back to article Cnet slammed for wrapping Nmap downloads with cruddy toolbar

Cnet has come under fire for wrapping downloads of the popular Nmap network analysis tool and other open-source software packages with a toolbar of dubious utility. Nmap is a popular open-source network auditing and penetration-testing tool that allows sysadmins to run network troubleshooting and penetration tests. Over the …

COMMENTS

This topic is closed for new posts.
  1. Vic

    Bastards.

    I am speechless.

    Vic.

  2. mark 63 Silver badge

    whats new?

    Pretty crappy behaviour , but its the norm for most file download sites.

    Anyone downloading NMap should be switched on enough to avoid the junk

    1. yossarianuk

      re: mark 63

      Anyone downloading NMap should be switched on enough to avoid Windows.

    2. jonathanb Silver badge

      If I didn't know much about nmap, then on seeing it attempt to install a dodgy toolbar program, I would immediately cancel the whole installation and look for an alternative source of security software elsewhere. I just don't trust software that comes with things like that, however optional they might be.

  3. This post has been deleted by its author

  4. Mondo the Magnificent
    Thumb Down

    Common sense...

    I've almost been caught out by various crappy toolbar install options. It just takes a little common sense to not fall into the trap of "accidentally" installing one of these crappo features.

    It's also quite sad that sites like C|Net insist on pushing these (usually unwanted) add ons into people's faces.

    Read twice, click once and most savvy users should be able to keep this crap at bay, however it would be nice if IE and FF prompted you before allowing themselves to be added on to..

    1. TimeMaster T
      Meh

      True but ...

      "Common sense" isn't all that common unfortunately.

  5. MrPatrick
    Thumb Down

    Java is worse

    I just used Java's built in updator to go from the preloaded update 22 to update 29 on a customers laptop and it attempted to put the Ask toolbar on.

    And that is as part of a built in updator for a piece of software that is already installed.

    1. Jamie Kitson

      Agree

      Yahoo is also very bad, though it is all from the same company.

      http://www.flickr.com/photos/jamiekitson/sets/72157624221574899/detail/

    2. JC_

      Adobe's Flash update page had checkboxes for installing McAfee pre-checked. A bit annoying, but not usually a problem; this time, however, the checkboxes loaded *after* the download button, so I started the download with the crapware included without noticing. Sneaky bastards.

    3. Tim

      That was a shocker

      I really couldn't believe what I was seeing when I came across that a few months ago. I thought the installer had been compromised, so I didn't continue the upgrade.

      I think they've fixed it now though. Haven't tried it since.

    4. chris lively

      I'm pretty sure Java has been this way for years.

      Yet another reason why I hate it.

      1. MrPatrick

        Don't think so

        I did a big rollout for update 27 not so long ago and I'm fairly sure it wasn't an issue then...

  6. 0laf
    Facepalm

    IMHO

    If you can't dodge a toolbar installer ,which tag along with about 50% of programs these days, you're far too stupid to be using Nmap.

    1. Anonymous Coward
      Anonymous Coward

      Easy to dodge a pompous horses ass too, but why bother, it's more fun to watch them be stupid in public.

    2. adnim

      Most users are just consumers and are not interested at all in Nmap. CNet have been doing this for at least a month maybe two.

      I downloaded a simple utility.... I'm too simple to remember what it was... from CNet around six weeks ago. The installer by default would have installed some toolbar until I cancelled the install.

      It's not just Nmap. I think CNet want to, or are in the process of, lacing all their downloads with poison.

      We are IT professionals... At least I think some of us might be, and we find it easy to see when something isn't quite right. Your average user on the other hand is just a consumer with little clue about such things. What's more they are more inclined to leave tick boxes ticked when they have the word "recommended" next to them. I know this for a fact and you would too if you ever cleaned the crud from the machine of an average user.

    3. Peter 66
      Facepalm

      Just like the Trojan's then, they were so stupid they fell for the old Greek force hidden inside a wooden horse.

      Still no damage done.................

  7. Ru
    Linux

    Web downloads? eh?

    Surely all the cool kids just use apt-get, or whatever they're calling it these days?

    Certainly, the thought of having to individually locate and download each and every useful network diagnostic tool merely to use them via some awful windows command line is not a pleasant one. Easier by far just to grab something like a VMware system image and run that instead.

    1. Anonymous Coward
      FAIL

      Plus, then you get the satisfaction of knowing you're a smug jerk. Win all around!

    2. Anonymous Coward
      Anonymous Coward

      Education is the solution to your incomprehensible nonsense, get some, PLEASE.

    3. Anonymous Coward
      Anonymous Coward

      Oh, go back to your icebergs and fish supper you smug penguin...

    4. Anonymous Coward
      Devil

      dork alert !

      actually, the cool kids don't have this problem because their devices 'just work' ..

  8. Tim of the Win
    Stop

    They've been doing this for more than a few days. I downloaded a program on 28/11/2011 and it included this annoying toolbar installer. It almost caught me out too, but I just spotted what it was a moment before clicking "Accept" and managed to click "Decline" instead. It's not very obvious that it's an optional extra, you could think it was required to install your chosen program. Naughty C|Net

  9. Alex-TheManfromUncle
    Stop

    Aye - There's a Story Here

    I had the email from Fyodor today, and wanted to push this over to some one at El Reg but couldn't find a link to submit (before my brain wandered on to other stuff.... : "WooHoo! Earthlike planet!!")

    It's shocking to see that a 'stalwart' (loosest possible meaning of the term) of the download repositories has done this..

    "Bad C|Net.. Bad!"

  10. Andrew Moore

    Also...

    the latest variants of Foxit Reader have a nasty habit of doing this too.

  11. Da Letch
    Stop

    If downloading NMap...

    You'd hope that a bundled toolbar would be automatically dismissed. If not then I think NMap may not be for you!

    VLC, on the other hand, is more likely to be downloaded by less tech savvy users... I can see myself uninstalling this Babylon junk frequently for a while, grrr!

  12. Ken Hagan Gold badge
    WTF?

    How is this even happening?

    Just typed "nmap" into google and the top hit was nmap.org which offers a download.

    Why in the name of all things holy would anyone ever even *consider* downloading it from these "C|net" people instead?

    And why do these "C|net" people bother to offer it? Isn't it obvious that the only way this can pay commecially is if C|net are slipping something into the package? In other words, the very act of offering an nmap download (if you aren't nmap or an OS vendor) screams "TROJAN!!".

    Clearly we have a looong way to go before the general public can be trusted to own a computer.

    1. El Cid Campeador
      FAIL

      Exactly

      Good lord, why not get it from the people who actually wrote it?

      Of course if it's Adobe or Java you're still hosed.... but that's why you always take the "custom" option for install, to get rid of the useless fripperies (AVG, oh AVG, why hast thou bloated the everliving crap out of thy software?)

      Glad I'm off Windows and can just find the official repo... but not everybody has that option.

  13. Spindreams

    I stopped using download.com when they started packaging up downloads with their own download manager thing. All looks completely dodgy now...

    1. MrPatrick

      This

      This, I always used to go to download.com for... downloads(!). Was getting increasingly unpleasant to use and I stopped completely when, like you, they introduced a download manager.

      Softpedia now is what download.com used to be about 6 years ago.

  14. MJI Silver badge

    I hate toolbar installers

    They make such a mess it is a nightmare.

    Cleaning up after one can take ages, then the sites HAVE to be blocked at HOSTS.

    All for some freebie (which never arrived) on some Facebook game.

    I think me taking 1/2 hour to fully untangle was a point made

  15. Androgynous & Awkward
    Happy

    Go Here?

    http://nmap.org/download.html

  16. CreativTech
    WTF?

    In other news...

    People still download from Cnet? Honestly, I usually pull stuff like this straight from Sourceforge and the like.

    Still, bad Cnet! Bad! No biscuit!

  17. joe.user
    WTF?

    CNET should be embarrased

    I noticed this the other way with another download. I can't believe that download.com aka CNET would do some blatant, dumb, rookie move to its user populace.

    If you can't handle the bandwidth concerns and trying to offset the costs with stupid TOOLBARS (so 2000) then for God's sake, sign up with Bitcasa and start acting like a technology company.

    81371

  18. Craig 2
    Thumb Up

    @ IMHO

    Completely true, but like most smart-asses you've missed the point that they should NOT be doing it in the first place.

  19. David Fetrow
    FAIL

    Dodging a Toolbar Installer

    If you can't dodge a toolbar installer.....too stupid to be using Nmap.

    Problem with that:

    Even under idea conditions: EVERYBODY is stupid sometimes. It may only be for 2 random minutes a day but if that's the 2 minutes they are downloading nmap from Cnet, they are hosed.

    Multiply that smallish probability by the thousands of people downloading nmap.

    Now thow in: people being tired, or being worried about a sick child and other non-ideal conditions.

    Now add in: it's no fun to be a little paranoid all the time.

    I think it's OK to be upset about this behavior by Cnet.

    1. Al Jones

      pwnload.com

      You left out: The thousands of other applications that people download from download.com that have been hijacked in this way.

      My sister wouldn't know nmap from a hole in the ground, but I told her to install vlc so that she could play the videos that she recorded on her phone. I even sent her a link to videolan.org to download it. Unfortunately, they sent her back to download.com, and now it's my fault that her "google is all messed up".

  20. ElNumbre
    Meh

    Wow

    Surprised CNet still exists. Id assumed they'd loaded up with so many ads that the ship had sunk years ago.

    You'll be saying tucows is still mooing next...

  21. Jeff 11
    Stop

    License violation, much?

    IIRC nmap is GPL - and Cnet's crapware clearly has commercial purposes if it messes with your browser's settings or phones home.

    1. FrankAlphaXII
      FAIL

      Eh?

      Its news to me that GPL'd software has to be non-commercial. Last time I checked (about 20 minutes ago as a matter of fact) you're free to sell it, as long as the source code is included or available so it can be modified and re-distributed.

    2. Vic

      @Jeff 11

      > IIRC nmap is GPL

      It isn't. It's explicitly *not* GPL because the author didn't want people adding crap to it and pretending it's still nmap. But it is under a licence very similar to GPL in other ways.

      > and Cnet's crapware clearly has commercial purposes

      So what?

      GPL software is perfectly permissible in commercial offerings.

      There's an oft-repeated meme that GPL code cannot be used commercially - it is completely and totally wrong.

      Vic.

  22. Captain Scarlet Silver badge
    Windows

    CNET?

    I steer clear of the majority of download sites, they are very expensive to run so they need to make money in some way.

    If I can't download direct from the publishers own site I steer clear and use something else.

  23. Anonymous Coward
    Coat

    I downloaded VLC once...

    ...I saw that there were some extra worthless files, so I deleted them and kept the toolbars.

  24. Entropiated
    Megaphone

    nothing new here...

    Anybody try to download any Adobe products lately? They bundle their software with the Google toolbar and make you opt out to avoid installing it... trick is the checkbox doesn't show up immediately upon getting to the download page. It can sometimes take 5-10 seconds for the opt out checkbox to load up, during which time many of the site's more impatient visitors have already clicked "accept" and moved on (thereby installing the piece of crap software). I doubt very much that's by accident. VERY SNEAKY!

  25. Framitz
    Alert

    Not just nMap

    I downloaded some crapware from Cnet a few days ago, the request to install the so called tool bar was designed to trick the user into installing it.

    Of course I avoided that, then found the app was only a garbage demo with no functionality (partitioning software). I went elsewhere and found the correct FREE product.

  26. Miek
    Linux

    Dear Idiots, please remember to check the project homepage for a download before using 3rd party download sites ...

    http://nmap.org/download.html

  27. Anonymous Coward
    Anonymous Coward

    Dump this to ur squid / url filter rules and be done with them.

    cnet.com

    download.com

    upload.com

    download.cnet.com

  28. Richard Boyce
    Pirate

    To avoid man-in-the-middle attacks, avoid middlemen.

    Fortunately, the latest version of Firefox disables such addons by default, but that will never be a complete solution. Always get the download as close to the source as possible.

    Developers who want to avoid upload costs should think about offering copies via BitTorrent. Relatively secure and cheap.

  29. Ian Michael Gumby
    WTF?

    Where have you been for the past 15 years?

    ""A software installation for product X which attempts to foist an unrelated product Y onto your computer by default is poor security practice," Ducklin writes. "Anything outside the obvious remit of the installer should be clearly and unequivocally opt-in, not opt-out.""

    Huh?

    Sorry, but you want free software, it comes with a price.

    C/Net makes money by sneaking these in.

    Same thing happens when you buy a pre-built windows pc. Vendors are compensated by adding stuff you don't want and will end up deleting from the system. The industry excuse is that it helps lower the costs of the PCs and allows the manufacturer to still have some profit margins....

    Note: I'm not saying I like the practice, but I always check to see what extra goodies someone tries to foster on me...

  30. Jon Green
    Facepalm

    Now c|net has to publish its sources!

    Nmap is an open-source project. Nmap's licence terms (http://nmap.org/svn/COPYING) state: "To avoid misunderstandings, we consider an application to constitute a "derivative work" for the purpose of this license if it does any of the following: [...] * Integrates/includes/aggregates Nmap into a proprietary executable installer, such as those produced by InstallShield."

    So, c|net's proprietary executable installer is a "derived work", falls within the GPL (under which Nmap is published), and thus c|net MUST publish the installer's sources.

    Oops.

  31. nigel 15
    Stop

    at least since 25-10-2011

    they've been doing this for ages. i read about it on 25-10-2011 but i'd seen it before.

    the worst downloader i have seen is with coretemp. it actually wont let you perform a custom install without the yahoo toolbar.

  32. me n u
    Thumb Down

    CNET=FLUSH!

    Ever since CBS Interactive bought CNET, it's been crap. I think they've completed construction on the new revolving door at their San Francisco HQ as well.

  33. Anonymous Coward
    Anonymous Coward

    Follow the money

    So, why did this start happening, and who is going to pay for it now?

  34. SuperTim

    Shitty toolbars

    They have been on every free install i have ever downloaded.

  35. yossarianuk
    Linux

    Bundling crap only happens on crap OS's...

    No linux distro would EVER (well maybe Ubuntu) bundle aids ridden junk with a security utility...

    I was amazed when I installed flash on a Windows machine and discovered that they had bundled some crap with that too.

    I pity you poor bastards that know no better and are just used to this crap.

  36. Monti

    Curiouser and curiouser

    I just went to CNET (download.com) and download the lastest VLC and NMAP and the files downloaded directly. HOWEVER, when I went to get the lastest version of AxCrypt it downloaded the CNET Downloader that tries to install the Babylon toolbar-thing.

    BTW: If you are a registered member, you can choose to download any file directly by using the tiny "Direct Download" link underneath the big green download button (which will also try to install Babylon).

    I prefer to think of Babylon in this case in the Rastafarian sense of Babylon being the evils of the modern world.

  37. Monti
    Thumb Down

    Mission Accomplished!

    To all the Linux comments who always go on about nothing like this ever happening on Linux systems:

    You are not helping. You are not inspiring people to switch to Linux. You are not contributing to the discussion. You are not making Windows admins / users jealous of you. You are not clever. You are not interesting. You are not even original.

    What you are achieving is reinforcing the opinion that Linux users are smug idiots. So... Mission Accomplished!

    1. Anonymous Coward
      Anonymous Coward

      Look, Linux users feel smug because they have been snubbed by the "Superior" Windows Wizard Jockeys for years and when it comes to it they rather like to say "I told you so" or "We've been doing this for years" rather than, "why not try our method, it works for us"

      The applications mentioned in this story are open source apps and can be obtained from the developers websites directly without the CNet bundle-ware.

      If you want some constructive criticism then Linux distributions have package repositiories which work rather well and operate in a very similar method to most app-stores.

  38. Charlie 2

    Adding default opt-ins to software is one of the most common practices among vendors, especially where "freeware" is concerned. How do you think the bills get paid? When end users download or install software it is their responsibility, and a simple one at that, to watch what they are doing. New applications weather from the Internet, a cd or dvd should always be inspected or scanned for malware prior to installation, regardless the source. Just how lazy and irresponsible are folks becoming that they cannot watch what they are doing even when it may involve great pain and effort such as opening their eyes or clicking a mouse button or two. These whiners need to wake up and smell the reality.

This topic is closed for new posts.