CNET’s Download.com is a free download directory website established 15 years ago – it used to be a popular source for free downloads of thousands of legal programs. I say ‘used to be’ because it has come in for a huge amount of criticism in recent weeks.
It appears to be taking some installation files (that it hosts on behalf of a program’s developers) and ‘wrapping’ them in its own installation file which includes unrelated toolbars etc that can change the way you browse, your home page and your default search engine :-(
Although you can choose not to install such apps (if you read the small print and click the right thing), Cnet’s installer package sets them to install by default (i.e. opt-out, not opt-in) and does its best to lead you into agreeing – most people will just click yes a few times as they would trust download.com not to insert anything sneaky into someone else’s free program…
Sadly, this appears to no longer true – the creator of popular free tool Nmap has written a blistering attack on Cnet for wrapping his free program in what he calls their ‘trojan’ installer, including the dreaded Babylon toolbar/search engine/homepage combo. His view seems to be backed by Virus Total (a service that analyzes suspicious files) which reports that Cnet’s own wrapped installation of Nmap is detected by 10 antivirus companies as a Trojan…
Such ‘foistware’ (toolbars etc that are foisted upon you by being bundled as part of a legitimate program’s installation process) are the bane of a repair tech’s life. When I ask people how they got programs like the Babylon or Ask toolbar on their computer (which mess with their preferences and may ruin their browsing experience) they don’t recall ever installing them – most likely because they were bundled up within another program – which is what Download.com are alleged to be doing.
Nmap is not the only program reported to suffer this wrapping process – reports of many other well respected free programs receiving the ‘trojan’ download treatment from Cnet are filtering through – the excellent VLC media player is just one more example.
Cnet have been quiet on this but, for me, the damage is done – whatever they say or do after this point. The claim that Download.com is the ‘trusted, safe, and secure resource for software’ is (in my opinion) severely undermined if they bundle legitimate free products with programs that are seen by antivirus companies as a type of virus – I would certainly avoid downloading any programs from Download.com in future.
So Who Else Is There?
My own personal choice that I have linked to many times in TechLogon articles is Filehippo.com – a reputable site that hosts downloads and doesn’t interfere with them. What you download should be what the program’s developer intended – not a bunch of suspicious toolbars and other chaff.
Filehippo also offer an excellent Update Checker utility which scans your computer for installed software, checks the versions and then checks if there are any newer releases – an easy way of keeping most free programs up to date.