Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Download.com offers adware-free downloads only to Chrome users


  • Please log in to reply
31 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 25 February 2015 - 02:29 PM

In 2012 it was reported that CNET's Download.com started wrapping safe 3rd party software with an installer that would also install adware unless a developer opted out. This allowed CNET to generate extra revenue for each installation of an adware program on a user's computer. It appears, though, that even for downloads that are commonly bundled with the adware installer, some browsers are giving their users safer and preferential treatment. This is the case for users of Google's Chrome browser who are only offered a clean adware-free download. On the other hand, if you visit the same page with a different browser such as Internet Explorer, Safari, SeaMonkey, or Firefox, you will instead be given the adware installer version.
 

different-download-options.jpg
Same page offering Chrome the Secure Download and Internet Explorer the Installer
Click on image to see full size version.


When downloading from Download.com it is possible to differentiate whether or not an offered program is a clean download or an installer. This is done by looking at the text under the Download button on a download page. If the text is Secure Download, then the download is not wrapped with CNET's adware installer. On the other hand, if it states Installer Enabled, then that means that the download will use the installer and prompt you to install adware. You can see examples of these download buttons below. It should also be noted that just because it states Secure Download, does not mean the program will not have adware bundled by the original developer. It just means that the program will not use CNET's adware installer.
 

download-types.jpg

Secure Download and Installer Enabled download options.
Click on image to see full size version.


When examining the download page for KMPlayer, the third most popular download on Download.com, I noticed that CNET would offer me a secure download if I was using Chrome, but the Installer version if I was using Internet Explorer. At the time of this writing, the KMPlayer Installer version would not only install KMPlayer, but also Spigot, Slick Savings, StartPage, Ebay Assistant, and changes your browser to the Yahoo homepage. I then checked with an older version of Opera, the latest Firefox, and the latest Safari and they too were offered only the adware Installer version.

When testing further it was discovered that Download.com will offer a clean and secure download if a browser's user agent contains the word Chrome in it. A browser's user agent is a unique string sent by a browser to a web server when browsing web pages. This string can be used by the server to determine what browser and operating system the user is using. For example, the user agent string for the latest Chrome is:
 
Chrome: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
To further test this, someone tested going to the KMPlayer download page using the latest Opera, which is based off of Chrome. When they browsed to that page, they too were offered the Secure Download version because their user agent string contains the word Chrome in it as well.
 
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.89 Vivaldi/1.0.83.38 Safari/537.36
Last, but not least, we tried a simple experiment of installing an add-on in Chrome that allows us to change our user agent so a web site thinks we are different browser. When we changed our user agent in Chrome so that it was pretending to be Internet Explorer 9, Download.com immediately started offering the adware Installer versions of their downloads as shown in the image below. Once we switched back to the default Chrome user agent, we were no longer offered the installer.
 

ua-spoofer.jpg
Chrome masquerading as Internet Explorer 9 and being offered the Installer
Click on image to see full size version.


As you can see, any Download.com visitors, other than those using Chrome, will be offered a download that contains adware that can not only slow your computer, but also cause security issues. Chrome on the other hand has a much safer download experience.

It is unsure at this time whether or not Google and Download.com have an agreement in place to only offer clean downloads to Chrome users. It is also possible that Download.com is doing this to avoid being constantly flagged by Google Safe Browsing. We have reached out to Google regarding these questions, but have not heard back as of yet.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 25 February 2015 - 02:33 PM

I don't know if I should say "good" or "bad" move to Download.com because of that. At least one thing is sure, if I ever have to download from Download.com or have to refer someone to that website to download something, I'll tell them to download the files with Google Chrome so they won't get the bundled installer.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 RolandJS

RolandJS

  • Members
  • 4,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:51 PM

Posted 25 February 2015 - 02:36 PM

Do you guys and gals here recommend unchecky from unchecky.com?  It has worked for me very well.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 25 February 2015 - 02:37 PM

I see some malware removal helpers and Staff members recommending Unchecky here, however it can't be used against "hidden" bundled programs, only the ones that are obviously appearant so you still have to be careful.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 RolandJS

RolandJS

  • Members
  • 4,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:51 PM

Posted 25 February 2015 - 02:54 PM

I see some malware removal helpers and Staff members recommending Unchecky here, however it can't be used against "hidden" bundled programs, only the ones that are obviously appearant so you still have to be careful.

That's why I always use advanced or custom install when offered a choice.  Hidden bundles are difficult to catch on the fly.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#6 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:03:21 AM

Posted 25 February 2015 - 02:58 PM

So the unfair trade off between google and cnet can be easily determined.
Convenient options for whitelisting on safelist...
I try my best to drive users away from such sites....
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#7 howtogeek

howtogeek

    HowToGeek.com


  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 25 February 2015 - 03:07 PM

The reason they do this is very simple. Chrome blocks many of these crapware-bundled downloads from actually downloading, which makes them look really bad.

 

img_54ec8b8e88cd5.png

 

Google has recently started taking more aggressive measures against bundled crapware.

 

What's much worse is that now I've noticed that the CNET Download installer sometimes doesn't provide a "Decline" option for crapware. They just have Install and Close.



#8 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 25 February 2015 - 03:29 PM

Thanks for offering your insight howtogeek. I actually discovered this when looking around download.com after reading your great article at your site:

Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware
 

The reason they do this is very simple. Chrome blocks many of these crapware-bundled downloads from actually downloading, which makes them look really bad.


Had a feeling this was the case. What's the point of pushing the installer when Chrome is just going to block it?
 

What's much worse is that now I've noticed that the CNET Download installer sometimes doesn't provide a "Decline" option for crapware. They just have Install and Close.


Interesting. Do you have any examples of this? Didn't find any when I was playing around, but would love to check it out.

Welcome to the site!

#9 howtogeek

howtogeek

    HowToGeek.com


  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 25 February 2015 - 06:19 PM

I do have some examples, new article is going up in a few hours :-)

#10 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:51 PM

Posted 25 February 2015 - 06:49 PM

Looking forward to reading it!

#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:51 PM

Posted 25 February 2015 - 07:07 PM

Sounds good, but I don't use CNET Download anyway.

Alex

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:51 PM

Posted 25 February 2015 - 07:19 PM

Do you guys and gals here recommend unchecky from unchecky.com?  It has worked for me very well.


Please note that this program is a beta version of a product and not completely tested to ensure its stability or reliability.

What is beta software?

After an initial round of in-house testing, software publishers often release new programs to be tested by the public. These pre-release versions are called beta software, usually denoted by a "b" in the version number, e.g., Netscape Navigator 2.0b5. Since the publisher couldn't possibly test the software under all possible conditions, it is reasonable to expect that wider use of the software may uncover problems that were not discovered during in-house testing. The publisher expects to be notified when users find such problems so that the program can be fixed before its official release.

In general, you should expect to run into bugs whenever using any piece of beta software. These bugs may range in severity from minor features that don't work to problems that cause your computer to crash. You should decide whether the benefit of new features in a beta program outweighs the risk of program instability before choosing to use a piece of beta software. You should also be aware that UITS will not have thoroughly tested beta software, nor will the software be guaranteed by its maker, so you should not expect the same level of support as you would receive for an official release version of the program.


Beta version software is useful for internal demonstrations, testing and previews to select customers, but may be unstable and not yet ready for a release candidate stage. The goal of a beta program is to collect information regarding the performance, quality, stability, and functionality of new products in order to iron out the bugs before they are released to the general public. If you choose to use a beta program, you use it at your own risk.

For more information about beta programs and software release stages, please read Software release life cycle

The only way to know this is by checking the version number in the app. I have not found it anywhere on the site that it's beta.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 PM

Posted 25 February 2015 - 07:25 PM

The Unchecky website doesn't mention it being a beta. For that information you have to read Introducing Unchecky on RaMMicHaeL's Blog.

You can get a beta version of Unchecky at unchecky.com.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,684 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:51 AM

Posted 25 February 2015 - 11:40 PM

 I am not defending company’s that bundle 3rd party software with free ware. I do understand that these people need to earn an income, They should however be more  open and honest  about it, They should also vet the bundled software to make sure that it actually works and is not scare ware, or Superfish.

 

If this thing between Cnet and Google keeps rubbish of users PC's then I am all for it, and if both Cnet and Google can make a few $$ along the way while keeping PC users safer online then I am all for that too.

 

But above all else, these company’s should always have the privacy safety and security of its customers/clients/visitors as it's main priority

 

As I was once told.

Primum non nocere



#15 bludshot

bludshot

  • Members
  • 657 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 26 February 2015 - 12:27 AM

I stopped downloading things from cnet download a couple years ago when I noticed they were not giving the pure downloads but instead offering their own installer with crapware. Now I just (occasionally) use the site to browse for interesting software, and then I go download it at a clean location such as the author's website or majorgeeks.

 

There is an add-on for firefox that lets you choose what browser you appear as (IE, chrome, etc), so if firefox users want to use download.com and avoid crapware and avoid chrome (both things I avoid like the plague) then they could do it that way.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users