Linked by Anonymous Coward on Tue 6th Dec 2011 22:36 UTC
Bugs & Viruses In a recent site update, CNET Download.com listings have begun redirecting product download links for popular freeware and opensource applications to their own "downloader and installer" utility which bundles a number of adware components alongside the requested application and changes the users' homepage and default search engine to Microsoft Bing. Freeware authors are sending CNet cease and desist orders demanding virgin download links, something affected open source developers may or may not be able to do due to FOSS license terms.
Order by: Score:
Tell me it ain't so, CNET!
by benali72 on Tue 6th Dec 2011 22:42 UTC
benali72
Member since:
2008-05-03

This really bums me out. I've used CNET as a trusted site for years to download software. The changes they're making make me feel I'd better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures.

Reply Score: 4

RE: Tell me it ain't so, CNET!
by Dolphin on Tue 6th Dec 2011 22:43 UTC in reply to "Tell me it ain't so, CNET!"
Dolphin Member since:
2006-05-01

FileHippo is probably the most professional and cleanest, and only hosts the good stuff. Softpedia is also clean and good, but with a far less-curative approach, and only hosts the most popular packages themselves - other downloads will link to the authors' sites.

Edited 2011-12-06 23:00 UTC

Reply Score: 4

RE[2]: Tell me it ain't so, CNET!
by benali72 on Tue 6th Dec 2011 23:26 UTC in reply to "RE: Tell me it ain't so, CNET!"
benali72 Member since:
2008-05-03

Thanks for the good info.

Reply Score: 1

RE: Tell me it ain't so, CNET!
by WorknMan on Tue 6th Dec 2011 23:33 UTC in reply to "Tell me it ain't so, CNET!"
WorknMan Member since:
2005-11-13

This really bums me out. I've used CNET as a trusted site for years to download software.


Meh. After Gerstmanngate happened in 2007, I knew they had sold out, so I wouldn't trust those guys for shit.

Reply Score: 3

RE: Tell me it ain't so, CNET!
by Doc Pain on Tue 6th Dec 2011 23:45 UTC in reply to "Tell me it ain't so, CNET!"
Doc Pain Member since:
2006-10-08

This really bums me out. I've used CNET as a trusted site for years to download software. The changes they're making make me feel I'd better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures.


The reason why they changed them seems to be because of the users, or to be correct: for the users.

A hint is given here:

http://www.extremetech.com/computing/93504-download-com-wraps-downl...

That article also mentions that downloads starting with a cnet_ prefix provide "extra functionality". For example, if you get nmap (a well-known network exploration tool and port scanner, available on many OS platforms), you get some "extras" provided by the installer: On your PC it will install a "StartNow" toolbar, change your search engine to MICROS~1 "Bing", and also change your home page to MICROS~1's MSN. That's definitely not what you expect when installing nmap!

Obviously, installing things from source seem to be more secure, but they are not the typical thing to do on a "Windows" PC, or at least from a trusted source installing from precompiled binary packes (e. g. directly from the OS vendor or from a mirror of the initial provider of that program) - again, that's also not a typical "Windows" thing. Please note that I'm not a "Windows" person so you may see the previous sentence in exactly that context - non-judging and purely technical.

However, you often have to re-think who you trust regarding downloads and programs.

Reply Score: 3

RE[2]: Tell me it ain't so, CNET!
by lemur2 on Wed 7th Dec 2011 00:26 UTC in reply to "RE: Tell me it ain't so, CNET!"
lemur2 Member since:
2007-02-17

I too am not a Windows person. If anything, I try to side with the best interests of ordinary people.

In view of this, I note your comment: "However, you often have to re-think who you trust regarding downloads and programs."

I couldn't agree more. The problem, as I see it, in the Windows world where obfuscation of what one is being offered is the absolute norm, is that ordinary users have absolutely no way to know who they can trust.

This particular trend of middlemen like CNET taking Windows FOSS software (which once was like a badge of trustworthiness) and effectively turning it into anti-user software (malware is perhaps too strong a term) is a grave concern.

IMO, the only software one can truly trust, as an ordinary user, is FOSS software that is obtained directly from the source (it can be pre-compiled, but only if the corresponding source is also available, for vetting purposes). In the Windows 98 era I once trusted middlemen sites like CNET as a source of Windows software, but it didn't take long for them to lose my trust.

As the old saying goes: "Fool me once, shame on you. Fool me twice, shame on me".

It is such a shame that Windows users, these days, have no choice but to trust those who can't be trusted.

Reply Score: 5

Soulbender Member since:
2005-08-18

without bloated shit full of propaganda


Oh the irony.

Reply Score: 4

RE: Propaganda
by ngaio on Wed 7th Dec 2011 07:14 UTC in reply to "RE[3]: Tell me it ain't so, CNET!"
ngaio Member since:
2005-10-06

In 2008, Apple and Microsoft spent almost two billion dollars on advertising. I suspect more recent figures are higher. I don't know what their spend-up on government lobbying is.

I guess in a magic-fairy world none of that is propaganda.

Reply Score: 6

rorschach Member since:
2011-02-27

Well, at least sure I'm promoting a good cause, and not invading your HDD with crap as others do sometimes even without you noticing it.

Reply Score: 0

RE: Tell me it ain't so, CNET!
by UltraZelda64 on Wed 7th Dec 2011 07:30 UTC in reply to "Tell me it ain't so, CNET!"
UltraZelda64 Member since:
2006-12-05

This really bums me out. I've used CNET as a trusted site for years to download software. The changes they're making make me feel I'd better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures.

Just go to Download.com if that's what you're used to, find a program, and click the link the the developer's home page. Alternatively use one of the dozens of download services that people are likely to mention. Either that, or just look it up on Google and get to the author's page that way.

I haven't regularly used Download.com for probably a decade or more, and I ditched Windows back in 2006, but even then... on my last days of using them I just went to Download.com to search for new programs and went to the official website from there. I figured, it could be a good "search engine" to find programs of the type I want, and hell... if it's on Download.com, it must be safe to run and install and malware-free.

Now... it looks like that line of thinking will get Download.com users a browser hijacker and some adware. Disgusting... a huge company using their reputation-built powers and user base to shove shit down their own users' throat. If I did still use Windows... I would never use or recommend the site again. Said, because back in the late 90s it was pretty damn useful (and trustworthy).

Edited 2011-12-07 07:31 UTC

Reply Score: 6

RE[2]: Tell me it ain't so, CNET!
by Barnabyh on Wed 7th Dec 2011 19:14 UTC in reply to "RE: Tell me it ain't so, CNET!"
Barnabyh Member since:
2006-02-06

Yeah, it was really good in the late 90's and early 2000's, they actually went to great length to reassure us that their downloads are ad- and malware-free. Oh, how times have changed. Anything for a bigger buck, even betraying that carefully over more than 10 years built up trust.

Well, I suppose it's still good for reading (and leaving) reviews. Some of their downloads are quite out of date these days anyway, much better of going to the original site.

Reply Score: 2

UltraZelda64 Member since:
2006-12-05

Yep. Way back then, I used to actually trust all of the software they hosted to be tested for malware of any kind and safe for installation; otherwise it would never make it on the site. They were strict, and that's how it should be. They really cared about their service and users. No more. These days, giant dollar signs cloud their view.

I've personally never gained anything from the reviews at the site though, so I can't agree with using it to look up opinions of software. IMO, trying it out yourself is the best way... and back when Download.com was trustworthy and did their job (make sure everything was malware-free and safe for their users), the site really was good. These days... you're better off getting information about a program (at least many free and open source ones) directly from its official site; sure, they're not reviews (IMO those tend to suck anyway), but many good programs give a good overview including a description, feature list and screenshots.

I would have to agree with whoever it was that said to try MajorGeeks.com... it is a good site, and has been for quite a while.

Edited 2011-12-08 06:33 UTC

Reply Score: 2

A little late...
by galvanash on Tue 6th Dec 2011 22:46 UTC
galvanash
Member since:
2006-01-25
This is where people get our software
by ephracis on Wed 7th Dec 2011 02:33 UTC
ephracis
Member since:
2007-09-23

The worst part is that most of my downloads comes from sites like CNET, Softpedia, Nonags and the like (there's hundreds of them actually). Only a small fragment of users actually visit my website to get the software.

I try my best to tell users to only trust us (preferably with https) and use checksums to verify the software. But without these websites no one will find us.

Being a small hobby project, without any marketing budget, there's just no way to reach users without these websites. It's a shame they trick users with stuff like this, or big ads consisting of a single, big "Download" button placed directly under our name.

Reply Score: 3

ephracis Member since:
2007-09-23

Just got a mail from CNET. Appearently it will be made opt-in for us developers:


My last communication to you was shortly after we launched the Download.com Installer in late summer. At that time I asked for patience as we began work to deliver a mutually beneficial model to market.

We are on the verge of fulfilling our vision of coming to market with an installer model that delivers files faster and more efficiently to users, while enabling developers to a) opt-in to the Installer, b) influence the offers tied to their files, c) gain reporting insight into the download funnel, and d) share in the revenue generated by the installer. However, due to some press that surfaced yesterday and the potential for subsequent misinformation, I am reaching out now to address that press and to provide a progress report on the upcoming launch:

First, on the press that surfaced yesterday: a developer expressed anger and frustration about our current model and how his file was being bundled. This was a mistake on our part and we apologize to the developer and user communities for the unrest it caused. As a rule, we do not bundle open source software and in addition to taking this developers file out of the installer flow, we have gone in and re-checked all open source files in our catalog. We take feedback from our developer & user communities very seriously and take pains to both act on it and respond in a timely manner.

With that, I want to share progress made thus far: This week we will launch the alpha phase of our new installer. This alpha phase is intended to test the tech and do QA, and will roll through the next few weeks to ensure that our installer is bug free. Between this week and the end of January we will be completing the necessary engineering and administrative work to roll out our beta, which will include a small group of developers who've agreed to participate in the beta launch. Our goal is to exit beta by end of February and have the necessary systems in place to enable opt-in, influence over advertising offers (for those offers that impact your product), download funnel reporting and revenue share back to you, the developers. In the weeks/months following the full release, we will continue to iterate on the model, adding more features to the Installer and bringing greater efficiency to our own download funnel (read: increased install conversion).
The initial feedback from developers on our new model has been very positive and we are excited to bring this to the broader community as soon as possible. More communication will follow as we move into Q1, and until then, thank you for continuing to work with Download.com.

Sincerely,

-- Sean

Sean Murphy
Vice President & General Manager

Reply Score: 2

One piece of advice
by tuma324 on Wed 7th Dec 2011 06:28 UTC
tuma324
Member since:
2010-04-09

1- Always download stuff from a trusted place.

2- if you use Linux then use your distro distribution mirrors.

3- use Free Software. With Free Software at least you get to see the source code and know what the program is doing, so is unlikely that you will be infected, etc.

Edited 2011-12-07 06:28 UTC

Reply Score: 1

RE: One piece of advice
by avgalen on Wed 7th Dec 2011 11:21 UTC in reply to "One piece of advice"
avgalen Member since:
2010-09-23

2. Fully agree. That works almost perfectly for Linux and Microsoft Updates and Apple Updates and all recent appstores.

1. The problem is that download.com USED TO BE a trusted source

3. "Nobody" ever reads the source! Most people don't even read the manual and the source is complete jibberish to normal people and WAY to big and complicated for most geeks. Having the source available is a good thing but doesn't help much against problems like this

Reply Score: 3

RE: One piece of advice
by arpan on Wed 7th Dec 2011 16:45 UTC in reply to "One piece of advice"
arpan Member since:
2006-07-30

3. Ummm... did you read the article. This happened with OSS software.

Reply Score: 1

RE[2]: One piece of advice - repackaged
by jabbotts on Wed 7th Dec 2011 17:44 UTC in reply to "RE: One piece of advice"
jabbotts Member since:
2007-09-06

Technically it was re-packaged OSS hence the use of an install wrapper to bundle other crap with it. The issue is not open or closed source development models but the middle-man distributor exploiting the original developer and the end user recipient.

I agree that the OP's #3 does not apply since it was probably distributed by Download.com without the source code and because bundling a program in a wrapper is not specific to the development and licensing model of the original program.

What I would suggest for #3 is that availability of source would have resulted in this being detected far sooner if not completely detering the middle-man from trying this in the first place.

- the program source would be reviewed or, at minimum, compiled and compared to the bundled binary by someone

- the distribution packaging would be easily decompiled for review or one compiled for comparison. eg. grab the original source tarball, compile it into a .deb and see if it matched the middle-man's .deb or not.

Both of these also relate back to #1 and #2 though; a reputable distribution's repository maintainers are doing the testing and a reputable distribution can be trusted else it does not remain reputable. (I'll trust Debian's repository processes far sooner than I'll trust Gentoo's)

Reply Score: 4

People use Download.com?
by BluenoseJake on Wed 7th Dec 2011 10:04 UTC
BluenoseJake
Member since:
2005-08-11

Who knew? I thought most people Just used Google to find the software they want, then download it from the developers site.

Reply Score: 2

RE: People use Download.com?
by Arawn on Wed 7th Dec 2011 10:30 UTC in reply to "People use Download.com?"
Arawn Member since:
2005-07-13

Yes, well... they have to know who developed it... then be able to recognize the developer's site, Google results aren't as clean as they used to be...

One thing I like about DuckDuckGo is that they place the official site in first place and clearly labeled as such.

Reply Score: 3

Unfortunately...
by Arawn on Wed 7th Dec 2011 10:27 UTC
Arawn
Member since:
2005-07-13

... there are some developers that use Download.com to distribute their software.

And most people don't care the least how they get the software, they just want it. Same mentality that makes them think they're completely safe with a "Total Security" anti-malware suite...

Personally, I don't use Download.com anymore because of this crapware they distribute. Nor I download from Adobe anymore for the same reason.

One site I can recommend is MajorGeeks.com. Been a great download site for years now... lets hope it stays that way.

Reply Score: 1

Bandwidth costs?
by Brendan on Wed 7th Dec 2011 12:15 UTC
Brendan
Member since:
2005-11-16

Hi,

Just wondering who should be responsible for the cost of providing the download? Where does the money come from?

If users had to pay to download free software, um, let's just say I can't see that working too well. If people who create free software had to pay, then I'd imagine a lot of good free software projects disappearing (or shifting to shareware or something).

That only leaves charities and advertising sponsored sites. If there aren't enough donations to cover the costs, or if you're not making enough from advertisers to cover costs, what do you do then?

- Brendan

Reply Score: 2

RE: Bandwidth costs?
by Soulbender on Wed 7th Dec 2011 12:19 UTC in reply to "Bandwidth costs?"
Soulbender Member since:
2005-08-18

if you're not making enough from advertisers to cover costs, what do you do then?


Lying about why you made the changes is not the way to go though.

Reply Score: 3

RE: Bandwidth costs? - they already advertise
by jabbotts on Wed 7th Dec 2011 17:51 UTC in reply to "Bandwidth costs?"
jabbotts Member since:
2007-09-06

CNet and affilliated websites are all packed full of advertising as is download.com. They are already getting paid to run the service and should not be trying to derive even more from taking bribes to bundling crapware let alone bundling that did not involve the software's original developer. I don't like it but I can accept CCleaner's bundling of Google Chrome far easier than I can accept Download.com taking a clean CCleaner install from the original developer and bundling that with crapware.

Either way, what few things I have downloaded from download.com won't be coming from there any longer. it is now strictly only a search service now; find the program, find the developer then go fetch it from the developer's original location.

Reply Score: 3

RE: Bandwidth costs?
by Neolander on Wed 7th Dec 2011 21:13 UTC in reply to "Bandwidth costs?"
Neolander Member since:
2010-03-08

If only it was just software... The whole digital world currently seems to have broken economics.

One of the main reasons why I'm studying physics and not CS is that I hardly saw a worthwhile professional future in the later, outside of very few interesting academia positions.

Edited 2011-12-07 21:13 UTC

Reply Score: 1

They lost me as a customer
by tjsooley on Wed 7th Dec 2011 12:38 UTC
tjsooley
Member since:
2010-06-30

I have used them for years and even purchased software by there recommendations. No longer Cnet you f***ed this up and I am no longer a customer.

Reply Score: 1

adware? How about malware.
by TechGeek on Wed 7th Dec 2011 15:59 UTC
TechGeek
Member since:
2006-01-14

I wish the author of this blurb hadn't used the word adware. This is clearly Malware. Its detected as malware by virus scanners. I know its a subtle difference. But calling it adware down plays the seriousness of the problem.

Reply Score: 2

RE: adware? How about malware.
by arpan on Wed 7th Dec 2011 16:47 UTC in reply to "adware? How about malware."
arpan Member since:
2006-07-30

It's not a subtle difference, it's a huge difference. Adware are apps that I install and that show ads. Malware are apps that can cause harm.

Reply Score: 2

Will speed up Windows store update
by djrikki on Wed 7th Dec 2011 23:00 UTC
djrikki
Member since:
2011-09-02

Opt-in or Opt-out it doesn't matter. All these major download sites will be doomed and irrelevant once the Windows Store gets into full swing.

Reply Score: 1

Download.com "apologises" for bundling
by lemur2 on Fri 9th Dec 2011 04:17 UTC
lemur2
Member since:
2007-02-17

http://www.h-online.com/open/news/item/Download-com-apologises-for-...

"The bundling of this software was a mistake on our part and we apologize to the user and developer communities for the unrest it caused" said Murphy, adding that the company had "reviewed all open source files in our catalog to ensure none are being bundled".

Meh. I don't use Windows anyway, and I would shun CNET's download.com site if I were.

Reply Score: 2