Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your opinions at the security of CNET


  • This topic is locked This topic is locked
25 replies to this topic

#1 LazyPotato

LazyPotato

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 09:00 AM

Do you believe CNET is malicious? It hosts a few adwares and junkwares,that doesn't make it malicious though. Sometimes,CNET "accidentally" hosts a malware also some users complaint about malware over their forums -- I do believe CNET sometimes hosts malicious content,as well as keyloggers and trojans that have successfully bypassed CNET's security system.

 
It'd be really interesting to lurk around the "un-popular" area around CNET and see the result with my security tools as well as analyze the files with Ollydbg (my favorite de-bugging tool). I'll post the results (within next 42 hours)
 
CNET has hosted a few rogues before -- They were also Caught adding malware to a few softwares.
 
I'd love to hear other people's opinions about CNET,however,the BC developer himself disagrees that CNET is malicious.


Edited by LazyPotato, 05 September 2013 - 10:12 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:18 PM

Posted 05 September 2013 - 09:54 AM

No, I do not think download.com is malicious. Accidentally hosting a malware speaks for itself. It is not deliberate. This has happened to many different sites including ours. The only thing you can do is learn from your mistakes them and make sure it does not happen again. Also many legitimate sites become hacked and distribute malware without their intention. This does not make the site malicious.

It'd be really interesting to lurk around the "un-popular" area around CNET and see the result with my security tools as well as analyze the files with Ollydbg (my favorite de-bugging tool). I'll post the results (within next 42 hours)


What is this un-popular area you are referring to? You mean their download section, which is anything but unpopular. I would probably use the opposite word to describe it.

CNET has hosted a few rogues before -- They were also Caught adding malware to a few softwares.


I do think their use of installers, which contains known tenacious adware, is a problem. What most people do not realize, though, is that a program developer can opt out of the use of these installers by contacting download.com. It is also possible that the developer chooses to use these installers so they then get a revenue share of the money made by the installer. With this information it is hard to say whose at fault for using these installers..Cnet or the developer? Regardless, CNET made a big mistake when they started wrapping everyone's programs automatically in the installer+adware without permission. That was really what caused the whole stink in the beginning.

#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:18 AM

Posted 05 September 2013 - 10:03 AM

Right now, download.com stop using installer, you will got your program directly. But software creator may have adware in it.

 

Thank you.


Edited by Sirawit, 05 September 2013 - 10:03 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 LazyPotato

LazyPotato
  • Topic Starter

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 10:04 AM

No, I do not think download.com is malicious. Accidentally hosting a malware speaks for itself. It is not deliberate. This has happened to many different sites including ours. The only thing you can do is learn from your mistakes them and make sure it does not happen again. Also many legitimate sites become hacked and distribute malware without their intention. This does not make the site malicious.
 

It'd be really interesting to lurk around the "un-popular" area around CNET and see the result with my security tools as well as analyze the files with Ollydbg (my favorite de-bugging tool). I'll post the results (within next 42 hours)


What is this un-popular area you are referring to? You mean their download section, which is anything but unpopular. I would probably use the opposite word to describe it.

 

I'm referring to the 'new' and 'unknown' (downloaded by 10-70 users) softwares,especially those  screensaves that are "free to try" but nags user to purchase the software,while installing other adwares.

 

I know some of the adwares that CNET packs also have spyware in them,in fact,by clicking "I accept" you're agree to install the Spyware that the Adware will download.



Right now, download.com stop using installer, you will got your program directly. But software creator may have adware in it.

 

Thank you.

Click on the first link  (of Avast blog) -- The download itself contained a sality -- According to CNET,they check for Adwares and spywares. means CNET won't use their adware installer -- but they'll host a spyware/adware?


Edited by LazyPotato, 05 September 2013 - 10:06 AM.


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:18 AM

Posted 05 September 2013 - 10:10 AM

This can lead to be mistake of CNET that let software with malicious code in the site, but CNET doesn't host files but it get file directly from developers website so if their websites got inject or something there are chance of CNET files being Malicious.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 LazyPotato

LazyPotato
  • Topic Starter

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 10:12 AM

According to CNET,they scan the file before hosting it



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:18 PM

Posted 05 September 2013 - 10:19 AM

We test all software products submitted to us against a comprehensive set of criteria. In addition to screening for common viruses and spyware, we also look for other threats that might interfere with our users' security, privacy, and control. We consider publisher Web sites, publisher conduct, and our own experience with a particular product...We will not list software that contains viruses, Trojan horses, malicious adware, spyware, or other potentially harmful components. We will not list products known to contain such items in instances outside CNET Downloads, and we may disallow products from publishers our editors feel violate the spirit of this policy.

CNET Download.com Software policies


When it comes to fighting malware--a nasty group of software that includes adware, spyware, viruses, Trojans, and rootkits--CNET Download.com has always been in your corner. We have always manually evaluated every downloadable Windows product that we list on the site, and since 2005, we've had a zero-tolerance policy that prohibits all undisclosed bundled software and all software that serves browser pop-up ads...Every time you download software from Download.com, you can trust that we've tested it and found it to be free of malware. All product submissions are scanned via automated and manual scans to ensure compliance. Discoveries of malware components result in rejection or expulsion from our download library...

While our malware policies are clear and well communicated to all Download.com team members, we are not immune to mistakes. If you find a product you think could be considered malware listed on Download.com, please click the "Report a Problem" link underneath the "Quick Specs" section of every Windows product page. A communication window provides the selection "This program has malware" with a description field to include as much info as you can to help us determine the program's safety.

A quick note on false positives: the security-software market is extremely competitive, with many high-quality programs hoping to attract users. The downside of that competition is that some products can be overly aggressive in detecting malware, leading to "false positive" reports. We use a combination of security software to gauge the overall safety of the program. In short, if one security app flags something, that doesn't automatically make it malware to us.

CNET Download.com malware policies

No security scan is 100% foolproof. Even the major Anti-virus vendors miss malware at times. So just because they conducted a scan which did make a detection, does not mean CNET is intentionally and deliberately hosting malware so they can infect users.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 LazyPotato

LazyPotato
  • Topic Starter

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 10:29 AM

For how many times are they gonna make the same and the same mistakes?

First of all,they let a Siref in their download

then they let a Sality in downloads

they allow 'free' screensavers on their sites (phishy software)

they also install adware

How many mistakes?


Edited by LazyPotato, 05 September 2013 - 10:30 AM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:18 PM

Posted 05 September 2013 - 11:20 AM

The same questions can be asked of the major anti-virus and security vendors.

All scanning tools are susceptible to glitches, bugs and false positive detections from time to time. In the case of major anti-virus vendors, some have resulted in the removal of critical system files resulting in thousands of unbootable computers or machines stuck in an endless reboot loop. Further many toolbars and Add-ons come bundled with other software as a common practice by legitimate vendors and some folks like the features they offer. In fact, many Anti-virus and security vendors bundle toolbars and other software with their products as a cost recoup measure. Some of this bundled stuff is detected by other security tools as PUPs, adware, etc. Using your logic...that means we cannot trust them either.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 LazyPotato

LazyPotato
  • Topic Starter

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 11:26 AM

Kaspersky never crippled my PC,I don't know about you guys. Kaspersky never infected,MBAM's sinister update was taken down after eight minutes.

While in the other hand,CNET infects PC with either trojans like Siref and rootkits like Sality to common PUPS such as MyFunToolbar


Edited by LazyPotato, 05 September 2013 - 11:50 AM.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:18 AM

Posted 05 September 2013 - 11:32 AM

IDK. But there's no antivirus that never have false positive, even Kaspersky even delete all .exe files in many of my school computers in 2011. And for the fact of PUPS, softtonic have lots more than CNET.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 LazyPotato

LazyPotato
  • Topic Starter

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 11:34 AM

I never said Softonic is a better deal than CNET

 

Kaspersky did maybe,but it's been three years. Kaspersky have released their 2014 version



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:18 PM

Posted 05 September 2013 - 11:35 AM

Kaspersky never crippled my PC,I don't care if it did to other people.

That comment tell us a lot about you and why our members should not pay attention to your opinions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 LazyPotato

LazyPotato
  • Topic Starter

  • Banned
  • 287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 05 September 2013 - 11:44 AM

 

Kaspersky never crippled my PC,I don't care if it did to other people.

That comment tell us a lot about you and why our members should not pay attention to your opinions.

 

I never said I don't care about people I've talked to

I said I don't care about unknown people



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:18 AM

Posted 05 September 2013 - 11:47 AM

I never said I don't care about people I've talked to

 

I said I don't care about unknown people

 

 

I don't care is still I don't care. Unknown or known is not a point.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users