Skip to main content
SpringerLink
Log in

Dissecting Applications Uninstallers and Removers: Are They Effective?

  • Conference paper
  • First Online:
Information Security (ISC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13640))

Included in the following conference series:

Abstract

Developing a safe application is so important as to properly install it in a system, and not an application’s tampered version. In a similar note, developers should properly care about applications’ uninstall process to avoid leaving traces of sensitive data behind in the system or interfere with the remaining applications. Until now, the academic literature has paid little attention to uninstall procedures so far. Moreover, a whole ecosystem of application uninstallers has been created, making multiple uninstallers available in software repositories. A key point is to understand how these applications work so as to develop stronger systems. To this end, we present a landscape work evaluating the operation of the 11 most downloaded uninstaller applications from the three most popular Internet software repositories. We discovered that most of these applications are not very different from the native Windows uninstaller. Although evaluated uninstallers present a more organized User Interface, thus enhancing usability, they are only able to find the same installed application as the native Windows uninstaller, but not broken installations. Few uninstallers apply heuristics to find broken application installations. However, we show that those heuristics can be abused by attackers to remove third applications. Finally, we also show that none of the removers is resistant to malicious uninstallers that terminate the remover process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Attack demos available at: https://www.youtube.com/watch?v=Rkw6WbD-nMY, https://www.youtube.com/watch?v=mZPb7h4cy80, and https://www.youtube.com/watch?v=0AjFCZWUhfU.

References

  1. Botacin, M., Bertão, G., de Geus, P., Grégio, A., Kruegel, C., Vigna, G.: On the security of application installers and online software repositories. In: Maurice, C., Bilge, L., Stringhini, G., Neves, N. (eds.) DIMVA 2020. LNCS, vol. 12223, pp. 192–214. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-52683-2_10

    Chapter  Google Scholar 

  2. Botacin, M., et al.: Antiviruses under the microscope: a hands-on perspective. Comput. Secur. 112 , 102500 (2022)

    Google Scholar 

  3. CNET: Uninstall - search (2021). https://download.cnet.com/s/uninstall/?platform=linux

  4. Forum, A.: When does one use REVO uninstaller? (2013). https://forum.avast.com/index.php?topic=127051.0

  5. Forum, I.: CBS/CNET recommended i use an uninstaller to remove their malware (2014). https://forums.iobit.com/topic/12814-cbscnet-recommended-i-use-an-uninstaller-to-remove-their-malware/

  6. Forum, V.: My opinion of revo uninstaller pro (2003). https://forum.videohelp.com/threads/351573-My-opinion-of-Revo-Uninstaller-Pro

  7. Google: Uninstallers - google play. https://play.google.com/store/search?q=uninstaller (2021)

  8. Google: Unwanted software policy (2021). https://www.google.com/about/unwanted-software-policy.html

  9. Hoffman, C.: Should you use a third-party uninstaller? (2015). https://www.howtogeek.com/172050/htg-explains-should-you-use-a-third-party-uninstaller/

  10. Kim, Y., Lee, S., Hong, D.: Suspects’ data hiding at remaining registry values of uninstalled programs. In: e-Forensics. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2008)

    Google Scholar 

  11. Liou, J.-C., Duclervil, S.R.: A survey on the effectiveness of the secure software development life cycle models. In: Daimi, K., Francia III, G. (eds.) Innovations in Cybersecurity Education, pp. 213–229. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50244-7_11

    Chapter  Google Scholar 

  12. Microsoft: Adding and removing an application and leaving no trace in the registry (2018). https://docs.microsoft.com/en-us/windows/win32/msi/adding-and-removing-an-application-and-leaving-no-trace-in-the-registry

  13. Microsoft: Application registration (2018). https://docs.microsoft.com/en-us/windows/win32/shell/app-registration#registering-verbs-and-other-file-association-information

  14. Microsoft: Configuring add/remove programs with windows installer (2018). https://docs.microsoft.com/en-us/windows/win32/msi/configuring-add-remove-programs-with-windows-installer

  15. Microsoft: Program is not listed in add/remove programs after installation (2018). https://support.microsoft.com/en-us/topic/program-is-not-listed-in-add-remove-programs-after-installation-0866db2a-f8d9-fb0f-16d2-850f5072e536

  16. Microsoft: Windows sysinternals (2021). https://docs.microsoft.com/en-us/sysinternals/

  17. Microsoft: Software download products & services, freeware & shareware (2022). https://about.ads.microsoft.com/en-us/policies/restricted-categories/software-freeware-shareware#uninstall-functionality

  18. Primiero, G., Boender, J.: Managing software uninstall with negative trust. In: Steghöfer, J.-P., Esfandiari, B. (eds.) IFIPTM 2017. IAICT, vol. 505, pp. 79–93. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59171-1_7

    Chapter  Google Scholar 

  19. Ramirez, A., Aiello, A., Lincke, S.J.: A survey and comparison of secure software development standards. In: 2020 13th CMI Conference on Cybersecurity and Privacy (CMI) (2020)

    Google Scholar 

  20. Raymond: The performance cost of reading a registry key (2005). https://devblogs.microsoft.com/oldnewthing/20060222-11/?p=32193

  21. RegBench: Regbench, windows registry benchmark utility (2017). https://bitsum.com/regbench.php

  22. Softonic: Uninstallers - search (2021). https://www.softonic.com.br/s/uninstallers

  23. Softpedia: Uninstallers - search (2021). https://www.softpedia.com/dyn-search.php?search_term=uninstallers

  24. Soldani, J.: Grey literature: a safe bridge between academy and industry? SIGSOFT Softw. Eng. Notes 44(3), 11–12 (2019). https://doi.org/10.1145/3356773.3356776, https://doi.org/10.1145/3356773.3356776

  25. StopBadware: Zango. https://www.stopbadware.org/tags/zango?__cf_chl_jschl_tk__=pmd_a220ec1f116838d84c8791496582d0446d9606f7-1632851755-0-gqNtZGzNAc2jcnBszQjO(2009)

  26. Uninstaller, R.: How to force uninstall a program that won’t uninstall (2021). https://www.revouninstaller.com/blog/how-to-force-uninstall-a-program-that-wont-uninstall/

  27. VirusShare: Virusshare (2021). https://virusshare.com/

  28. Zax, R., Adelstein, F.: Faust: Forensic artifacts of uninstalled steganography tools. Digit. Invest. 6(1), 25–38 (2009). https://doi.org/10.1016/j.diin.2009.02.002, https://www.sciencedirect.com/science/article/pii/S1742287609000267

Download references

Acknowledgments

The authors would like to thank the Brazilian Ministry of Education for supporting this work (Research Project “Plataforma MEC de Recursos Educacionais Digitais”, Funding Agency: Fundo Nacional de Desenvolvimento da Educação - FNDE, TED n. 10.959).

Author information

Authors and Affiliations

  1. Texas A &M University, College Station, USA

    Marcus Botacin

  2. Federal University of Paraná (UFPR), Curitiba, Brazil

    Marcus Botacin & André Grégio

Authors
  1. Marcus Botacin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. André Grégio
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcus Botacin .

Editor information

Editors and Affiliations

  1. University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

  2. Xidian University, Xian, China

    Xiaofeng Chen

  3. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

  4. University of Wollongong, Wollongong, NSW, Australia

    Yudi Zhang

  5. Petra Christian University, Surabaya, Indonesia

    Rolly Intan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Botacin, M., Grégio, A. (2022). Dissecting Applications Uninstallers and Removers: Are They Effective?. In: Susilo, W., Chen, X., Guo, F., Zhang, Y., Intan, R. (eds) Information Security. ISC 2022. Lecture Notes in Computer Science, vol 13640. Springer, Cham. https://doi.org/10.1007/978-3-031-22390-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22390-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22389-1

  • Online ISBN: 978-3-031-22390-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation