CNET Download

Last updated
CNET Download
Download logo.svg
Type of site
 Downloads
Owner Red Ventures
Created by CNET
URL download.cnet.com
CommercialYes
RegistrationOptional
LaunchedFebruary 24, 1996;27 years ago (1996-02-24) [1]
Current statusActive

CNET Download (originally Download.com) is an Internet download directory website launched in 1996 as a part of CNET. Initially it resided on the domain download.com, and then download.com.com for a while, and is now download.cnet.com. The domain download.com attracted at least 113 million visitors annually by 2008 according to a Compete.com study. [2]

Contents

Overview

The offered content is available in four major categories: software (including Windows, Mac and mobile), music, games, and videos, offered for download via FTP from Download.com's servers or third-party servers. Videos are streams (at present) and music was all free MP3 downloads, or occasionally rights-managed WMAs or streams until it was replaced with last.fm.

The Software section includes over 100,000 freeware, shareware, and try-first downloads. Downloads are often rated and reviewed by editors and contain a summary of the file from the software publisher. Registered users may also write reviews and rate the product. Software publishers are permitted to distribute their titles via CNET's Upload.com site for free, or for a fee structure that offers enhancements.

Up until 2015 CNet used Spigot Inc to monetize the traffic to download.com. According to Sean Murphy, then a General Manager at CNet, "Spigot continues to be a great partner to Download.com, sharing our desire to balance customer experience with revenue." [3]

Malware distribution

In August 2011, Download.com introduced an installation manager called CNET TechTracker for delivering many of the software titles from its catalog. [4] This installer included trojans and bloatware, such as toolbars. [5] [6] [7] CNET admitted in their download FAQ that "a small number of security publishers have flagged the Installer as adware or a potentially unwanted application". [8]

In December 2011, Gordon Lyon, writing under his pseudonym Fyodor wrote of his strong dislike of the installation manager and the bundled software. His post was very popular on social networks, and was reported by a few dozen media. The main problem is the confusion between the content offered on Download.com [9] [10] and the software offered by the original authors; the accusations included deception as well as copyright and trademark violation. [10]

In 2014, The Register and US-CERT warned that via download.com's "foistware", an "attacker may be able to download and execute arbitrary code". [11] In 2015, research by Emsisoft suggested that all free download portals bundled their downloads with potentially unwanted software, and that Download.com was the worst offender. [12]

A study done by How-To Geek in 2015 revealed that Download.com was packaging malware inside their installers. The test was done in a virtual machine where the testers downloaded the Top 10 apps. These all contained crapware/malware; one example was the KMPlayer installer, which installed a rogue antivirus named 'Pro PC Cleaner' and attempted to execute WajamPage.exe. Some downloads, specifically YTD, were completely blocked by Avast. [13]

Another study done by How-To Geek in 2015 revealed that Download.com was installing fake SSL certificates inside their installers, similar to the Lenovo Superfish certificate. These fake certificates can completely compromise SSL encryption and allow man-in-the-middle attacks. [14]

However, in July 2016, How-To Geek discovered that Download.com no longer included adware/malware in its downloads and that its Installer program had been discontinued. [15]

Related Research Articles

Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. Some advertisements also act as spyware, collecting and reporting data about the user, to be sold or used for targeted advertising or user profiling. The software may implement advertisements in a variety of ways, including a static box display, a banner display, a full screen, a video, a pop-up ad or in some other form. All forms of advertising carry health, ethical, privacy and security risks for users.

Installation of a computer program, is the act of making the program ready for execution. Installation refers to the particular configuration of software or hardware with a view to making it usable with the computer. A soft or digital copy of the piece of software (program) is needed to install it. There are different processes of installing a piece of software (program). Because the process varies for each program and each computer, programs often come with an installer, a specialised program responsible for doing whatever is needed for the installation. Installation may be part of a larger software deployment process.

<span class="mw-page-title-main">FileZilla</span> Free software, cross-platform file transfer protocol application

FileZilla is a free and open-source, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Clients are available for Windows, Linux, and macOS. Both server and client support FTP and FTPS, while the client can in addition connect to SFTP servers. FileZilla's source code is hosted on SourceForge.

PDFCreator is an application for converting documents into Portable Document Format (PDF) format on Microsoft Windows operating systems. It works by creating a virtual printer that prints to PDF files, and thereby allows practically any application to create PDF files by choosing to print from within the application and then printing to the PDFCreator printer.

Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.

Christopher Boyd, also known by his online pseudonym Paperghost, is a computer security researcher.

<span class="mw-page-title-main">Lavasoft</span> Software company of Canada

Adaware, formerly known as Lavasoft, is a software development company that produces spyware and malware detection software, including Adaware. It operates as a subsidiary of Avanquest, a division of Claranova.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">Babylon (software)</span> Computer dictionary and translation program

Babylon is a computer dictionary and translation program developed by the Israeli company Babylon Software Ltd. based in the city of Or Yehuda. The company was established in 1997 by the Israeli entrepreneur Amnon Ovadia. Its IPO took place ten years later. It is considered a part of Israel's Download Valley, a cluster of software companies monetizing "free" software downloads through adware. Babylon includes in-house proprietary dictionaries, as well as community-created dictionaries and glossaries. It is a tool used for translation and conversion of currencies, measurements and time, and for obtaining other contextual information. The program also uses a text-to-speech agent, so users hear the proper pronunciation of words and text. Babylon has developed 36 English-based proprietary dictionaries in 21 languages. In 2008–2009, Babylon reported earnings of 50 million NIS through its collaboration with Google.

Pre-installed software is software already installed and licensed on a computer or smartphone bought from an original equipment manufacturer (OEM). The operating system is usually factory-installed, but because it is a general requirement, this term is used for additional software apart from the bare necessary amount, usually from other sources.

OpenCandy is an adware module and a potentially unwanted program classified as malware by many anti-virus vendors. They flag OpenCandy due to its undesirable side-effects. It is designed to run during installation of other desired software. Produced by SweetLabs, it consists of a Microsoft Windows library incorporated in a Windows Installer. When a user installs an application that has bundled the OpenCandy library, an option appears to install software it recommends based on a scan of the user's system and geolocation. Both the option and offers it generates are selected by default and will be installed unless the user unchecks them before continuing with the installation.

<span class="mw-page-title-main">Chrome Web Store</span> Googles online store for its Chrome web browser

Chrome Web Store is Google's online store for its Chrome web browser. As of 2022, Chrome Web Store hosts about 123,000 extensions and 29,000 themes.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

μTorrent Proprietary adware BitTorrent client

μTorrent, or uTorrent, is a proprietary adware BitTorrent client owned and developed by Rainberry, Inc. The "μ" in its name comes from the SI prefix "micro-", referring to the program's small memory footprint: the program was designed to use minimal computer resources while offering functionality comparable to larger BitTorrent clients such as Vuze or BitComet. μTorrent became controversial in 2015 when many users unknowingly accepted a default option during installation which also installed a cryptocurrency miner.

Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California. It was founded in Israel in 2006 and has been regarded as part of the country's "Download Valley" cluster of adware companies. Superfish's software is malware and adware. The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014. On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.

Download Valley is a cluster of software companies in Israel, producing and delivering adware to be installed alongside downloads of other software. The primary purpose is to monetize shareware and downloads. These software items are commonly browser toolbars, adware, browser hijackers, spyware, and malware. Another group of products are download managers, possibly designed to induce or trick the user to install adware, when downloading a piece of desired software or mobile app from a certain source.

<span class="mw-page-title-main">Citrio</span> Adware web browser

Citrio is an adware web browser developed by Catalina Group Ltd. and distributed by Epom Ad Server. Citrio is available for Windows and Mac OS X. Citrio has a download manager that includes Bittorrent support, a video downloader, a media player and a proxy switcher. Citrio is based on the open source Chromium web browser project, which makes it compatible with all extensions, apps and themes from Chrome Web Store.

Conduit Ltd. is an international software company. From its founding in 2005 to 2013, its most well-known product was the Conduit toolbar, which was widely-described as malware. In 2013, it spun off its toolbar business; today, its main product is a mobile development platform that allows users to create native and web mobile applications for smartphones.

A potentially unwanted program (PUP) or potentially unwanted application (PUA) is software that a user may perceive as unwanted or unnecessary. It is used as a subjective tagging criterion by security and parental control products. Such software may use an implementation that can compromise privacy or weaken the computer's security. Companies often bundle a wanted program download with a wrapper application and may offer to install an unwanted application, and in some cases without providing a clear opt-out method. Antivirus companies define the software bundled as potentially unwanted programs which can include software that displays intrusive advertising (adware), or tracks the user's Internet usage to sell information to advertisers (spyware), injects its own advertising into web pages that a user looks at, or uses premium SMS services to rack up charges for the user. A growing number of open-source software projects have expressed dismay at third-party websites wrapping their downloads with unwanted bundles, without the project's knowledge or consent. Nearly every third-party free download site bundles their downloads with potentially unwanted software. The practice is widely considered unethical because it violates the security interests of users without their informed consent. Some unwanted software bundles install a root certificate on a user's device, which allows hackers to intercept private data such as banking details, without a browser giving security warnings. The United States Department of Homeland Security has advised removing an insecure root certificate, because they make computers vulnerable to serious cyberattacks. Software developers and security experts recommend that people always download the latest version from the official project website, or a trusted package manager or app store.

WiperSoft is an anti-spyware program developed by Wiper Software. It is designed to help users protect their computers from such threats as adware, browser hijackers, worms, potentially unwanted programs (PUPs), trojans, and viruses. Currently available only for Microsoft Windows.

References

  1. "Download.com WHOIS, DNS, & Domain Info - DomainTools". WHOIS . Retrieved 2016-07-20.
  2. "Download.com attracts over 100m visitors yearly". Archived from the original on 2011-08-13. Retrieved 2008-05-15.
  3. "Search Extensions". Archived from the original on March 16, 2015. Retrieved May 4, 2015.
  4. "Download App - Free download and software reviews - CNET Download.com". Cnet.com. Retrieved 2015-05-04.
  5. "Download.com wraps downloads in bloatware, lies about motivations". ExtremeTech. Retrieved 2015-05-04.
  6. Neal, Dave (December 6, 2011). "Cnet is accused of bundling malware with downloads". The Inquirer. Archived from the original on January 7, 2012. Retrieved May 4, 2015.{{cite web}}: CS1 maint: unfit URL (link)
  7. Parrish, Kevin (December 7, 2011). "CNET Accused of Bundling Software Downloads with Trojans". Tom's Guide. Retrieved May 4, 2015.
  8. "CNET Download Installer". Archived from the original on 2019-05-18. Retrieved 2019-05-18.
  9. Brian Krebs (2011-12-06). "Download.com Bundling Toolbars, Trojans?". Krebs on security. Retrieved 2015-05-04.
  10. 1 2 Gordon Lyon (2012-06-27). "Download.com Caught Adding Malware to Nmap & Other Software" . Retrieved 2015-05-04. we suggest avoiding CNET Download.com entirely
  11. Darren Pauli (2014-07-08). "Insecure AVG search tool shoved down users' throats, says US CERT". The Register. Retrieved 2015-05-04. Sneaky 'foistware' downloads install things you never asked for
  12. "Mind the PUP: Top download portals to avoid". EMSISOFT. March 11, 2015. Retrieved May 4, 2015.
  13. Lowell Heddings (2015-01-11). "Here's What Happens When You Install The Top 10 Download.com Apps". How-To Geek. Retrieved June 20, 2015.
  14. Lowell Heddings (2015-02-23). "Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware". How-To Geek. Retrieved January 6, 2016.
  15. Chris Hoffman (2016-07-27). "Download.com Has Finally Stopped Bundling Crapware". How-To Geek. Retrieved August 8, 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.