Download.com Bundling Adware With Free Software

← Back to Stories (view on slashdot.org)

Download.com Bundling Adware With Free Software

Posted by Unknown on Monday December 5, 2011 @10:15PM from the install-our-useful-toolbar dept.

Zocalo writes "In a post to the Nmap Hackers list Nmap author Fyodor accuses Download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings, and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either."

20 of 228 comments (clear)

Min score:

Reason:

Sort:

This is news? by Anonymous Coward · 2011-12-05 22:18 · Score: 5, Insightful

Download.com have always done this... I thought this was how they funded the site.
1. Re:This is news? by geekmux · 2011-12-05 22:31 · Score: 5, Interesting
  
  Download.com have always done this... I thought this was how they funded the site.
  This may be true, but doesn't shadow the efforts of those irritated enough to stand up and say something. Hats off to Fyodor for bringing it to light in hopes that things change.
  And as knowledgeable as the average user has (been forced to) become about spyware and malware, Download.com should listen, because it's obviously not just those uploading content that keeps them in business. Let's hope they don't react and generate that stench of arrogance around themselves, not unlike many large businesses today that think they're "too big to fail", and could care less what their customers think.
2. Re:This is news? by Anonymous Coward · 2011-12-05 22:53 · Score: 5, Interesting
  
  Yes it is news for me.
  I submitted something I wrote a while back and it used to offer the file the way I uploaded it. I just checked and sure enough my download is now wrapped in a Cnet installer. Now I need to dig out my account info and remove my software listing because this is fucking BULLSHIT!
  Thanks Slashdot for pointing this out.
3. Re:This is news? by Zocalo · 2011-12-05 23:00 · Score: 5, Informative
  
  Yes, they have, or at least it seems like it. The difference this time is that in addition to an abuse of the registered Nmap trademark Fyodor also has them in a clear breach of the NMAP licensing Ts&Cs and it appears he's willing to try and pursue the matter through the courts. I did have a strapline on the original submission to the effect that he was looking for a good US based copyright lawyer, but it appears that the Slashdot editors decided that wasn't an important part of the story.
  
  --
  UNIX? They're not even circumcised! Savages!
4. Re:This is news? by hairyfeet · 2011-12-05 23:19 · Score: 5, Informative
  
  Sorry but this is old new and why most of us builders have been avoiding CNet like the clap for awhile. I'd loved to see their before and after website visits stats because i wouldn't be surprised if many are doing like me and the instant they see the article is on CNet closing the tab.
  For those that need that "80%" software, the stuff you pretty much install on every system? Let old Hairy introduce to a really nice place with a weird name...Ninite. it has all the latest versions of the software everyone installs, your flash, codec packs, VLC, LibreOffice, several AV and antimal to choose from, and NO TOOLBARS are allowed, no crapware, just the program you want pre-packaged as an unattended installer that's as simple as "clicky clicky" and let her run. great for not only new builds but when you need to help someone who lives a good distance away who is having trouble or doesn't know where to find the above basics.
  I used to swing by CNet all the time back in the day but since i don't support spammers and spyware pushers they can go pound sand. With ninite all the basics are covered and if you can think of others you'd like just drop their name in the suggestion box and they'll add the most popular choices to the list. I suggested Klite with MPC and voila! There it is, and more popular apps are being added all the time. Enjoy folks!
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
5. Re:This is news? by Anonymous Coward · 2011-12-05 23:27 · Score: 5, Informative
  
  If anybody else wants to remove their software as well then you need to contact support to delist from Download.com/Upload.com
  They will respond with something like:
  
  Thank you for contacting CNET Upload.com. There are several ways to opt-out:
  - Premium subscription
  - PPD
  But if you insist they will remove your listing. Fucking scammers!
6. Re:This is news? by buchner.johannes · 2011-12-05 23:54 · Score: 5, Informative
  
  If your logo or name is a trademark, yes. That's why no distribution can redistribute a modified Firefox with the same name & logo.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
7. Re:This is news? by Entropy98 · 2011-12-06 00:24 · Score: 5, Informative
  
  Cnet is only bundling their adware with programs uploaded since they started bundling.
  I've got a program listed there, its not bundled.
  If I upload a new version they are going to bundle it with their crapware.
  So I'm not uploading a new version, ever.
  They told uploaders what they were going to do with their program, they don't agree to your terms and conditions, you agree to theirs.
  Remove your program from their site and go elsewhere.
8. Re:This is news? by subreality · 2011-12-06 00:49 · Score: 5, Informative
  
  Thank you for Ninite. It will unsuck my life considerably.
9. Re:This is news? by kvvbassboy · 2011-12-06 01:19 · Score: 5, Informative
  
  I like FileHippo more. It has a bigger collection than ninite, and it tracks both stable and beta versions of most free software and freeware on Windows. They also have a useful (and a completely optional download) update utility that checks if there are any updates available for software on your computer. If yes, you can let it update from their website. It's pretty awesome, all in all.
10. Re:This is news? by Anonymous Coward · 2011-12-06 01:20 · Score: 5, Informative
  
  The new installer is a "derivative work", and you can specify that derivative works must not use the original trademarks. Mozilla and RedHat are both very strict about this: the source is open and free and all but you keep their name out of your modified stuff.
11. Re:This is news? by icebraining · 2011-12-06 04:03 · Score: 5, Interesting
  
  Just send them a DMCA takedown notice. If the system exists you might as well use it.
  
  --
  Dilbert RSS feed
12. Re:This is news? by Cederic · 2011-12-06 05:37 · Score: 5, Insightful
  
  Honestly, the whole story is nonsense created an a very ignorant person. Free software was never intended to keep programmers from making a living
  Sorry but no. The whole story is a very real warning to a user community that a large company is acting in an unethical and immoral manner by trading on the name and reputation of someone else.
  Making money through advertising on the download site isn't causing any problem. Pretending to offer Fyodor's downloader while in fact seeking to install other software is a trojan attack and bad behaviour no matter how you look at it.
  Calling this nonsense fails to understand the key issue and misrepresents both the complaint, and the complainant.
Go to the software producer's site by mirix · 2011-12-05 22:29 · Score: 5, Insightful

It's rather mindboggling that a decade into the 21st century, people are still going to third party download outfits like this.
Maybe someone wants to enlighten me as to why... I'm not coming up with much.

--
Sent from my PDP-11
1. Re:Go to the software producer's site by fsckmnky · 2011-12-05 22:38 · Score: 5, Insightful
  
  There are a few reasons software repositories are popular that I can think of off the top of my head.
  
  Much like an "app store" for smart phone apps, its convenient to have 1 place to go to look for an app, when you have general requirements or a specific type of app in mind, and not so much a specific app.
  
  People are creatures of habit, and once they learn how to use the download.com ( or some other site like freshmeat.net ) interface, they just return to it out of habit, and the fact that they already know how to search and navigate the site.
  
  As for why developers use sites like this, the visibility factor comes into play. Since the repositories have a returning user base, the app becomes that much more visible, as opposed to getting lost in search engine results.
  
  Another incentive for small developers, is the bandwidth. They dont have to manage the large amount of bandwidth required to deliver apps, the repository does this. They also don't have to pay for a commercial ISP account that allows them to run servers, as most residential account agreements forbid the operation of servers ( although only in agreement, not necessarily technically prevented. )
2. Re:Go to the software producer's site by Neil+Boekend · 2011-12-05 22:40 · Score: 5, Interesting
  
  I liked it years ago. They made it easy to search for a function and get a list of windows software that did it. Back then I usually couldn't find who made software that did what I needed done. I coudn't go to the software producer's site, because I didn't know who he was. Now I just google around a bit, search some forums and hope for the best.
  In my eyes they already screwed up when they allowed sw developers to promote the features of the full (paid) version in the description of the free version without any indication the free version didn't include the feature.
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
easy way to bypass by sdnoob · 2011-12-05 22:38 · Score: 5, Informative

add &dlm=0 to the end of the 'your download is starting' page url..
1 go to a program's page
2. click download now
3. do not download the file that starts cnet_ or cnet2_ (if it doesn't start with cnet it's ok)
4. add the &dlm=0 to the url in the address bar after the spi=whatever junk
enjoy the direct download.. and go to the source next time..or try filehippo or softpedia (either one with your adblocker running)
Rapidshare by sakdoctor · 2011-12-05 23:12 · Score: 5, Interesting

Rapidshare, for that authentic 90s warez feel.
Not hosting your own files, or torrents for larger stuff, looks about as professional as a hotmail address on a business card.
Re:Nothing new. by WoodSmoke · 2011-12-05 23:58 · Score: 5, Informative

Fyodor actually *DOES* host the installer. He never gave them permission to repackage it. In fact, the software license prohibits this explicitly. From the article: "This is exactly why Nmap isn't under the plain GPL. Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't)." So yeah, I can blame them. If you read the fucking article you would know this. p.s. Yes, I said that the parent should have read the article. No, I am not new here, but that doesn't mean that I, or anyone else, should tolerate willfully uninformed bullshit spouting.
Re:Downloading free software is theft by phrostie · 2011-12-06 00:24 · Score: 5, Funny

but are they required now to gpl the virus and adware?