Sourceforge and suspiscions of driveby malware
-
JohnTHaller
- Posts: 716
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: Sourceforge and suspiscions of driveby malware
The article gets tons of things wrong either purposefully because the author dislikes it and wants to 'drive that point home' or because he is completely unfamiliar with the terminology. It's neither a drive-by-installer nor is it malware. From my understanding of the writeups and my own first-hand test of it, it's a single offer (of either a trial or an adware toolbar) in an installer which is clearly indicated as such and even has a link to why they do it (monetize open source and pay for bandwidth, etc). It is only installed when the user clicks Agree on the page of the installer that is rather clearly an offer and, when installed, has an entry in Add/Remove programs to uninstall it. It doesn't use any of the trickery you've seen on Download.com or other sites (no faking a page to look like the license for the app you want to install, no hiding the offer within multiple installer options and having to click advanced to avoid it, no popup window with an OK and Cancel that do the opposite of what you'd expect... all of which are done by Download.com and others). It's an opt-in program at SourceForge that FileZilla and a couple other projects have opted into. The goal is to make SourceForge self-sufficient/profitable and allow the open source projects to have a source of revenue (besides the declining ad revenue).
I wrote a complete response on Hacker News here: https://news.ycombinator.com/item?id=6263931
Full disclosure: PortableApps.com is hosted on SourceForge but does not participate in this program. The PortableApps.com Format prohibits any kind of offer-based installation. Even 3rd parties are prohibited from doing it with their own software in PortableApps.com Format.
I wrote a complete response on Hacker News here: https://news.ycombinator.com/item?id=6263931
Full disclosure: PortableApps.com is hosted on SourceForge but does not participate in this program. The PortableApps.com Format prohibits any kind of offer-based installation. Even 3rd parties are prohibited from doing it with their own software in PortableApps.com Format.
PortableApps.com - The open standard for portable software | Support Net Neutrality
Re: Sourceforge and suspiscions of driveby malware
I have more to say about this, but for the moment:
The zip distro we're pointing to doesn't have the bundleware issue so there's no immediate need to edit the entry. Also, the issue with the Download.com fiasco surrounded the fact that the change was made en masse regardless of developer feelings (or licenses in some cases). As that's not happening here, there's not much I can apply here policy-wise until more programs add bundleware.
The zip distro we're pointing to doesn't have the bundleware issue so there's no immediate need to edit the entry. Also, the issue with the Download.com fiasco surrounded the fact that the change was made en masse regardless of developer feelings (or licenses in some cases). As that's not happening here, there's not much I can apply here policy-wise until more programs add bundleware.
Last edited by webfork on Sun Aug 25, 2013 2:54 pm, edited 1 time in total.
Reason: (better wording)
Reason: (better wording)
Re: Sourceforge and suspiscions of driveby malware
@webfork: The current topic (as well as juvera's other one, here at "Suggestions/Discussions") should probably be moved to "Resources & Links", don't you think?Re: Sourceforge and suspiscions of driveby malware
Good call. Although I decided to send it to "chit chat".Midas wrote:The current topic ... should probably be moved to "Resources & Links", don't you think?
Re: Sourceforge and suspiscions of driveby malware
i don't like all the redirects or whatever they're called just to get a download from SourceForge as my hosts file is always blocking something plus have to enable javascript iirc.