Become a fan of Slashdot on Facebook


Forgot your password?
Open Source Software Bundling Adware With Free Software 228 228

Zocalo writes "In a post to the Nmap Hackers list Nmap author Fyodor accuses of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings, and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either."
This discussion has been archived. No new comments can be posted. Bundling Adware With Free Software

Comments Filter:
  • easy way to bypass (Score:5, Informative)

    by sdnoob (917382) on Tuesday December 06, 2011 @06:38AM (#38277860)

    add &dlm=0 to the end of the 'your download is starting' page url..

    1 go to a program's page
    2. click download now
    3. do not download the file that starts cnet_ or cnet2_ (if it doesn't start with cnet it's ok)
    4. add the &dlm=0 to the url in the address bar after the spi=whatever junk

    enjoy the direct download.. and go to the source next time..or try filehippo or softpedia (either one with your adblocker running)

  • Re:This is news? (Score:5, Informative)

    by sosume (680416) on Tuesday December 06, 2011 @06:40AM (#38277868) Journal

    You can always choose not to offer your downloads through

  • Re:This is news? (Score:5, Informative)

    by Zocalo (252965) on Tuesday December 06, 2011 @07:00AM (#38277988) Homepage
    Yes, they have, or at least it seems like it. The difference this time is that in addition to an abuse of the registered Nmap trademark Fyodor also has them in a clear breach of the NMAP licensing Ts&Cs and it appears he's willing to try and pursue the matter through the courts. I did have a strapline on the original submission to the effect that he was looking for a good US based copyright lawyer, but it appears that the Slashdot editors decided that wasn't an important part of the story.
  • Re:This is news? (Score:5, Informative)

    by hairyfeet (841228) <bassbeast1968@gmai[ ]om ['l.c' in gap]> on Tuesday December 06, 2011 @07:19AM (#38278056) Journal

    Sorry but this is old new and why most of us builders have been avoiding CNet like the clap for awhile. I'd loved to see their before and after website visits stats because i wouldn't be surprised if many are doing like me and the instant they see the article is on CNet closing the tab.

    For those that need that "80%" software, the stuff you pretty much install on every system? Let old Hairy introduce to a really nice place with a weird name...Ninite []. it has all the latest versions of the software everyone installs, your flash, codec packs, VLC, LibreOffice, several AV and antimal to choose from, and NO TOOLBARS are allowed, no crapware, just the program you want pre-packaged as an unattended installer that's as simple as "clicky clicky" and let her run. great for not only new builds but when you need to help someone who lives a good distance away who is having trouble or doesn't know where to find the above basics.

    I used to swing by CNet all the time back in the day but since i don't support spammers and spyware pushers they can go pound sand. With ninite all the basics are covered and if you can think of others you'd like just drop their name in the suggestion box and they'll add the most popular choices to the list. I suggested Klite with MPC and voila! There it is, and more popular apps are being added all the time. Enjoy folks!

  • Re:This is news? (Score:5, Informative)

    by Anonymous Coward on Tuesday December 06, 2011 @07:27AM (#38278090)

    If anybody else wants to remove their software as well then you need to contact support to delist from
    They will respond with something like:

    Thank you for contacting CNET There are several ways to opt-out:

    - Premium subscription
    - PPD

    But if you insist they will remove your listing. Fucking scammers!

  • Re:This is news? (Score:5, Informative)

    by buchner.johannes (1139593) on Tuesday December 06, 2011 @07:54AM (#38278192) Homepage Journal

    If your logo or name is a trademark, yes. That's why no distribution can redistribute a modified Firefox with the same name & logo.

  • Re:Nothing new. (Score:5, Informative)

    by WoodSmoke (631754) on Tuesday December 06, 2011 @07:58AM (#38278214)
    Fyodor actually *DOES* host the installer. He never gave them permission to repackage it. In fact, the software license prohibits this explicitly. From the article: "This is exactly why Nmap isn't under the plain GPL. Our license ( specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net software and the toolbar don't)." So yeah, I can blame them. If you read the fucking article you would know this. p.s. Yes, I said that the parent should have read the article. No, I am not new here, but that doesn't mean that I, or anyone else, should tolerate willfully uninformed bullshit spouting.
  • by Luckyo (1726890) on Tuesday December 06, 2011 @08:14AM (#38278278)

    Pick mediafire then. Zero wait, over 1MB/sec download speed.

    Megaupload usually saturates my 2.2MB/sec download bandwidth, but it has wait time.

  • Re:This is news? (Score:5, Informative)

    by Entropy98 (1340659) on Tuesday December 06, 2011 @08:24AM (#38278340) Homepage

    Cnet is only bundling their adware with programs uploaded since they started bundling.

    I've got a program listed there, its not bundled.

    If I upload a new version they are going to bundle it with their crapware.

    So I'm not uploading a new version, ever.

    They told uploaders what they were going to do with their program, they don't agree to your terms and conditions, you agree to theirs.

    Remove your program from their site and go elsewhere.

  • by wierd_w (1375923) on Tuesday December 06, 2011 @08:35AM (#38278400)

    1) if they actually do something, it means the many worlds hypothesis is true, and the divergent timeline occurs in a different quantum universe.

    2) if the get the message, and do nothing, then you could have created a closed timelike curve, and doomed your own universe to experience the exact timeline you are reporting on. This closed timelike curve would be an indelible part of that universe's history, both present, past and future. (The time after the event creates the preceeding event, which causes the event to happen. Rinse, repeate until dizzy.) (It could also simply be another instance of the many worlds hypothesis being true though.)

    3) attempts at bidirectional communication would be systematically prevented by quantum collapse. All attempts to talk to 1999 on the other end of the call would mysteriously fail 100% of the time, even if the theory behind such a transmission seems sound.

    4) 1999 calls us using a one way temporal transmission device. (Like an ordinary metal time capsule.) Communication is received, but no reply can be sent.

    Of these 4 options, 4 and 3 are the most likely scenarios for "1999 called, they want...." happening. #4 being the most likely.

    Causality, it's a bitch.

  • Re:This is news? (Score:5, Informative)

    by subreality (157447) on Tuesday December 06, 2011 @08:49AM (#38278462)

    Thank you for Ninite. It will unsuck my life considerably.

  • by DreamMaster (175517) on Tuesday December 06, 2011 @09:02AM (#38278532) Homepage

    I'm part of the ScummVM group, a cross platform software for playing various classic adventure games, and the question of came up when we released the next version of our software. There were some arguments for including it on such sites, such as giving greater visibility to the project. However, the issue of the bundled 'crapware' was considered too big a downside. We weren't that desperate for wider coverage of our software, and we certainly didn't want people to adversely associate our software with malware.

    These days I wouldn't touch even if you paid me.

  • Re:This is news? (Score:5, Informative)

    by kvvbassboy (2010962) on Tuesday December 06, 2011 @09:19AM (#38278676)
    I like FileHippo [] more. It has a bigger collection than ninite, and it tracks both stable and beta versions of most free software and freeware on Windows. They also have a useful (and a completely optional download) update utility that checks if there are any updates available for software on your computer. If yes, you can let it update from their website. It's pretty awesome, all in all.
  • Re:This is news? (Score:5, Informative)

    by Anonymous Coward on Tuesday December 06, 2011 @09:20AM (#38278682)

    The new installer is a "derivative work", and you can specify that derivative works must not use the original trademarks. Mozilla and RedHat are both very strict about this: the source is open and free and all but you keep their name out of your modified stuff.

  • by apcullen (2504324) on Tuesday December 06, 2011 @09:23AM (#38278708)
    Needed to install 7-zip on a windows computer, and was in a hurry, so I went to the first Google result instead of sourceforge. I aborted the install when I saw the "install this great toolbar" button. Still, I almost messed up my friend's computer. Important safety tip #1: Google doesn't always produce the result you really want anymore. Important safety tip #2: when installing open source software, Sourceforge is probably where you want to look.
  • Re:This is news? (Score:5, Informative)

    by Kadagan AU (638260) <> on Tuesday December 06, 2011 @09:32AM (#38278774) Journal
    Seems like we had this discussion [] already..
  • Re:This is news? (Score:5, Informative)

    by datavirtue (1104259) on Tuesday December 06, 2011 @10:53AM (#38279600)

    No, they have not always done this. It just started this year. As a software author who publishes on CNet in addition to many other sites and my own, I was horrified to be notified this year that this was going to take place. They completely repackage the software, wrapping it with their adware crap. I immediately fired off a vehement email telling them not to do this with my software, but CNet does what they want to do and getting them to do anything without giving them money is a process that usually takes about 6 to 12 months (they pissed me off years ago and it took FOREVER to get de-listed). They are essentially abusing their power they have over software authors who need to publish on CNet (by far the most high traffic DL site on the net). I don't really need to publish on CNet but it used to be a badge of honor and a sign of credibility to be published there. I don't consider it as such any more.

  • Re:This is news? (Score:4, Informative)

    by rilian4 (591569) on Tuesday December 06, 2011 @01:24PM (#38281900) Journal
    In the case of nmap, the license forbids such wrappers. It is *NOT* a GPL license that nmap is under, even though it *is* an open source license. Fyodor's letter explains the details...
  • by TheThiefMaster (992038) on Tuesday December 06, 2011 @02:25PM (#38282706)

    It's full of errors. Especially the spiel about alignment. In 64-bit mode you don't have to align everything to 64-bits for best performance, only 64-bit-sized values (including memory pointers). The example 16-bit value actually only needs 16-bit alignment for best performance, which is no different to the 32-bit version of the program.

    2: The increase in the memory use of pointers doesn't explain Windows x64's extra 300MB of memory use. My bet is on it loading both 64-bit and 32-bit versions of a bunch of libraries in order to support various components of Windows that are still 32-bit (as well as any 32-bit software you run).

    3: Saying that a 64-bit version of a program won't be faster... Two things are actually in favour of it being faster: 64-bit mode exposes more and larger registers to use, and also guarantees certain instruction set enhancements exist (SSE2). The latter especially is a huge speedup if you take advantage of it.

  • Re:This is news? (Score:4, Informative)

    by Kalriath (849904) on Tuesday December 06, 2011 @05:33PM (#38285080)

    If you're on Brothersoft as well, you'd best contact them to "unwrap" your software too - unlike they won't charge you to do that though, and will do it for you.

A programming language is low level when its programs require attention to the irrelevant.