We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. Join us for the fun!
Braver women and men than I.
We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. Join us for the fun!
Braver women and men than I.
Why am I not surprised? Whenever I see a download.com link I avoid it like the plague…
In the “old days” there were plenty of honest download sites that vetted software for viruses or spyware. Are those places all gone now?
That’s a broad brush. So no Open Office, GIMP, or Mozilla Firefox. Nothing open source. Better stay the hell away from Linux or any other “free download” operating systems…
I just read this by the author in the comments:
I mean SourceForge is bundling now. You can’t even trust them.
Maybe things are much worse now than they used to be?
I guess by “freeware download recommendations” they were referring to sites like download.com, chip.de, etc. which always contain a bunch of crap. I don’t think they have anything against going to the home pages of the software in question and downloading them from there.
Of course, it begs the question: how do you find good freeware stuff if you cannot trust the recommender sites? Maybe there is an easy answer for that, but I don’t know; been some time since I last used Windows.
Edited 2015-01-13 15:45 UTC
You go to https://ninite.com/ and install from there. I realise that people are going to comment that you shouldn’t trust sites like that, but try it out in a virtual if you want to be safe or don’t trust me. This site makes installing high quality freeware awesomely easy and has been entirely safe during the years that I have been using it
Want something even more mind-blowingly awesome?
Try out https://chocolatey.org/
Someone pointed me to this a while back and while I don’t use it regularly, it is pure awesome. I need to install it on friends and family machines to ease their installation woes whenever they need some software.
It doesn’t http://en.wikipedia.org/wiki/Begging_the_question
…
“Freeware” and “free software” are NOT the same thing. Learn the differences. Unless I am misunderstanding you. All the software you mentioned, you would be safer just downloading from each program’s respective site. Yeah, it’s not as convenient, but at least you wouldn’t risk some third party like CNet/Download.com hijacking the installer to load your system with a bunch of crap.
Edited 2015-01-13 19:34 UTC
Most of your post is off, as others have pointed out freeware vs free softwere,etc. But Yeah, stay away from sourceforge downloads crap bundling is going on there too. For myself, I just download the source and build off it to avoid the crap ( if I absolutely need something there).
yeah very disappointed to see Sourceforge infected with the same crap
yeah im afraid so, even sourceforge.net is starting to get infected with the same crap, i was really suprised on my last visit to be offered the sourceforge downloader and some other bundled crap.
I was really disappointed as ive held Sourceforge in high regard for a long time.
Let an old greybeard PC builder help y’all out, a single site for the most used programs INCLUDING your FOSS Windows programs like LO and Gimp and best of all 100% spyware and toolbar free, it even automates multiple installs to a single click!
https://ninite.com/
You combine Ninite with WSUS Offline and you can take any Tiger kit and turn it into a fully loaded Windows machine in less than an hour and a half, start to finish. It’ll be fully patched, have a full free AV, browser, codecs, everything your friend/family member/customer will need OOTB ready to go, no hassle no fuss.
This is a common problem. A lot of people bring me infected Windows machines that got blogged down by malware from places like Download.com, SourceForge.net or similar sites.
Often times these people were smart enough to know that VLC or Firefox or LibreOffice were good applications to have. They type a search into Google and get a link to a freeware download site as the first result, download the software and run through the installer. It all looks perfectly normal to them.
It’s really frustrating for a lot of non-techie people because they downloaded the software recommended to them and the installer infected their computer. This puts people off the application (VLC, Firefox, etc) because they then associate the program with malware.
Frankly, I blame Google for putting links to infected installers above links to the upstream downloads. Searches for VLC or LibreOffice should always put the official websites above freeware download sites, in my opinion.
Yes
And same problem for drivers or reviews of products.
When you type the product model and review into a search engine, 90 percent of the links are reseller url’s with fake or non-existing reviews.
Windows drivers are even worse, you’ll never going to find the link to the original manufacturer where you can download the latest drivers but you get crapware sites where you can become a ‘member’.
Too much money to be made…
Agree that Google bares some responsibility for its SERPs, but it doesn’t end there. You would think that one of the many download sites would avoid payloading of scamware.
But it gets worse… Everyone of these sites is also flooded with poor quality ads that are themselves downloads to more scamware, but for the less initiated, they could easily be duped. (Often the advertisers create ads to specifically look like the site’s download links… Often still, the site itself will be designed that the ads are more prominent than the download links to increase their clickthroughs…)
Even sites like Bleepingcomputer.com (which as far as I am aware still has clean, quality downloads) is overburdened with crappy ads for downloads that will likely do the opposite of what you were hoping to download in the first place. (Hell, this story has those ads/links too.)
With download sites as popular as they are, it seems one of them would stand up and out and insist that any ads to this crapware not be allowed, insist ads not have “Start Download Now” links that look like the site, and make their own design and links to downloads very clear and easy to follow. But you’d be hard-pressed to find one of them…
Duckduckgo does this. Google probably does it based on ad revenue.
So this reminds me, at my previous job, a co-worker was talking to a client (mind you the clients were credit unions) and suggested that she do a search for Firefox, and she found something like mozilla-download.org, or something, and he told her to download it and install it. I pretty much freaked out on him and told him to have her stop and download it from mozilla.org, but it was too late. The installer asked if she wanted to install a bunch of bundled crap, which I know for a fact the stock Firefox installer didn’t do…
So even IT people do stupid crap like that.
Yes, I too know of It support staff who direct people to these phishing sites, some do it out of ignorance others do it knowingly. I once got sent to a fake apple site by a printer manufacturers support line who dropped the call when I questioned his motives for doing so.
Yikes. Articles like this make me remember why I use Linux full time on the desktop. And I felt the same way the last time I helped a friend re-install his Windows 8.1 system (“protected” by several antivirus programs that a well meaning friend installed for him) that was trashed by a single infected USB pendrive and further exacerbated by the antivirus programs they installed to fix it for him.
Edited 2015-01-13 16:40 UTC
I’ve been following Linux for over a decade and it wasn’t until I recently installed Linux Mint 17.1 that I’ve been truly impressed by how far Linux has come. Linux Mint 17.1 with the Cinnamon DE is by far the simplest, easiest-to-use and best looking desktop OS that I’ve ever used. Everything is where you expect it to be (coming from a long-time Windows user) and everything “just works”. I’d definitely recommend it to any non-tech-savvy friends or family members who need a computer for browsing, gaming, watching videos or office work.
Yes I’m using a Linux desktop full time as well but to be honest there is not much that prevent that to be happen on Linux as well. When I install software I do a sudo apt-get install and luckily all the software I need is in a well maintained repo. However, sometimes you have to install other stuff and often a sudo is required and here we go, no sandbox nothing its a bit sad…
If desktop Linux would gain any level of popularity you would see the same kind of crap…
I’m used to unchecking crapware downloads (Though, I’m always afraid that something will get through).
It’s appalling that software from organizations that don’t need to add crapware add the damn crapware.
I’m looking at you, Oracle. Screw you for bundling crap with Java.
What bugs me most are fake websites designed to look like legit versions of popular software but also install crap. It makes it hard to help somebody over the phone.
“Oh. You cant’ play that? Download VLC Player.” Only, odds are they’ll find the fake VLC Player page and install utter crap, then blame me and VLC for ruining their computer.
Heh, I just had this experience installing the FL Studio demo the other day.
This beauty happened during the install:
https://plus.google.com/u/0/photos/114947901133519738604/albums/6104…
Really, Image-Line?
I especially like how it is worded “I accept” to make it sound like it’s the FL Studio license you’re accepting and that the option to decline is greyed out, making it look like it’s not available.
I thought the problem would be only for Windows – but it’s the same for Mac – and the top recommendation for Android is some stupid 1Mobile-Market application.
For amusement, check out the fake reviews here:
http://download.cnet.com/1Mobile-Market/3000-2071_4-75450771.html?t…
Odd I just don’t have the problem with CentOS or even Ubuntu.
More seriously I find that locating and installing free (as in beer) software in Windows is beyond my capabilities and the intuitive simplicity of the commandline yum, or apt-get is way easier than the horror of installing software in Windows.
It is tragic that Users trapped in this purgatory will not understand that Free or open source software is not the same.
Edited 2015-01-14 14:26 UTC
It will be when CentOS or Ubuntu have a user base that rivals Windows or even MacOS in size.
When that happens, there will be too much software written in general for any one vendor repo to contain, so people will start being asked to install this RPM or that DPKG to add a repo that contains the software you want (Or think you want).
This is already the case with Adobe’s Flash Player – the download packages for that simply adds another repo. That’s cool for keeping it up to date, but once it’s added, there technically isn’t anything preventing them from, say, adding an “updated” kernel, KDE Plasma widgets, or, well, anything really.
Partly, it would depend on how conflicts with the other packages were handled. That said, a trusted repository is extremely valuable. I get my Flash Player updates from Deb-Multimedia. The latest update from Adobe was yesterday. I got the update today.
Trying to install something in Windows (for example a driver) is horrendous, where malware is bundled with the application, exactly as the article describes. Installing software in Windows is like trying to buy a cup of tea in a brothel.
This is less likely happen with Linux even with larger user bases, as the central repositories will be there and they will be safe. Software on these repositories is (largely) Free software, Open source and audited. If non-free male-ware bundled proprietary gratis-ware has to compete with this why would it win?
apt-get install vlc
vs
search for horror on Internet, download horror
dpkg -i horror
apt-get -f install
Why should I go out of my way to fuck up my system? I accept that as and if Linux attracts more users there will be a tendency to get more click, then think users but get as bad as Windows I doubt. In fact Free software may have a benign effect on gratis-ware.
When people live in cities unfortunately there is an increased chance they will kill each other, however, not all cities are San Pedro Sula. Windows is the San Pedro Sula of operating systems.
Well, maybe because the official CentOS repos are a couple of years behind in versions of popular software? Unless that suits you, you’re pretty much forced to use at least one 3rd party repo.
Why does anybody go out of their way to f–k up their Windows system?
Because they get told to, and they don’t know any better.
If Linux had a larger share of the desktop, it would be worthwhile to advertise on Google and/or set up other repositories. For example:
I want to edit a video. After a brief search, I settle on kdenlive, with instructions on how to install it. So, I do.
I try to follow a tutorial on how to use it, but a mentioned feature isn’t to be found. I look at the tutorial description (It’s a video on YouTube) and it says I need a specific version. I set out to try to install the latest version, since the Software Center which has apps doesn’t have the latest version.
Linux is popular now, so, a quick search for “Kdenlive latest version” directs me to “http://www.totally-legit-kdenlive-download-place.com/freefreefree“… which gives me instructions to download an RPM file, install it, and the latest Kdenlive will be in Software Center.
I download and double click the RPM file, and get prompted for a password, just as like installing software I download for Windows.
Congratulations. I just added a new repo, which my installed packages get compared against. Sure, now I find the latest Kdenlive, but it also surreptitiously installs toolbars for Firefox, and it’s own junkware for KDE along with this new Kdenlive.
Horray?
It doesn’t happen yet, because Linux isn’t popular enough. Once it is, well, it will happen.
Edited 2015-01-15 07:10 UTC
They don’t it is almost an inevitable of the way Windows install software. In Linux it is possible and will probably happen that male-ware will be target at users and some will have a problems. It is possible to get murdered in Copenhagen but it’s a lot more likely in San Pedro Sula.
However, the main methods of installing software in Linux via repositories is intrinsically safer than installing software in Windows (go to some site such as CNET and hope). Plus Shareware, Male-ware and Gratis-ware are also competing against well established Free software. This system is safer.
No doubt if you are determined to such out and install horror you will find it.
No. It is not.
At the moment, it is safer (but not intrinsically so) to install from repositories, because
a) the demand for software on Linux is small, and generally confined to more tech-literate users, so the the motivation for developing and spreading crapware is small, as tech-literate users are not the target, and the remaining Linux user base is not even worth counting.
and
b) The supply for software in repos is small – small enough to be effectively managed effectively and for low cost.
When A) changes, B) will change. Do you think Debian could keep up vetting enough software, enough variety for enough users, for their repos on the scale that Windows sees? I doubt it, especially with scores of developers of shitty software screaming at naive users that it’s a good idea to move beyond the bundled repository, and the inevitable ads that say “Make your Software Repo BETTER!”, or “Your Software Center is misconfigured. Click here to repair.” or all the other stuff that Windows users see.
Personally, I think the software scamware trend is something that will live and die with Windows, but I don’t see Windows going away anytime soon so expect it to remain there. It’s not even Windows fault specifically, it’s the culture of running to random web sites to install stuff, as well as the acceptance of ad-supported freeware and bundling.
A lot of your examples involve scammers somehow encouraging these newbie users to step out of the comfortable GUI software installer they’ve just got used to getting a wealth of free software from. A software store much like what they’re now familiar with on their mobile phones. In order to get access to “free software!”. They’re then meant to just to the warm cuddly command line to run a few commands from an email or random webpage. I just don’t see it. I just see a blank glaze and “my reposiwhat is broken?”.
The repository system scales well, from small utilities to bigger software, is comprehensive and cross platform (in terms of all the linux distros). Say on the offchance a single piece of dodgy software managed to jump through all the hoops and get around all the obstacles in its way, that would a) be it for that developer getting software into any repository in the future – big death knell if that’s your business b) be pulled off every machine it’s installed on with a flick of a switch.
I think a bigger risk would be a push for mobile phone app style in-app purchases. So “legitimate” software, but with a business model not reliant on bundling spyware but in encouraging its users to keep feeding it money.
Not at all. Ubuntu and Fedora will install packages you double click on through the GUI. This is how Flash Player is distributed: Double-click the apt/rpm file, type in your password, and Adobe’s flash repo is added, and available through Ubuntu software center or Fedora’s GUI package manager. No CLI needed.
There is no evidence to suggest this, and plenty to suggest otherwise. Distro-specific repos are essentially the same as the walled-garden approach of iOS’ or Android’s stores, and those are filled with shovelware that cram ads down your throat and harvest your personal information, because that flashlight app you installed really does need access to your phonebook, images, music library, location, email accounts, etc etc. This stuff gets installed, and that is with WARNINGS that it will access that stuff.
Get a large userbase like iOS or Android on Linux, which doesn’t have a sandboxed environment which allows for easily testing whether or not that is what’s going on, and couple with that with a whole bunch of developers clamoring to get their software into the store – some of it worthwhile, some of it not – and the same shovelware will get included.
Or, it doesn’t get included, because the distributions stop accepting solicitations to get into the repo, so other repos with less noble purposes but deep pockets from advertisers spring up, such as Download.com, and you’ve got the same mess as with Windows.
The only reason why it doesn’t happen is because Linux’s lack of success on the desktop.
Shovelware writers go where the users are, and if there are users, they will find a way. It certainly won’t die with the death of Windows.
If one uses the main approved repositories it is and will remain safe.
The current Windows model, probably almost worked when you went into a store and bought software, shrink wrapped on floppies or a CD. On the web it has transmogrified into going to some shady website that has been designed to load male-ware onto Windows, where you download some unknown binary and hope.
Without doubt male-ware sites will be made for Linux that have scripts, debs and rpms and if you give them root permission you will have a problem. However, these will have to compete with excellent open source software freely available from safe repositories and possibly vetted commercial software.
Yes you can install shit, it will happen to some people but most will stick to safe repositories rather than warez repositories, in Windows most people con not keep themselves safe, this is and will remain less of a problem in other systems and particularly Free software systems.
Just to answer another point – if you want a cutting edge desktop you wouldn’t use CentOS, I use it as server and it does what I want even if it is little conservative. if I want more cutting edge I’d use Arch which has plenty of new male-ware free software available.
That’s a precarious point to balance on for safety. I have to use non-standard repos for a lot of packages that aren’t available in the Fedora repos, have been for a couple years, and only a few days ago learned that RPMfusion will replace base packages in CentOS (Not sure about in Fedora, since it tends to be newer all around).
The moment somebody needs/wants a legit piece of software not found in their repo, they will go someplace else, which is as easy as double-clicking a file to add a repo.
At the moment, crapware competes with free alternatives on Windows, and it still gets installed. As mentioned above, you can get shovelware from installing free, high-quality applications – the Fruity Loops demo, for example. Very high-quality software, installs crapware along with it.
And, in our hypothetical scenario of Linux actually having an actual significant userbase of average users, they wont’ be using cutting-edge distributions. They’ll be using either Ubuntu or RedHat/CentOS, the distributions they use at work and/or school, and probably CentOS, since it’s more likely to be found on the desktop at work.
Edited 2015-01-15 19:49 UTC
You would, if anyone thought those platforms were worth targeting. But in this case the very low marketshare of desktop Linux works to your advantage.
The Mac users used to say the same as you, but even they’re seeing the beginning of it now.
I’m a bit confused as to why the article is tagged with a Windows logo. Sure, this kind of stuff mostly happens on Windows due to user base (and it could be more easily demoed on Windows due to this), but other operating systems in the same situation might as well be affected/are affected already (albeit by a smaller measure).
Definitely a point that is OS-independent in its strictest meaning, and a misleading icon for the article itself.
i regularly see ads here on OSnews encouraging me to install all kinds of crapware that’ll “fix my computer or make it faster”. In fact I saw several when refreshing this article page. And this is on an iPad so they’re totally useless.