Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CNET and malware?


  • Please log in to reply
32 replies to this topic

#1 Clay L

Clay L

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 11 October 2013 - 01:38 PM

I used CNET for years to download  all sorts of programs but now when I try to download one it moves me to download.com (it says powered by CNET) and that site tries to download and install five different malwares, misdirections ,and unwanted browser add ons that change my homepage and search engine. What happened to them and is there a safe alternative download site ?



BC AdBot (Login to Remove)

 


#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:05 AM

Posted 11 October 2013 - 02:22 PM

If you're savvy enough you can still download from CNET. I tread very carefully when dealing with them and have had no problems. However, I rarely find anything there worth downloading anymore.

 

As far as alternatives, it depends on what you're looking for....

 

Definitely AVOID Softpedia and Softonics- Much worse than CNET when it comes to malware add-ons.


Edited by Netghost56, 11 October 2013 - 02:24 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 11 October 2013 - 02:35 PM

With CNET and similar download hosting sites, you always have to be careful with links to download anything. Clicking the link may redirect to another downloading site which uses heavy and confusing advertising with more download links. Clicking on the incorrect link (thinking its the one you want) often results in downloading a program the user did not intend to download. Sometimes looking at the name of the setup file before saving it to your hard drive, will give a clue to what you are actually downloading so you can cancel out of it.

Further, many third-party hosting sites bundle toolbars and other software in their download packages as a way to increase vendor revenue and recoup business costs through the distribution of third party software. This practice is now the most common revenue generator for free downloads

CNET.com, publishes this Software bundling Policy

Any additional programs or third-party items included with the downloadable file must be clearly disclosed in the CNET Downloads product description and during the installation process. Users must be given a way to opt out of all additional items during installation, or they must be given an opportunity to cancel the installation completely.


The safest practice is to use the vendor's official home site but in some cases, they too will redirect you to another hosting site which practices bundling or uses confusing advertisements resulting in downloading software you did not intend to download. In fact even if you download and install legitimate software from a direct source it is still possible for the vender to bundle unwanted software into the package and you may not be aware.

CNET Downloads software policies

We test all software products submitted to us against a comprehensive set of criteria. In addition to screening for common viruses and spyware, we also look for other threats that might interfere with our users' security, privacy, and control. We consider publisher Web sites, publisher conduct, and our own experience with a particular product...We will not list software that contains viruses, Trojan horses, malicious adware, spyware, or other potentially harmful components. We will not list products known to contain such items in instances outside CNET Downloads, and we may disallow products from publishers our editors feel violate the spirit of this policy.


CNET.com/Download.com malware policies

When it comes to fighting malware--a nasty group of software that includes adware, spyware, viruses, Trojans, and rootkits--CNET Download.com has always been in your corner. We have always manually evaluated every downloadable Windows product that we list on the site, and since 2005, we've had a zero-tolerance policy that prohibits all undisclosed bundled software and all software that serves browser pop-up ads...Every time you download software from Download.com, you can trust that we've tested it and found it to be free of malware. All product submissions are scanned via automated and manual scans to ensure compliance. Discoveries of malware components result in rejection or expulsion from our download library...

While our malware policies are clear and well communicated to all Download.com team members, we are not immune to mistakes. If you find a product you think could be considered malware listed on Download.com, please click the "Report a Problem" link underneath the "Quick Specs" section of every Windows product page. A communication window provides the selection "This program has malware" with a description field to include as much info as you can to help us determine the program's safety.

A quick note on false positives: the security-software market is extremely competitive, with many high-quality programs hoping to attract users. The downside of that competition is that some products can be overly aggressive in detecting malware, leading to "false positive" reports. We use a combination of security software to gauge the overall safety of the program. In short, if one security app flags something, that doesn't automatically make it malware to us.



Also see this discussion thread: Your opinions at the security of CNET
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:05 AM

Posted 11 October 2013 - 02:44 PM

 

While our malware policies are clear and well communicated to all Download.com team members, we are not immune to mistakes.

 

Ha! There's your disclaimer, right there.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 11 October 2013 - 02:52 PM

The disclaimer does not mean they intentional host malware. That was discussed in detail by Grinler in the Your opinions at the security of CNET topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Clay L

Clay L
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 11 October 2013 - 04:42 PM

It appears that they have removed some of the disclaimers and a number of other folks have become very unhappy with them.

See    http://insecure.org/news/download-com-fiasco.html

 

It wasn't a matter of clicking links but instead it was clicking the five steps to continue the download process.

 

They did give the opportunity to decline the crap or at least part of it, but I have used them for years and did not carefuly examine the five step download instruction box. I know it was my fault for not being more careful but in any case I won't be using them ever again because they have pissed me off.

 

One of the Wugnet guys reccomended "file hippo" as a download site.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 11 October 2013 - 04:57 PM

I have read the insecure.org article before...it was written over a year ago and I can't vouch for the accuracy of the information they provide.

Anyway as I said, it's best to download software directly from the vendor's site. I have not heard any complaints with using filehippo.com, however, I have found that MajorGeeks is a reliable download hosting site.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:05 AM

Posted 12 October 2013 - 01:12 AM

You should stay away from Download-dot-com or cnet. If you try to download something from there, a downloader program is downloaded instead which much be run to download the intended program. But that downloader also installs some other crap.

 

As quietman7 has said, filehippo, majorgeeks are much more reliable. I personally like Softpedia, they offer direct download link from software vendor's site as well as from their server on the same page. Softpedia also scans the hosted files for malware with different antivirus engines.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 12 October 2013 - 06:47 AM

This is the information CNET provides about the Download.com Installer at the policies link.

The Download.com Installer is a step-by-step wizard that helps users manage the process of installing the software they downloaded. The Installer has at times been flagged as malware by security vendors. We believe that all of these flags are false positives and have been resolved, or are working directly with the specific security vendors to resolve them. Offers for additional third-party software are shown during the download process while using the Download.com Installer. All offers are clearly disclosed and provide the option to "Accept" or "Decline" the offer before proceeding with the download. We only show offers for software that is approved for listing on Download.com and has undergone additional screening to ensure compliance with the Download.com Software Policies.


CNET includes a FAQ link which provides their justification for using the Installer

CNET Download.com Installer FAQ

The CNET Download.com Installer is a tiny ad-supported stub installer or “download manager” that helps securely deliver your downloads from Download.com’s servers. Simply follow the instructions in the Download.com Installer to download and install the software on your computer.

Our testing has shown that as many as half of all people who initiate a download fail to complete the download and install their software. The Download.com Installer improves the process by stepping you through your download and enabling you to more easily find and execute your software's installer. Other download sites employ similar solutions, but we believe that ours provides more security and utility as well as better consumer protections.

All products on CNET Download.com now have a direct download link that can be used instead of the Download Installer. However only "CNET Installer Enabled" products call it out separately with a "Direct Download Link" located underneath the green "Download Now" button.

You also have the option to turn off the Installer for the whole site, though you do currently need to have a CNET account and be logged in to take advantage of that feature. To do so, login to the site, mouse over your username in the top right corner of the page and click the "My profile" link, then click the "Update my Download.com Preferences" link, select the "Off" option and click the "Save Changes" button.

By downloading with the Download.com Installer you are guaranteed that the file you install on your system came directly from Download.com. Only software that is tested spyware-free and hosted on Download.com's secure servers may be delivered via the Installer.


At the end of the FAQs, there is HELP WITH PRODUCTS OFFERED BY THE DOWNLOAD.COM INSTALLER list...most of which I consider garbage
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 blueicetwice

blueicetwice

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Paul & Mpls - Maoisota
  • Local time:06:05 AM

Posted 14 October 2013 - 09:44 PM

You should stay away from Download-dot-com or cnet. If you try to download something from there, a downloader program is downloaded instead which much be run to download the intended program. But that downloader also installs some other crap.

 

Very, very, good advice, Romeo....Download.com is owned by CNET, so everyone should stay away as they will include crapware on most d/ls... 

 

Hear is a good site for open source programs that are free and safe 

from junkware and more...

 

http://sourceforge.net/

 

 


Edited by blueicetwice, 14 October 2013 - 09:49 PM.


#11 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:05 AM

Posted 15 October 2013 - 03:26 AM

 

You should stay away from Download-dot-com or cnet. If you try to download something from there, a downloader program is downloaded instead which much be run to download the intended program. But that downloader also installs some other crap.

 

Very, very, good advice, Romeo....Download.com is owned by CNET, so everyone should stay away as they will include crapware on most d/ls... 

 

Hear is a good site for open source programs that are free and safe 

from junkware and more...

 

http://sourceforge.net/

 

 

 

 

Actually, SourceForge is also being misused by people. A few days ago I tried downloading a program from there, it turned out to be an opencandy bundle and there was no program inside it. I checked the source code files, but the author had not published any source code. So you have to keep your eyes open - do not download if the author has not included the source code, and try downloading the ZIP version not the installer.

 

We should download from sites where editors actually test the programs for its quality and malware before publishing online. There are many such sites like betanews, downloadcrew, majorgeeks, snapfiles, softpedia and more. They include open source programs, shareware and freeware.

 

Another good source of downloads is PC magazines sites where the editors really test the software and give their opinion.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 15 October 2013 - 09:59 AM

SnapFiles is another reliable downloading site I use from time to time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Codaeus

Codaeus

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 27 March 2014 - 05:05 PM

 

Its hard to say which download sites yet resist jumping on the malware bandwagon. I hear 'snapfiles' is clean, but proceed with extreme caution. Someone needs to draw up a blacklist of download sites that are puppets of OpenCandy, WhenU, and assorted nasties. Or maybe a 'clean list' of download sites that are okay.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 AM

Posted 27 March 2014 - 05:07 PM

These are popular and generally safe third-party download hosting sites for free software:
* MajorGeeks
* SnapFiles
* FileHippo
* Softpedia
* Gizmos Freeware
* fileforum.betanews
* TechSpot
* BleepingComputer Downloads
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Clay L

Clay L
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 27 March 2014 - 05:52 PM

Thanks folks. I bookmarked the sites.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users