FileZilla entry

Discuss anything related to portable freeware here.
Message
Author
mrsimpleton
Posts: 2
Joined: Wed Jan 18, 2012 10:07 pm

FileZilla entry

#1 Post by mrsimpleton »

Am I missing something here - how is FileZilla (http://www.portablefreeware.com/index.php?id=9) portable? It writes the user settings to Application Data. I thought I understood the purpose of this and I was all for it, but now I'm really confused. I do see that a portable FileZilla portion is presented as a sidenote, but the primary download link is certainly not to that section. If the intention is that FileZilla Portable qualifies the app, then the entry is really confusing....

User avatar
Erkhyan
Posts: 11
Joined: Thu Jun 30, 2011 11:56 pm

Re: FileZilla entry

#2 Post by Erkhyan »

First thing to check: did you follow the instructions in the How to extract section of the entry? Those are the steps you need to take to make the original FileZilla portable, after all.

User avatar
JohnTHaller
Posts: 715
Joined: Wed Feb 10, 2010 4:44 pm
Location: New York, NY
Contact:

Re: FileZilla entry

#3 Post by JohnTHaller »

mrsimpleton - Portable Freeware Collection approach to portability is a more do-it-yourself approach than you may be used to. Apps will often have instructions on how to extract them from their installer and manually configure them to enable 'portable mode' for the given app. Additionally, you should pay attention to the 'Stealth' line. If it doesn't say 'Yes' then the app will leave things behind on every PC you use. And pay attention to the 'Writes settings to' as an app could write it's settings to the registry and still be considered portable. Finally, watch the Path Portability line. Unless it says automatic relative path, some things will break as you move between PCs (last opened file list, favorite files, custom backgrounds/themes, etc).

If you're looking for a more 'just download and use it' experience, I'd humbly suggest PortableApps.com's apps. All of them are 'stealth' (according to PFC's definition), self-contained, require no manual configuration, use an easy-to-use self-extracting installer and automatically adjust paths.
PortableApps.com - The open standard for portable software | Support Net Neutrality

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

Re: FileZilla entry

#4 Post by MiDoJo »

While I only use a few of JohnTHaller's PortableApps Filezilla is one of them, and in this case I agree with him that that might be a good alternative for your use.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: FileZilla entry

#5 Post by webfork »

mrsimpleton wrote:Am I missing something here - how is FileZilla (http://www.portablefreeware.com/index.php?id=9) portable? It writes the user settings to Application Data. I thought I understood the purpose of this and I was all for it, but now I'm really confused. I do see that a portable FileZilla portion is presented as a sidenote, but the primary download link is certainly not to that section. If the intention is that FileZilla Portable qualifies the app, then the entry is really confusing....
Retested the instructions. Works fine.

Also went back and edited the extract instructions, since you cannot edit the XML file with the default Windows XP Notepad. It can't handle the line breaks.

User avatar
domestique
Posts: 4
Joined: Thu Oct 03, 2013 5:01 pm
Location: UK plc

Re: FileZilla entry

#6 Post by domestique »

I've been using FileZilla for some time quite unaware it's been storing my passwords in plain text.

I was really surprised especially when one considers this software has been around for ages and in constant development. It's certainly not the sort of thing one expects in this day and age of heightened awareness over security.

A quick search on the FileZilla forum reveals the developer is blatantly unconcerned citing the option to 'Not save passwords' as adequate.

I find this basic lack of security quite shocking and think a note should be added to the description on the software page so people are aware of this 'feature'.

As for me, I've used FileZilla for the last time >.<

P.S.
Keep up the great work - love this site :)

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: FileZilla entry

#7 Post by webfork »

domestique wrote:A quick search on the FileZilla forum reveals the developer is blatantly unconcerned citing the option to 'Not save passwords' as adequate.
I put FileZilla and most other programs inside an encrypted volume (via TrueCrypt). I want more than my passwords to not be stored in plaintext: I don't want someone connecting to the sites they include and, without some kind of master password, that's not something that can be prevented.

Why not just introduce a master password? I think it's easy for the devs to be cynical to the idea that *one more password* is going to make your computer secure. I have it enabled in Firefox but I think people see the necessity there because a browser is used for almost everything including taxes and purchasing.
domestique wrote:As for me, I've used FileZilla for the last time
Which FTP program are you using instead?
domestique wrote:Keep up the great work - love this site
Thanks :)

User avatar
domestique
Posts: 4
Joined: Thu Oct 03, 2013 5:01 pm
Location: UK plc

Re: FileZilla entry

#8 Post by domestique »

Thanks for the advise re. TrueCrypt, I'll look into that.

I'm currently using WinSCP, which seems adequate, though I suspect I'll be on looking at others on the ftp list in more depth.

User avatar
JohnTHaller
Posts: 715
Joined: Wed Feb 10, 2010 4:44 pm
Location: New York, NY
Contact:

Re: FileZilla entry

#9 Post by JohnTHaller »

FileZilla 3.9.0.2 fully drops Windows XP support and won't run. I've updated the entry and added a link to the older and unsupported 3.9.0.1 build for Windows XP users.
PortableApps.com - The open standard for portable software | Support Net Neutrality

freakazoid
Posts: 1212
Joined: Wed Jul 18, 2007 5:45 pm

Re: FileZilla entry

#10 Post by freakazoid »

Looks like the latest versions of FileZilla no longer stores passwords in plain-text any more, but it's still very easy to decode it. (Not going to list how, but it's pretty straightforward. If you know the answer, don't post it.)
is it stealth? ;)

User avatar
smaragdus
Posts: 2120
Joined: Sat Jun 22, 2013 3:24 am
Location: Aeaea

Re: FileZillaSecure

#11 Post by smaragdus »

Synopsis
A modified version of Filezilla dedicated to keeping your FTP passwords secure.
tl;dr FileZilla does not encrypt your saved FTP passwords and I got hacked. FileZilla Secure will encrypt your saved FTP passwords with a master password.
Bonus: More Speed!
The maximum number of transfer threads has been increased from 10 to 1000! While 1000 is not recommended 20, 50, and even 100 threads has been shown to work and has increased transfer speeds by over 5x.
Links
http://www.filezillasecure.com/ - FileZillaSecure web-site
http://www.softpedia.com/get/Internet/F ... cure.shtml - FileZillaSecure at Softpedia

Note
Source code of FileZillaSecure is available for download.
FileZillaSecure is behind the official FileZilla version- Secure - 3.18.0.0, Official - 3.22.2.2.
FileZillaSecure still supports WIndows XP- http://www.filezillasecure.com/download-windowsxp.php.

Edit!!!
It seems that FileZillaSecure does not respect FileZilla portability settings- it always writes to AppData (C:\Users\UserName\AppData\Roaming\FileZillaSecure)- sloppy work, I will not test this program any more.
Probably the developer intended to get some donations by cheating the users that the Windows XP version is still in development. I think that it is no coincidence that the latest FileZillaSecure version is the last FileZilla version which supports Windows XP- 3.18.0.0. This looks like a fraud. I am sorry I posted about FileZillaSecure.

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: FileZilla entry

#12 Post by Midas »

Don't be so hard on yourself, we all learn by trial and error -- and not always our own... ;)

shnbwmn
Posts: 265
Joined: Sat Jul 11, 2015 12:59 am

Re: FileZilla entry

#13 Post by shnbwmn »

Looking at the Filezilla Secure page, I don't think the dev is trying to deliberately deceive anyone. Using the last XP version was likely just a dev choice. FS isn't being passed off as being any new type development effort, just a modification. I think the more important question is if the program is virus-free and if it is indeed more secure.

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: FileZilla entry

#14 Post by joby_toss »

The more important question is why isn't FileZilla keeping your passwords secure?!

User avatar
SYSTEM
Posts: 2041
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: FileZilla entry

#15 Post by SYSTEM »

joby_toss wrote:The more important question is why isn't FileZilla keeping your passwords secure?!
Because keeping the passwords truly secure is impossible.

If FileZilla stores your passwords, it needs to store them in a format where they are still accessible to FileZilla. In other words, reversible encryption. And if FileZilla can reverse the encryption, so can malware. For that reason, Tim Kosse (the author) decided not to encrypt the passwords at all.

However, complete lack of encryption means that accessing the passwords is extremely easy, which is why FileZilla is a popular target for malware that steals passwords.
My YouTube channel | Release date of my 13th playlist: August 24, 2020

Post Reply