back to article Download.com sorry for bundling Nmap with crapware

Download.com has apologised for bundling open-source packages, including Namp and VLC, with crudware toolbar installers. But Sean Murphy, the vice-president and general manager of CNet's Download.com, defended the policy of bundling more generally and fell short of endorsing an opt-in policy for software extras. A row kicked …

COMMENTS

This topic is closed for new posts.
  1. Kay Burley ate my hamster
    FAIL

    Download.com

    I've avoided download.com since they started using that downloader app thing. Downloading their crapware to download what you really want was the final nail.

    Although my hatred of cnet goes way back to when they murdered mp3.com.

  2. Steve 72
    FAIL

    For this very reason

    I abandoned the use of CNet completely for any downloading whatsoever.

    Oh, and I won't be going back regardless of any 'revised' policy.

    "Fool me once..." - and I know how that saying goes.

  3. Michael Kean

    No Problem :)

    It didn't take me long to learn that if it has cnet in the url, go to FileHippo instead and fetch the file unwrapped.

  4. nigel 15
    WTF?

    Reg reader Charles...

    in the nicest possible way is wrong. completely.

    essentially his point of view seems to be that everyone is trying to shaft you and you have to keep your guard up. it's not the users fault if their browser is hijacked, any more than it's the victim's fault if they are pick-pocketed. yes you can protect yourself, but we still blame the pick pocket.

    the car analogy is daft. whilst it is true that nobody would expect a car dealer to drive their car for them, that doesn't mean that the analogy is relevant. i believe in debating terms this is called a straw man. much more appropriate, sticking with cars would be that your car deal retunes the tv in your house and locks it to start on a certain commercial station for which they receive money.

  5. Anonymous Coward
    Anonymous Coward

    When you buy a car you don't expect to find the dealer's old clothes and used condoms in the back. You don't expect to have to opt-out of installing something completely irrelevant when you've clearly just requested a specific application. The download link should make clear you're getting more than you expect.

    I've come to expect it, but I can see why people are annoyed by it and how non-technical users end up installing it.

    1. Anonymous Coward
      Anonymous Coward

      Optional extra package ?

      Ah, the car analogy is not completely useless. Extras come in bundles that uually include crap you don't need, where do you think th software guys got the idea?

  6. Andrew Waite
    WTF?

    C|NET back at it

    Check the Dec 9th update from Fyodor (link already in article). C|Net already back to bundling junk with nmap (and I'd guess other OSS projects)

  7. Neil Barnes Silver badge
    Mushroom

    Doing nothing wrong?

    How wrong do you need to be?

    There's *never* an excuse for bundling anything other than the application you're trying to download. Never.

  8. Anonymous Coward
    Anonymous Coward

    lol download.com

    Who in their right mind would use this service in the last decade?

  9. Camilla Smythe

    'Knock Knock'

    'Oh, hello. How can I help?'

    'Come for your grannies kidneys.'

    'Pardon?'

    'You know.'

    'I really have no idea...'

    'Now now Sir. Downloaded Really Useful Tool Version 1.06?'

    'Yes..'

    'Fair enough. I'll just start up my chainsaw.'

    'Also upgraded to Really Useful Tool Version 1.07 Boss.'

    'Wife's liver as well then. Better get the other chainsaw.'

    'Boss! Yes! Boss!'

    'What on Earth?'

    'Just show us where the donors are Sir and we'll be on our way....'

  10. Anonymous Coward
    Anonymous Coward

    choose your download source carefully

    If people choose to download nmap from download.com instead of nmap.org then I don't have much sympathy for them

  11. Tim of the Win
    FAIL

    I don't see why "open source" software is a special case. I don't mind them offering to install added crap I didn't want, but it should always be opt-in and it should always be clear that it is not required.

    1. Oninoshiko
      FAIL

      counter-fail

      It's a "special case" because they are distributing it without meeting the terms of the OSS license under which the software is distributed. In this case the developer actually prohibits this type of activity. So, this isn't a special case, it's a copyright violation. They might as well be offering copies of windows or some current video game.

      http://seclists.org/nmap-hackers/2011/5

      1. Anonymous Coward
        Anonymous Coward

        This argument...

        ... is irrelevant. By uploading the software to the site, the uploader will be agreeing to T&C which will confirm CNETS rights to distribute with their own installer. If the uploader doesn't in turn have permissions to assign those rights, then the agreement will shield CNET. Basic contract law. When subcontracting a service, ensure you have the rights to subcontract it.

  12. ArmanX
    FAIL

    Ah, download.com...

    "When I buy an automobile should I expect the dealer to drive it for me? Just how lazy and irresponsible are folks becoming that they cannot watch what they are doing even when it may involve great pain and effort such as opening their eyes or clicking a mouse button or two. These whiners need to wake up and smell the reality," he concludes.

    Good point. Those whiners need to realize that they can get their software straight from the source. If I want software, I first visit the software's website; they usually have a download link, and have packaged their software the way they want. If there are nasty things attached to it, I usually end up not installing it at all.

    There is no need for websites like download.com to even exist.

    1. Drew V.

      Actually...

      Using sites such as download.com is a step up from simply googling for software, which could lead inexperienced users straight to dangerous sites (which, being inexperienced, they won't recognize as dangerous right away). Any site on the web can make the written claim that the software they "made themselves" is "perfectly safe", after all.

      Therefore it is good policy for these low-end users (which is most users) to recognize their own ignorance and rely on websites that collect software, test it, and that have a reputation as trustworthy aggregators of software. Download.com is not the best of these (softpedia is better) but it is a type of website that definitely serves an important purpose on the web.

    2. Jean-Luc
      Meh

      @Ah, download.com

      I disagree somewhat about download sites being useless by definition.

      Consider a new-ish application, say MagicBullet, you hear about somehow. Yes, it seems to be useful for whatever you want it to do. But..., do you want to download it from MagicBullet's developer website? What if it is superficially useful, but carries real Trojan software, not just a crud toolbar like Download.com added? What if the dev is well-intentioned but crap at securing his repository?

      Google up MagicBullet+Malware? Sure, but it is new and it can take a while for people to notice Trojan behavior anyway. So does an absence of hits there prove anything?

      In those cases, rather than doing a direct download from the dev's site, I tend to "trust" tucows or download.com a slight, slight, bit more. At the least, I assume they will spot repository corruption. Maybe even run some malware scanning heuristics. Who knows, maybe even vet it. You can also see user reviews and spot reports of suspicious behavior. None of which you would see on a hostile dev site.

      Yes, I know, I tend to believe in magical wish granting ponies too.

      With established software like nmap or python or subversion, a savvy tech would be daft to use downloaders, true.

      But a noob user may still be better off using an aggregator website when he doesn't know much about nmap. I ain't saying you should use it, it's your choice. But there are reasonable reasons for others to choose to.

  13. Ilgaz

    Not just 2

    They even infect open source surveillance software hosted at source forge such as ispy.

  14. J. Cook Silver badge

    Not surprised...

    THis is why I'm normally all for getting my software directly from the developer's websites, frankly.

  15. Al Jones

    pwnload.com

    'nuff said.

  16. kain preacher

    HOLD ON

    For the folks that say you deserve it for not going to the web site and down load it your self think about this . What about software developers that don't host the soft ware on their site but point you to cnet ?

  17. Anonymous Coward
    FAIL

    <BunchOfRegPosters> Users are such stupid morons! If they want to not get screwed, they should use [web site / service / method only an experienced user could know]! They should have knowledge of what 'installer packaging' is and how it pertains to installations! They deserve to get hacked for knowing less than us. Inexperienced users shouldn't download anything or do anything until they're experienced and know what -we- do, like everyone should! Morons. Don't deserve to use a computer. Not until they can compile their own programs, anyway.

    1. Steve 72
      WTF?

      @David W

      See post from 'kain preacher' above - it's a VALID argument, because it HAPPENS.

      1. Jean-Luc
        Joke

        @Steve 72 re. David W.

        A quick browse of dictionary entries for "sarcasm", "ironic" or "satire" might be in order...

        ;-)

  18. John Tserkezis

    "Mistake" my arse.

    This is no "mistake", it doesn't matter what they're "distributing", they're attaching scumware to make a buck.

  19. nigel 15
    Happy

    windows app store

    download.com's days are numbered.....

  20. Mike Flugennock

    Download.com has apologized...

    "Download.com has apologised for bundling open-source packages, including Namp and VLC, with crudware toolbar installers."

    Download.com has apologised for being caught bundling open-source packages, including Namp and VLC, with crudware toolbar installers.

    There, fixed it for you.

    No thanks necessary.

  21. P. Lee

    Standard OSS practise...

    Yes you can modify the software and attach junk to it - but then it becomes yours and you you can't call it by its original name.

  22. Anonymous Coward
    WTF?

    I'm stunned...

    ...that there's anyone out there still actually using download.com?

This topic is closed for new posts.