Seems there is a note buried on the CNet site about it.
http://cnet-upload.custhelp.com/app/...tail/a_id/2064
They claim to be doing it for "more security and utility as well as better consumer protections."
Which means they are not just evil. But evil liars.
Everyone in the business knows they are doing it for the money. It is called pay per install, PPI. We get approached several times a year will offers to bundle our software with various crapware, but turn them all down. The one hassling us at the moment is installmonetizercorp. But now CNet has done it without telling us.
You get between $0.02 and $1.00 per install of the crapware, depending on the crapware provider and the location of the person doing the install. For example an install in Mexico is worth just $0.04, an install in the UK is worth $0.40 and for the USA an install can be worth up to $1.00.
Which means the money can be hard to resist. (We do around 20,000 downloads a day from our website for example).
Even stranger is that Microsoft have (had?) an alliance with CNet to supply data for the Window's market place.
http://www.cnet.com/html/aboutcnet/p...04/071204.html
Our understanding is that Microsoft paid CNet for this. And now CNet are helping to mess up the Windows user experience. In the long term it will only drive more people to Apple and their walled garden.
Announcement
Collapse
No announcement yet.
CNet's Evil Crapware Babylon toolbar Bundling
Collapse
X
-
CNet's Evil Crapware Babylon toolbar Bundling
In the continuing long decline of the download.com web site, it seems they have decided to start bundling malware with their downloads.
As described by Fyodor over at seclists.org.
"I've just discovered that C|Net's Download.Com site has
started wrapping their Nmap downloads (as well as other free software
like VLC) in a trojan installer which does things like installing a
sketchy "StartNow" toolbar, changing the user's default search engine
to Microsoft Bing, and changing their home page to Microsoft's MSN.
The way it works is that C|Net's download page (screenshot attached)
offers what they claim to be Nmap's Windows installer. They even
provide the correct file size for our official installer. But users
actually get a Cnet-created trojan installer. That program does the
dirty work before downloading and executing Nmap's real installer."
A number of the Anti-virus packages are already flagging the bundled software as a Trojan.
http://www.virustotal.com/file-scan/report.html?id=5bd70802c051fd95d0d78ac168385cd5047 05c00526ded2fd5edebdcc32d48f6-1323139801
Needless to say, it is pretty evil for CNet to do this without informing us.
Other developers have stated that if you pay CNET for advertising then CNet doesn't bundle their crapware. Which make it more like blackmail. If we get an additional details, we'll add to this post.
So for the moment we strongly suggest you don't use download.com. Go direct to the developer's sites for your downloads.
More details here,
http://seclists.org/nmap-hackers/2011/5
http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations
Screen shot of CNET crapware
Leave a comment: