I installed the Trackpad++ driver and it comes with malware. Do yourself a favor and DO NOT INSTALL TRACKPAD++!
This software is a Trojan Horse, which means that it actually installs a driver for touchpad, but in addition of that you get spyware and probably a rootkit.
Here is how I realized this:
- First it asks you to install "Power Plan Assistant". It is not clear why you need this software, but it does come with spyware. When you open any browser, your default search engine changes to a strange website called "search".
- Then, when you install the "Trackpad++ Installer" you are asked to approve a driver that is not signed by Microsoft. By granting rights to the installer you probably are giving kernel level privileges to this software that potentially has a rootkit. When you go to https://www.virustotal.com/, and you test this installer, it finds a virus on it.
If you did install this software, the only real fix is to reinstall Windows again. Uninstalling the software and even running an antivirus does not guarantee you that the malware is removed.
If you are not familiar with malware terminology, here are some definitions:
- Trojan horse: Software that gives you some useful functionality but in addition installs malicious code.
- Spyware: Software that steals private information from you, such as credit card information, passwords, files, etc.
- Rootkit: Software tools that allow a malicious developer to control your computer and potentially convert it to a zombie. That gives him the ability to engage in criminal activities such as denial of service attacks, spam generation and others.
I am a computer scientist so I wanted to alert of this threat to other users as I have not seen any complaints about this software on this thread.
Apple should release an official driver to give Windows users the same experience they have in the OS X.
I had posted once in this thread, so I got an email about the new message tonight. I have created this software. And since 2010 I maintain my own topic right there, right on the Apple Support Communities web site. By the way, there actually IS the large happy user community - my topic has been viewed 310,000 times, and got 865 replies so far.
In this post I am going to argue that:
- The recent post by a user Mauonline is the false information;
- The user Mauonline is, as a minimum not a computer scientist (like he claims).
OK, I have found one true statement in that post. Like Mr. Mauonline had correctly indicated, there is no negative feedback about the driver. It's natural, as the driver is very stable and is packed with rich multitouch support. Just for reference, here is what you get by installing the recent version on a Macbook Retina / Pro / Air running Windows 8.1 via Boot Camp:
1.) Windows 8.1 edge-gestures;
2.) 2-finger pinch (action: zoom in/out);
3.) 3-finger dragging (action: OS X-like dragging);
4.) Horizontal 4-finger swiping (action: back / forward);
5.) Vertical 4-finger swiping (action: minimize/restore open windows);
6.) 4-finger tap (action: middle mouse button emulation).
Another improvements over Boot Camp 5.x drivers:
- User-customizable option to ignore the accidental trackpad input when typing;
- Accelerated/natural scrolling model implemented;
- Better pointer ballistics (i.e. how a pointer speed depends on a finger speed; six optimal presets built-in).
Now, I would like to argue that Mr.Mauonline is not a computer scientist (like he claims). The computer scientist shall be aware that OpenCandy, as 'detected' by only 1 out of 48 AV engines of VirisTotal, is nothing to hide, nothing to be afraid of. In fact, some of the most trusted antivirus and antispyware makers use it during the installation. And many world-wide popular programs do. Winamp, WinSCP are the first examples I can remember. Right in the PPA installer window, OpenCandy displays a small ad which is the recommendation to install some (clean) software. You can agree or decline. You are not forced to install anything unless you agree. And, please let me emphasize, OpenCandy shows up only within the installer, and only once. By the way I can agree that it's always a good idea to check the files you download with www.virustotal.com web site. They have all the antivirus engines put altogether for a quick online check. I just re-verified and 47 of 48 AV engines detect nothing. 1 of 48 detect OpenCandy, and it's true. This is in fact directly indicated in the EULA of PPA. And 0 of 48 find anything in the driver - so where is the infection?
Finally, the so called computer scientist claims that driver not approved by Microsoft automatically assumes rootkit / infection / makes system vulnerable / etc. But isn't the mandatory driver signing requirement a feature of 64-bit Windows only? Then 32-bit Windows is completely vulnerable by design?
I suspect Apple has become worried that, with the proper driver, the Windows experience on a Macbook gets absolutely competitive to OS X, and thus Apple hired an agent who has the task of spreading the false word, to not let the people really enjoy Windows on the Mac. Because this could affect the AppStore business, which in fact generates almost the same income for Apple as the sales of Macbook hardware.
Nevertheless I (of course) do not force anybody to even try the driver. I leave it up to every lady and gentleman on this forum, to judge and make the proper decision.
First I would appreciate if you stop those personal attacks. You are the one making false accusations such as "Apple hired an agent who has the task of spreading the false word". This is an open forum and we should exchange ideas rather than attacking people.
I would suggest that a way you can prove your software does not include any malicious code indeed is by making it open source.
When I see that any software I install, changes the default search engine without my knowledge, it is not a good signal. Can you remove that?
Yes, I saw OpenCandy in the report and I was concerned about it. As you pointed out, it is an advertising software. Thus, it is up to the final user to decide if he or she is fine with it.
Finally, thanks for replying to clarify this situation to the community.
@mauonline: Hello. Sorry for being too emotional... That happened because these programs are, well, almost like the children of mine - I am constantly putting a lot of work, time and even money to maintain and improve them. A father could definitely become emotional if the children are called bastards (especially if they are not...)
Any closed source software could be considered as a potential threat, and even open source could, if it is not built by a user personally (assuming the user had examined the sources prior to compiling). Although, the compiler can be inserting backdoors and rootkits on its own, at least in theory. So, in my opinion using of any software in this world is the question of faith. My argument is VirusTotal report - 0 of 48 for T++, 1 of 48 (OpenCandy) for PPA. To repeat from my previous post, this is no surprise, and in fact I had appended OpenCandy EULA to the EULA of PPA, so a user can reject to install PPA before an ad is even displayed.
I suppose the issue with Search engine change happened because you had accidentally accepted to install the OpenCandy offer. The installer is programmed in such the way that, without the user confirmation, nothing will be installed. Although I had an option to program it in the way that the install is forced, I play fair. I do not like being forced to install anything, and I would never let other people experience the same.
Releasing as open source - I do not deny this is the future of the project. Although it is clear that opensourcing has the other side: there are issues regarding the intellectual property protection, return of investment, etc.
Hope no bad feelings there.