Friday, December 9, 2011 IS STILL NOT safe to use

This is a revision of my earlier post titled " may be safe to use again"
They have taken what appears to be corrective steps. A blog posting by them claims they have removed any toolbar bundles from open-source software and that they have removed the requirement that you have to be a "registered member") in other words "give them your email address") to download files directly without using their "download manager". However, the fact that they have not committed to never bundle toolbars is troublesome, so if you have a choice, download your freeware from another source if possible. And ALWAYS use the "direct download" option -- if you find it among the clutter of their download page.

A note from Sean regarding the Installer | The Download Blog -
... we are removing the registration requirement to use the Direct Download Link on our site. This allows you, the user, to download the Installer without using the download manager.

EDIT Fri 09 Dec 2011 08:57 AM MST: Sean lies. As of this morning the open-source application Evince is still being bundled with a downloader when you download it from CNet. When I clicked the download button at CNet I got a file called cnet_evince-2_32_0_msi.exe.

I submitted that file to VirusTotal and it reported the following:
File name: cnet_evince-2_32_0_msi.exe
Submission date: 2011-12-09 13:24:56 (UTC)
Result: 2/ 43 (4.7%)
  • DrWeb 2011.12.09 Adware.InstallCore.8
  • NOD32 6691 2011.12.07 a variant of Win32/InstallCore.D

No comments: