Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is There a Safe Way to Download Freeware?


  • Please log in to reply
38 replies to this topic

#1 LittleGreenDots

LittleGreenDots

  • Members
  • 449 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:06:32 PM

Posted 12 December 2014 - 06:10 AM

I recently downloaded Filezilla from sourceforge only to learn (immediately) that it came bundled with a browser hijacking program.  I had thought sourceforge was a safe and reliable download site.  Now I know differently.

 

There is a program only available from sourceforge called Mindplane (seems to only be available from sourceforge.)  I really want it as it looks like the perfect choice and I have done a lot of research on mind mapping programs.  Is there any safe way to get that program?

 

I heard about a program that installs a simulated Windows XP on your computer and it isolates downloads before they have a chance to open up on one's hard drive.  I watched a video on installing the program (VirtualBox by Oracle) and it was a complicated process for a non-techie like me.  

 

Would it work?  Any other options?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 PM

Posted 12 December 2014 - 06:22 AM

With CNET, BrotherSoft, Softonic, FreewareFiles and Tucows and similar third-party download hosting sites, you always have to be careful with deceptive download links and bundling of software. Clicking on the incorrect link may redirect to another download site which uses heavy and confusing advertising with more download links. On almost every site, including safe software download sites, you may encounter an obtrusive green "Download Now" button as a type of advertisement. These buttons ads come from third party ad networks and work well because many users are capricious by nature. Clicking on one of these "Download Now buttons" (thinking its the one you want) often results in downloading a program the user did not intend to download. In some cases, bundled software may be included in Installers or Downloaders found at these hosting sites which often be the source of various issues and problems to include Adware, pop-up ads, browser hijacking which may change your home page and search engine, and cause user profile corruption.More information and Best practices for downloading software can be found in this topic:
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
 

Downloading TIPs - Best practices:
1. Always try to download software directly from the vendor's official home site. Look for and read the End User's License Agreement (EULA) carefully as well as any other related documentation.

2. Sometimes looking at the name of the setup file before saving it to your hard drive, will give a clue to what you are actually downloading so you can cancel out of it. If the file name does not appear correctly, do not proceed. This is especially important when using third-party hosting sites which are known to use special installers which bundle other software. Some third-party hosting sites like CNET.com publish a Software bundling Policy which you should always read.

3. Take your time during installation of any program and read everything on the screen before clicking that "Install" or "Next" button. Even then, in some cases, this opting out does not always seem to work as intended.

4. Turn on file extensions in windows so that you can see extensions. A common tactic of malware writers is to disguise malicious files by hiding the file extension or adding spaces to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. Microsoft does not show extensions by default.

5. If you must use CNET or similar sites, check the digital signature of the .exe file you download for validity and who actually signed it. Doing that will let you know if the file has been changed.

6. TIP: Open your browser, go to View > Toolbars and check the Status Bar box (Internet Explorer) or Add-on bar (Firefox). If you place your cursor over a link, the actual URL address will show up in the Status Bar or Add-on bar at the bottom of the browser window.

7. TIP: When searching for free software, visit the vendor's website and look for a "slim" or "zipped" version of the product as they generally are stand-alone applications that do not bundle or install anything else.

As more and more legitimate vendors are bundling software to recoup business expenses, folks need to take some personal responsibility and educate themselves about this practice.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Rrocha

Rrocha

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 12 December 2014 - 06:23 AM

did you read with attention the options that you got from filezilla ?

And a browser hijacker is not that hard to remove, you can download and after run the malwarebytes i guess.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 PM

Posted 12 December 2014 - 06:31 AM

If you think your may have picked up some adware/PUPs, the first step is to check Programs and Features (Add/Remove Programs) in Control Panel for newly installed junk software and remove anything you do not recognize or did not download recently. In most cases, using the program's uninstaller not only removes it more effectively, but it also restores many changed configuration settings. Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:11:32 PM

Posted 12 December 2014 - 08:49 AM

Unfortunately, sleazy stuff that comes bundled with legitimate downloads don't always present for removal easily, and sometimes even actively resist removal.

 

Recently, a colleague at work got hit by the Ask toolbar and I saw it when helping him out with something else.

I didn't waste any time: I got hold of HijackThis (a tool that is now very much "yesterday's tool" but effective against stuff that doesn't busy itself deeply, but generally not used for malware removal any more) and used that to rip it out.

It had installed services to prevent you from changing your browser's home page to a decent search engine and also from uninstalling the BHO and toolbar.  Finally got rid of the thing, however and gave him some advice on preventing it in the future.


Edited by Angoid, 12 December 2014 - 08:50 AM.

Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 PM

Posted 12 December 2014 - 08:58 AM

The Ask Toolbar was one of the first pieces of garbage to be included in software when bundling first began. At that time it was relatively easy to remove. One characteristic of this junkware today is that they insert themselves (components) into various areas throughout a computer's operation system to include browsers, hidden folders and windows registry. As such it is not uncommon for security scanners to detect numerous files, folders and registry settings after repeated scans are performed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 PM

Posted 12 December 2014 - 01:04 PM

There is a program only available from sourceforge called Mindplane (seems to only be available from sourceforge.)  I really want it as it looks like the perfect choice and I have done a lot of research on mind mapping programs.  Is there any safe way to get that program?

 

Unfortunately, Sourceforge has also started to bundle software. Although I'm not sure they do it with every download.

 

I can't find Mindplane on Sourcefore. Maybe you mean FreePlane?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 PM

Posted 12 December 2014 - 01:39 PM

Yea... I found Freeplane on sourceforge.net but not Mindplane.

I also found Freeplane at freeplane.org/wiki and softpedia.com which is generally a reputable site.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 PM

Posted 12 December 2014 - 02:03 PM

Freeplane has a valid digital signature by the lead developer. So SourceForge has not altered the executable.

 

If this is what the OP is looking for, I'll give instructions to check the signature.


Edited by Didier Stevens, 12 December 2014 - 02:03 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 12 December 2014 - 04:10 PM

Plenty of safe ways to download free programs or other content, below are the rules i always stick to:

1. run an ad blocker, a lot of download sites include fake download buttons, this will stop them, running noscript is alos helpful
2.when downloading software only do it from the official source (the company, open source organisation or individual developer) not via third party sites
3.when downloading software which is free it might well be unsigned, many open source softwares (blender and gimp for exmaple) are not signed so you will need to go to extra lengths to verify it is correct. Provided the file is small you can upload it to virustotal and let them scan it, they also have opinion ratings and comments which might let you compare previous user experiences
4.When downloading software also serahc for the name of the software on google and for the software site on web of trust, see if you get particularly bad sounding rumours from either
5.downloading other free content, zip archives, video content, audio, 3d model files (they are the thing i personally download most often) is safer than downloading software but it is always wise to scan the downloaded file with your antivirus and with a second opinion scanner (like malwarebytes) before opening.
6.always make sure "show file extensions for known file types" is shown in windows file explorer, this way you will be able to tell if someone has tried to disguise a potentially dangerous file type (like .exe or .scr) as a safe one (like .jpg or .avi). Any files with false extensions shold be assumed malicious, why would a legit person give out files which claimed to be a different type than what thye truly are?
7.don't use internet explorer, use firefox or chrome, both are better protected against exploits and vulnerabilities
8.when you see a download link always check the adress the link is going to by hovering your mouse over it, if it is going to a site different than the one you are downloading from then it might well be a fake download link
9.when you have downloaded software and confirmed it is safe with your own antiviruses and with virustotal make sure to go slowly through the custom options for installation, so you can uncheck offers to bundle toolbars along with it
10.checking digital signatures is a good idea where possible, i personally don't know how to do it though, and it can occur that legitimate exe files are not signed(when the developer is a small group or an individual rather than a big corporation)
11.if something feels suspicious, treat it as being so, if you get a gut feeling of "this isn't right" stop and look at alternative programs or download sources for it where possible
12.always save the files you download (whether they be exe files, zip files, images, videos or audio) and scan them before opening, do not choose the option which firefox and internet explorer offer to "open" the file, "save" it instead.
13.when checking through the EULA specifically look for contact details given for the developer/company, do they match the contact details you already knew or the sort of thing you would expect? if not be very suspicious.
14.before opening an exe file right click on it and look at the properties tab, see if the file name, publication date, copyright, original file name and such match what you would expect.
15. a virtual machine would certainly be a good idea but it isn't practical for everyone, if you can use one it would help you test the software in an environment where if you find it malicious you could just close the virtual machine program and kill of the dodgy software.
16. if two different software programs exist that perform the same sort of function and one is from a developer you have heard more good things of or personally used programs from before then try that software before the one from the developer you are less familiar with

Edited by rp88, 12 December 2014 - 04:11 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 PM

Posted 12 December 2014 - 04:51 PM

Yes the safest practice is to use the vendor's official home site or an authorized mirror...but in some cases, they too will redirect you to another hosting site which practices bundling or uses confusing advertisements resulting in downloading software you did not intend to download. In fact even if you download and install legitimate software from a direct source it is still possible for the vender to bundle unwanted software into the package and you may not be aware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 13 December 2014 - 01:23 AM

I was going to ask "Did you mean Freeplane?" but see Didier has already covered.

 

At alternativeto.net, here, you can also find cross-platform alternatives to freeplane. Including Linux and Mac OS.

 

I work entirely from Linux (no Windows), so may check one out.

 

Good luck!

 

:wizardball: Wizard



#13 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:32 PM

Posted 13 December 2014 - 03:48 AM

Recently even FileHippo (who I used and trusted... to a point...for years) has begun "offering" downloads via Installers:
 

http://www.thewindowsclub.com/filehippo-starts-offering-downloads-via-installers

http://www.lifehacker.com.au/2014/07/is-filehippo-going-to-introduce-a-download-manager/

 

What is the FileHippo Download Manager?

 

>>>The FileHippo Download Manager delivers software straight from our supercharged servers to your computer. The Download Manager allows us to use multiple network connections at the same time to guarantee you the fastest, safest delivery possible.

During this process, the Download Manager may offer you other free applications provided by our carefully chosen partners. These offers are completely optional and you are not required to install any additional applications to receive the software you selected.
...
Do I have to use the installer?
No. All FileHippo Installer Enabled products have a Direct Download Link that you can use instead of the Installer.
<<<


Edited by Union_Thug, 13 December 2014 - 03:53 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 PM

Posted 13 December 2014 - 09:35 AM

FileHippo has been removed from my list of safe sites.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:11:32 PM

Posted 15 December 2014 - 06:13 AM

I'm disappointed in FileHippo for that.  I've often used that site, but not recently as I don't get downloads from the Web very often (the last one was a few weeks ago and it was SQLite, a nice geeky download for you).

 

@rp88:

 

+1 for "1. run an ad blocker, a lot of download sites include fake download buttons, this will stop them, running noscript is alos helpful"

It seems that many sites don't manage their advertisers directly, it is outsourced to third parties.  Those third parties may not vet the companies that advertise with them, leading to 'malvertising' that the reputable site would never allow if they knew.  As a result, ad blockers are pretty much a necessity nowadays but it's such a pity that reputable and legit companies end up paying for shady practices.

 

+1 for "6.always make sure "show file extensions for known file types" is shown in windows file explorer..."

I really don't know why that option is set to hide known extension by default.  It's the first thing I go for to change.


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users