the user device or attempt to disclose any of the personal or sensitive information of the end user.
  • Software may not replace, add to or remove from the webpage by injecting content, or causing site content not to display, from a source with which the site owner does not have an affiliation.
  • Software must not limit the user’s control or programmatic control of the user’s browser default search settings, home page and new tab, either through additional questioning/prompts or other means of prevention when a change to the default search, home page or new tab settings is attempted.
  • Unsigned software is not allowed. All software must be digitally signed by its author(s) using a valid certificate issued by a reputable certification authority.
  • Unauthorized distribution is not allowed. Advertisers and partners may only distribute software which they are authorized to distribute. Please review our Misleading Content & Phishing Policy to learn more about promotion of third-party products and services.
  • Free desktop software in particular is subject to heightened controls, which may require actual proof of authorized distribution from the software publisher.
  • Software that changes browsing experience must adhere to the browser’s and/or operating system’s respective supported extensibility models and policies. For example, software may not suppress or otherwise circumvent browser consent dialogs.
  • Users must be able to abort software installation prior to completion through a

standard “close” button. Aborted installations must be complete, in that no traces of

the software remain on the device (including discarding of any selections made prior to abort).

  • Installation programs may only present one single dialog prompt confirming user intent to abort in clear, straightforward language.
  • If a user declines an offer or cancels the install before the installation process is completed, software may not

place any shortcuts on the user’s device to continue the installation at a later time.

  • Changes to user’s device and settings, including changes to the search providers, homepages, local file systems and other configurations and user’s settings that are not easily reversible without negative impact are not permitted.

 

4. Update Functionality

    • Undisclosed files that are unnecessary or unrelated to the software being installed must not be installed or delivered.
    • Any software download must include an uninstall function in the Programs and Features or Add/Remove

Programs control panel, or the browser’s or operating system’s default removal method.

  • The uninstall process must not be difficult, confusing or made conditional to payments, subscriptions, other downloads, etc.
  • Upon uninstall, a program may only display one single confirmation prompt. The confirmation prompt cannot be misleading or otherwise attempting to persuade the user not to proceed with the uninstall.
  • During uninstall, software may not install, uninstall or reinstall other unrelated software on the device without user consent.
  • The uninstall process must be complete and permanent for each software download. No traces of the specific

uninstalled software can remain on the user’s device.

 

5. Bundling Functionality

    • All software that is included in the download bundle must be clearly disclosed to the user.
    • The software or bundles must not be altered from what was disclosed to the end user or after review by Search Provider (for example, by injecting code into the bundle).
    • End users must be allowed to easily decline each individual software within the bundle, either individually or

through a “skip all.”

  • Installer and bundles must not crash or freeze programs or the device.
  • Chained bundlers (bundle within a bundle) are not allowed.
  • Legitimate software cannot be bundled with other software that is not allowed by this policy. For example, an

otherwise “complaint” software cannot be bundled with spyware.

 

6. Additional Requirements for Advertising Traffic Acquisition

    • Software should be available on the website as advertised in ad copy.
    • The software promoted in ad copy must be present on the landing page.
    • If the ad copy promotes “latest version, free” of a download, users must be able to download the latest version of the software from the website at no cost, and without the need to download any additional software (either for payment or free).
    • It must be noted in ad copy if access to content or services requires a software download (e.g., toolbars).
    • Ad injection advertising platforms or the use of ad injection to drive software downloads and audience acquisition (i.e., using ad injection to directly install software or to route the user to a marketing page that then requires the user to download the software made available there) are prohibited.