Thursday, 31 May 2012

Download.com Serves Malware To Customers. It's easier to fall further down a hole than to crawl back out again.

--
[Updated 2012-05-31 @ 11:45 pm EDT]


The Windows side of Download.com has ruined its credibility in recent months thanks to its General Manager and V.P. Sean Murphy turning the site into a malware rat hole. At least that is the message from an April 24th article at Insecure.org:


Download.com Caught Adding Malware to Nmap & Other Software


Quoting from the article:

In August 2011, Download.com was taken on a new path by their General Manager and V.P. Sean Murphy. They started wrapping legitimate 3rd party software into their own installer which by default installs a wide variety of adware and other questionable software on users machines. It also does things like redirect user search queries and change their Internet home page. At first their installer forced people to accept the malware or close the installer (see screen shot of infected VLC installer in this article). Later they added a non-default "decline" button hidden way on the left side of the panel. Also, the initial installer shown in the previous screen shot claimed the software was �SAFE, TRUSTED, AND SPYWARE FREE�. In an unusual show of honesty, they removed that claim from the rogue installer.
(The bolding is mine in order to point out the apparent culprit-in-charge).

If this report is factual, the self-destructive behavior of CBS's CNET Download.com website is particularly disturbing to me as I have known the guys at VersionTracker for several years. Today I wrote to the creator of VersionTracker for clarification and he replied:
I don't know what they do on the Windows side as I'm not part of that group but I do know nothing gets wrapped or added to files on the Mac side.
I can verify that there is no evidence implicating VersionTracker's Mac software downloads. I am constantly running anti-malware on my Macs as part of my studies of computer security. None of the Mac software I have downloaded daily from VersionTracker has been infected with any form of malware. I am loathe to advise avoiding the VersionTracker aspect of Download.com. 

Nonetheless, anyone concerned about maintaining maximum Mac security might wish to consider using another software download website. Despite its own ethical failures, I can equally recommend MacUpdate.com

(Note: MacUpdate has, IMHO, been a deliberate and persistent marketing pawn of ZeoBIT, the shameful developers of MacKeeper. This problem has been made evident by MacUpdate's tolerance of ZeoBIT paid 4 and 5 star MacKeeper review bombing. I should point out that the VersionTracker has tolerated the same paid positive review bombing. Of course, compromised user reviews are a trivial issue next to infecting customer downloads with malware).

Sigh. 
The Spirit of the Age in business remains: 
Abuse Thy Customer.

No wonder our human world is stuck in an ongoing, long term economic depression. :-P


Thankfully, I continue to have faith in VersionTracker's Mac download sub-site over at Downloads.com.
--

No comments:

Post a Comment

Search