Paint.Net is a well-known free photo editor. It may be an excellent product but I cannot recommend it because only an alert and somewhat savvy user can navigate its website to find the actual installer. The home page sidebar looks like advertisement, so that big blue button looks like right place to click.
Nope. That installs Pdf Creator and its pile of adware.
Once you figure out the most prominent item on the page actually contains adware, your next likely target becomes the big green button.
Wrong again. This time you get Zoom Downloader.
Think about downloaders for a moment. When computers were made from bamboo and ran Netscape 1.0, downloaders may actually have added useful functionality to a browser. In 2012, they have been pointless for at least ten years but hapless Internet users still confront them constantly.
In the spirit of not ascribing to malice what incompetence can explain, some of these downloaders are pet projects, done only because they are easy, solving problems that don’t exist and creating new ones.
If you did upgrade to the latest version of Flash from the Adobe website, you very likely have Adobe Download Manager installed.
What is the Adobe Download Manager? “The Adobe Download Manager (Adobe DLM) is a small application that is used to deliver two of Adobe’s most frequently downloaded products, Adobe Reader and Adobe Flash Player.”
Is the Adobe DLM safe to use? According to Adobe: “The Adobe DLM is signed by Adobe, uses SSL, MD5 checksum integrity verification, encryption and other methods to insure that the software you request is the software you receive from Adobe.”
Pay attention to the bold part of the last sentence. The reason I marked this part of the sentence is that apparently you can force automatic download and installation of software upon anyone who visit your website and have Adobe Download Manager installed [CVE-2010-0189]. Safe to use, ha?
Download managers by definition require firewall openings and not all downloader creators are as stupidly benign. They produce software you do not need. They trick you into installing them.
Aunt Millie, of course, realizes none of this; she just wants to remove red-eye from her cat pictures. By now utterly baffled that she cannot get Paint.Net to install, if she can find her way back to its site with her now crippled browser and locate the small download link, she tries again. This time she gets one step closer, the actual download page, with another big blue download button.
Fool me thrice. Another download manager.
On fully patched and otherwise completely clean Windows Xp, I took before and after screenshots. Internet Explorer froze once and was so broken after the second install that I could not download the third craplet. Something along the way disabled Windows Firewall.
Ideally, when someone clicks those ads, the browser would interrupt with, “Awesome Downloader Express from Trojans R Us is not the software you want. Try http://example.com/therealsoftware.exe instead,” a stillborn scheme due to implementation difficulty. Gray-hat warring with distributed spiders that drive up click and bandwidth costs might at least be more fun. I am not sure my vigilante altruism goes that far, but if I find someone waging that campaign, I will applaud them.
So the best I can do for poor aunt Millie is rage. From one remote corner of the Web, the futile scream goes out, “Paint.Net, you may be a fine program, but I cannot support you.”