Discovered AVG Secure Search today when I installed the trial version of WinZip on a laptop that I only intend to use temporarily. There seems to be some controversy over whether AVG Secure Search actually qualifies as "malware". I understand why some think it's not: AVG appears to be a legitimate company, the software does not seem to be harmful (and may even be beneficial for users who want it), and although I have not verified this myself, I am told that it's all there in the EULA/fine print/options of the software you are installing.
But here's why this little shit of a browser extension is malware anyway: It conceals itself deep in the fine print, piggy-backing on other software (and software that I, for one, generally consider to be trustworthy, to boot! Or did, at least, until today), and -- and this is the most important part -- it deliberately makes itself difficult to uninstall.
It installed itself on Chrome in no less than three ways, each of which in and of itself would have been sufficient for Secure Search's functionality: As my default search engine, as the default page that loads when you open a new tab, and as a browser extension. That's just absurd! And if you don't believe there's a problem, just do a little Googling (maybe even using AVG Secure Search, eh?) to see just how many links there are saying "I tried everything to uninstall AVG Secure Search and it's still there! Help!"
I would argue that if AVG were trying to conduct business in good faith, on the search page that loads there would be an option to uninstall, and it would do all the clean-up for you. Failing that, having it as just the default search engine, or just an extension, or whatever, would at least be reasonable. The fact that I tried two different ways of uninstalling it with no results... well, that kinda makes it malware.
Side note: For uninstalling this little leech from Chrome, there are excellent instructions here. Actually, those instructions would probably apply to cleaning out any sort of bullshit lying douchebags from Chrome.
Update: Please see the comment below from Jon Meyer with AVG Customer Care. The company does seem to be taking these complaints seriously, and to their credit they are resisting the temptation to simply take the "If you didn't read the EULA, then fuck you, it's user error" approach. They say the next version will include an uninstall button. While I'm still not crazy about the stealth bundling with WinZip, it was the combination stealth-install/tricky-uninstall that for me crossed the threshold of "malware". If they follow through with the simple uninstall button, I retract the accusation.