Avast WEBforum
Other => General Topics => Topic started by: mvandemar on December 07, 2011, 08:53:20 AM
-
I was just reading up on how CNet's Download.com was wrapping all of the downloads in their own installer, which in turn was then installing spyware on client's computers:
http://insecure.org/news/download-com-fiasco.html
As I was checking out some of the downloads mentioned in the article I noticed that Avast was listed as the second most popular download on the site. I went to the Avast page there and checked, and sure enough the downloaded file was named "setup_av_free_cnet.exe", so obviously something has been added to the installer. I am on a Linux box and was unable to run the executable under wine (it errored out trying to open the self-extracting archive), so I don't know exactly what the installation screen looked like in this instance. I am curious though, are the authors of Avast aware of this custom bundling and the issues with CNet distributing spyware? If so, what is their opinion on it?
Thanks.
-Michael
-
As far as i'm aware, no, avast! is not wrapped into C|net garbage (at least i never got it wrapped).
-
No, it never gone bundled with CNET.
Hope it never will.
-
The avast! download was always clean.
I've only gotten their downloader once when I wasn't signed in on their Site.
Since I'm a member of their forum and while I'm logged on,
I've never gotten anything except the actual download I requested.
-
There is no way I would sign up to a forum and be logged on just to avoid their cr*p. I would just rather avoid cnet.
Whilst avast isn't meant to be in their wrapper, that policy at cnet could change. This is what has always concerned me when the user starts to blame avast for the associated cr*pware additions.
-
There is no way I would sign up to a forum and be logged on just to avoid their cr*p. I would just rather avoid cnet.
My membership goes back to long before they started adding crap to the
mix of what they offered. :)
-
Yes, I'm aware of that, but I haven't got that and there is no way I would/should sign-up to avoid what shouldn't be there, easier to avoid cnet ;D
That is also why you won't see me on the cnet (avast sub-forum) forum.
-
Yes, I'm aware of that, but I haven't got that and there is no way I would/should sign-up to avoid what shouldn't be there, easier to avoid cnet ;D
That is also why you won't see me on the cnet (avast sub-forum) forum.
No arguments Dave.
By the way, up to now, it's been a very quiet "avast sub-forum) ;)
-
There is no way I would sign up to a forum and be logged on just to avoid their cr*p. I would just rather avoid cnet.
I'm registered there, but I won't login for each download I want. I've moved away.
-
So to get a 'clean' download, you have to be logged in at cnet?
Otherwise you get the bundled nonsense?
-
What about the Avast devs though? Are they aware that CNet is doing this in general? Isn't using CNet as their main download supporting them?
-
What about the Avast devs though? Are they aware that CNet is doing this in general? Isn't using CNet as their main download supporting them?
There is a another concurrent thread on the subject. Vlk posted there: http://forum.avast.com/index.php?topic=90003.msg716301#msg716301
-
What about the Avast devs though? Are they aware that CNet is doing this in general? Isn't using CNet as their main download supporting them?
We have mentioned this in another topic when cnet started bundling this cr*p. Over and above the link Scott gave.
-
There is a another concurrent thread on the subject. Vlk posted there: http://forum.avast.com/index.php?topic=90003.msg716301#msg716301
OP can't read there..! ;)
-
There is a another concurrent thread on the subject. Vlk posted there: http://forum.avast.com/index.php?topic=90003.msg716301#msg716301
OP can't read there..! ;)
Heh, no, he can't :P
Is it permissible to quote some of the discussion from there, get an idea of what the sentiment is from the devs?
-Michael
-
Is it permissible to quote some of the discussion from there...
Sorry, but it isn't.
-
Ahhh...I'm very sorry about that, I thought that was in the general forum.
I rarely browse the forum by subforum so I end up not knowing where I am.
-
Is it permissible to quote some of the discussion from there...
Sorry, but it isn't.
What about a general paraphrasing, or posting in that thread asking if anyone would like to share their opinion here?
-Michael
-
What about a general paraphrasing, or posting in that thread asking if anyone would like to share their opinion here?
I leave the decision/answer to Scott, as he started this. ;)
-
Even KrebsonSecurity blogged about this:
Download.com Bundling Toolbars, Trojans?
http://krebsonsecurity.com/2011/12/download-com-bundling-toolbars-trojans/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
-
Apparently CNet posted an update stating that open source software should never be bundled with the spyware (although of course they did not admit to the extra stuff actually being spyware), and that they would fix that aspect of it:
https://plus.google.com/109412257237874861202/posts/CeJwHLpsDvn
-Michael
-
they did not admit
Lose of trust and confidence.
Lack of acknowledgment. Lack of professionalism.
-
Apparently CNet posted an update stating that open source software should never be bundled with the spyware
When this whole stink started, before I said goodbye to Cnet, that was the first question I asked on their forums, if they were going to bundle open source programs with the wrapper, and if they understood the implications of doing so.
Clearly, they do not care. They now have it in their minds to throw ethics out the window, up to the point someone forces their hand.
More damage control;
http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-the-download.com-installer/
-
Like you Gargamel360 I also opposed the Down-loader bundle.
http://download.cnet.com/8618-2007_4-57338809.html?communityId=2012&targetCommunityId=2012&assetTypeId=12&blogId=12&messageId=11680116&tag=mncol;tback (http://download.cnet.com/8618-2007_4-57338809.html?communityId=2012&targetCommunityId=2012&assetTypeId=12&blogId=12&messageId=11680116&tag=mncol;tback)
-
More damage control;
http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-the-download.com-installer/
Further on the point of user engagement, we are removing the registration requirement to use the Direct Download Link on our site.
They're realizing the mess they've got into...
-
I created a topic over there and this is what I received back. The full topic can be found at,
http://forums.cnet.com/7723-12543_102-550630/download-com-wraps-in-their-own-installer-ads-spyware/?messageId=5247572&tag=nl.rCOMBINED#message5247572
Answers
by MarkFlax Moderator - 12/18/11 5:23 AM
In Reply to: Download.com wraps in their own installer? ads spyware by DADSGETNDOWN
1] Is Cnet using a wrapper ? - Yes, but not on all software. The Download.com team decides which software to offer via the installer and software developers themselves can 'opt-out' of Download.com using the installer for their files.
2] Does it contain ANY kind of spyware or other maybe even tracking stuff ? or malware etc. ? - No.
But that's not the full picture. CNET's installer will offer 'one' software title as an extra, usually a browser toolbar or some such thing, and it is this that may be caught by some anti-virus scanners. These are false positives and if the installer file is uploaded to Jotti or some other online resource which scans the file with all the known and recognised anti-virus scanners while you watch, you will generally find that one of the scanners mark it as spam, or none do. Also, if you send the file to your anti-virus developer they will check and confirm the result is a false positive.
That said, some browser toolbars, search toolbars, etc do track the user as part of their service and function.
Finally, although the option to download the additional software title is checked by default, (I would wish it was 'unchecked' by default), and when the installer is run, the user can watch the process and opt-out if they wish.
3] Is there a difference between downloads when Logged in and not logged in ? - Yes
If the installer is wrapped around the software a non-member selects, there is no option but to use the installer. However, members who log in will be offered a "Direct download" link, (just underneath the green Download Now button), to use if they so wish. If there is no 'direct download' link showing for members, I assume that the software selected is not wrapped in the installer.
I hope that helps.
Mark