The majority of free antivirus solutions ship with potentially unwanted offers

Martin Brinkmann
Jan 19, 2015
Updated • Jan 20, 2015

Developers and companies that offer free version of products have different options at their disposal to monetize their work.

From pro and business editions over donations to third-party offers. Third-party offers in this context means integration of other programs or services in the installer to earn revenue whenever users install those offers.

Since companies get paid when users install those programs and services, it is often the case that it is difficult to block their installation.

What some companies may not realize and others may take into account that this may impact the company's reputation and trust factor.

While that may be an issue for all companies, trust and reputation are especially important when it comes to security software.

Antivirus programs without third-party offers

The following programs don't include third-party offers or first-party offers that are not related to antivirus protection.

Free Antivirus solutions with third-party offers

Ad-Aware Free Antivirus+


Ad-Aware installs Ad-Aware Web Companion by default if you don't select the skip option. Skip is barely visible while next is highlighted.

The program will change the browser homepage and new tab page in Firefox, Internet Explorer and Chrome, and install a new default search engine as well.

Avast Free Antivirus

Avast offers to install Dropbox during installation. It will do so unless you uncheck the "install Dropbox" box on the configure page during installation.

AVG Antivirus Free


Displays offers after the installer finishes installing the program on the system. It pops up in the lower right corner and will install AVG Web TuneUp and AVG Secure Search if you click ok.

This may modify the browser home page, change the default search provider (to Yahoo) and install a new tab page.

The offer is selected by default and the ok button to accept it is larger and highlighted while the decline button uses a smaller font size and darker color that is harder to see on the dark background.

Avira Free Antivirus

You get options to install the Dropbox software on your system after installation. In addition, SafeSearch is offered which changes your search engine to Avira Safe Search if accepted.

The acceptance and pass (no thanks) button have the same size and there is a skip all link displayed as well that you can click on to skip all offers right away.

Comodo Antivirus Free

Comodo's Antivirus Installer will not only install the antivirus program but also Comodo GeekBuddy and Comodo Dragon Web Browser by default.

GeekBuddy is a remote support service and Dragon  a web browser based on Chromium. You need to select customize installation to avoid these from being installed automatically.

In addition, Comodo may change the PC's DNS settings to Comodo Secure DNS servers and change the homepage and search engine of supported web browsers (to Yahoo as well).

Panda Free AV

This program offers to install the Panda Security Toolbar in supported browsers, to make Yahoo the default search provider, and to set MyStart (powered by Yahoo) as the default home page.

All options need to be unchecked to avoid this from happening.

Closing Words

The free antivirus solutions use two core monetization options. The first changes the browser's home page, new tab page and search provider. Most cooperate with search providers such as Yahoo to earn revenue when users search and click on ads. Included in the first group are security add-ons as they may provide similar features.

The second group installs third-party programs like Dropbox on the system if left unchecked.

All offers that I came across during the test were selected by default which means that they get installed if you click next/accept/install without going through the page first.

It is also interesting to note that some programs offered to undo their changes during uninstallation while others did not. After the uninstallation of AVG for example, AVG Web TuneUP was still installed on the system and had to be removed manually. Doing so provided you with options to revert the search and homepage settings though. (inspiration taken from this Emsisoft article)

Now You: What is your experience in this regard?

The majority of free antivirus solutions ship with adware
Article Name
The majority of free antivirus solutions ship with adware
A thorough analysis of the installation options and behavior of free antivirus solutions for the Windows operating system.

Previous Post: «
Next Post: «


  1. jef said on November 2, 2016 at 1:56 am

    I had to look for new anti-virus today, what a pain in the ass, these guys add all that crap even when you deselect and uncheck, I found that avg, comodo, panda, avira and one other put tracking cookies in system and when you startup they put cookies in, and the pop up notices and warnings and the load on your computer and some of them install multiples and you have to restart 2 to 3 times to delete, I have ad-aware now and it is great just deselect the extras, its to bad we even need antivirus at all

  2. PJ said on January 28, 2015 at 10:08 pm

    I’ve been using Avira Free Antivirus since 2010, & Comodo Firewall since 2011. Over the past 2 days, I uninstalled both Avira v14.0.7.468 (latest) & Comodo v8.0.0.4344 (latest), & then reinstalled the same latest versions using the offline full installers downloaded from the respective official websites. Below is what I encountered so far.

    1) Avira Around the World in 80 Seconds
    The Avira Free Antivirus v14.0.7.468 offline installer did NOT offer me any bundleware such as Avira SafeSearch or Dropbox.

    However, Avira generates a permanent avgnt.exe [folder] > Avira.OE.ExtApi.dll (51.2 KB, v, signed: 22/10/2014) in User\AppData\Local\Temp. The DLL file can be renamed (eg. to Avira.OE.ExtApi-OLD.dllz, but Avira makes it undeletable.

    When I use Unlocker or OldTimer MoveIt to delete avgnt.exe > Avira.OE.ExtApi.dll / Avira.OE.ExtApi-OLD.dllz upon reboot, Avira unfailingly re-spawns the original DLL file in the Temp folder after Windows starts up. What exactly does this Avira.OE.ExtApi.dll do ? And how to get rid of it permanently ? I did not have this undeletable file when I updated Avira in-place since 2010 (instead of reinstalling it afresh).

    In addition, Avira keeps trying to connect to certain URLs around the world. It seems that I had installed “Avira Around the World in 80 Seconds”. Where else is Avira going to call next … Alaska, Chile, China, Ukraine & Zimbabwe ?

    avguard.exe calls:
    • Amazon Technologies Inc. (Dublin, Ireland):,
    • Inc. (Dublin, Ireland):
    • Softlayer Dutch Holdings Bv (Amsterdam, Netherlands):

    avira.oe.systray.exe calls:
    • Akamai Technologies Inc. (Singapore):

    2) Comodo Stores all Bundlware Installers at C: drive
    The Comodo Firewall v8.0.0.4344 offline installer offers the Comodo Dragon Browser, Geek Buddy, etc. bundleware, all of which I declined.

    Nevertheless, Comodo places the full offline installers for Dragon Browser, Geek Buddy, Yandex, etc. at Program Data\Comodo Downloader. Since these inactive installer files take up a few hundred MB of space, I deleted them all with no adverse effect, nagging or sneaky re-download observed so far.

    Meanwhile, Comodo tries dialling some URLs for unknown reasons. Note I have ‘Cloud Lookup’ disabled:-
    cmdagent.exe calls:
    • Ccanet Limited (Bradford, United Kingdom):

    Other Comodo users have also experienced the same thing, not that Comodo has ever bothered to explain why:-

  3. George Melendez said on January 28, 2015 at 7:44 pm

    Hi PJ…

    Thanks for the info. Let me say that i have verified all of Avira’s files and folders and i can not find any trace of the files and folders you mention. Maybe Avira has stopped this this type of practice. Do you have any info on this???

    1. PJ said on January 28, 2015 at 8:52 pm

      @George Melendez — When did you first install Avira Free Antivirus ?

      If you installed or version-updated your Avira in 2011, even though you declined the ASK toolbar & all bundleware, you would nevertheless be affected by the ASK toolbar nuisance files everytime you connect to the internet (ie. Apnstub.exe tried calling certain URLs), as well as whenever you updated your virus definitions (ie. Avira kept checking to make sure that the ASK files still existed in the Avira folder).

      Some user experiences:-

      As far as I recall, Avira VDF update finally stopped checking for the ASK files sometime in 2013. I think this was when Avira switched to promoting the SearchFree browser extension for the new version of Avira Antivirus (Avira 2014).

      1. George Melendez said on February 23, 2015 at 1:06 am

        Hi PJ…

        When I installed Avira’s latest version I did so from the Avira home page. After the installation I was having problems with the icon on the task bar and after searching on Google for a solution I found that Avira would install 2 separate programs. One is the antivirus software it self (Avira Antivirus Free) while the other is just Avira, that’s 2 programs. It will show up in Wins 7 Control Panel “Programs & Features”. The second program, Avira, is the one that when you click on it you will see a small pop-up where it has the antivirus and the Avira Safe Search (if you want to install) and something else which I can’t remember. That was effecting the task bar icon’s function so I proceeded to remove the Avira program. This does not affect in any way the antivirus functionality . I hope I explained myself correctly, you see, English is my second language so I hope I have expressed my self clearly.

      2. PJ said on February 22, 2015 at 7:12 pm

        @George Melendez: “I started using Avira around July or August 2014” => This timeline explains why you didn’t encounter Avira repeatedly checking for & re-downloading the ASK toolbar to your system. This function was shipped in an earlier version of the installer.

        And all those ASK toolbar stuff were not in the form of popups, or an actual browser toolbar (because I already explicitly declined it while using Avira’s stub/offline installer back in 2010). The whole Avira-ASK business was sneakily performed in the background during every virus definition update. The evidence is only found in VDF audit log & the “magical” re-appearance of ASK toolbar files in Avira’s folder.

        Actually, I’m still using Avira Free Antivirus. All along, there is only 1 entry: there is no separate “Avira” install to uninstall. Perhaps you previously installed some Avira bundleware (eg. Avira SearchFree) by accident.

        I don’t see any Avira popup adverts because I’d blocked all of them. There is no way to disable these popups from within the Avira GUI, but you can set rules in your firewall to BLOCK (in & out) the below 2 files from calling Avira & various 3rd-party vendors:-

        C:|Program Files (x86) > Avira > AntiVir Desktop > avnotify.exe
        C:|Program Files (x86) > Avira > AntiVir Desktop > ipmgui.exe

        Incidentally, as compared to the v14.0.7.468 (mid Jan 2015 build), the latest-available build of Avira Antivirus Free v (12 Feb 2015 build) is quite clean. It did not install avgnt.exe > Avira.OE.ExtApi.dll in the Windows Temp folder. Woohoo !

        As I previously mentioned here, this Avira.OE.ExtApi.dll file (installed w/o permission by the mid Jan 2015 build) is impossible to get rid of — unless one uninstalls Avira Free Antivirus. And that was what I did, before trying out the 12 Feb 2015 build (offline installer).

      3. George Melendez said on February 22, 2015 at 2:11 pm

        Hi PJ …

        I started using Avira around July or August 2014. I am using version and had problems with the notification icon not showing up. I discovered that I had 2 Avira programs installed. One was the actual antivirus software by the name Avira Free Antivirus and the other was just Avira. The Avira software is where you have the pop-up when you click on the icon letting you know what other software you can install. So I just uninstalled the Avira software and did nothing to the Avira Free Antivirus software and my notification icon started working correctly. Sure, I have maybe once or twice a day pop-ups with offers to get the paid version and some might find this practice a nuance but I can live with it. Avira Free really is a very good antivirus and the free version is actually better than some paid versions so I don’t mind the pop-ups. It scores very high for detecting and removal of malware and is consistently in the top 5 better antivirus be it free or paid versions. I would suggest that if you are searching for FREE antivirus you should give Avira Free a try. Excellent detection & removal, light on resources, fast scanning, automatic updates and an automatic weekly scan. I am using the default settings and haven’t had any issues what so ever. I guess you can call Avira an “install it and ‘set it & forget it’ ” antivirus. Give it a try and enjoy ……

  4. PJ said on January 21, 2015 at 2:34 pm

    The info supplied by this article is good to know for new users, as well as those planning to reinstall their OS (& hence probably would be utilizing the latest antivirus/ anti-malware installers). The scary thing though is that antivirus (or other software) providers might potentially start installing stuff w/o the permission or knowledge of current users by unscrupulously “slip-streaming” bundleware into the software’s version updates (ie. performed from within the software itself). Would this be possible ?

    I have Avira Free AntiVirus installed since 2010. I don’t recall the 2010 installer being bundled with Dropbox or Avira SafeSearch, although it tried offering the toolbar (aka SearchFree) which I declined & thus had to forgo Avira’s “Enable Web Protection”. Despite this, Avira nevertheless forcibly sneaked in a few Ask files … maybe just In case I change my mind & want the Ask toolbar in my browser !?!

    These Ask files can be safely deleted, but Avira kept downloading the same package of Ask files with every virus definition update. Avira’s VDF download report even blatantly indicated that its server checked whether these Ask files were present, & proceeded to re-download them if missing. As a workaround, I used my firewall to block the Ask toolbar files from ever doing anything.

    It appears that Avira changed its bundleware sometime in 2014, because it suddenly stopped checking for (& downloading) the Ask files with every virus definition update. Perhaps it has switched to downloading other bundleware files for users who installed Avira after 2011.

    1. George Melendez said on January 21, 2015 at 11:59 pm

      Hi PJ …

      I currently have Avira AntivirusFree V on my computer which I downloaded from the Avira web site and it is a clean download. Avira has saved me a few times and I have to say that it is a very good antivirus and easy to set-up. There is no adware and you can opt out of Dropbox and Avira Safe Search. It seems that some software developers are bundling stuff and others try to sneak it when you are installing. That’s s bad idea and all I can say is WATCH OUT what you install and read carefully before installing. When in doubt just don’t use the software and get software from another developer.

      1. PJ said on January 22, 2015 at 11:06 am

        @George Melendez — Thanks for sharing your experience with Avira. As a continuous user of Avira Free Antivirus (since 2010), I can verify that there is no (aka Avira SafeSearch) toolbar installed in your browser, if you opted out of it during the installation.

        But the outrageous thing is: Even after you had taken great care to *opt out*, Avira’s installer (from Avira website) nevertheless downloaded the ASK files into the Avira folder. Some of these ASK files include apntoolbarinstaller.exe, apnic.dll & the infamous apnstub.exe, which tries calling a certain URL once you go online. This is very obvious to users who happen to have a robust firewall installed.

        Although these “semi-active” ASK files don’t do anything much (besides always calling & Avira) if you had opted out of the toolbar, these extraneous files are nevertheless unwanted adware that take up space. They can be manually deleted, but Avira will download them again & again — whenever you update your virus definitions (note: Avira’s ASK actions are fully logged in its own audit trail as recorded in every VDF download report), AND when you allow Avira to upgrade itself (ie. in-product upgrade).

        The irony: The only way to stop Avira from repeatedly scanning your system for ASK files & repeatedly re-downloading these adware files (if deleted by user) is to install the ASK toolbar !

        And comic-tragically enough, Avira even tried pulling the wool over users’ eyes by issuing a public notice claiming that the nuisance adware [apnstub.exe] is an authorized and legitimate system-check utility” !!

        I post Avira’s notice (Jul 2011) in full below — in case Avira were to remove it in the future, & hope that everyone would eventually forget how insidiously sneaky an antivirus provider can be, even though users had outright said no.

        ——— START ———–

        Some of our consumers have expressed concerned about the application apnstub.exe which connects to the Internet after Avira AntiVir Service Pack 2 (SP2) Update is installed. Please be assured that this is a authorized and legitimate system-check utility.

        After the download of SP2, your AntiVir software checks whether the ASK-Toolbar is already installed on your computer. If the Toolbar is already present, AntiVir will not bother you with a slide-up alert asking you to install it.

        The apnstub.exe utility will do this check 3 times (the next 3 times that you reboot your computer). An additional check is done whenever the AntiVir setup dialog is displayed, in order to once again confirm the presence or absence of the Toolbar. If the ASK-Toolbar is already present, AntiVir will not offer you the setup option for installing the Avira-Toolbar.

        The technical purpose for apnstub.exe and the connection to is as follows:

        1. To check the requirements for Avira-Toolbar with operating system and browser configuration
        2. To check whether there is already an Ask-Toolbar installed
        3. To ensure that customers are receiving the latest Avira-Toolbar if no Ask-Toolbar is installed

        Please note that no further information is collected or passed on by the Toolbar, by apnstub.exe, or by

        Created : Tuesday, July 5, 2011, Last updated: Friday, June 8, 2012

        ——— END ———–

  5. b003 said on January 21, 2015 at 2:39 am

    I read that article, Conduit my old enemy… we meet again.

    I haven’t gotten anything from in forever and don’t plan to either.

  6. Ray said on January 20, 2015 at 1:08 am

    Martin, could you add 360 Total Security / 360 Internet Security to your list. No 3rd-party offers according to my testing.

    1. Sukhen said on January 20, 2015 at 3:57 pm

      I heard of it, never tested. Is it good and light?

      1. neal said on January 21, 2015 at 3:29 am

        I believe it is run by Qihoo, the antivirus suite may or may not be good, but well versed Chinese users will tell you that Qihoo is pretty shady and I would never trust them.

  7. Hans van Aken said on January 19, 2015 at 11:05 pm

    Unchecky is being installed as a service and keeps you aware of installing unwanted programs.
    Unchecky – Keeps your checkboxes clear:
    Several languages.

  8. Oxa said on January 19, 2015 at 9:11 pm

    Bundling is here to stay, unfortunately. I have so far, with one exception, been able to opt out of installing unwanted software. I can’t remember the exception, but it installed unwanted software even when I opted out. Equally disturbing is what happens when you update the software from within the program. A couple of years ago when updating Avast from within the program, it installed some crapware without providing the option to opt out. Even worse, it was so hard to uninstall the crapware that I had to do a Windows system restore. Ever since, I’ve had to go to the Avast website to download the installation program when updating. Foolish actions like that definitely affect the credibility and reputation of the company.

  9. tinwheeler said on January 19, 2015 at 8:10 pm

    Another little trick that one should be aware of is to always click on the ‘Custom’ or ‘Advanced’ button on an installer first as many of the unwanted programs are hidden there. And make sure you check every inch of each install box very carefully.

  10. Dave said on January 19, 2015 at 8:05 pm

    What if Microsoft made a tool that – as well as deleting viruses and malware – also deleted files they just didn’t want you to have? That software is MSE.

    I had the Xbox Scene files that let you install Linux on the original Xbox using the open-source, free and legal Cromwell BIOS. MSE identified the files as “hack tools” and deleted them off my main drive and back-up drive. For the uninformed, the Cromwell BIOS did not enable piracy.

    1. NeverWinter Systems said on February 1, 2016 at 12:35 am

      Yep, its done that a couple of times to me too, but luckily (unlike most alternates) it hangs on to a ‘ghost’ of whatever it doesn’t like until it clears its cache at your next restart, so you can get it back if you’re quick. It’s also why I’ve told MSE not to look in removable drives, so whenever I plug in my Apps Installers backup drive it doesn’t go through and delete all my data.
      Don’t get me wrong; MSE Is pretty decent, but it just hasn’t got the same kind of grunt of an Avira, or a Malwarebytes, or a Comodo. By all means install MSE, but certainly don’t rely on it as your lone wolf!

    2. Doc said on January 20, 2015 at 12:46 am

      This is true of a lot of antivirus software. I use AVG Free, and it detects any NirSoft tools that find passwords as “malware” and tries (usually successfully) to delete them.

  11. Pants said on January 19, 2015 at 7:45 pm

    I still remember the good ‘ol days when notepad could do everything .. *sigh*

    Here’s a nude redhead on a Harley:

    :õº>D”¿)ØáíÛ}4”|Å j•ùNÄìU8klKëc*z>E%?ϓ69{ÒÚñþïXÅ 3?¥ˆ÷Ÿµ¾{Blz(Ò¿¤€¯¼Í¬sÚ/þÍ’õ¡±ÇÞNÔ”n­¢9÷4‰$Á;r

    1. NeverWinter Systems said on February 1, 2016 at 12:23 am

      @Pants: “Sometimes I don’t even see the code; all I see is blonde, brunette, redhead…”
      I’m just playing with Comodo at the moment, and I firmly believe its never heard the old adage, ‘you only need to punch it into a computer once’. It pops up to tell me every time the same dynamic link library or executable wants to access a resource, even after I’ve told Comodo to remember my decision to allow/block. “xxx.dll wants to access ???-01 registry key”, so I determine its safe, check the box next to ‘Remember my decision’, click the appropriate Allow or Block button only to see 10 seconds later… “xxx.dll wants to access ???-02 registry key”
      Look, Comodo, I just told you that I considered the dll (or exe) safe, so let it do its job and let me get on with what I’M trying to do! It’s been installed for two days and still I’m getting the same requests by the same libraries/programs! I’m only going to put up with it for so long before showing it what a DoD is!
      I strongly believe the best antivirus or antimalware program is your index finger, and a user’s level of ‘street smarts’ when online will either get their PC in trouble or keep it healthy. How the hell can you get poisoned by a salmonella-filled Big Mac unless you physically put it in your mouth?

  12. joe said on January 19, 2015 at 7:22 pm

    Malwarebytes Anti-Malware is not an antivirus.

    1. Sukhen said on January 20, 2015 at 3:58 pm

      Is it really that bad?

  13. Ron said on January 19, 2015 at 7:15 pm

    Are any of these really necessary? Isn’t Microsoft Security Essentials sufficient?

    1. ilev said on January 19, 2015 at 7:35 pm

      Microsoft Security Essentials is the worse ever anti-virus. Even Microsoft agrees with this :

      Microsoft: Security Essentials is designed to be bottom of the antivirus rankings

      Microsoft reveals that it sees its own antivirus as a “baseline” and advises users to install third-party antivirus…

      1. Claude LaFreniere said on January 19, 2015 at 9:39 pm

        May be MSE is the worse according to AV test sites but I’m using MSE since the begining (replacing Avast) and I never had any malware of any sort in my PCs (and this since 2001 !). For sure my personnal experience is NOT a proof!

        If it’s important to have an updated AV, it’s not the only factor in computer security. The most important and the most feable factor in security layers is the user itself. for computer as well as any other security system… :)

        «Security is not a product it’s a process.» Bruce Schneier

  14. Robert Palmar said on January 19, 2015 at 6:53 pm

    The inclusion of potentially unwanted programs with any program installation is a deception.
    Companies are well-aware a significant percentage of users, if not a majority, have no idea
    of what they are getting into and no idea of how to get out of the changes to their system.
    While it is easy to say buyer beware, or user beware, the reality is many users are not.

    1. Brian said on January 20, 2015 at 12:45 am

      It is all the more reprobable when it comes from security experts who use the same techniques as the criminals they’re supposed to protect people from. Nice way to educate the general public about security issues :(

      1. Robert Palmar said on January 21, 2015 at 7:31 pm

        Agreed, Brian.

  15. Russell said on January 19, 2015 at 6:48 pm

    No,I don’t have to understand. If they want to make money, they should charge a little for the software. Enough with the manipulative, childish bullshit.

    1. GodHatesFigs said on January 20, 2015 at 8:40 am

      Ooooohhhh…get you.

  16. George Melendez said on January 19, 2015 at 6:12 pm

    I’ve got Avira Free as my antivirus and all I did was to opt out of Dropbox and Safesearch offers. Not a big deal if you are keen in watching when installing the software. Just play close attention and you will be okay. We have to understand that the software is free and the developers are just trying to increase their income. By the way, Avira is an excellent free antivirus choice and has excellent malware detection and removal rates. It’s also very light on resources…. give it a try.

    1. GodHatesFigs said on January 20, 2015 at 8:39 am

      Ditto.Wouldn’t use nowt else!

    2. Hans van Aken said on January 19, 2015 at 9:51 pm

      Just found this according to Avira: How can I reactivate Avira Web Protection?
      They say that SearchFree Toolbar ( has been removed, alternatively
      they offer Avira Browser Safety as a free add-on for Firefox and Chrome.
      Unfortunately it is not working yet.
      In the lower left corner you find a button for changing languages.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.