scuzzy Posted December 6, 2011 Posted December 6, 2011 (edited) [ Topic slightly hyped to get attention ] A heads-up for those of us who use the various freeware download mirrors on the Intarwebs: Cnet/Download.com has started wrapping the original Windows installer for various well-known freeware programs in a trojaned installer of its own devising. The Cnet installer does things like installing a "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN. Yes, the ImgBurn installer also offers similar 'bling', but in a non-sneaky way that is opted out by default and is easily avoidable if you don't want it (in my experience). Cnet has not been hacked - it's a change to their official policy. Their installer does apparently make it clear what they're doing (albeit that it opts you in by default), but is deceptive in that it gives the user something other than the clean original and genuine installer they were expecting to download. So long as your eyes are open and you don't blindly click 'Next' on the installer wizard screens then apparently you'll avoid the adware you didn't want. I'm posting this simply to warn about the new and changed behaviour. The new policy is documented here I learned about this issue from the NMAP users' mailing list: http://seclists.org/nmap-hackers/2011/5 which has a link to a story at ExtremeTech, dated August 2011, about the beginning of the new behaviour : http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations Users report that downloads of the latest version of VLC from Cnet are now being wrapped, and all new versions of other programs will get the treatment as they are released. ImgBurn does not include Cnet/Download.com in it's official list of mirrors. Edited December 6, 2011 by scuzzy
Cynthia Posted December 6, 2011 Posted December 6, 2011 Never had any issues with downloading stuff from them. Perhaps if you are trigger happy... 7. Are any additional items installed on the users machine? The Download.com Installer does not install itself on the user's system and does not leave behind and additional components. If the user accepts an offer for 3rd-party software during their download the additional items that they've agreed to will be installed on their system.
scuzzy Posted December 6, 2011 Author Posted December 6, 2011 Never had any issues with downloading stuff from them. Perhaps if you are trigger happy... Me neither (and they always used to be on my "trusted" list of download sites). Then again, they only started doing this sometime this Autumn, and I haven't downloaded anything from them since early this year. I blame the bankers
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now