It happened again today. We received an email from a very frustrated user, complaining that OpenOffice had taken over his browser, installed new toolbars, replaced the browser's home page, was causing pop-ups to surface on every page, etc. To make things worse, none of these programs could be uninstalled via normal means.
When we at the Apache OpenOffice project receive reports like this -- and we receive them a couple of times every week -- the first thing I ask is, "Where did you download OpenOffice from?" In today's case, when the user checked his browser's history he found what I suspected, that it was not downloaded from www.openoffice.org, but was a modified version, from another website, that was also installing other applications on his system, programs that in the industry are known as "adware", "spyware" or "malware".
This is one of several traps for the unwary on the web today. It does not happen just to OpenOffice. Other popular open source applications, especially end user ones, run into this problem, e.g., Audacity, 7Zip, etc.
Things to watch out for include:
- Websites offering downloads of OpenOffice but requiring the use of a special "installer" or "downloader" application that installs other, unwanted applications before installing OpenOffice.
- Installers that ask you to send an SMS in order to receive a registration key to use OpenOffice.
- Websites that try to sell you OpenOffice. This sometimes happens on online auction sites. Although it is entirely legitimate to sell CD's of OpenOffice as a convenience (bandwidth is limited in many parts of the world), users should know that they can always download OpenOffice for free at www.openoffice.org.
- Websites that claim to sell you OpenOffice bundled with support, but then just direct you to the free community support forums, a service that we make available to all users at no charge.
- Websites that have domain names, or social media account names, that are variations on "OpenOffice", but which point to websites that try to sell you OpenOffice or offer you a download of a version that is modified to install adware.
- Websites that purchase sponsored ads in search engines so their advertisements feature prominently when a user searches for "OpenOffice" or "Open Office" or similar keywords, and using these ads to draw traffic to their website, where the modified version of OpenOffice is offered.
The common pattern in these cases is that someone is using the good name and reputation of our project, and often our trademarked logos, to confuse you, the user, into thinking that the website is offering you a genuine copy of OpenOffice. These downloads, aside from the unwanted "extras" they may install, are often based on older versions of OpenOffice, and lack important security updates, putting you even more at risk.
Be safe. Remember this simple rule: www.openoffice.org
is the official website for OpenOffice. Downloads there will always be free of charge.
Downloads there are reviewed and approved by the Apache OpenOffice community. There may be other reputable websites that offer OpenOffice downloads as well, like SourceForge or CNet or others. They stand on their own reputation.
So what can you do if you are tricked into installing a unsafe version of OpenOffice?
- If you are comfortable diagnosing and repairing your system, run anti-virus and malware scans, using a reputable program from a reputable source. This is an occasion where getting help may be warranted.
- There are several services that collect reports on incidents such as this. StopBadware and SiteJabber are two prominent ones.
- Let us know, at the Apache OpenOffice project, what happened to you. If you can provide URL's, and a statement about what the software did to your system, this can help us better understand where these things are occurring and to take appropriate action. Reports can be entered in our public issue tracker.