I posted earlier about how download.com was wrapping Paint.NET with their own download manager / installer which would install a toolbar or some other stupid thing. Thankfully this issue was resolved, although not without a few bumps (“yes we removed it” … 24 hours later … “no you didn’t” … 6 hours later … “OH sorry we’ve fixed it” … “damn right you have”).
“AngryTechnician” just tipped me off that now this issue is starting to get even more attention. It looks like they’re even wrapping Nmap, a free Windows utility for doing some kind of network security scan (which I’m not familiar with).
“It is bad enough when software authors include toolbars and other unwanted apps bundled with their software. But having Download.Com insert such things into 3rd party installers is even more insidious. When users find their systems hosed (searches redirected, home pages changed, new hard-to-uninstall toolbars taking up space in their browser) after installing software, they are likely to blame the software authors. But in this case it is entirely Download.com’s fault for infecting the installers! So while Download.Com takes the payment for exploiting their user’s trust and infecting the machines, it is the software authors who wrongly take the blame! Of course it is users who pay the ultimate price of having their systems infected just to make a few bucks for CNET.”
Apparently some antivirus software has gotten on the right side of this issue and are now classifying the CNET download wrapper as malware.
Now, here’s the hilarity. CNET claims that this thing “powers secure downloads”. If you read that post, it’s clear they’re grasping at straws.
“In addition to making our downloads more secure, it has extra features like the ability to pause a download and launch the software installer immediately after it’s finished downloading.”
Whoa there … I can pause downloads?! Stop the presses!
Look, CNET, this is not a great monetization tool for your partners. It’s a fucking virus and you’re trashing the goodwill and reputation of everyone around you in order to make a buck. One thing I realized early on is that is not how you build a career (it’s one reason why I refuse to do any type of bundling). This is not an exciting opportunity. Look at it this way: while you’re at the bar, sharing a drink with friends, and they’re talking about something cool they did or a tricky technical problem they solved at work, you are going to keep your mouth shut. Because you’re ashamed of your job.
For continued hilarity, check out the title of this blog post. O rly? “Be careful when downloading software?” Does that advice include editing your hosts override file so that download.com redirects to disney.com?
6 thoughts on “download.com getting more attention for spreading malware”
NMap is a popular cross-platform utility among network admins and hackers. It is more-or-less a port-scanner, but it does a lot more than just scanning ports; see http://en.wikipedia.org/wiki/Nmap#Features
…Did you spell ‘wrapper’ wrong?
“Apparently some antivirus software has gotten on the right side of this issue and are now classifying the CNET download raper as malware.”
I edited the post. Now I’m misspelling raper instead.
Ah, sorry. My mistake. 😉
Looks like CBS is putting the screws on CNet to generate more revenue.
If I were an investor, I’d probably make the same high-level request. I could not condone these means for that end, however.
Comments are closed.