Welcome Guest.   Make a donation to an author on the site April 24, 2014, 01:00:05 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Firefox Extension "Download Statusbar" Now Adware - Maybe Malware  (Read 9840 times)
J-Mac
Supporting Member
**
Posts: 2,809


see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« on: October 28, 2011, 09:58:27 AM »

Oh well. I have used this extension since I installed my first Firefox beta, way back whenever the heck that was... my initial post at the Mozillazine Firefox forum was in July 2004! But one of my "must have" extensions has finally gone rogue: Download Statusbar.

When I started Firefox today a new tab opened announcing an update to Download Statusbar had been silently installed and, oh yeah - it nonchalantly mentioned in the body of the update notice that there is a "new sponsorship supported" option. But it's not really an option; if you don’t enable it, it enables itself after a few days. It apparently also adds a referrer string to certain URLs plus something to do with Yahoo and YouTube. No explanation; the developer's home page - which had been located on the MozDev web site - is gone without a trace. There is a new home page that is a one-page site with only a link to install the extension; nothing else there. Bad news all around. Better to ditch this extension before you get bit!

Another user posted the following at the Download Statusbar page at Mozilla Add-Ons:

Quote
I am not a Javascript expert, but I looked at the source code and
* If you have the sponsorship enabled, it does something with Yahoo and YouTube (couldn't figure out what exactly, looks like displaying ads).
* If you haven't, it will be automatically enabled again after 7 days.

Edit: it also looks like the add-on adds a referrer string to the URLs of certain websites.
I found the following comment in the code:
"Determines if this is the first run of the day, if so the calling function appends the request with a querystring variable." (pluginnetwork/pluginnetwork.js:450)

I don’t understand all of that post, but I get enough of it to know I don’t want any part of Download Statusbar anymore! Gotta find me a safer replacement. Anyone know of one?

Thanks!

Jim
Logged

J-Mac
cyberdiva
Supporting Member
**
Posts: 887


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: October 28, 2011, 10:18:07 AM »

Jim, what did Download Statusbar do when it was functioning properly?  I'm just curious, since I had never heard of it.
Logged
eleman
Supporting Member
**
Posts: 253

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #2 on: October 28, 2011, 10:23:43 AM »

It changed the shape of firefox's download manager. Made it more compact.
Logged
J-Mac
Supporting Member
**
Posts: 2,809


see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: October 28, 2011, 10:39:00 AM »

Jim, what did Download Statusbar do when it was functioning properly?  I'm just curious, since I had never heard of it.

It put the status of current downloads on the status bar. If you look at its extension page there is a series of photos that show it.

Jim

EDIT: Here's one pic that shows it well:

Logged

J-Mac
nosh
Supporting Member
**
Posts: 1,372


View Profile Give some DonationCredits to this forum member
« Reply #4 on: October 28, 2011, 11:15:10 AM »

Thanks for the heads-up. I updated and it didn't do anything obvious. Not knowing is the scary part. Rolling back and preventing it from updating now.

You could hunt for an older .xpi if you don't find a suitable replacement.
Logged
40hz
Supporting Member
**
Posts: 9,871



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: October 28, 2011, 11:18:23 AM »

Silent update in FF?

Ungood. Double-plus ungood.

No wonder it disappeared (was removed?) from the Mozilla add-on directory.

Oh well..."Boomp-boomp-boomp! Another one bites the dust!" as Freddie would have said.

Shame. That was one of my "must haves." I even contributed.  undecided
Logged

Don't you see? It's turtles all the way down!
Jibz
Developer
***
Posts: 855



Cold Warrior

View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: October 28, 2011, 11:19:56 AM »

Thanks for posting this, sad to see this happen, it was a good addon.
Logged

"A problem, properly stated, is a problem on it's way to being solved" -Buckminster Fuller
"Multithreading is just one damn thing after, before, or simultaneous with another" -Andrei Alexandrescu
eleman
Supporting Member
**
Posts: 253

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #7 on: October 28, 2011, 11:20:16 AM »

https://addons.mozilla.or...addon/download-statusbar/

Apparently the author (or mozilla) decided to remove the version in question due to universally negative feedback.

Now the older one without the unknown sponsor thingie (0.9.8 ) is featured as the version to download.
Logged
rssapphire
Supporting Member
**
Posts: 58


View Profile Give some DonationCredits to this forum member
« Reply #8 on: October 28, 2011, 11:55:44 AM »

Now the older one without the unknown sponsor thingie (0.9.8 ) is featured as the version to download.

It's still 0.9.9 for me. However, I rolled it back to 0.9.8 manually. I looked at the javascript for the new 0.9.9. It does something with Youtube if the download comes from there although I did not waste time trying to figure out what as there was a lot of code. It definitely resets the enable sponsorship setting to true if it has been at least seven days since you disabled it. It looks like it does this silently as well. My opinion of the author of this addin is not printable.
Logged

RetroRoleplaying -- Tabletop Roleplaying Games Before D20
Software Gadgets Blog -- Interesting Software, Mostly Free
skwire
Charter Member
***
Posts: 3,911



Another Coding Snack request? Om nom nom...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: October 28, 2011, 01:04:06 PM »

Thanks for the heads up; I'll be keeping my current, earlier version.
Logged

40hz
Supporting Member
**
Posts: 9,871



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: October 28, 2011, 01:13:23 PM »

This morning I removed Download Status Bar from all my personal and business PCs. And I'll be issuing an advisory to all my clients recommending they do the same.

While it is possible to reinstall the previous version, I feel any program author has the absolute right to set the terms and conditions (no matter how misguided) for the continued use of their products. And since the current (albeit unspoken) terms for DSB now seem to include acceptance of silent installations and unreported changes to user settings, I want nothing further to do with it. Even if it would be possible to circumvent the changes by reverting to an earlier version.

To be perfectly blunt, I no longer trust this developer. And I am no longer interested in installing anything he may come up with in the future. No matter how useful or 'clean' it is. And that will remain the case even if he/she sees the wrongness in what's been done and removes the offending code from DSB.

I might have felt differently had the developer publicly announced the change. I might not have been happy about it. But at least I could better respect his decision. Especially if he provided a paid version which did not include the nonsense that would come with the free version. While I still would have removed DSB from my machines if a clean version wasn't available, in fairness I would only alert my clients rather than send a strong recommendation for DSB's immediate removal.

So it goes... undecided

Onward! Thmbsup
Logged

Don't you see? It's turtles all the way down!
eleman
Supporting Member
**
Posts: 253

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #11 on: October 28, 2011, 01:19:01 PM »

The more striking part of the problem is how this version made it through mozilla's review.

A lone cash-strapped misguided developer may choose to act however (s)he likes.

But the question is what does mozilla's review process review, if not self-reverting spyware options?
Logged
IainB
Supporting Member
**
Posts: 4,287


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #12 on: October 28, 2011, 03:04:07 PM »

@J-Mac: Many thanks for this heads-up.
Fortunately I still had v0.9.8.
So, I went to Mozilla's site and it said somewhat informatively (NOT):
Quote
Download Statusbar no longer hosted here.
Anyway, as a result of reading this thread, and because I am paranoid, I first disabled and then uninstalled the add-on and restarted FF just to be sure.

The more striking part of the problem is how this version made it through mozilla's review.
Yes, there's an unspoken potential criticism of Mozilla there - exactly how rigorous is their review process?
I always trusted them as a source, but I shall downgrade that trust now, until they make explanation. If they don't, then I would theink they probably don't properly understand their responsibilities.
Logged
Tuxman
Supporting Member
**
Posts: 1,361


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: October 28, 2011, 03:18:39 PM »

So is there a valid extension that does similar things around?
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
Ath
Supporting Member
**
Posts: 2,134



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: October 28, 2011, 03:32:37 PM »

I'll be investigating DownThemAll as an alternative. Been using DSB ever since FF 1.x, so I'm just as disappointed as all the rest in this thread so far. And yup, if I'd meet the DSB author and have a shotgun within hands reach...
Logged

Tuxman
Supporting Member
**
Posts: 1,361


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #15 on: October 28, 2011, 03:47:27 PM »

DTA is a download manager, DSB is not, so it is not an "alternative", right?
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
Ath
Supporting Member
**
Posts: 2,134



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #16 on: October 28, 2011, 03:49:40 PM »

Correct
Logged

Curt
Supporting Member
**
Posts: 6,262

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #17 on: October 28, 2011, 06:00:36 PM »

the new version is 0.9.10

Does any one dare to test it?
Logged
40hz
Supporting Member
**
Posts: 9,871



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: October 28, 2011, 06:24:50 PM »

Firefox already has a download window. And a built-in download manager.

So...since all the pieces are already in place, would it really kill Mozilla to just provide some sort of download meter as part of Firefox?

They're supposedly committed to breaking updating the thing every three months or so.

And I'm sure whatever sweetheart deal they got for making a version of FF with Bing as the default search provider should be providing enough additional revenue for their coffers that they could do this.

I mean look, some underpaid independent developer managed to do it. So how hard could it be for Mozilla?

Just my 2¢ anyway.

Logged

Don't you see? It's turtles all the way down!
J-Mac
Supporting Member
**
Posts: 2,809


see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: October 29, 2011, 01:23:29 AM »

Some folks are recommending a similar extension called Download manager Tweak, though I haven't taken a good look at it yet. Looks like it just tweaks the UI and functionality of the regular Firefox download manager.

Jim
Logged

J-Mac
cyberdiva
Supporting Member
**
Posts: 887


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #20 on: October 29, 2011, 07:30:02 AM »

Thanks, Jim, for mentioning Download Manager Tweak.  I'm obviously coming very late to the party, having never even heard of Download Statusbar until this thread, but Download Manager Tweak looks quite useful.  I don't see a "resume download" option, but it has most of what I've discovered I'd like.  smiley
Logged
Tuxman
Supporting Member
**
Posts: 1,361


OMG not him again!

View Profile WWW Give some DonationCredits to this forum member
« Reply #21 on: October 29, 2011, 09:44:23 AM »

"Open downloads in a new tab" is alright too. I just don't like window overload. smiley
Logged

I bet when Cheetahs race and one of them cheats, the other one goes "Man, you're such a Cheetah!" and they laugh & eat a zebra or whatever.
- @VeryGrumpyCat
40hz
Supporting Member
**
Posts: 9,871



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #22 on: October 29, 2011, 09:53:24 AM »

"Open downloads in a new tab" is alright too. I just don't like window overload. smiley

+1.

That looks like it's pretty much the only game in town for the time being.
Logged

Don't you see? It's turtles all the way down!
IainB
Supporting Member
**
Posts: 4,287


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #23 on: October 29, 2011, 10:17:16 AM »

I should have mentioned above that, though I had "Download Statusbar", I don't have any dependence on it.

My downloads are handled variously:
  • I only occasionally download using the FF downloader.
  • I use FlashGot in FF, and that hands download control across to GetRight (downloader), which is can be very fast when files are segmented and the different segments are downloaded in parallel.
  • I use DownloadHelper for YouTube downloads, which also hands downloads across to GetRight.
Logged
Nod5
Supporting Member
**
Posts: 716



View Profile Give some DonationCredits to this forum member
« Reply #24 on: October 31, 2011, 01:21:35 PM »

I'm very late to this thread. I've used Download Statusbar for years and haven't noticed anything unusual lately. No update information about it going adware, no nothing. I have version 0.9.10 right now. I also have a stylish script that makes downloadstatusbar more minimal. See screenshot. Maybe that blocks the problem? (Seems unlikely though.) I can't find any information about adware/sponsorship stuff in  "about" or "options" for the add-on. Maybe the bad version was removed and the original coder gained control back?
Logged
Pages: [1] 2 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.045s | Server load: 0.19 ]