OSNews: http://www.osnews.com/story/25400/Download_com_Bundling_Adware_with_OSS_Downloads Exploring the Future of Computing en-us Copyright 2001-2013, David Adams adam+nospam@osnews.com Sat, 18 May 2013 17:31:47 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Tell me it ain't so, CNET! http://www.osnews.com/thread?499199 http://www.osnews.com/thread?499199 This really bums me out. I've used CNET as a trusted site for years to download software. The changes they're making make me feel I'd better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures. Tue, 06 Dec 2011 22:42:00 GMT donotreply@osnews.com (benali72) Comments RE: Tell me it ain't so, CNET! http://www.osnews.com/thread?499201 http://www.osnews.com/thread?499201 FileHippo is probably the most professional and cleanest, and only hosts the good stuff. Softpedia is also clean and good, but with a far less-curative approach, and only hosts the most popular packages themselves - other downloads will link to the authors' sites.Edited 2011-12-06 23:00 UTC Tue, 06 Dec 2011 22:43:00 GMT donotreply@osnews.com (Dolphin) Comments A little late... http://www.osnews.com/thread?499202 http://www.osnews.com/thread?499202 The "recent site update" was back in July...

http://www.extremetech.com/computing/93504-download-com-wraps-downl...

http://cnet-upload.custhelp.com/app/answers/detail/a_id/2064 Edited 2011-12-06 22:48 UTC Tue, 06 Dec 2011 22:46:00 GMT donotreply@osnews.com (galvanash) Comments RE[2]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499210 http://www.osnews.com/thread?499210 Thanks for the good info. Tue, 06 Dec 2011 23:26:00 GMT donotreply@osnews.com (benali72) Comments RE: Tell me it ain't so, CNET! http://www.osnews.com/thread?499216 http://www.osnews.com/thread?499216
This really bums me out. I've used CNET as a trusted site for years to download software.


Meh. After Gerstmanngate happened in 2007, I knew they had sold out, so I wouldn't trust those guys for shit. Tue, 06 Dec 2011 23:33:00 GMT donotreply@osnews.com (WorknMan) Comments RE: Tell me it ain't so, CNET! http://www.osnews.com/thread?499219 http://www.osnews.com/thread?499219
This really bums me out. I've used CNET as a trusted site for years to download software. The changes they're making make me feel I'd better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures.


The reason why they changed them seems to be because of the users, or to be correct: for the users.

A hint is given here:

http://www.extremetech.com/computing/93504-download-com-wraps-downl...

That article also mentions that downloads starting with a cnet_ prefix provide "extra functionality". For example, if you get nmap (a well-known network exploration tool and port scanner, available on many OS platforms), you get some "extras" provided by the installer: On your PC it will install a "StartNow" toolbar, change your search engine to MICROS~1 "Bing", and also change your home page to MICROS~1's MSN. That's definitely not what you expect when installing nmap!

Obviously, installing things from source seem to be more secure, but they are not the typical thing to do on a "Windows" PC, or at least from a trusted source installing from precompiled binary packes (e. g. directly from the OS vendor or from a mirror of the initial provider of that program) - again, that's also not a typical "Windows" thing. Please note that I'm not a "Windows" person so you may see the previous sentence in exactly that context - non-judging and purely technical.

However, you often have to re-think who you trust regarding downloads and programs. Tue, 06 Dec 2011 23:45:00 GMT donotreply@osnews.com (Doc Pain) Comments RE[2]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499227 http://www.osnews.com/thread?499227 I too am not a Windows person. If anything, I try to side with the best interests of ordinary people.

In view of this, I note your comment: "However, you often have to re-think who you trust regarding downloads and programs."

I couldn't agree more. The problem, as I see it, in the Windows world where obfuscation of what one is being offered is the absolute norm, is that ordinary users have absolutely no way to know who they can trust.

This particular trend of middlemen like CNET taking Windows FOSS software (which once was like a badge of trustworthiness) and effectively turning it into anti-user software (malware is perhaps too strong a term) is a grave concern.

IMO, the only software one can truly trust, as an ordinary user, is FOSS software that is obtained directly from the source (it can be pre-compiled, but only if the corresponding source is also available, for vetting purposes). In the Windows 98 era I once trusted middlemen sites like CNET as a source of Windows software, but it didn't take long for them to lose my trust.

As the old saying goes: "Fool me once, shame on you. Fool me twice, shame on me".

It is such a shame that Windows users, these days, have no choice but to trust those who can't be trusted. Wed, 07 Dec 2011 00:26:00 GMT donotreply@osnews.com (lemur2) Comments This is where people get our software http://www.osnews.com/thread?499243 http://www.osnews.com/thread?499243 The worst part is that most of my downloads comes from sites like CNET, Softpedia, Nonags and the like (there's hundreds of them actually). Only a small fragment of users actually visit my website to get the software.

I try my best to tell users to only trust us (preferably with https) and use checksums to verify the software. But without these websites no one will find us.

Being a small hobby project, without any marketing budget, there's just no way to reach users without these websites. It's a shame they trick users with stuff like this, or big ads consisting of a single, big "Download" button placed directly under our name. Wed, 07 Dec 2011 02:33:00 GMT donotreply@osnews.com (ephracis) Comments RE[2]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499247 http://www.osnews.com/thread?499247 DO NOT USE WINDOWS, as easy as it is. Learn to compile an app, read some tech stuff, it opens your mind, you CAN NOT trust anyone in this days. Do yourself a favor and use OSS (mainly at OS level, without bloated shit full of propaganda) as much as you can ;) Wed, 07 Dec 2011 04:17:00 GMT donotreply@osnews.com (rorschach) Comments RE[3]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499253 http://www.osnews.com/thread?499253
without bloated shit full of propaganda


Oh the irony. Wed, 07 Dec 2011 06:18:00 GMT donotreply@osnews.com (Soulbender) Comments One piece of advice http://www.osnews.com/thread?499254 http://www.osnews.com/thread?499254 1- Always download stuff from a trusted place.

2- if you use Linux then use your distro distribution mirrors.

3- use Free Software. With Free Software at least you get to see the source code and know what the program is doing, so is unlikely that you will be infected, etc.Edited 2011-12-07 06:28 UTC Wed, 07 Dec 2011 06:28:00 GMT donotreply@osnews.com (tuma324) Comments RE: Propaganda http://www.osnews.com/thread?499257 http://www.osnews.com/thread?499257 In 2008, Apple and Microsoft spent almost two billion dollars on advertising. I suspect more recent figures are higher. I don't know what their spend-up on government lobbying is.

I guess in a magic-fairy world none of that is propaganda. Wed, 07 Dec 2011 07:14:00 GMT donotreply@osnews.com (ngaio) Comments RE: Tell me it ain't so, CNET! http://www.osnews.com/thread?499259 http://www.osnews.com/thread?499259
This really bums me out. I've used CNET as a trusted site for years to download software. The changes they're making make me feel I'd better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures.

Just go to Download.com if that's what you're used to, find a program, and click the link the the developer's home page. Alternatively use one of the dozens of download services that people are likely to mention. Either that, or just look it up on Google and get to the author's page that way.

I haven't regularly used Download.com for probably a decade or more, and I ditched Windows back in 2006, but even then... on my last days of using them I just went to Download.com to search for new programs and went to the official website from there. I figured, it could be a good "search engine" to find programs of the type I want, and hell... if it's on Download.com, it must be safe to run and install and malware-free.

Now... it looks like that line of thinking will get Download.com users a browser hijacker and some adware. Disgusting... a huge company using their reputation-built powers and user base to shove shit down their own users' throat. If I did still use Windows... I would never use or recommend the site again. Said, because back in the late 90s it was pretty damn useful (and trustworthy).Edited 2011-12-07 07:31 UTC Wed, 07 Dec 2011 07:30:00 GMT donotreply@osnews.com (UltraZelda64) Comments People use Download.com? http://www.osnews.com/thread?499268 http://www.osnews.com/thread?499268 Who knew? I thought most people Just used Google to find the software they want, then download it from the developers site. Wed, 07 Dec 2011 10:04:00 GMT donotreply@osnews.com (BluenoseJake) Comments Unfortunately... http://www.osnews.com/thread?499270 http://www.osnews.com/thread?499270 ... there are some developers that use Download.com to distribute their software.

And most people don't care the least how they get the software, they just want it. Same mentality that makes them think they're completely safe with a "Total Security" anti-malware suite...

Personally, I don't use Download.com anymore because of this crapware they distribute. Nor I download from Adobe anymore for the same reason.

One site I can recommend is MajorGeeks.com. Been a great download site for years now... lets hope it stays that way. Wed, 07 Dec 2011 10:27:00 GMT donotreply@osnews.com (Arawn) Comments RE: People use Download.com? http://www.osnews.com/thread?499271 http://www.osnews.com/thread?499271 Yes, well... they have to know who developed it... then be able to recognize the developer's site, Google results aren't as clean as they used to be...

One thing I like about DuckDuckGo is that they place the official site in first place and clearly labeled as such. Wed, 07 Dec 2011 10:30:00 GMT donotreply@osnews.com (Arawn) Comments RE: One piece of advice http://www.osnews.com/thread?499277 http://www.osnews.com/thread?499277 2. Fully agree. That works almost perfectly for Linux and Microsoft Updates and Apple Updates and all recent appstores.

1. The problem is that download.com USED TO BE a trusted source

3. "Nobody" ever reads the source! Most people don't even read the manual and the source is complete jibberish to normal people and WAY to big and complicated for most geeks. Having the source available is a good thing but doesn't help much against problems like this Wed, 07 Dec 2011 11:21:00 GMT donotreply@osnews.com (avgalen) Comments Bandwidth costs? http://www.osnews.com/thread?499280 http://www.osnews.com/thread?499280 Hi,

Just wondering who should be responsible for the cost of providing the download? Where does the money come from?

If users had to pay to download free software, um, let's just say I can't see that working too well. If people who create free software had to pay, then I'd imagine a lot of good free software projects disappearing (or shifting to shareware or something).

That only leaves charities and advertising sponsored sites. If there aren't enough donations to cover the costs, or if you're not making enough from advertisers to cover costs, what do you do then?

- Brendan Wed, 07 Dec 2011 12:15:00 GMT donotreply@osnews.com (Brendan) Comments RE: Bandwidth costs? http://www.osnews.com/thread?499283 http://www.osnews.com/thread?499283
if you're not making enough from advertisers to cover costs, what do you do then?


Lying about why you made the changes is not the way to go though. Wed, 07 Dec 2011 12:19:00 GMT donotreply@osnews.com (Soulbender) Comments They lost me as a customer http://www.osnews.com/thread?499285 http://www.osnews.com/thread?499285 I have used them for years and even purchased software by there recommendations. No longer Cnet you f***ed this up and I am no longer a customer. Wed, 07 Dec 2011 12:38:00 GMT donotreply@osnews.com (tjsooley) Comments RE[4]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499298 http://www.osnews.com/thread?499298 Well, at least sure I'm promoting a good cause, and not invading your HDD with crap as others do sometimes even without you noticing it. Wed, 07 Dec 2011 14:42:00 GMT donotreply@osnews.com (rorschach) Comments adware? How about malware. http://www.osnews.com/thread?499301 http://www.osnews.com/thread?499301 I wish the author of this blurb hadn't used the word adware. This is clearly Malware. Its detected as malware by virus scanners. I know its a subtle difference. But calling it adware down plays the seriousness of the problem. Wed, 07 Dec 2011 15:59:00 GMT donotreply@osnews.com (TechGeek) Comments RE: One piece of advice http://www.osnews.com/thread?499306 http://www.osnews.com/thread?499306 3. Ummm... did you read the article. This happened with OSS software. Wed, 07 Dec 2011 16:45:00 GMT donotreply@osnews.com (arpan) Comments RE: adware? How about malware. http://www.osnews.com/thread?499307 http://www.osnews.com/thread?499307 It's not a subtle difference, it's a huge difference. Adware are apps that I install and that show ads. Malware are apps that can cause harm. Wed, 07 Dec 2011 16:47:00 GMT donotreply@osnews.com (arpan) Comments RE[2]: One piece of advice - repackaged http://www.osnews.com/thread?499312 http://www.osnews.com/thread?499312 Technically it was re-packaged OSS hence the use of an install wrapper to bundle other crap with it. The issue is not open or closed source development models but the middle-man distributor exploiting the original developer and the end user recipient.

I agree that the OP's #3 does not apply since it was probably distributed by Download.com without the source code and because bundling a program in a wrapper is not specific to the development and licensing model of the original program.

What I would suggest for #3 is that availability of source would have resulted in this being detected far sooner if not completely detering the middle-man from trying this in the first place.

- the program source would be reviewed or, at minimum, compiled and compared to the bundled binary by someone

- the distribution packaging would be easily decompiled for review or one compiled for comparison. eg. grab the original source tarball, compile it into a .deb and see if it matched the middle-man's .deb or not.

Both of these also relate back to #1 and #2 though; a reputable distribution's repository maintainers are doing the testing and a reputable distribution can be trusted else it does not remain reputable. (I'll trust Debian's repository processes far sooner than I'll trust Gentoo's) Wed, 07 Dec 2011 17:44:00 GMT donotreply@osnews.com (jabbotts) Comments RE: Bandwidth costs? - they already advertise http://www.osnews.com/thread?499314 http://www.osnews.com/thread?499314 CNet and affilliated websites are all packed full of advertising as is download.com. They are already getting paid to run the service and should not be trying to derive even more from taking bribes to bundling crapware let alone bundling that did not involve the software's original developer. I don't like it but I can accept CCleaner's bundling of Google Chrome far easier than I can accept Download.com taking a clean CCleaner install from the original developer and bundling that with crapware.

Either way, what few things I have downloaded from download.com won't be coming from there any longer. it is now strictly only a search service now; find the program, find the developer then go fetch it from the developer's original location. Wed, 07 Dec 2011 17:51:00 GMT donotreply@osnews.com (jabbotts) Comments RE[2]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499320 http://www.osnews.com/thread?499320 Yeah, it was really good in the late 90's and early 2000's, they actually went to great length to reassure us that their downloads are ad- and malware-free. Oh, how times have changed. Anything for a bigger buck, even betraying that carefully over more than 10 years built up trust.

Well, I suppose it's still good for reading (and leaving) reviews. Some of their downloads are quite out of date these days anyway, much better of going to the original site. Wed, 07 Dec 2011 19:14:00 GMT donotreply@osnews.com (Barnabyh) Comments RE: Bandwidth costs? http://www.osnews.com/thread?499326 http://www.osnews.com/thread?499326 If only it was just software... The whole digital world currently seems to have broken economics.

One of the main reasons why I'm studying physics and not CS is that I hardly saw a worthwhile professional future in the later, outside of very few interesting academia positions.Edited 2011-12-07 21:13 UTC Wed, 07 Dec 2011 21:13:00 GMT donotreply@osnews.com (Neolander) Comments RE: This is where people get our software http://www.osnews.com/thread?499333 http://www.osnews.com/thread?499333 Just got a mail from CNET. Appearently it will be made opt-in for us developers:


My last communication to you was shortly after we launched the Download.com Installer in late summer. At that time I asked for patience as we began work to deliver a mutually beneficial model to market.

We are on the verge of fulfilling our vision of coming to market with an installer model that delivers files faster and more efficiently to users, while enabling developers to a) opt-in to the Installer, b) influence the offers tied to their files, c) gain reporting insight into the download funnel, and d) share in the revenue generated by the installer. However, due to some press that surfaced yesterday and the potential for subsequent misinformation, I am reaching out now to address that press and to provide a progress report on the upcoming launch:

First, on the press that surfaced yesterday: a developer expressed anger and frustration about our current model and how his file was being bundled. This was a mistake on our part and we apologize to the developer and user communities for the unrest it caused. As a rule, we do not bundle open source software and in addition to taking this developers file out of the installer flow, we have gone in and re-checked all open source files in our catalog. We take feedback from our developer & user communities very seriously and take pains to both act on it and respond in a timely manner.

With that, I want to share progress made thus far: This week we will launch the alpha phase of our new installer. This alpha phase is intended to test the tech and do QA, and will roll through the next few weeks to ensure that our installer is bug free. Between this week and the end of January we will be completing the necessary engineering and administrative work to roll out our beta, which will include a small group of developers who've agreed to participate in the beta launch. Our goal is to exit beta by end of February and have the necessary systems in place to enable opt-in, influence over advertising offers (for those offers that impact your product), download funnel reporting and revenue share back to you, the developers. In the weeks/months following the full release, we will continue to iterate on the model, adding more features to the Installer and bringing greater efficiency to our own download funnel (read: increased install conversion).
The initial feedback from developers on our new model has been very positive and we are excited to bring this to the broader community as soon as possible. More communication will follow as we move into Q1, and until then, thank you for continuing to work with Download.com.

Sincerely,

-- Sean

Sean Murphy
Vice President & General Manager
 Wed, 07 Dec 2011 22:33:00 GMT donotreply@osnews.com (ephracis) Comments Will speed up Windows store update http://www.osnews.com/thread?499337 http://www.osnews.com/thread?499337 Opt-in or Opt-out it doesn't matter. All these major download sites will be doomed and irrelevant once the Windows Store gets into full swing. Wed, 07 Dec 2011 23:00:00 GMT donotreply@osnews.com (djrikki) Comments RE[3]: Tell me it ain't so, CNET! http://www.osnews.com/thread?499381 http://www.osnews.com/thread?499381 Yep. Way back then, I used to actually trust all of the software they hosted to be tested for malware of any kind and safe for installation; otherwise it would never make it on the site. They were strict, and that's how it should be. They really cared about their service and users. No more. These days, giant dollar signs cloud their view.

I've personally never gained anything from the reviews at the site though, so I can't agree with using it to look up opinions of software. IMO, trying it out yourself is the best way... and back when Download.com was trustworthy and did their job (make sure everything was malware-free and safe for their users), the site really was good. These days... you're better off getting information about a program (at least many free and open source ones) directly from its official site; sure, they're not reviews (IMO those tend to suck anyway), but many good programs give a good overview including a description, feature list and screenshots.

I would have to agree with whoever it was that said to try MajorGeeks.com... it is a good site, and has been for quite a while.Edited 2011-12-08 06:33 UTC Thu, 08 Dec 2011 06:32:00 GMT donotreply@osnews.com (UltraZelda64) Comments Download.com "apologises" for bundling http://www.osnews.com/thread?499500 http://www.osnews.com/thread?499500 http://www.h-online.com/open/news/item/Download-com-apologises-for-...

"The bundling of this software was a mistake on our part and we apologize to the user and developer communities for the unrest it caused" said Murphy, adding that the company had "reviewed all open source files in our catalog to ensure none are being bundled".

Meh. I don't use Windows anyway, and I would shun CNET's download.com site if I were. Fri, 09 Dec 2011 04:17:00 GMT donotreply@osnews.com (lemur2) Comments