Saturday, February 7, 2015

Sourceforge Bundles MALWARE!!!

A few people I know were trying to get filezilla FTP from sourceforge and recently since Dice took over SF, a lot of software from that site has malware bundled with it in the installer.They no longer give you a normal installer, instead it's a custom one with adware that still gets installed EVEN IF YOU OPT OUT!

Lots of anti-virus clients are even blocking the installers from even being executed.
I recommend going with GITHUB or MS's codeplex

What's worse is devs like filezilla DEFEND this decision!
Check out the thread here: https://forum.filezilla-project.org/viewtopic.php?t=32945

It's very bad that the dev of one of many projects hosted on sourceforge DEFENDS this and they think it's "no biggie" if people get infected!

Intead of hosting elsewhere they defend a bad choice. Instead of on the users side they keep with a bad host.

Many devs are choosing to do this and I will be compiling a list of known applications from SF you should avoid due to this mess!


Known major applications:
VLC media player
FileZilla
OpenOffice
FreeFyleSync
IMGBurn


At least GIMP decided to jump ship:

“In the past few months, we have received some complaints about the site where the GIMP installers for the Microsoft Windows platforms are hosted. SourceForge, once a useful and trustworthy place to develop and host FLOSS applications, has faced a problem with the ads they allow on their sites – the green “Download here” buttons that appear on many, many adds leading to all kinds of unwanted utilities have been spotted there as well. 
The tipping point was the introduction of their own SourceForge Installer software, which bundles third-party offers with Free Software packages. We do not want to support this kind of behavior, and have thus decided to abandon SourceForge.”
 
 
Please comment if you have any to add! This list will be updated as often as I can!

No comments:

Post a Comment