Deviant Login Shop  Join deviantART for FREE Take the Tour

Details

Closed to new replies
December 7, 2012
Link

Statistics

Replies: 69

Warning: CNet's download.com now includes actual malware in their installers

:icondelusionalhamster:
delusionalHamster Featured By Owner Dec 7, 2012  Hobbyist Digital Artist
It's been known for a while that download.com includes adware in their installers (such as browser toolbars and the like) which you have to be really careful to prevent from installing, but supposedly they have mostly been the annoying type, that can still be removed if necessary (although, how can we be sure? they don't show the source code of adware...)

[link]

And incidentally, it has also been known that Microsoft has been the source of some of the adware. Kinda makes you wonder...

[link]

Recently it has come to my attention that they are no longer satisfied to spread just adware, but are now bundling actual, real-life malware that are used for phishing attacks into their software.

[link]

Just so everyone knows, never, ever, ever EVER download anything from download.com or any other CNet-affiliated site. They can't be trusted, they take other people's software and bundle it with malware for their own profit. What they do is despicable and dishonest, and no one should support this kind of behaviour, ever. Small software writers have enough problems competing against huge software houses without getting associated with shit like this.

Please spread the word.
Reply

You can no longer comment on this thread as it was closed due to no activity for a month.

Devious Comments

:iconaapis:
Aapis Featured By Owner Dec 10, 2012  Professional Interface Designer
Guess I'll continue not seeing any point in downloading anything from CNET.
Reply
:icondelusionalhamster:
delusionalHamster Featured By Owner Dec 7, 2012  Hobbyist Digital Artist
What is with these people who are all like "herp derp own fault for not reading the installers derp"?

Are people seriously so deranged, that they accept this kind of shit as normal, that it's ok to do it as long as there's at least a nominal chance of avoiding the malware? Seriously? You people think it's ok to trap people like this? It's ok to con people, because it's their own fault if they fall for it?

Well shit, I didn't know this forum had been overrun with libertards.
Reply
:iconpr-imagery:
PR-Imagery Featured By Owner Dec 7, 2012  Hobbyist General Artist
Because it is their fault for not reading/paying attention. The vast majority of all computer problems are user generated.
Plus they're downloading stuff from cnet... If the only place to get a program is a cnet download, its not worth using.
Reply
:icondelusionalhamster:
delusionalHamster Featured By Owner Dec 8, 2012  Hobbyist Digital Artist
Congratulations, you have now figured out the reason for this thread. People should indeed not download anything from CNet, and since you already seem to know that, this thread does not concern you. You may go forth and spread the word, my son.
Reply
:iconpuppy-dangerous:
puppy-dangerous Featured By Owner Dec 7, 2012  Professional Artisan Crafter
So, then, it's fine to drive along playing on your phone and not watching the road, right?

Nobody is trapping anybody! You're not being CONNED. You are being asked if you want something. Nothing is being downloaded without your permission! It's not their job to make sure you pay attention. That's on you.

We are NOT talking about a download that APPEARS to be what you want. You don't try to download gimp and get craptastic toolbar instead. You don't even get it automatically with the package. It asks SPECIFICALLY if you want that stuff. It doesn't hide it in the program. It doesn't just sneak it on there. YOU FREAKIN SAID OK. You said 'Yes! I want this!'

You don't know what it is you are agreeing to, that is your OWN FAULT.

Let me guess, you ALSO don't read the terms and conditions before using a site.
Reply
:icondelusionalhamster:
delusionalHamster Featured By Owner Dec 8, 2012  Hobbyist Digital Artist
95% of people don't read the terms and conditions of anything. In fact some legal experts are of the mind that terms and conditions that are excessively long-winded should not even necessarily be legally enforceable, but that's beside the point...

The point is, you're being a total smart-ass. You're like that guy who comes into a restaurant totally naked, except he's wearing a tie and shoes, and he tells the waiters they can't refuse service because he's TECHNICALLY following the dress code.

(You can tell I'm fucking awesome with analogies.)

Similarly, you are TECHNICALLY correct that the user has a chance to not install the malware. Yes, that's true. Technically.

But you have to take in account that habits are powerful. There are such things as expected behaviours. People are used to installers working a certain way, and that way is "you click the ok button several times and the program installs". The entire CNet installer is built in such a way that it is easy to accidentally accept the malware if you're not paying attention all the time.

It's easy to be a smart-ass and tell people they should read everything carefully, but REALISTICALLY speaking, who's going to do that? Who's going to read the war and peace sized EULA of every program they install, especially if it's just something they want to try out?

So yes, it's TECHNICALLY possible to avoid the malware, but that does not make it ok in my view. It's not ok to mislead users and trap them into installing malware on their computers. People make mistakes, people click things by accident, sometimes people are tired or otherwise not paying full attention, and that's what these installers are counting on: they know that most of the time people will decline them, but they count on that certain percentage of times you'll be not totally paying attention and accidentally click on the wrong button and then you're screwed.

And what's even more sinister about this is that the software authors themselves do not necessarily have any idea what kind of crap is being pushed to users in their name.
Reply
:iconpuppy-dangerous:
puppy-dangerous Featured By Owner Dec 8, 2012  Professional Artisan Crafter
'95% of people don't read the terms and conditions of anything.'

I've been involved in professional horse businesses for a long, long time. By law in most states, certainly in the one I am in, once you set foot on a farm you loose the ability to force the owner to take responsibility for anything that happens to you.

That means if you are on my farm, and one of my horses backs you into a corner and kicks the crap out of you, puts you in the hospital, etc- I am not liable. I don't have to pay. You can't sue me.

We don't have to have a sign on the barn that says that, but we do. Lots of places will make people sign a release that says they understand this. But we don't have to.

Now, if somebody comes onto my farm, gets hurt, then tries to sue me and their excuse is 'I didn't bother to read the sign' it doesn't make any difference. 'I didn't know' isn't a valid excuse.

Why? Well, the law is there because horses are really large animals with a brain of their own, and they are dangerous- and you should be smart enough to realize this. You decide to be around large animals and equipment, you get hurt, it's your choice. You didn't HAVE to come to the barn.

Just like you didn't HAVE to click 'I agree.' You CHOSE to do it. You saying 'I agree' is the same thing as coming onto my farm. By being there, you take responsibility for your actions.

You know, that's their own damn fault. They are there for a reason. Your defense is 'I'm lazy!'

And YES, they SHOULD be reading them! That is what they are THERE for! 'This is what you are agreeing to!' It is a CONTRACT YOU AGREE TO! YOU! Not them. It's YOUR fault if YOU don't read the stuff. They put it there for YOU to read.



They aren't misleading you! They don't say they are doing one thing and do another. They TELL YOU THEY ARE INSTALLING IT.

I don't care about force of habit- the habit is BAD! The habit is to IGNORE stuff.

Does that mean that, to you, ANYTHING is OK as long as it is habit? If I'm going around killing kittens, well, that's OK, because it's habit.
Reply
:icondelusionalhamster:
delusionalHamster Featured By Owner Dec 8, 2012  Hobbyist Digital Artist
Wow, thanks for the incomprehensible rant full of strawman arguments.

I had no idea installing toolbars by accident was the same thing as killing kittens somehow. Thanks for letting me know...

ps, I didn't choose to click anything. I don't download anything from CNet, I don't use installers, because I don't use windows. I'm not on some kind of personal agenda here (although I get it if that's hard for you to understand).
Reply
:iconpuppy-dangerous:
puppy-dangerous Featured By Owner Dec 9, 2012  Professional Artisan Crafter
By *you* I mean the user.

You were the one who compared it to hiding a bear trap on a foot path.

And installing toolbars is like killing kittens? Well, if you click 'yes' because you aren't paying attention, and you step on kitties heads because you aren't paying attention to where you are walking...I can make that work. :P
Reply
:iconpuppy-dangerous:
puppy-dangerous Featured By Owner Dec 7, 2012  Professional Artisan Crafter
The only 'malware' I've ever seen from c-net is crap they try to add on while you're downloading. All you have to do is click 'no' or whatever. Takes five seconds to read.

If people don't pay attention it's their own fault.
Reply
Add a Comment: