For long time the SourceForge was one of the most trusted open source projects repositories, where one could go to download the latest versions of numerous useful applications. They were a site safe from influence of various shady commercial interests, providing the installers and binaries as they are built by the project developers.
Few days ago it was announced on several technical sites that SourceForge has changed its business practice, and that it had went the CNET’s download.com way: they now repackage original installers into their own wrapper installers that (beside starting the contained original installer of the application one is interested in) perform drive-by installations of various cr*pware (adware, shareware, etc).
Following articles illustrate what is know about that change at this moment:
An afterthought: The same company that owns SourceForge is also owner of SlashDot discussion forum/site. So, I expect that they will go down the drain soon, too.
Update: Apparently this is going on for some time now:
Related: “C|Net’s Download.Com trojans” – https://eikonal.wordpress.com/2011/12/06/cnets-download-com-trojans/
It appears that every modern tech company feels that it is a home of bunch of visionaries, of technical prodigies that are entitled to keep changing user experience (of their products) all the time. Adding new features would be fine. Providing alternate (frequently better) ways of doing something (that was already doable within product) is also fine. Removing long present features is not fine. Doing so is akin to an invitation to an religions war. It insults users by implying that developer knows better that all users what is better for them. Is every developer under impression that he has to do bold arrogant moves like Steve Jobs use to do or Microsoft does all the time?
Few recent examples follow.
1) Atlassian Confluence wiki removal of wiki markup
Confluence used to be one of the best wiki engines. Rich in features, suitable for corporate deployment. Its downsides are that it is written in Java, hard to install and properly configure – but if you have someone else take these administrative jobs from your hand, it used to be very powerful knowledge management platform.
In version 4 of Confluence, the Atlassian removed the wiki markup editor.
This seems very reasonable, but removing options from dumb users also removes them from the expert user – and that’s us. Reducing freedom, even freedom to crash the application, can be seen as a bad thing. And if reducing that freedom exposes the browser user to all manner of nasties, then it is even more a bad thing.
- Change is set in stone, as the lead developers have set their mind. Here is the justification for change by one of them: “Checkboxes that kill your product” by Alex Limi – http://limi.net/checkboxes-that-kill/.
Come again? What is the next, removing the navigation/URL window so users can go only to predefined links on their home portals?
Comment added later:
3) FireFox removed right-click option to send a page link
Since version 16 of Mozilla’s FireFox browser, that options is removed. Now it can be found under the File > Send Link location.
This is a minor annoyance. One can either reprogram his mind and start using the new location, or install extension “Send Link in context menu” (https://addons.mozilla.org/en-US/firefox/addon/send-link-in-context-menu/).
Found this somewhere on web several months ago. Very useful for long lists of machines that one want to order by IP addresses.
Sub sortIP() 'sorts IP addresses
Dim i As Long, j As Long, k As Long
Dim RangeToSort As Range
Dim IPaddress As String
Dim IPColumn As Long
IPaddress = "#*.#*.#*.#*"
Set RangeToSort = Selection
'If just one cell selected, then expand to current region
If RangeToSort.Count = 1 Then
Set RangeToSort = RangeToSort.CurrentRegion
'Check if row 1 contains an IP address. If not, it is a header row
'first find column with IP addresses. Check row 2 since row 1 might be a Header
IPColumn = 1
Do Until RangeToSort.Cells(2, IPColumn).Text Like IPaddress
If IPColumn > RangeToSort.Columns.Count Then
MsgBox ("No valid IP address found in Row 1 or Row 2")
IPColumn = IPColumn + 1
If Not RangeToSort(1, IPColumn).Text Like IPaddress Then
Set RangeToSort = RangeToSort.Offset(1, 0). _
Resize(RangeToSort.Rows.Count - 1, RangeToSort.Columns.Count)
'one extra column for the IP sort order
ReDim rg(RangeToSort.Rows.Count - 1, RangeToSort.Columns.Count)
For i = 0 To UBound(rg)
For k = 1 To UBound(rg, 2)
rg(i, k) = RangeToSort.Cells(i + 1, k).Text
IP = Split(rg(i, IPColumn), ".")
For j = 0 To 3
rg(i, 0) = rg(i, 0) & Right("000" & IP(j), 3)
rg = BubbleSort(rg, 0)
For i = 0 To UBound(rg)
For k = 1 To UBound(rg, 2)
RangeToSort.Cells(i + 1, k) = rg(i, k)
Function BubbleSort(TempArray As Variant, d As Long) 'D is dimension to sort on
Dim temp() As Variant
Dim i As Integer, j As Integer, k As Integer
Dim NoExchanges As Boolean
k = UBound(TempArray, 2)
ReDim temp(0, k)
NoExchanges = True
For i = 0 To UBound(TempArray) - 1
If TempArray(i, d) > TempArray(i + 1, d) Then
NoExchanges = False
For j = 0 To k
temp(0, j) = TempArray(i, j)
TempArray(i, j) = TempArray(i + 1, j)
TempArray(i + 1, j) = temp(0, j)
Loop While Not NoExchanges
BubbleSort = TempArray
Related here: Excel to text – https://eikonal.wordpress.com/2011/02/14/excel-to-text/ | Excel files processing – https://eikonal.wordpress.com/2011/02/25/excel-files-processing/ | IT tips pages – https://eikonal.wordpress.com/2010/02/08/it-tips-pages/
- “C|Net Download.Com is now bundling Nmap with malware!” by Fyodor (nmap-hackrs email list; 2011.12.05):
From: email@example.com On Behalf Of Fyodor
Sent: Monday, December 2011.12.05 17:36
Subject: C|Net Download.Com is now bundling Nmap with malware!
Hi Folks. I've just discovered that C|Net's Download.Com site has started wrapping their
Nmap downloads (as well as other free software like VLC) in a trojan installer which does
things like installing a sketchy "StartNow" toolbar, changing the user's default search
engine to Microsoft Bing, and changing their home page to Microsoft's MSN.
The way it works is that C|Net's download page (screenshot attached) offers what they
claim to be Nmap's Windows installer. They even provide the correct file size for our
official installer. But users actually get a Cnet-created trojan installer. That program
does the dirty work before downloading and executing Nmap's real installer.
Of course the problem is that users often just click through installer screens, trusting
that download.com gave them the real installer and knowing that the Nmap project wouldn't
put malicious code in our installer. Then the next time the user opens their browser,
they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as
their home page, and whatever other shenanigans the software performs! The worst thing is
that users will think we (Nmap Project) did this to them!
I took and attached a screen shot of the C|Net trojan Nmap installer in action. Note how
they use our registered "Nmap" trademark in big letters right above the malware "special
offer" as if we somehow endorsed or allowed this. Of course they also violated our
trademark by claiming this download is an Nmap installer when we have nothing to do with
the proprietary trojan installer.
In addition to the deception and trademark violation, and potential violation of the
Computer Fraud and Abuse Act, this clearly violates Nmap's copyright. This is exactly why
Nmap isn't under the plain GPL.
Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding
software which "integrates/includes/aggregates Nmap into a proprietary executable
installer" unless that software itself conforms to various GPL requirements (this
proprietary C|Net download.com software and the toolbar don't). We've long known that
malicious parties might try to distribute a trojan Nmap installer, but we never thought it
would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft
would be sponsoring this activity!
It is worth noting that C|Net's exact schemes vary. Here is a story about their
It is interesting to compare the trojaned VLC screenshot in that article with the Nmap one
I've attached. In that case, the user just clicks "Next step" to have their machine
infected. And they wrote "SAFE, TRUSTED, AND SPYWARE FREE" in the trojan-VLC title bar.
It is telling that they decided to remove that statement in their newer trojan installer.
In fact, if we UPX-unpack the Trojan CNet executable and send it to VirusTotal.com, it is
detected as malware by Panda, McAfee, F-Secure, etc:
According to Download.com's own stats, hundreds of people download the trojan Nmap
installer every week! So the first order of business is to notify the community so that
nobody else falls for this scheme.
Please help spread the word.
Of course the next step is to go after C|Net until they stop doing this for ALL of the
software they distribute. So far, the most they have offered is:
"If you would like to opt out of the Download.com Installer you can
submit a request to firstname.lastname@example.org. All opt-out
requests are carefully reviewed on a case-by-case basis."
In other words, "we'll violate your trademarks and copyright and squandering your goodwill
until you tell us to stop, and then we'll consider your request 'on a case-by-case basis'
depending on how much money we make from infecting your users and how scary your legal
- “Does CNET Download.com’s new installer install malware?” (HighTechReality.com blog; 2011.08.30) – http://hightechreality.com/2011/08/cnet-downloadcoms-installer-install-malware/
- “Download.com wraps downloads in bloatware, lies about motivations” by Lee Mathews (2011.08.22) – http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations
There was a time long, long ago when Download.com was the place I went for software. It’s been years, however, as the site repeatedly showed signs of devolving into a site every bit as bothersome as the many third-tier software repositories that hide genuine links below clever-placed advertisements and bundle toolbars with their “certified” local downloads.
- Download.com Caught Adding Malware to Nmap & Other Software – http://insecure.org/news/download-com-fiasco.html
Related: “SourceForge has lost its common sense” – https://eikonal.wordpress.com/2015/06/03/sourceforge-has-lost-its-common-sense/
This is a fun stuff. One can open another instance of FireFox GUI inside the browser area where content of web pages is displayed.