Download.com Bundling Adware With Free Software

Zocalo writes "In a post to the Nmap Hackers list Nmap author Fyodor accuses Download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings, and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either."

This is news?

[Anonymous Coward]

Download.com have always done this... I thought this was how they funded the site.

Re:This is news?

[geekmux]

Download.com have always done this... I thought this was how they funded the site.

This may be true, but doesn't shadow the efforts of those irritated enough to stand up and say something. Hats off to Fyodor for bringing it to light in hopes that things change.

And as knowledgeable as the average user has (been forced to) become about spyware and malware, Download.com should listen, because it's obviously not just those uploading content that keeps them in business. Let's hope they don't react and generate that stench of arrogance around themselves, not unlike many large businesses today that think they're "too big to fail", and could care less what their customers think.

Re:This is news?

[sosume]

You can always choose not to offer your downloads through download.com.

Re:This is news?

[xaxa]

You can always choose not to offer your downloads through download.com.

Can you? Even if it's under a copyleft license, or in the public domain?

Re:This is news?

[buchner.johannes]

If your logo or name is a trademark, yes. That's why no distribution can redistribute a modified Firefox with the same name & logo.

Re:

[zero.kalvin]

(I am not an expert on these things so bear with me): But what I understood is that when they created a new installer to install the unmodified software (let's say firefox) with another software ( the adware) this can't be thought as an infringement... Or the software can be only installed via it's original installer ?

Re:This is news?

[Anonymous Coward]

The new installer is a "derivative work", and you can specify that derivative works must not use the original trademarks. Mozilla and RedHat are both very strict about this: the source is open and free and all but you keep their name out of your modified stuff.

Re:

[zero.kalvin]

So this is my question: Is installing it via a different installer ( than the original one) is considered a derivative work? Even though the program is identical to the one installed with the default installer.

Re:This is news?

[Cederic]

Honestly, the whole story is nonsense created an a very ignorant person. Free software was never intended to keep programmers from making a living

Sorry but no. The whole story is a very real warning to a user community that a large company is acting in an unethical and immoral manner by trading on the name and reputation of someone else.

Making money through advertising on the download site isn't causing any problem. Pretending to offer Fyodor's downloader while in fact seeking to install other software is a trojan attack and bad behaviour no matter how you look at it.

Calling this nonsense fails to understand the key issue and misrepresents both the complaint, and the complainant.

Re:This is news?

[RobertLTux]

the problem is folks now blaming the original software writer for
1 mucking about with browser settings
2 installing adware
3 installing who knows what else??

How would you like it if you wrote a program (lets say its a conversion calculator) and then hosted your downloads on download.com
and THEY WITHOUT TELLING YOU decided to bundle Diapered Dolls Slideshow 2012 (4-7 edition) and then made that the default screensaver (and locked the settings)???

Re:

[History's Coming To]

And/or you can insist on derivative works keeping to the original licence, so for example Download.com would be obliged to make the source code of whatever changes they made available. Doesn't stop them obfuscating it, but it does at least mean people can (with work, in theory) find out what the program does before they actually run it.

Re:This is news?

[rilian4]

In the case of nmap, the license forbids such wrappers. It is *NOT* a GPL license that nmap is under, even though it *is* an open source license. Fyodor's letter explains the details...

remove download

[TheSHAD0W]

That's what I finally had to do, when some entity (might've been download.com, might've been someone else) offered an alternative download location for my software - which bundled some sort of malware installer onto my software. After one attempt to remove them as an alternate, I was told I could request my software be removed, and that's what I did. This occurred back in 2004. [degreez.net]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:This is news?

[InsightIn140Bytes]

It's even more stupid that Google has started offering Chrome just the same way like every other adware vendor - by offering freeware and shareware authors, and the likes of Download.com, money per install they get. This leads to software authors and download sites bundling it with unrelated software and pushing it to users since they get paid for it. They always used to do this with their toolbar, but of course now they switched it to Chrome. I've seen people using Chrome and when asked why they changed, they had no idea. Either it came with some other software or "Google said on internet that you need to download this to make your browsing better" and they thought fine. No wonder they gained that 25% market share so quickly...

Re:This is news?

[subreality]

Thank you for Ninite. It will unsuck my life considerably.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[nstlgc]

I did not know about Ninite. Thank you very much for pointing it out, it looks pretty awesome.

Re:

[datapharmer]

yep. This is old news. UltraVNC has been warning about this for quite some time https://forum.ultravnc.net/viewtopic.php?f=9&t=28692 [ultravnc.net]

Re:This is news?

[kvvbassboy]

I like FileHippo [filehippo.com] more. It has a bigger collection than ninite, and it tracks both stable and beta versions of most free software and freeware on Windows. They also have a useful (and a completely optional download) update utility that checks if there are any updates available for software on your computer. If yes, you can let it update from their website. It's pretty awesome, all in all.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Swarley]

Does ninite prevent developer included crapware? Specifically looking at uTorrent here which is notorius for giving you check boxes concerning crapware and then installing it anyway regardless of what you checked.

Re:This is news?

[Anonymous Coward]

Yes it is news for me.
I submitted something I wrote a while back and it used to offer the file the way I uploaded it. I just checked and sure enough my download is now wrapped in a Cnet installer. Now I need to dig out my account info and remove my software listing because this is fucking BULLSHIT!

Thanks Slashdot for pointing this out.

Re:This is news?

[Anonymous Coward]

If anybody else wants to remove their software as well then you need to contact support to delist from Download.com/Upload.com
They will respond with something like:

Thank you for contacting CNET Upload.com. There are several ways to opt-out:

- Premium subscription
- PPD

But if you insist they will remove your listing. Fucking scammers!

Re:This is news?

[icebraining]

Just send them a DMCA takedown notice. If the system exists you might as well use it.

Re:This is news?

[Kalriath]

If you're on Brothersoft as well, you'd best contact them to "unwrap" your software too - unlike download.com they won't charge you to do that though, and will do it for you.

Re:This is news?

[Zocalo]

Yes, they have, or at least it seems like it. The difference this time is that in addition to an abuse of the registered Nmap trademark Fyodor also has them in a clear breach of the NMAP licensing Ts&Cs and it appears he's willing to try and pursue the matter through the courts. I did have a strapline on the original submission to the effect that he was looking for a good US based copyright lawyer, but it appears that the Slashdot editors decided that wasn't an important part of the story.

Re:

[Robert Zenz]

I also find it interesting to note that it seems to be sponsored by a certain company we know too well...you know, changing Startpages/Default Searchmachines to MSN/Bing...

Re:This is news?

[Entropy98]

Cnet is only bundling their adware with programs uploaded since they started bundling.

I've got a program listed there, its not bundled.

If I upload a new version they are going to bundle it with their crapware.

So I'm not uploading a new version, ever.

They told uploaders what they were going to do with their program, they don't agree to your terms and conditions, you agree to theirs.

Remove your program from their site and go elsewhere.

Re:

[Kalriath]

Incorrect. I had software there that was uploaded prior to their bundling, and eventually they wrapped it anyway. I'd watch them if I were you.

Re:This is news?

[Kadagan AU]

Seems like we had this discussion [slashdot.org] already..

Re:

[i.r.id10t]

Of course, if they include the source code, and possibly rename the app, perfectly legal to do...

See points 1, 2 and 4 of the Open Source Definition http://www.opensource.org/osd.html [opensource.org]

Re:

[webheaded]

New to some of us? No. Honestly though, does it hurt to spread the word as much as possible though? I think not. CNet can go to hell. It's bad enough when the program makers do it but now the place offering downloads is packing this shit in? Seriously? They don't think the program makers might be a little bit pissed off at this prospect?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Downloading free software is theft

[Anonymous Coward]

Can we all agree that downloading free software is stealing from poor programmers who have to live in their mother's basement because they're so poor they cannot even afford their own place? And that as we can read in TFA downloading free software supports criminal activities, and is therefore terrorism? And that this probably means you're a communist child-abusing terrorist?

-- Yes, this was a joke, and no, I don't have a good sense of humor.

Re:Downloading free software is theft

[phrostie]

but are they required now to gpl the virus and adware?

Re:

[datapharmer]

haha wish I still had mod points. Yes, make them GPL it!

Nothing new.

[RoFLKOPTr]

Download.com has been funded by bullshit third-party software addons for as long as I can remember. AFAIK, they only recently started this practice of causing the user to download a downloader which would first go through the third-party addons before downloading the actual installer... but it's not like it's any different than before. Yeah, lots of people will just click through and accept everything and that's their fault for not reading things before agreeing to them. Don't blame a free service operated by a for-profit corporation for wanting to make money. Host the Nmap installer yourself if you think it's so easy.

Re:Nothing new.

[WoodSmoke]

Fyodor actually *DOES* host the installer. He never gave them permission to repackage it. In fact, the software license prohibits this explicitly. From the article: "This is exactly why Nmap isn't under the plain GPL. Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't)." So yeah, I can blame them. If you read the fucking article you would know this. p.s. Yes, I said that the parent should have read the article. No, I am not new here, but that doesn't mean that I, or anyone else, should tolerate willfully uninformed bullshit spouting.

Re:Nothing new.

[GuldKalle]

How do you know he uploaded it, and not some anon schmuck?

Go to the software producer's site

[mirix]

It's rather mindboggling that a decade into the 21st century, people are still going to third party download outfits like this.

Maybe someone wants to enlighten me as to why... I'm not coming up with much.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[WWWWolf]

People are creatures of habit, and once they learn how to use the download.com ( or some other site like freshmeat.net ) interface, they just return to it out of habit, and the fact that they already know how to search and navigate the site.

Thought here's a small but crucial difference between download.com and freshmeat/whatevertheheckit'snowadays: Download.com hosts stuff, while freshmeat just listed and categorised software, linking to developers. The details on where to get the software are posted by the developer on freshmeat. You get the software exactly where the developer wants you to get the software. A choosy user can then download the source or official binaries or just say "hey, it looks like it's already packaged in my distro".

In o

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Go to the software producer's site

[Neil Boekend]

I liked it years ago. They made it easy to search for a function and get a list of windows software that did it. Back then I usually couldn't find who made software that did what I needed done. I coudn't go to the software producer's site, because I didn't know who he was. Now I just google around a bit, search some forums and hope for the best.
In my eyes they already screwed up when they allowed sw developers to promote the features of the full (paid) version in the description of the free version without any indication the free version didn't include the feature.

Re:

[Yvanhoe]

Free bandwidth.

Re:

[Luckyo]

Not much of advantage anymore. You can just host on rapidshare/megaupload/similar site.

Rapidshare

[sakdoctor]

Rapidshare, for that authentic 90s warez feel.

Not hosting your own files, or torrents for larger stuff, looks about as professional as a hotmail address on a business card.

Re:

[Luckyo]

I'm pretty sure that we didn't have such nice download sites in the 90s. Which is why we had p2p for most of the copyright infringement back then.

Not to mention that pretty much no one "hosts their own files" anymore, except for really big companies. Outsourcing to professional hosting makes a whole lot more sense nowadays.

Re:

[Luckyo]

As someone who had to use it a few times, CRINGE.

Re:

[BenoitRen]

But hosting on "rapidshare/megaupload/similar site" makes it a pain for the user to download the software ("wait 60 seconds before you can download at a low speed!"), so it's not a good alternative.

Re:Go to the software producer's site

[Luckyo]

Pick mediafire then. Zero wait, over 1MB/sec download speed.

Megaupload usually saturates my 2.2MB/sec download bandwidth, but it has wait time.

Re:

[Kalriath]

Not if you pay them. I'm not talking about Rapidshare Premium or anything, I mean you can actually legitimately pay them for distribution of your legitimate files. No wait screens, no slow downloads, it's like everyone who downloads your file is premium from their perspective. You just pay for hosting.

Re:

[mcmonkey]

Not much of advantage anymore. You can just host on rapidshare/megaupload/similar site.

And that's why people (used to) go to Download.com.

If I'm looking for warez I might go to rapidshare/megaupload/similar site. And I'll assume anything I get from those sites has a trojan/virus/bot until I can prove otherwise.

If I know what app or utility I need, I'll go directly to that site. If I don't have a particular name in mind, I used to go to Download.com. For example, I recently needed to get some updated codecs, but didn't know the exact package or provider I needed.

I don't feel a Google searc

Re:

[Luckyo]

If you're "looking for warez", those are the last stop, not first one. They host whatever it is that you want them to host. They only offer downloads of material that other people chose to to upload to them. The main reason why anti-piracy outlets like to paint them as "omg warez" is because they are free to use, fast, and you can only get the download if you have the proper link - there is no directory.

You sound like your typical ignorant person who just swallows whatever media tells him at face value, and

Re:

[Luckyo]

And by "videos", I do mean "stuff I shot with my phone". I.e. stuff that I have copyright on.

Re:

[Anonymous Coward]

avast anti-virus redirects you to download.com

Re:

[sdnoob]

avast hosts the download off their site too but you have to know where to look....
http://www.avast.com/en-us/free-antivirus-download#tab4 [avast.com]

avg is the same way.. their offline installer is here...
http://free.avg.com/ww-en/download.prd-afh [avg.com]

(these are links for en-us)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Twinbee]

To have all software in one place, compare them, see how highly they're rated, and see all the user reviews is very valuable to me. But to download it? Just use Softpedia.com [softpedia.com] instead (which is almost as popular as Download.com, and avoids all the spamware).

Re:

[Twinbee]

Obviously a few bad apples will it through any software portal you care to mention, but Softpedia does not include the spamware 'installer' that Download.com is infamous for. For the record, my own software is on there, and Softpedia supply exactly the same file (as expected).

Re:Go to the software producer's site

[SuricouRaven]

The standard nontechies approach to getting software is as follows:
1. Enter name of software into browser search box*
2. Go to first link
3. Click 'download.' Repeat until a download starts.
4. Click 'next' until installation complete.

They go to download.com because for some programs, it actually comes higher in the listings than the program's main site. Espicially if they add 'download' to the search query, as many do.

*They don't quite get the concept of a search engine yet, so they'll go with the default. Theres a one-in-two chance they'll just type it in the address bar.

Re:

[Bert64]

Because people would rather trust a single central location (eg download.com) than a multitude of different websites, any of which could be pushing malware or owned.

This is of course primarily a windows problem, linux users can get the majority of the software they want through the built in repositories while mac users now have the app store...

Windows culture

[drooling-dog]

You never see anything like this from Linux repositories simply because Linux users would never stand for it. Many (maybe most) of the Windows users I know accept malware and crapware as just the unavoidable cost of getting what they need or want in a convenient way.

So it's a cultural thing, and it will take a lot of user education to create a higher level of expectation. The trouble is that I don't see from where the incentive to provide that education is going to come, interests in the MS ecosystem being

Re:

[arielCo]

Out of habit (some users come from Ye Olde Tucows Tymes). Also, some small developers don't have the packages in their own website (hassle / bw cost).

Re:

[esocid]

Isn't sourceforge also 3rd party?

Download.com?? Really??

[rodrigoandrade]

1999 just called. It wants its flagship shareware download repository back.

Seriously, today there are so many better sources to get free stuff (legal or otherwise) than Download.com

Why even bother?

Re:

[eharvill]

Citation needed?

Do not call

[sakdoctor]

Can I put the 90s on my 'do not call' list?

Re:

[Calydor]

The interesting question becomes this:

If we warn the past about an event like 9/11, and they actually DO something about it, what happens then? Would the American government spin it even further out of proportion, claiming the attacks would have used nukes and biological weapons? There's no way of knowing for certain.

We know what we have: A world that is worse off than before, yes, but not on the brink of having the planet destroyed. With the possibility that we could make things a lot worse and start World

Re:

[gl4ss]

if someone had went back in time and removed the stupid wrapper from downloads downloads, would this article be here?
problem with trying to decide if you should send a message back in time is that if you did send the message, you already sent it.
time travel stories are for books and games like crono trigger and day of the tentacle.

honestly, the wrapper wouldn't be such a bad thing if download just checked that the sw they're offering at least worked.

Re:Download.com?? Really??

[wierd_w]

1) if they actually do something, it means the many worlds hypothesis is true, and the divergent timeline occurs in a different quantum universe.

2) if the get the message, and do nothing, then you could have created a closed timelike curve, and doomed your own universe to experience the exact timeline you are reporting on. This closed timelike curve would be an indelible part of that universe's history, both present, past and future. (The time after the event creates the preceeding event, which causes the event to happen. Rinse, repeate until dizzy.) (It could also simply be another instance of the many worlds hypothesis being true though.)

3) attempts at bidirectional communication would be systematically prevented by quantum collapse. All attempts to talk to 1999 on the other end of the call would mysteriously fail 100% of the time, even if the theory behind such a transmission seems sound.

4) 1999 calls us using a one way temporal transmission device. (Like an ordinary metal time capsule.) Communication is received, but no reply can be sent.

Of these 4 options, 4 and 3 are the most likely scenarios for "1999 called, they want...." happening. #4 being the most likely.

Causality, it's a bitch.

Re:World War III

[TaoPhoenix]

"If we warn the past about an event like 9/11, and they actually DO something about it, what happens then? Would the American government spin it even further out of proportion, claiming the attacks would have used nukes and biological weapons? There's no way of knowing for certain.

We know what we have: A world that is worse off than before, yes, but not on the brink of having the planet destroyed. With the possibility that we could make things a lot worse and start World War III, is is really sensible to se

Re:

[Calydor]

And do you have something not United States Only?

Re:

[chill]

Not in this case. The warning would simply be "these planes are going to be hijacked on this day". Don't include "and they're going to fly them into buildings". They would simply assume what everyone on the planes assumed, that the hijackers want to either be flown somewhere or want to use the plane and passengers as leverage in bargaining. The same thing plane hijackings had been used for for the prior couple of decades.

That is why they hijackers succeeded. Their real weapon was surprise and unpredictabili

Re:

[gmuslera]

P.K.Dick added blue butterflies [wikipedia.org] to the dangers of knowing the future and acting to avoid it. Guess or predict is ok, but knowing, well, hell is just a step in that direction.

easy way to bypass

[sdnoob]

add &dlm=0 to the end of the 'your download is starting' page url..

1 go to a program's page
2. click download now
3. do not download the file that starts cnet_ or cnet2_ (if it doesn't start with cnet it's ok)
4. add the &dlm=0 to the url in the address bar after the spi=whatever junk

enjoy the direct download.. and go to the source next time..or try filehippo or softpedia (either one with your adblocker running)

Re:

[wjsteele]

Actually, if you're logged in you can simply click the "Download Directly" link right below the "Download Now" button.

Re:

[arielCo]

Shouldn't have to edit URLs to bypass their crap; either offer me both download methods or gtfo.

As for the ad blocker, I'm making a habit of turning it off for sites that prove useful and not annoying; denying them the revenue makes me more of a leech.

Re:

[jimicus]

I can't quite believe I'm pasting a Dilbert strip here, but it's entirely appropriate:

http://dilbert.com/strips/comic/1994-02-01/ [dilbert.com]

It's a shame

[crash123]

It's a shame, cnet and download.com used to be moderately safe ways of downloading new trial and freeware software. In my opinion shareware is now an outdated practice, with it now possible to find an open source equivalent for just commercial piece of software.

Re:

[gl4ss]

open source is the new shareware. buying expertise for configuring is the "registered" version.

huh? downloads not wrapped for me

[teridon]

I just downloaded nmap and vlc. Both files were identical to what I got from the source.

Actually,it looks like cnet redirected me to the nmap.org download link (http://nmap.org/dist/nmap-5.51-setup.exe) using a 'META HTTP-EQUIV="Refresh" ...'. VLC was still from cnet.com.

I'm not logged in; I wonder if I have a cookie that prevents the wrapper -- or if download.com changed something.

Also, I'm using NoScript and cnet/download.com is not allowed. Perhaps this turns off the wrapper too.

Bundling / wrapping is old news

[billcopc]

This extremely common practice of bundling garbage with every download is the cancer that is killing Windows freeware, and no, it's not limited to Download.com.

A while ago, when I was in-between jobs and looking for some freelance work, I stumbled upon an entire "community" of scammers known as PPI : Pay-Pay-Install. This forum was all about participating in these shady bundling practices, discussing the advertisers that were most tolerant to things like silent installs, home page swaps, BHO's that redirect your Google searches through a proxy (to hijack ad revenue), Vista sidebar widgets, toolbars, bookmarks, and start-up items, along with uploading deceptively named and heavily trojaned stuff via P2P. This is why, with every goddamned Windows utility you get these days, you get prompted to installt he Ask.com toolbar, BonziBuddy, free trials for McAfee's swiss cheese, and a laundry list of other standards.

CNet should indeed be made an example of, and burned to the ground, but they didn't start this gangbang, the advertisers did. Follow the money... There is no reason why users should tolerate this aberrant behaviour.

Re:

[Twinbee]

I like your "64-bit: facts and myths" article btw. I wish everyone would just switch to 64 bit and be done with for better compatibility like you say.

Re:Bundling / wrapping is old news

[TheThiefMaster]

It's full of errors. Especially the spiel about alignment. In 64-bit mode you don't have to align everything to 64-bits for best performance, only 64-bit-sized values (including memory pointers). The example 16-bit value actually only needs 16-bit alignment for best performance, which is no different to the 32-bit version of the program.

2: The increase in the memory use of pointers doesn't explain Windows x64's extra 300MB of memory use. My bet is on it loading both 64-bit and 32-bit versions of a bunch of libraries in order to support various components of Windows that are still 32-bit (as well as any 32-bit software you run).

3: Saying that a 64-bit version of a program won't be faster... Two things are actually in favour of it being faster: 64-bit mode exposes more and larger registers to use, and also guarantees certain instruction set enhancements exist (SSE2). The latter especially is a huge speedup if you take advantage of it.

Extend open source licenses to prevent this?

[Qbertino]

While this has been normal practice for shady rippoff sites like the ones mentioned for almost a decade, I do wonder if appropriate extensions to FOSS licences such as the GPL could actually prevent this. Or at least make the culprits liable for damages, copyright infringement and/or fraud.

If I were to work on a large FOSS project I would like to know that the software im contributing to doesn't legally end up on one of these fraudulent DL sites.

My 2 cents.

This came up in the ScummVM group recently

[DreamMaster]

I'm part of the ScummVM group, a cross platform software for playing various classic adventure games, and the question of Download.com came up when we released the next version of our software. There were some arguments for including it on such sites, such as giving greater visibility to the project. However, the issue of the bundled 'crapware' was considered too big a downside. We weren't that desperate for wider coverage of our software, and we certainly didn't want people to adversely associate our software with malware.

These days I wouldn't touch download.com even if you paid me.

Re:

[Hatta]

You chose well. Congratulations on 1.4 BTW!

Click to Download

[amoeba1911]

It's bad enough without the malware. If you're trying to download a 40kB file, they make you download a MB of ads, and you have to navigate through half a dozen links to "Download" which just go to more advertising. Good luck finding that tiny link that actually goes to the file you want... but now even that doesn't go to the file you want. Greedy bastards.

Happened to me with 7-zip

[apcullen]

Needed to install 7-zip on a windows computer, and was in a hurry, so I went to the first Google result instead of sourceforge. I aborted the install when I saw the "install this great toolbar" button. Still, I almost messed up my friend's computer. Important safety tip #1: Google doesn't always produce the result you really want anymore. Important safety tip #2: when installing open source software, Sourceforge is probably where you want to look.

Venn Diagram

[shumacher]

I am shocked that the number of nmap users who are also download.com users would be significant.

Re:

[Stumbles]

You did miss the analysis by Nmap else your stupid comment that everyone wins would not have been made.

Since your to lazy, here;

C|Net is adding trojans to the installer.

C|Net is in violation of the Nmap license.

So exactly who is winning here?

Re:

[Abstrackt]

The downside is that CNet is deliberately preying on users' ignorance and installing software they don't want as well.

I fully believe users should take responsibility for what they install on their systems by at least looking at what they're installing but that doesn't preclude companies from leaving that crap out in the first place.

Re:

[Wyzard]

Software creator is getting market exposure....This is good.

Software creator's good name is tarnished because people installed their software and got malware as a result. Not good.

People get malware, period. Also not good.

Re:

[asdf7890]

Assuming you are seriously asking and don't have your toung in your cheek: the key downside is that people will associate the trojan with your product, if they don't like the changes it makes to their systems they might blame you not cnet.

Re:

[T Murphy]

Yes, anti-virus software seems to work fine. I reccommend any of the ones listed here [download.com].