Cnet Download.com Installer

This is a sad, bad move for CNET...do they really need to do this? It will have an undoubtably negative effect on their public image imo. I gave up using them
for downloads about 2 years ago due to difficulties navigating/searching etc on their site. The best for me now is Softpedia (the most comprehensive), followed by Majorgeeks.
There is some discussion on their forum : one example thread in which I see one post from CNET : -http://forums.cnet.com/7723-12543_102-537471.html-

 

It is sad it came to this. I have e-mailed CNET, CBS, etc. No responses. This is driving me crazy... I mean the run the best download site and now they have literally killed it. They can no longer claim 100% adware, spyware and virus free when they are marketing adware at us.

CNET if you do not remove this useless "feature" you will effectively kill off download.com. Please heed our warnings and remove it.

 

"How to Uninstall the Babylon Toolbar Completely" : http://www.ghacks.net/2011/08/17/how-to-uninstall-the-babylon-toolbar-completely/

+ "How do I fully remove Babylon?" : https://support.mozilla.com/en-US/questions/746530

 

Good point. I won't be downloading from them anymore. Just Softpedia and Major Geeks. It's sad to see a once great site go down the tubes like that.

 

Re: The CNET Download.com Installer

And some here:
-http://www.neowin.net/news/downloadcom-now-wraps-downloads-in-their-own-installer-bloatware-

Ooops ...neowin seems to be quoting extensively from here:
http://www.extremetech.com/computin...downloads-in-bloatware-lies-about-motivations

And is extremetech the latest home of the downloadsquad team?

And since Bing is one of the "beneficiaries" of this tactic, there's hope that Microsoft may apply a little pressure on Cnet to straighten out things.

(From the extremetech link)

 

CNET is in business to make money, therefore I can't blame them for trying. That said there I have not used them in quite some time as you won't often find the latest version of anything on there anyway. Majorgeeks, Softpedia, Filehippo, etc. all have more up to date offerings. You can find someone to make good or bad comments about any of them. There are too many options to worry about what any 1 of them is doing.

 

I have had good experiences with Softpedia when it comes to potentially malicious programs being on their site. Just a couple days ago I was browsing firewalls on Softpedia and came across one that I had not seen before called FortGuard. When I tried to go to fortguard.com I was warned by WOT and some other programs and services. I also saw that the firewall .exe downloaded from fortguard.com was flagged by 26 av's on virustotal. I sent the info to softpedia and the firewall on their site was re-tested by them and showed to contain spyware and was removed from softpedia's site within 24 hours.

That is good that softpedia removed the program. But I wonder how does a program get a "spyware free" grade when it contains spyware? If softpedia scans the program and sees malware then what scanners missed it initially? Or when a program gets updates are the updates scanned or just the original file submitted to the site, like softpedia, and future updates are not scanned?

PS- if this is too off topic for this thread then maybe it would make a good thread on its own? so mods please move it if needed.

 

Another possibly OT post:
http://www.ghacks.net/2011/08/23/block-download-com-from-google-search-results/

The article also shows how to block domains without signing in to Google when using Chrome, Fx, or Opera.

 

I just blocked it on my router/firewall (pfsense). No more connections to that side of cnet. I can only connect to the podcast site now.

 

I noticed VLK commented in the AV-C thread that several files were found on cnet-
https://www.wilderssecurity.com/showpost.php?p=1925896&postcount=247

I wonder if the AV-C crawlers target cnet just because of the high likelihood that they will find malware in the downloads?

 

no more CNET for me anymore..

 

Sorry i'm picky. I guess you meant IBK and not Vlk.

 

Yes, had my letters mixed up.

 

I just noticed that malwarebytes are now redirecting to fileforum instead of cnet. I wonder if they made this change because of the recent news?

 

Well props to them for doing so. I have noticed more and more downloads using this installer. It is really getting annoying and is a grave privacy and security concern.

 

Indeed!

 

the most annoying is that these bundled installer offers are not automatically on 'not install'

and lot of users mis-click and ouch ...

i see it more and more often
while i can understood the push for profit i think the end result is

1. as customer i find another site w/o annoyances
like up to 3 ads per page pretending to be download button
like toolbars and special downloaders/installers

2. as software user i find software offering me plain installer
be it .msi package or lite .exe w/o crapware

 

Very true. Not sure if the "bug" is still there, but before it wouldn't install if you refused the crapware. It would just sit there and do nothing.

 

Catherine, thank you for your responsible action to a legitimate question. Your answer embodies what technical support should be. I am a contracted sysadmin for multiple companies on the West Coast (US). While I am a new user here I have lurked on Wilders for years. I have frequently used vendor response that is defensive and thereby non-productive to influence purchasing choices for my own company and clients. Wilders Security Forums has evolved into one of the hotspots for definitive answers to hard to answer technical questions on the web. Thank you for using it as such.

 

"Popular network tool Nmap in CNET security brouhaha" : http://nakedsecurity.sophos.com/201...ol-nmap-at-the-middle-of-a-security-brouhaha/

 

.

Cnet's Download.com is bundling malware with Nmap

David Heath
ITWire
Tuesday, 06 December 2011 12:03

Business IT - Security


Fyodor (Nmap's original author) is an angry man right now. The download.com website has added a wrapper to Nmap and other downloads to install various additional components; the wrapper is also recognized as malware by many AV packages.


According to the summary Fyodor has written, "C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN."

Hardly the actions of a trusted source of free and shareware software.

Fyodor continues, referring to a screen image of the Nmap download page on download.com, "Note how they use our registered 'Nmap' trademark in big letters right above the malware 'special offer' as if we somehow endorsed or allowed this. Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer.

"In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright. This is exactly why Nmap isn't under the plain GPL. Our license specifically adds a clause forbidding software which 'integrates/includes/aggregates Nmap into a proprietary executable installer' unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't). We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!"

Virus Total shows that (currently) 10 AV vendors out of 39 identifies the package as containing malware; this number is sure to grow as more detect it.

Currently it appears that every new upload to C|net is receiving the wrapper treatment. So, everyone, if the name of the package you want to download starts with 'cnet_' run away screaming - it WILL include the malware.

Fyodor continues, "Of course the next step is to go after C|Net until they stop doing this for ALL of the software they distribute. So far, the most they have offered is:

"If you would like to opt out of the Download.com Installer you can submit a request to cnet-installer () cbsinteractive com All opt-out requests are carefully reviewed on a case-by-case basis."

In other words, 'we'll violate your trademarks and copyright and squandering your goodwill until you tell us to stop, and then we'll consider your request 'on a case-by-case basis'; depending on how much money we make from infecting your users and how scary your legal threat is."

If this is how C|net is now operating, iTWire would recommend our readers use a different download service. There are plenty around.

http://www.itwire.com/business-it-n...ets-downloadcom-is-bundling-malware-with-nmap

 

Problem is, CNET were caught using software bloat, again

A recent thread emphasizes the need to use first party sites in order to lessen the impact of software bloat.

 

Everything got messed in CNET since they went to the black side...
It's a pity. It used to be a very good and safe place to download software.

 

Timeline with events:

http://insecure.org/news/download-com-fiasco.html

 

Just like I said! I can't believe CNET denied it and posted about how they would never allow that into their bundle, yet more and more people are confirming it is MALWARE.

I say we all boycott CNET from now on. This is insane. CNET = fail.

EDIT: Have now pulled all of my software from them. Cease and Desist orders work well.