Abstract
Developing a safe application is so important as to properly install it in a system, and not an application’s tampered version. In a similar note, developers should properly care about applications’ uninstall process to avoid leaving traces of sensitive data behind in the system or interfere with the remaining applications. Until now, the academic literature has paid little attention to uninstall procedures so far. Moreover, a whole ecosystem of application uninstallers has been created, making multiple uninstallers available in software repositories. A key point is to understand how these applications work so as to develop stronger systems. To this end, we present a landscape work evaluating the operation of the 11 most downloaded uninstaller applications from the three most popular Internet software repositories. We discovered that most of these applications are not very different from the native Windows uninstaller. Although evaluated uninstallers present a more organized User Interface, thus enhancing usability, they are only able to find the same installed application as the native Windows uninstaller, but not broken installations. Few uninstallers apply heuristics to find broken application installations. However, we show that those heuristics can be abused by attackers to remove third applications. Finally, we also show that none of the removers is resistant to malicious uninstallers that terminate the remover process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Attack demos available at: https://www.youtube.com/watch?v=Rkw6WbD-nMY, https://www.youtube.com/watch?v=mZPb7h4cy80, and https://www.youtube.com/watch?v=0AjFCZWUhfU.
References
Botacin, M., Bertão, G., de Geus, P., Grégio, A., Kruegel, C., Vigna, G.: On the security of application installers and online software repositories. In: Maurice, C., Bilge, L., Stringhini, G., Neves, N. (eds.) DIMVA 2020. LNCS, vol. 12223, pp. 192–214. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-52683-2_10
Botacin, M., et al.: Antiviruses under the microscope: a hands-on perspective. Comput. Secur. 112 , 102500 (2022)
CNET: Uninstall - search (2021). https://download.cnet.com/s/uninstall/?platform=linux
Forum, A.: When does one use REVO uninstaller? (2013). https://forum.avast.com/index.php?topic=127051.0
Forum, I.: CBS/CNET recommended i use an uninstaller to remove their malware (2014). https://forums.iobit.com/topic/12814-cbscnet-recommended-i-use-an-uninstaller-to-remove-their-malware/
Forum, V.: My opinion of revo uninstaller pro (2003). https://forum.videohelp.com/threads/351573-My-opinion-of-Revo-Uninstaller-Pro
Google: Uninstallers - google play. https://play.google.com/store/search?q=uninstaller (2021)
Google: Unwanted software policy (2021). https://www.google.com/about/unwanted-software-policy.html
Hoffman, C.: Should you use a third-party uninstaller? (2015). https://www.howtogeek.com/172050/htg-explains-should-you-use-a-third-party-uninstaller/
Kim, Y., Lee, S., Hong, D.: Suspects’ data hiding at remaining registry values of uninstalled programs. In: e-Forensics. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2008)
Liou, J.-C., Duclervil, S.R.: A survey on the effectiveness of the secure software development life cycle models. In: Daimi, K., Francia III, G. (eds.) Innovations in Cybersecurity Education, pp. 213–229. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50244-7_11
Microsoft: Adding and removing an application and leaving no trace in the registry (2018). https://docs.microsoft.com/en-us/windows/win32/msi/adding-and-removing-an-application-and-leaving-no-trace-in-the-registry
Microsoft: Application registration (2018). https://docs.microsoft.com/en-us/windows/win32/shell/app-registration#registering-verbs-and-other-file-association-information
Microsoft: Configuring add/remove programs with windows installer (2018). https://docs.microsoft.com/en-us/windows/win32/msi/configuring-add-remove-programs-with-windows-installer
Microsoft: Program is not listed in add/remove programs after installation (2018). https://support.microsoft.com/en-us/topic/program-is-not-listed-in-add-remove-programs-after-installation-0866db2a-f8d9-fb0f-16d2-850f5072e536
Microsoft: Windows sysinternals (2021). https://docs.microsoft.com/en-us/sysinternals/
Microsoft: Software download products & services, freeware & shareware (2022). https://about.ads.microsoft.com/en-us/policies/restricted-categories/software-freeware-shareware#uninstall-functionality
Primiero, G., Boender, J.: Managing software uninstall with negative trust. In: Steghöfer, J.-P., Esfandiari, B. (eds.) IFIPTM 2017. IAICT, vol. 505, pp. 79–93. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59171-1_7
Ramirez, A., Aiello, A., Lincke, S.J.: A survey and comparison of secure software development standards. In: 2020 13th CMI Conference on Cybersecurity and Privacy (CMI) (2020)
Raymond: The performance cost of reading a registry key (2005). https://devblogs.microsoft.com/oldnewthing/20060222-11/?p=32193
RegBench: Regbench, windows registry benchmark utility (2017). https://bitsum.com/regbench.php
Softonic: Uninstallers - search (2021). https://www.softonic.com.br/s/uninstallers
Softpedia: Uninstallers - search (2021). https://www.softpedia.com/dyn-search.php?search_term=uninstallers
Soldani, J.: Grey literature: a safe bridge between academy and industry? SIGSOFT Softw. Eng. Notes 44(3), 11–12 (2019). https://doi.org/10.1145/3356773.3356776, https://doi.org/10.1145/3356773.3356776
StopBadware: Zango. https://www.stopbadware.org/tags/zango?__cf_chl_jschl_tk__=pmd_a220ec1f116838d84c8791496582d0446d9606f7-1632851755-0-gqNtZGzNAc2jcnBszQjO(2009)
Uninstaller, R.: How to force uninstall a program that won’t uninstall (2021). https://www.revouninstaller.com/blog/how-to-force-uninstall-a-program-that-wont-uninstall/
VirusShare: Virusshare (2021). https://virusshare.com/
Zax, R., Adelstein, F.: Faust: Forensic artifacts of uninstalled steganography tools. Digit. Invest. 6(1), 25–38 (2009). https://doi.org/10.1016/j.diin.2009.02.002, https://www.sciencedirect.com/science/article/pii/S1742287609000267
Acknowledgments
The authors would like to thank the Brazilian Ministry of Education for supporting this work (Research Project “Plataforma MEC de Recursos Educacionais Digitais”, Funding Agency: Fundo Nacional de Desenvolvimento da Educação - FNDE, TED n. 10.959).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Botacin, M., Grégio, A. (2022). Dissecting Applications Uninstallers and Removers: Are They Effective?. In: Susilo, W., Chen, X., Guo, F., Zhang, Y., Intan, R. (eds) Information Security. ISC 2022. Lecture Notes in Computer Science, vol 13640. Springer, Cham. https://doi.org/10.1007/978-3-031-22390-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-22390-7_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22389-1
Online ISBN: 978-3-031-22390-7
eBook Packages: Computer ScienceComputer Science (R0)