In a recent site update, CNET Download.com listings have begun redirecting product download links for popular freeware and opensource applications to their own “downloader and installer” utility which bundles a number of adware components alongside the requested application and changes the users’ homepage and default search engine to Microsoft Bing. Freeware authors are sending CNet cease and desist orders demanding virgin download links, something affected open source developers may or may not be able to do due to FOSS license terms.
This really bums me out. I’ve used CNET as a trusted site for years to download software. The changes they’re making make me feel I’d better search again for a reliable, single-stop location for Windows downloads. Really sorry to see CNET change their procedures.
FileHippo is probably the most professional and cleanest, and only hosts the good stuff. Softpedia is also clean and good, but with a far less-curative approach, and only hosts the most popular packages themselves – other downloads will link to the authors’ sites.
Edited 2011-12-06 23:00 UTC
Thanks for the good info.
Meh. After Gerstmanngate happened in 2007, I knew they had sold out, so I wouldn’t trust those guys for shit.
The reason why they changed them seems to be because of the users, or to be correct: for the users.
A hint is given here:
http://www.extremetech.com/computing/93504-download-com-wraps-downl…
That article also mentions that downloads starting with a cnet_ prefix provide “extra functionality”. For example, if you get nmap (a well-known network exploration tool and port scanner, available on many OS platforms), you get some “extras” provided by the installer: On your PC it will install a “StartNow” toolbar, change your search engine to MICROS~1 “Bing”, and also change your home page to MICROS~1’s MSN. That’s definitely not what you expect when installing nmap!
Obviously, installing things from source seem to be more secure, but they are not the typical thing to do on a “Windows” PC, or at least from a trusted source installing from precompiled binary packes (e. g. directly from the OS vendor or from a mirror of the initial provider of that program) – again, that’s also not a typical “Windows” thing. Please note that I’m not a “Windows” person so you may see the previous sentence in exactly that context – non-judging and purely technical.
However, you often have to re-think who you trust regarding downloads and programs.
I too am not a Windows person. If anything, I try to side with the best interests of ordinary people.
In view of this, I note your comment: “However, you often have to re-think who you trust regarding downloads and programs.”
I couldn’t agree more. The problem, as I see it, in the Windows world where obfuscation of what one is being offered is the absolute norm, is that ordinary users have absolutely no way to know who they can trust.
This particular trend of middlemen like CNET taking Windows FOSS software (which once was like a badge of trustworthiness) and effectively turning it into anti-user software (malware is perhaps too strong a term) is a grave concern.
IMO, the only software one can truly trust, as an ordinary user, is FOSS software that is obtained directly from the source (it can be pre-compiled, but only if the corresponding source is also available, for vetting purposes). In the Windows 98 era I once trusted middlemen sites like CNET as a source of Windows software, but it didn’t take long for them to lose my trust.
As the old saying goes: “Fool me once, shame on you. Fool me twice, shame on me”.
It is such a shame that Windows users, these days, have no choice but to trust those who can’t be trusted.
DO NOT USE WINDOWS, as easy as it is. Learn to compile an app, read some tech stuff, it opens your mind, you CAN NOT trust anyone in this days. Do yourself a favor and use OSS (mainly at OS level, without bloated shit full of propaganda) as much as you can
Oh the irony.
In 2008, Apple and Microsoft spent almost two billion dollars on advertising. I suspect more recent figures are higher. I don’t know what their spend-up on government lobbying is.
I guess in a magic-fairy world none of that is propaganda.
Well, at least sure I’m promoting a good cause, and not invading your HDD with crap as others do sometimes even without you noticing it.
Just go to Download.com if that’s what you’re used to, find a program, and click the link the the developer’s home page. Alternatively use one of the dozens of download services that people are likely to mention. Either that, or just look it up on Google and get to the author’s page that way.
I haven’t regularly used Download.com for probably a decade or more, and I ditched Windows back in 2006, but even then… on my last days of using them I just went to Download.com to search for new programs and went to the official website from there. I figured, it could be a good “search engine” to find programs of the type I want, and hell… if it’s on Download.com, it must be safe to run and install and malware-free.
Now… it looks like that line of thinking will get Download.com users a browser hijacker and some adware. Disgusting… a huge company using their reputation-built powers and user base to shove shit down their own users’ throat. If I did still use Windows… I would never use or recommend the site again. Said, because back in the late 90s it was pretty damn useful (and trustworthy).
Edited 2011-12-07 07:31 UTC
Yeah, it was really good in the late 90’s and early 2000’s, they actually went to great length to reassure us that their downloads are ad- and malware-free. Oh, how times have changed. Anything for a bigger buck, even betraying that carefully over more than 10 years built up trust.
Well, I suppose it’s still good for reading (and leaving) reviews. Some of their downloads are quite out of date these days anyway, much better of going to the original site.
Yep. Way back then, I used to actually trust all of the software they hosted to be tested for malware of any kind and safe for installation; otherwise it would never make it on the site. They were strict, and that’s how it should be. They really cared about their service and users. No more. These days, giant dollar signs cloud their view.
I’ve personally never gained anything from the reviews at the site though, so I can’t agree with using it to look up opinions of software. IMO, trying it out yourself is the best way… and back when Download.com was trustworthy and did their job (make sure everything was malware-free and safe for their users), the site really was good. These days… you’re better off getting information about a program (at least many free and open source ones) directly from its official site; sure, they’re not reviews (IMO those tend to suck anyway), but many good programs give a good overview including a description, feature list and screenshots.
I would have to agree with whoever it was that said to try MajorGeeks.com… it is a good site, and has been for quite a while.
Edited 2011-12-08 06:33 UTC
The “recent site update” was back in July…
http://www.extremetech.com/computing/93504-download-com-wraps-downl…
http://cnet-upload.custhelp.com/app/answers/detail/a_id/2064
Edited 2011-12-06 22:48 UTC
The worst part is that most of my downloads comes from sites like CNET, Softpedia, Nonags and the like (there’s hundreds of them actually). Only a small fragment of users actually visit my website to get the software.
I try my best to tell users to only trust us (preferably with https) and use checksums to verify the software. But without these websites no one will find us.
Being a small hobby project, without any marketing budget, there’s just no way to reach users without these websites. It’s a shame they trick users with stuff like this, or big ads consisting of a single, big “Download” button placed directly under our name.
Just got a mail from CNET. Appearently it will be made opt-in for us developers:
1- Always download stuff from a trusted place.
2- if you use Linux then use your distro distribution mirrors.
3- use Free Software. With Free Software at least you get to see the source code and know what the program is doing, so is unlikely that you will be infected, etc.
Edited 2011-12-07 06:28 UTC
2. Fully agree. That works almost perfectly for Linux and Microsoft Updates and Apple Updates and all recent appstores.
1. The problem is that download.com USED TO BE a trusted source
3. “Nobody” ever reads the source! Most people don’t even read the manual and the source is complete jibberish to normal people and WAY to big and complicated for most geeks. Having the source available is a good thing but doesn’t help much against problems like this
3. Ummm… did you read the article. This happened with OSS software.
Technically it was re-packaged OSS hence the use of an install wrapper to bundle other crap with it. The issue is not open or closed source development models but the middle-man distributor exploiting the original developer and the end user recipient.
I agree that the OP’s #3 does not apply since it was probably distributed by Download.com without the source code and because bundling a program in a wrapper is not specific to the development and licensing model of the original program.
What I would suggest for #3 is that availability of source would have resulted in this being detected far sooner if not completely detering the middle-man from trying this in the first place.
– the program source would be reviewed or, at minimum, compiled and compared to the bundled binary by someone
– the distribution packaging would be easily decompiled for review or one compiled for comparison. eg. grab the original source tarball, compile it into a .deb and see if it matched the middle-man’s .deb or not.
Both of these also relate back to #1 and #2 though; a reputable distribution’s repository maintainers are doing the testing and a reputable distribution can be trusted else it does not remain reputable. (I’ll trust Debian’s repository processes far sooner than I’ll trust Gentoo’s)
Who knew? I thought most people Just used Google to find the software they want, then download it from the developers site.
Yes, well… they have to know who developed it… then be able to recognize the developer’s site, Google results aren’t as clean as they used to be…
One thing I like about DuckDuckGo is that they place the official site in first place and clearly labeled as such.
… there are some developers that use Download.com to distribute their software.
And most people don’t care the least how they get the software, they just want it. Same mentality that makes them think they’re completely safe with a “Total Security” anti-malware suite…
Personally, I don’t use Download.com anymore because of this crapware they distribute. Nor I download from Adobe anymore for the same reason.
One site I can recommend is MajorGeeks.com. Been a great download site for years now… lets hope it stays that way.
Hi,
Just wondering who should be responsible for the cost of providing the download? Where does the money come from?
If users had to pay to download free software, um, let’s just say I can’t see that working too well. If people who create free software had to pay, then I’d imagine a lot of good free software projects disappearing (or shifting to shareware or something).
That only leaves charities and advertising sponsored sites. If there aren’t enough donations to cover the costs, or if you’re not making enough from advertisers to cover costs, what do you do then?
– Brendan
Lying about why you made the changes is not the way to go though.
CNet and affilliated websites are all packed full of advertising as is download.com. They are already getting paid to run the service and should not be trying to derive even more from taking bribes to bundling crapware let alone bundling that did not involve the software’s original developer. I don’t like it but I can accept CCleaner’s bundling of Google Chrome far easier than I can accept Download.com taking a clean CCleaner install from the original developer and bundling that with crapware.
Either way, what few things I have downloaded from download.com won’t be coming from there any longer. it is now strictly only a search service now; find the program, find the developer then go fetch it from the developer’s original location.
If only it was just software… The whole digital world currently seems to have broken economics.
One of the main reasons why I’m studying physics and not CS is that I hardly saw a worthwhile professional future in the later, outside of very few interesting academia positions.
Edited 2011-12-07 21:13 UTC
I have used them for years and even purchased software by there recommendations. No longer Cnet you f***ed this up and I am no longer a customer.
I wish the author of this blurb hadn’t used the word adware. This is clearly Malware. Its detected as malware by virus scanners. I know its a subtle difference. But calling it adware down plays the seriousness of the problem.
It’s not a subtle difference, it’s a huge difference. Adware are apps that I install and that show ads. Malware are apps that can cause harm.
Opt-in or Opt-out it doesn’t matter. All these major download sites will be doomed and irrelevant once the Windows Store gets into full swing.
http://www.h-online.com/open/news/item/Download-com-apologises-for-…
“The bundling of this software was a mistake on our part and we apologize to the user and developer communities for the unrest it caused” said Murphy, adding that the company had “reviewed all open source files in our catalog to ensure none are being bundled”.
Meh. I don’t use Windows anyway, and I would shun CNET’s download.com site if I were.