Beware of download sites

[CWuestefeld]

How-To Geek has an interesting cautionary tale.

We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. Join us for the fun!

We’ve been railing against freeware download recommendations for years, and recently we taught you how to test any software safely using a virtual machine. So we thought, why not have some fun and see what really happens if you download software like a regular clueless user might?

For the purpose of this experiment, we’re going to just click through all regular installation screens with the default options using a fresh virtual machine. And we’re going to install ten applications from the most popular downloads list. And we’re going to assume the persona of a regular non-geek user.

Why do nice things always have to go to crap?

EDIT: changed title of thread to not cast aspersions on all freeware

[mouser]

RE: Beware of Freeware downloads
The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.
ALWAYS go to the source, the author of the software, to find the download.  NEVER trust a third party source unless it is directly linked from the author's web page.

[wraith808]

RE: Beware of Freeware downloads
The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.
ALWAYS go to the source, the author of the software, to find the download.  NEVER trust a third party source unless it is directly linked from the author's web page.

-mouser (January 12, 2015, 11:00 AM)

The problem with this for the average user is Chrome.  Not sure if FF/IE do this also, i.e. this file is not one that (we think is) downloaded commonly, so you shouldn't download it.

*sigh*

[rgdot]

DC should become a freeware download site 

[KynloStephen66515]

RE: Beware of Freeware downloads
The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.
ALWAYS go to the source, the author of the software, to find the download.  NEVER trust a third party source unless it is directly linked from the author's web page.

-mouser (January 12, 2015, 11:00 AM)

The problem with this for the average user is Chrome.  Not sure if FF/IE do this also, i.e. this file is not one that (we think is) downloaded commonly, so you shouldn't download it.

*sigh*

-wraith808 (January 12, 2015, 11:14 AM)

Seen that so many times on both Chrome and FF...if a download hasn't has many hits, then they are labelled as "Dodgy as fuck" by the browser which will turn 80% of normal users away because they don't understand.

DC should become a freeware download site 

-rgdot (January 12, 2015, 11:20 AM)

 

RE: Beware of Freeware downloads
The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.
ALWAYS go to the source, the author of the software, to find the download.  NEVER trust a third party source unless it is directly linked from the author's web page.

-mouser (January 12, 2015, 11:00 AM)

I agree..this has to be one of the more horrific titles that appeared on DC.

[CWuestefeld]

Sorry if the title was offensive. What I really meant to say was the aggregation portals (like download.com cited in the article, but also even sourceforge recently). But even so, it is applicable, unfortunately, to many small developers themselves.

[Curt]

DC should become a freeware download site 

-rgdot (January 12, 2015, 11:20 AM)

+1     

[crabby3]

RE: Beware of Freeware downloads
The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.
ALWAYS go to the source, the author of the software, to find the download.  NEVER trust a third party source unless it is directly linked from the author's web page.

-mouser (January 12, 2015, 11:00 AM)

The problem with this for the average user is Chrome.  Not sure if FF/IE do this also, i.e. this file is not one that (we think is) downloaded commonly, so you shouldn't download it.

*sigh*

-wraith808 (January 12, 2015, 11:14 AM)

Seen that so many times on both Chrome and FF...if a download hasn't has many hits, then they are labelled as "Dodgy as fuck" by the browser which will turn 80% of normal users away because they don't understand.

DC should become a freeware download site 

-rgdot (January 12, 2015, 11:20 AM)

 

RE: Beware of Freeware downloads
The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.
ALWAYS go to the source, the author of the software, to find the download.  NEVER trust a third party source unless it is directly linked from the author's web page.

-mouser (January 12, 2015, 11:00 AM)

I agree..this has to be one of the more horrific titles that appeared on DC.

-Stephen66515 (January 12, 2015, 11:33 AM)

Me being part of the 80% of the 'normal users' ... isn't it better to be safe than sorry?  Don't believe anything you read and half of what you see.  I heard this long before the Internet earned my mistrust.  Why would any semi-informed non-geek take a chance with their machine?  They wouldn't.  When IE9 or MBAM or... warns to stay away... i do.  Mousers view is my view.  Go to the source; the author of the software.  (Just beware be aware of what you click at the authors site as well). 

[Hans L]

CWuestefeld, I really enjoyed your report of your travails (self-inflicted, but still :-). Funny and informative.

I clicked on something by mistake the other week, and spent the better part of two days to route a browser hijacker, using AdwCleander, Malwarebytes, Hitman and JRT. They did the job, but what an ordeal.

Since it is the first time it has ever happened to me (I have probably forgotten one or two), I can vouch for being careful. You get what you pay for!

Hans L

[TaoPhoenix]

Accounting "used to" have a word for this, until a string of scandals almost trashed the reputation of accounting!  
   

It was called "attestation". Done "properly" (and you shouldn't even have to need the finger quotes, it should be obvious!), some third party that you actually do trust, certifies something on a sliding scale of fairness. Lately nasty people are hijacking the attestation concept, but just suppose Mouser decides to open a new side business, if something was Mouser-approved, you'd be pretty sure it was safe.

What doesn't exist yet is a site as big as Download.com that has "alternative revenue streams" so it can afford to snub the bundle-ware.

[TaoPhoenix]

CWuestefeld, I really enjoyed your report of your travails (self-inflicted, but still :-). Funny and informative.

I clicked on something by mistake the other week, and spent the better part of two days to route a browser hijacker, using AdwCleander, Malwarebytes, Hitman and JRT. They did the job, but what an ordeal.

Since it is the first time it has ever happened to me (I have probably forgotten one or two), I can vouch for being careful. You get what you pay for!

Hans L

-Hans L (January 12, 2015, 02:21 PM)

Hi Hans,

He didn't do it. He was posting an article by

"Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis."

[def]

The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.

-mouser (January 12, 2015, 11:00 AM)

This is not what the linked article is about. The author clears that up in the comments section:

It doesn't matter what download site you use. The people that make the freeware are the ones bundling things.
Yes, some download sites make it worse by bundling on top of the bundling. (Lowell Heddings, January 11, 2015)

[Deozaan]

Me being part of the 80% of the 'normal users' ... isn't it better to be safe than sorry?  Don't believe anything you read and half of what you see.  I heard this long before the Internet earned my mistrust.  Why would any semi-informed non-geek take a chance with their machine?  They wouldn't.  When IE9 or MBAM or... warns to stay away... i do.  Mousers view is my view.  Go to the source; the author of the software.  (Just beware be aware of what you click at the authors site as well). 

-crabby3 (January 12, 2015, 01:17 PM)

Because it's often the big download sites that get a lot of downloads, so the browser won't warn you there. But if the author's site is relatively small and unknown, your browser will warn you that "this file is not frequently downloaded and may be dangerous" or some such nonsense when the reality could be that the author's download is the safe one and the freeware site's download is bundled with carp.

Yes, be safe. But don't trust something just because there wasn't a warning when you tried to download it. And don't fall for the trickery that just because millions of people don't download something that automatically means it's dangerous.

[wraith808]

The title of this post is exactly what freeware authors fear -- that our software will get a bad reputation because of some bad sites.

The lesson is not to beware freeware -- it's to beware these third party download sites.

-mouser (January 12, 2015, 11:00 AM)

This is not what the linked article is about. The author clears that up in the comments section:

It doesn't matter what download site you use. The people that make the freeware are the ones bundling things.
Yes, some download sites make it worse by bundling on top of the bundling. (Lowell Heddings, January 11, 2015)

-def (January 13, 2015, 11:45 AM)

That still doesn't clear it up.  Especially with the highlighted part.  That's saying the exact opposite, i.e. that the developers are the ones doing the bundling.  There are several freeware authors on this site that would never even *think* of bundling.

[40hz]

Suggestion: Instead of "download sites" it might be better if we refer to them as file or download aggregators?

Almost anything can be a download site if it offers downloads. But aggregators are mostly or entirely nothing else but collections of downloadable files. Not everything aggregator sites list or do is at the behest (or even with the permission) of the software authors. So calling a site what it actually is goes a long way towards clearing up exactly where some of the lines of responsibility fall.

[superboyac]

Suggestion: Instead of "download sites" it might be better if we refer to them as file or download aggregators?

Almost anything can be a download site if it offers downloads. But aggregators are mostly or entirely nothing else but collections of downloadable files. Not everything aggregator sites list or do is at the behest (or even with the permission) of the software authors. So calling a site what it actually is goes a long way towards clearing up exactly where some of the lines of responsibility fall.

-40hz (January 13, 2015, 02:54 PM)

reminds me of my days trobuleshooting problems such as, "The internet is broken!!" which could mean any of the following:
--power cable is unplugged
--forgot password to a login site
--the printer is not printing (true story)
 anyway, just funny.  yes, clear terminology helps.

[TaoPhoenix]

Just linking stuff up, and one point Pillbug was contemplating a DLL to help intercept the worst effects of these download sites, but I think he put the project aside for a while.

But the basic need remains.

Welcome pillbug!

Please do start a new thread on it, and i think it would be wonderful if you took on this task.

In preparation for doing this I downloaded a few examples of "wrapped" installers, but that's all i've done so far, and I'd be happy to provide you with those.
I found wrapped examples from cnet, brothersoft and softonic.

I have some ideas about what the dll should do and how it should react, which we can talk about after you start the new thread.

-mouser (November 22, 2014, 12:33 PM)

New spin on the theme:

Don't these sites *use the same template* "within themselves" for the wrapping? Aka Download.com would have the same five things? So what if someone made an "encapsulating app" that ran the installer but "looked for the things to disable", and automatically (maybe with step by step pausing and diagramming for the user), unchecked/clicked greyed things/custom-installed/etc?

[bit]

How-To Geek has an interesting cautionary tale.
Why do nice things always have to go to crap?

-CWuestefeld (January 12, 2015, 10:54 AM)

A friend once told me over a decade ago crapware that does not uninstall itself properly is 'not polite', and ^this is so far beyond that, words fail me.
I tried to make my own 'good - bad' download sites list, but I'm not so sure anymore, but here's what I compiled:
Crapware sites:
Softonic
Brothersoft
CNET installs crapware/malware/trojans;
http://www.tomsguide...Nmap,news-13410.html
MajorGeeks is suspect.
Download.com

(possibly/maybe) Clean download sites:
http://LO4D.com
http://freewarebb.com
http://ninite.com
http://Softpedia.com
http://TechSpot.com
http://Filehippo.com
http://SnapFiles.com
http://fileforum.betanews.com
http://downloadcrew.com
http://www.techsupportalert.com/

I will cheerfully edit and amend my ^list according to approved comments.

Five stars: donationcoder

Installing Malwarebytes slowed my OS down so much that there is an 8 to 10 second pause after I click on any folder or program before it opens.
But after Malwarebytes rescued my machine from a few PUPs, I keep it installed permanently anyway in spite of the slowdown.

PS - as an afterthought, check out this thread.

[KynloStephen66515]

PS - as an afterthought, check out this thread.

-CWuestefeld (January 12, 2015, 10:54 AM)

-bit (January 13, 2015, 10:14 PM)

https://www.donation...?topic=37632.new#new

(Fixing that link for you)

[Renegade]

I don't think many people quite understand how hard it is for small software authors or small download site operators to do well.

If you want to do search engine ads, well... it may not even be possible as many terms are outright banned. You cannot bid on them at any price.

If you want to run ads on a download site... well... I have a hammer that I'll lend you so that you can bash your brains in. I promise it will be quicker and less painful.

Developing a business model has little to do with the quality of the software for a lot of small authors.

There are some good companies out there that can help, but the less ethical ones pay better.

As for download sites hijacking installers, well... no big surprise there. That started a very long time ago. It's around 10 years old now.

For anyone that actually wants to run a download site, the ONLY reason you should do it is because you love software and have a lot of passion for it. It will cost you money and time, and you will never be properly compensated for your efforts.

So, I get why the download sites are slipping in quality/ethics.

[crabby3]

@bit

 .. no gizmo's ?     http://www.techsupportalert.com/  Gizmo's introduced me to DC.

[def]

It doesn't matter what download site you use. The people that make the freeware are the ones bundling things.
Yes, some download sites make it worse by bundling on top of the bundling. (Lowell Heddings, January 11, 2015)

-def (January 13, 2015, 11:45 AM)

That still doesn't clear it up.  Especially with the highlighted part.  That's saying the exact opposite, i.e. that the developers are the ones doing the bundling.

-wraith808 (January 13, 2015, 12:30 PM)

Precisely. Had Lowell Heddings not pointed that out in the comments, I wouldn't have realized it, since in the article itself it's not obvious if the crapware comes from the freeware programmers or from the download sites' installers.

Lowell Heddings claims (again, in the comments):

Forums are full of recommendations for software that is doing bundling.

That is exactly why we are trying to bring the problem to the attention of geeks so they will stop recommending freeware to people without doing serious research and linking to a completely safe source.... although that source might not even stay safe.

I mean SourceForge is bundling now. You can't even trust them.

Don't worry though, we will continue to illustrate the problem, which is much deeper than you want to admit.

[Deozaan]

I tried to make my own 'good - bad' download sites list, but I'm not so sure anymore, but here's what I compiled:
Crapware sites:
Softonic
Brothersoft
CNET installs crapware/malware/trojans;
http://www.tomsguide...Nmap,news-13410.html
MajorGeeks is suspect.
Download.com

(possibly/maybe) Clean download sites:
http://LO4D.com
http://freewarebb.com
http://ninite.com
http://Softpedia.com
http://TechSpot.com
http://Filehippo.com
http://SnapFiles.com
http://fileforum.betanews.com
http://downloadcrew.com

I will cheerfully edit and amend my ^list according to approved comments.

-bit (January 13, 2015, 10:14 PM)

Apparently you can move FreewareBB to the other list.

[mouser]

I think a small piece of advice would do everyone good:
Use any site you want to discover and find out about software, but always find the original author's site to download it from.

[rgdot]

Not to say mouser is wrong at all but as of this date never had any issues with softpedia. Most of their downloads are available as 'from softpedia server or author site' too.