Fair enough. I guess working in the industry and seeing false positives regularly got me a bit skepticalB wrote:It's not a false alarm; CNet doesn't deliver the file you requested, but instead forces you to accept their "downloader" first, like many less reputable (and sometimes malicious) sites before it.
But yes, the individual malware flags and trojan IDs (as reported by the various antivirus engines) are NOT the issue to me either. I was alarmed before I even submitted the files for analysis. Even if they had come up "clean", it's the replacement of the desired (and stated) file with an unexpect CNET-branded (and adware pushing) installer/wrapper that is inexcusable and unethical behavior on CNet's part. (In my opinion!)
B wrote:As an alternative, Softpedia still seems clean, and offers their own "secure" download as well as uvnc.com mirrors, all free and without BS "installers". (Strangely they list UltraVNC as "Ad-supported / FREE" which doesn't seem quite right.)
True, but from my time at Lavasoft I can tell you that tagging something one or the other usually means walking a very fine line. Unlike with "real malware" (with which I deal at FRISK nowadays) spyware and adware are in a grey area.B wrote:I'm sure you're aware that the terms spyware and adware long ago became inexorably intertwined (security professionals see little or no difference). CNet's installer's reason for existence is to deliver adware, and thus the installer itself is reasonably called Spyware.
Optional but default, right?Peter.Butler.DLcom wrote:1. The Download.com Installer does not include any spyware or malware, nor do any of the offers included in the Download.com Installer. The Download.com Installer is optional and does not install anything to your computer, nor leave behind any components when deleted.
Peter.Butler.DLcom wrote:3. The Download.com Installer is designed to make installing software easier for our users, and to grow our business so that we may continue to invest in new, more efficient means of distributing software around the world.
From feedback of WDS users I concur. The problem, more often than not, seems to be PEBKAC.Peter.Butler.DLcom wrote:Research and user feedback indicates that many people who download software don't or can't install it.
This actually does make sense to me, however, wouldn't something along the lines of the Ubuntu software center just for Windows be a better choice? Because from what I see your installer doesn't really solve a problem for adept users, only for those who are insecure.Peter.Butler.DLcom wrote:One consistent installer logo for all software from Download.com allows users to easily find and launch the software that they have downloaded. The Download.com logo and installer also demonstrate that the software has been fully tested and found secure.
Nope ... not on any of my sites to be precise.supercoe wrote:Don't get me wrong, we all make money with advertisements on our websites (some more than others) and I'm fine with that.
Actually he did. Consistent logo and they're signing their wrappers.supercoe wrote:Explain how adding ANOTHER set of menus before launching the installer is helpful?
Fair point, but then I rarely ever downloaded from CNET in the past (too complicated for my taste).supercoe wrote:Except when the user has 10 of them in their downloads folder and they all start with "cnet_". yea... that makes it much easier....
I think there is added value in the logo (for those needing it) and certainly in the signing, because since Vista the UAC dialog will show "happy blue"B wrote:It's not even as if CNet gives you an application that presents an app store or apt-get repository / directory through their trusted app. You can't even use it browse for software. Instead, you're downloading a new copy of the spyware wrapper EACH time you try to download a distinct piece of software -- it's just worthless.
Dang. Now it's outB wrote:Anyway, interesting to learn you work for Frisk.
It's not even as if CNet gives you an application that presents an app store or apt-get repository / directory through their trusted app. (I like that idea of yours, and I think there have been rumors that MS is going forward with that?)
Nah, that's easy. They co-exist peacefullysupercoe wrote:Maybe I'm way off but in my field I see this type of software constantly fighting to take over the browsers. (which obviously leads to revenue)
Users browsing this forum: No registered users and 1 guest