SourceForge’s new Installer bundles program downloads with adware

Discussion in 'other security issues & news' started by siljaline, Jul 19, 2013.

  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I been noticing that same insistence on quite a few download sites and when they show up the best thing to do is get right off that site and look for one that doesn't play that game.
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    :thumbd: Nice, real nice, sounds like they are following in the footsteps of CNET and bundling crap with installers, bad move IMO.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  5. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I hope ESET adds this to their PUP detection.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    It's not a true PUA. It's third party foistware that has become the scourge of a lot of third party sites. It's a shame SourceForge has joined the club. ESET is aware, though.

    Regards,

     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thanks siljaline for the heads-up.

    Just only meant as a little addition (but you already mentioned it in the original post!): not all installers at SourceForge do this. As Martin Brinkmann (author of the article) posted at Ghacks in one of the replies on that article:

     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Same as CNet they must do it to attract more people to use the site :rolleyes: But it has the opposite effect on me :)
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That should be noted, maybe it's the software authors you should be aware of. SourceForge simply offered them an easier option of monetization.
     
  10. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    That's good. My sentiment remains the same. I hope they add detections for this, as it is definitely unwanted regardless of what it is called. Thanks for the clarification.
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome. The onus is on the user to avoid - at all costs and instances, third party adware installers such as the one discussed in this thread.

    Regards,
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    A prime example of a rather nebulous if not dangerous third-party software update check would be FileHippo's update checker.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Are you saying FileHippo bundles adware or the Update Checker itself is bundled? Or that it automatically installs the software along with bundled crapware? Cause I don't see your point
     
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Well, thanks for the alert. Although it's not music to my ears, I can understand why some developers might choose to go ahead with the bundling.
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Neither do i... an update checker needs to check the versions installed and check online if there´re newer versions. I use fillehippo update checker and never had any problems.
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome for the alert - it's best to be aware than having a bricked PC.

     
  17. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    Just had my first experience with this garbage trying to download FileZilla v3.7.2. Found a clean link on NeoWin: hxxp://download.filezilla-project.org/FileZilla_3.7.2_win32-setup.exe.
     
  18. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,917
    Location:
    U.S.A.
  19. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Last edited: Aug 6, 2013
  20. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    @MisterB: The link you provided is redirecting to hxxp://ak.pipoffers.apnpartners.com/static/partners/dynamic/SFFZ/SFInstaller_SFFZ_filezilla_8979715_.exe on my system. That's the page I was trying to download the new version from earlier today which prompted my post.

    @JRViejo: Thanks for the additional link. I've saved it for future downloads.
     
  21. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,917
    Location:
    U.S.A.
    0strodamus, you're welcome! Yes, that's a nice bookmark to have. Take care.
     
  22. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I just checked the link. I get a list of links to the different versions of Filezilla with only the latest version link at the top linking to the installer. No redirection. Try the main page and try the "Browse all files" link. That is how I got there. I just checked the file I downloaded and it is the Filezilla zip file.
     
  23. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    @MisterB: Either we're having a failure to communicate or our systems are behaving differently. I'm still getting redirects to the ad-bundled version using the URLs highlighted below. I'm baffled that it could be just me, but maybe it is. Either way it doesn't matter because I have some good links to use now.

    fz.png
     
  24. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Sorry, I misunderstood the word "redirect" in your post. I usually understand redirect to mean a whole web page automatically taking you to another. The links for the Win32 installer do take you to the stub installer. The Zip file does download. The Filezilla website does link to the real installer.

    Filezilla was updated again today and the zip file I downloaded last night is no longer the newest version.
     
  25. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    It's possible that I'm abusing the meaning of "redirect". Thanks for replying - I'm not losing my mind after all! :D
     
Loading...