Journal Pancho Pistolas's Journal: CNET "selling" freeware...Booooo! 3
[I know I'm probably not the first one to notice this, but I'd not seen mention of it anywhere else.]
I recently got a link from a coworker for TrueCrypt. For those who don't know what it is, it's a free whole-disk encryption program, and it looks pretty nifty. Anyway, the link I got was through CNET and offered a "secure download". This turns out to be a 3MB file.
When I tried to install the downloaded file, it kicked off a multi-step dialog sequence that assured me my download was/would be(?) secure, and recommended I add a sequence of toolbars and other media crap with pre-checked opts-in. After I passed this (i.e., unchecked these options), it "started the download", where it informed me that I needed to turn off my firewall/adjust my proxy-server before it could resume the download (i.e., for TrueCrypt).
So I cancelled the install and then went out and found the authentic download link (from truecrypt.org). It was roughly same size file, with none of the above crap-- it was just a regular install dialog with NO TOOLBARS.
I now understand why CNET was flagged for possible malware content by our upstream provider on several occasions, and am passing on the warning. CNET's download area gives the look and feel of sourceforge (here's your file, here's some info on why you should load it), but they're effectively putting their wrapper around a freeware product executable to promote their own services.
If this isn't illegal, it really should be (and sadly, I bet it isn't). Putting your ads on the webpage where one could download the program is one thing, but wrapping a freeware program in an executable that adds toolbars and media crap designed to put money in someone's pocket is the same thing as trying to collect money for it (i.e., sell it). Not to mention it can make the program inaccessible for its intended purposes, and that all this obscures the actual authors' polite request for donations for their hard work, plainly visible on their website.
Shame on you CNET.
I have seen this mentioned somewhere (Score:1)
"If this isn't illegal, it really should be (and sadly, I bet it isn't). "
Is it mere aggregation of the software or something else? Just wondering how they cope with all the different licensing terms of the programs they wrap around.
Re: (Score:1)
Well, on further investigation, I discovered that they're not actually wrapping the program (despite what my browser was telling me), but rather pulling a bait-and-switch. By tacit acceptance of their "secure download", what one is actually downloading is a separate program that (after doing lord-knows-what on your machine in addition to installing a toolbar) then downloads the actual program.
So, no wrapper, no mucking with licenses, but clearly bait-and-switch. And the kind of stuff that nefarious trojan
Adobe Flash update "stealth-installing" Chrome! (Score:1)
I got a question from one of my users-- turns out they needed a Flash upgrade for their browser, so I ran the install. This is a pretty regular routine; I run the installer, look and double-check for opt-outs (e.g., toolbars and "services"), etc.
Imagine my surprise when-- as part of what was labeled an "urgent security update"-- the update installed Chrome on the machine, without confirmation, request, or even a smug little after-the-fact pop-up! I just saw the short-cut suddenly appear on the desktop, an