FreeFileSync 7.3
FreeFileSync 7.3
FreeFileSync 7.3: http://www.freefilesync.org/download.php
Re: FreeFileSync 7.3
@ robzuc: Thanks ... and updated
- FileHandler
- Posts: 137
- Joined: Sat Aug 15, 2015 7:11 pm
Re: FreeFileSync 7.3
I strongly object to listing a program that contains malicious adware with ever-shifting content. You MUST run the installer with the latest versions, the author has closed all backdoors of not doing so - like using UniversalExtractor.
If you fail to run the custom install option, you're in for bad surprises. Even if you disable the adware checkbox during custom install, there have been several reported cases where this failed and the adware got installed anyway. I can personally attest to that. What's more, such user reports disappear from their discussion forum.
The most recent complaints by users unable to download or install:
https://sourceforge.net/p/freefilesync/ ... /222acc7a/
https://sourceforge.net/p/freefilesync/ ... /dc5cfd6d/
https://sourceforge.net/p/freefilesync/ ... /71122297/
IMHO, listing this adware threatens the good reputation of PortableFreeCollection.
If you fail to run the custom install option, you're in for bad surprises. Even if you disable the adware checkbox during custom install, there have been several reported cases where this failed and the adware got installed anyway. I can personally attest to that. What's more, such user reports disappear from their discussion forum.
The most recent complaints by users unable to download or install:
https://sourceforge.net/p/freefilesync/ ... /222acc7a/
https://sourceforge.net/p/freefilesync/ ... /dc5cfd6d/
https://sourceforge.net/p/freefilesync/ ... /71122297/
IMHO, listing this adware threatens the good reputation of PortableFreeCollection.
- JohnTHaller
- Posts: 717
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: FreeFileSync 7.3
For completeness, the full Virus Total scan of FreeFileSync 7.3 shows it being flagged by 19 out of 56 engines:
https://www.virustotal.com/en/file/8998 ... 439754059/
https://www.virustotal.com/en/file/8998 ... 439754059/
PortableApps.com - The open standard for portable software | Support Net Neutrality
- FileHandler
- Posts: 137
- Joined: Sat Aug 15, 2015 7:11 pm
Re: FreeFileSync 7.3
Thanks John,
very interesting. Especially since the author keeps downplaying the issues, posting similar scans that never test the real download and install package, but only components he carefully selects, then declares any finds as "false positives".
What I particulary dislike about the general handling, is the sneaky, devious way this whole issue is being swept under the carpet. It is one thing to be honest about adware, mentioning it upfront. This is not the case with FFS, however. Quite the contrary, the instructions how to avoid it are hard to find, and the really bad cases, when installation somehow fails for whatever reasons, it did occassionally happen that malware found it's access anway, despite disabled checkboxes.
A few months back I had also complained to SourceForge.net Support about disappearing postings by particularly frustrated users, it was easy to verify and I also had screenshots, but it seems like SourceForge doesn't really care. They've become rather lax on adware/ malware in general.
very interesting. Especially since the author keeps downplaying the issues, posting similar scans that never test the real download and install package, but only components he carefully selects, then declares any finds as "false positives".
What I particulary dislike about the general handling, is the sneaky, devious way this whole issue is being swept under the carpet. It is one thing to be honest about adware, mentioning it upfront. This is not the case with FFS, however. Quite the contrary, the instructions how to avoid it are hard to find, and the really bad cases, when installation somehow fails for whatever reasons, it did occassionally happen that malware found it's access anway, despite disabled checkboxes.
A few months back I had also complained to SourceForge.net Support about disappearing postings by particularly frustrated users, it was easy to verify and I also had screenshots, but it seems like SourceForge doesn't really care. They've become rather lax on adware/ malware in general.
Re: FreeFileSync 7.3
FileHandler wrote:A few months back I had also complained to SourceForge.net Support about disappearing postings by particularly frustrated users, it was easy to verify and I also had screenshots, but it seems like SourceForge doesn't really care. They've become rather lax on adware/ malware in general.
- Probably because Sourceforge has gone down that same path itself...
- FileHandler
- Posts: 137
- Joined: Sat Aug 15, 2015 7:11 pm
Re: FreeFileSync 7.3
I just hope PortableFreeware doesn't follow SourceForge's bad example. They used to be quite OK one time, very strict on malware and sneaky business models. Meanwhile they have thoroughly ruined their reputation, imo.
Re: FreeFileSync 7.3
1. I had no problem extracting FreeFileSync_7.3_Windows_Setup.exe installer with 7-Zip
2. I tested the "How to extract" method suggested in TPFC entry several times and it works, that is, nothing but FFS was installed (extracted). However, this extraction method is not clean and the installer seems to "call home" (my guess is that the Open Candy thingy does its scan but have no time to test at the moment). Traces:
OCSetupHlp.dll in \AppData\Local\Temp\nsr78E1.tmp folder
wininit.ini in %windir%
I suggest to change the "How to extract" instructions.
3. Why should Sourceforge care? Only the source code is hosted there (and bug reporting).
I will spare JohnT of criticism (he should know better) but I think you should worry about your reputation and let the Portable Freeware Collection community worry about its reputation.
2. I tested the "How to extract" method suggested in TPFC entry several times and it works, that is, nothing but FFS was installed (extracted). However, this extraction method is not clean and the installer seems to "call home" (my guess is that the Open Candy thingy does its scan but have no time to test at the moment). Traces:
OCSetupHlp.dll in \AppData\Local\Temp\nsr78E1.tmp folder
wininit.ini in %windir%
I suggest to change the "How to extract" instructions.
3. Why should Sourceforge care? Only the source code is hosted there (and bug reporting).
I will spare JohnT of criticism (he should know better) but I think you should worry about your reputation and let the Portable Freeware Collection community worry about its reputation.
- JohnTHaller
- Posts: 717
- Joined: Wed Feb 10, 2010 4:44 pm
- Location: New York, NY
- Contact:
Re: FreeFileSync 7.3
It should be noted that most of the flaggings are PUPs (Potentionally Unwanted Programs) and not actual malware. If it helps any PFC folks in their decision-making of how to handle this particular instance, PortableApps.com links to FreeFileSync.org as the publisher (and for folks wanting a local version) as well but we don't currently have a warning notification near that link. We do have one for apps like DVDStyler which have, in the past, used adware that's installed even when you've specifically chosen not to. We've used that as a distinguisher in whether or not to warn users about a publisher but may alter that in the future as quite a few of the apps we package have adware in their local versions and some like FFS have it in their official portable versions.
Obviously it's a bit different in this particular app's case as most folks visiting PFC wouldn't be as concerned about whether a local installer had adware because they'd be using the ZIP download. With FreeFileSync, there's a single installer for local and portable by default. While the "How To Extract" instructions will bypass the adware, and I can confirm that extracting the files with 7-Zip still works without issue, there is always the risk that some users may download and run the installer without reading the instructions. On a semi-positive note, though, FreeFileSync is using OpenCandy, which does not install anything if the user selects not to.
On a related note, it seems FreeFileSync is self-hosting now as FossHub asked them to leave due to the bundleware.
On a semi-related note, SourceForge has discontinued all their adware programs for new apps and mirrored apps. I heard through the grapevine that they may be purging publishers that add their own adware as well (DVDStyler, etc) but am not sure about that.
Also, the note above about the Virus Total scan wasn't in any way a criticism of PFC or the linking. Just a bit more context since this is a topic that PortableApps.com is currently considering how to handle officially for publisher links.
Obviously it's a bit different in this particular app's case as most folks visiting PFC wouldn't be as concerned about whether a local installer had adware because they'd be using the ZIP download. With FreeFileSync, there's a single installer for local and portable by default. While the "How To Extract" instructions will bypass the adware, and I can confirm that extracting the files with 7-Zip still works without issue, there is always the risk that some users may download and run the installer without reading the instructions. On a semi-positive note, though, FreeFileSync is using OpenCandy, which does not install anything if the user selects not to.
On a related note, it seems FreeFileSync is self-hosting now as FossHub asked them to leave due to the bundleware.
On a semi-related note, SourceForge has discontinued all their adware programs for new apps and mirrored apps. I heard through the grapevine that they may be purging publishers that add their own adware as well (DVDStyler, etc) but am not sure about that.
Also, the note above about the Virus Total scan wasn't in any way a criticism of PFC or the linking. Just a bit more context since this is a topic that PortableApps.com is currently considering how to handle officially for publisher links.
PortableApps.com - The open standard for portable software | Support Net Neutrality
- FileHandler
- Posts: 137
- Joined: Sat Aug 15, 2015 7:11 pm
Re: FreeFileSync 7.3
Thanks for telling me about the 7-zip work-around. I followed the guidelines of PortableFreeware where it recommends using UniversalExtractor (see FAQ page) and this did not work anymore for FFS.
Luckily, there still are a few sites that can be recommended without getting a call the next morning of irate friends and their accusing "how could you possibly recommend this to me". I have neither time nor skills to clean up their infested machines, so yes - I do indeed worry about my own reputation first and foremost, and only second, the bad light it sheds on SourceForge or PortableFreeware.
My point exactly, the one I was hoping to get across. I've been recommending this site to numerous friends and colleagues. None of them is what you'd call computer-savvy. Even if they invested enough effort to read the instructions for the work-arounds, they wouldn't know how to pull it off. There are much more people out there than you guys in here might imagine, who - unlike you - lack the knowledge necessary for malware, spyware, nagware, adware ..... Some of it sounds tolerable.I am Baas wrote: 3. Why should Sourceforge care?.....
.... I think you should worry about your reputation ...
Luckily, there still are a few sites that can be recommended without getting a call the next morning of irate friends and their accusing "how could you possibly recommend this to me". I have neither time nor skills to clean up their infested machines, so yes - I do indeed worry about my own reputation first and foremost, and only second, the bad light it sheds on SourceForge or PortableFreeware.
Re: FreeFileSync 7.3
Well, I find that the democratic way of determining the publicity of a program with votes is indeed hurting our reputation. FreeFileSync has an internal score of 26. It is unlikely for FreeFileSync to disappear from the database, no matter what happens, unless Andrew interferes.I am Baas wrote: I will spare JohnT of criticism (he should know better) but I think you should worry about your reputation and let the Portable Freeware Collection community worry about its reputation.
TPFC used to have a very strict policy against bundleware or adware. That policy is no longer enforced in practice because programs like FreeFileSync can easily remain in the database even if they start to bundle crapware later on. A program has low chances of being added to the database if it bundles crapware, but if a program has already been added, it will most likely remain even if starts to bundle crapware afterwards.
In the long run, some members will quit this website. Their votes will remain valid and keep even worse programs afloat.
The result is that the visitors can't trust us as much as before. It will be necessary to read the "How to extract" instructions and follow them carefully. Which is hard in cases like FreeFileSync where the installer tries to trick the user.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
- FileHandler
- Posts: 137
- Joined: Sat Aug 15, 2015 7:11 pm
Re: FreeFileSync 7.3
@ SYSTEM
thanks for taking the time to explain. I am glad to hear that the once strict policy has not been abandoned altogether.
Which would probably not be accepted by adware-providers anyway, they count on unsuspecting users. I cannot imagine anyone voluntarily installing the crap that comes along with FreeFileSync. Unless by accident, and that seems to happen often enough to keep the adware pest going.
thanks for taking the time to explain. I am glad to hear that the once strict policy has not been abandoned altogether.
This tactic of the author - among other aggravations - has also contributed to my negative experiences. Not to mention I had asked people to donate to show their support, and they repeatedly did. Until finding out they've been tricked by some double-dealer who continues to ask for donations, while raking in additional money, without stating outright and very obviously that his package comes bundled and you better not click the default install.SYSTEM wrote:TPFC used to have a very strict policy against bundleware or adware. That policy is no longer enforced in practice because programs like FreeFileSync can easily remain in the database even if they start to bundle crapware later on. ...
...
The result is that the visitors can't trust us as much as before. It will be necessary to read the "How to extract" instructions and follow them carefully. Which is hard in cases like FreeFileSync where the installer tries to trick the user.
Which would probably not be accepted by adware-providers anyway, they count on unsuspecting users. I cannot imagine anyone voluntarily installing the crap that comes along with FreeFileSync. Unless by accident, and that seems to happen often enough to keep the adware pest going.
Re: FreeFileSync 7.3
Okay ... one thing at a time..
Do you need the 7-zip beta to open this properly? I'm getting some weird Japanese-looking characters in v9.20 that I'm not sure how to write something up for.I am Baas wrote:I suggest to change the "How to extract" instructions.
Re: FreeFileSync 7.3
webfork wrote:Okay ... one thing at a time..
Do you need the 7-zip beta to open this properly? I'm getting some weird Japanese-looking characters in v9.20 that I'm not sure how to write something up for.I am Baas wrote:I suggest to change the "How to extract" instructions.
The latest stable 7-Zip version 9.20 (2010-11-18) extracts it fine. All the files are in the "_ユ" folder.
- Andrew Lee
- Posts: 3064
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: FreeFileSync 7.3
I can verify this works. The current instructions work too. I tested out V7.3 when I was asking for help on MTP file copy.The latest stable 7-Zip version 9.20 (2010-11-18) extracts it fine. All the files are in the "_ユ" folder.
My personal opinion: I don't think this qualifies as adware. The main app, after you have isolated it, is free from ads. The adware is contained in the installer. However, this is standard practice for many big names nowadays. For example, I can't recall the number of times I accidentally installed Yahoo Toolbar while installing Oracle's Java Runtime.
Even in the good ol' days, it would have passed all the checkmarks for inclusion in the database.