The CNET Download.com Installer
I have to admit that I'm not downloading many files from Cnet's download.com software portal. I usually prefer direct downloads from developer sites. Sometimes however developers link to the downloads on download.com instead of offering the downloads on their sites. This can make sense from a business perspective, but removes some of the controls they have over the user experience.
I also try to use download portals if the developer site does not offer direct downloads, for instance by forcing users to register or fill out a web form before downloads become available.
Today I wanted to download Dr.Web CureIt and the first site that came up in Google Search was Cnet's Download.com.
I never had problems with downloads on Cnet before, but this one got me puzzled at first. Instead of allowing me to download the setup file directly, a 400 Kilobyte web installer was downloaded.
I first thought that the developers of CureIt had provided the installer, turned out I was wrong. Cnet, at least for this download and probably for all downloads on the site, is not offering direct links to those setup files anymore. Instead, a web downloader, called CNET Download.com installer, is provided.
This in itself is problematic as it means that users need to run the download.com installer first to download the setup file of the software that they initially wanted to download. That's additional work for the user.
The real problem here however is that the web installer is pushing the Babylon toolbar. Users who do not pay attention to the download process will install the Babylon Toolbar, make Babylon their default search engine and homepage of their browsers.
Cnet is without doubt generating lots of revenue from the web installer, considering that the toolbar installation options are enabled by default, and that most users click Next Next Next when it comes to installation processes.
The CNET Download.com Installer is clearly adware. It might make sense to use a different download portal in the future, especially if you do not want to download the 400 Kilobyte web installer every time you download a file from the download site. Good alternatives are Softpedia and Major Geeks.
Have you encountered the CNET Download.com Installer? What's your opinion?Advertisement
Thanks for this valuable information. Yet another misbehavior … they just can’t help it, or could they?
I wrote to CNET and they said that Babylon was an approved advertiser with the implication that it was my fault because I should have noticed the tiny little box to check off that directs one to a download without the Babylon virus.
Silly CNET: for the sake of a little filthy lucre you’ve alienated 10 years of trust you had established with me.
I completely agree, CNET was one of my most trusted places for downloads and information. Is filehippo our next best hope, or do you know of something better?
FAR worse than that – the CNET download tool now also (it seems so innocent when you see it happening) sending (what look like) advertisements during the file transfer as you wait for your file. What you do not know is that they intend on putting that software on your machine without asking you.
I got 4 pieces of extra software, only one had an “opt out”, and the ones I had no choice about getting contained two virus programs. This incarnation of the CNET downloader goes on to download and install software on your PC without a direct warning (except for what appear to users to be “banners ads”) and with no “OPT OUT” choices.
Given that this is software that is being advertised by CNET during the DOWNLOAD PROCESS – right there in the window of their own special download tool (and you can’t get anything from them without that tool) this means there is no chance at all that it is coincidental – that the stuff you get installed with no “opt out”, came to you inside of the software companies install file. Your new junk (and infected machine) comes to you from CNET, without any choices. I got the ASK toolbar again and it requires a special anti-malware software tool to get rid of it.
Yes, I have encountered this installer and just went to MajorGeeks.com. Others will eventually catch on, including CNET!
not seen, because i also download mostly direct from the developer sides.
but: thats a no go for me, thanks for finding.
c-net downloads are dead.
Same with the main spanish apps portal softonic.com long time ago… should be ilegal
Another nag about this installer is that you don’t get the actual installer file to keep until next time. Sure, it probably unpacks in your TEMP directory or elsewhere, but it would be so much work to go in there to copy your actual setup file for next time.
Downloads from CNET is fully ruined for me.
http://portablefreeware.com is the shit :)
Yes, their download manager is TERRIBLE at actually installing the desired software. It is good at slapping the toolbar of the month on your PC, but from there it drops a ZIP file of the app you wanted and opens an explorer window to that folder. Then you have to open the dropped ZIP file and run the installer. Needless to say, confusing for newbies, and why I saw one commenter who said it appeared the install just stopped. God only knows how much business I lost from this.
Ouch, that’s not good for CNET. I normally download from internode mirror on majorgeeks so it is unmetered content and very much up to date with the latest versions. Sourceforge is a great site for downloads as well.
All the big software archives started to follow this bad business model:
Softonic sample – VideoLan
Afreecodec.com sample – K-Lite Mega Codec Pack
Brothersoft sample – OrbitDownloader
Tucows.com sample – CamStudio
Conclusion: Use FileHippo, SnapFiles and Softpedia.
Another alternative is to use Malavida.
an even better alternative is just to click the “Direct download” link underneath Cnet’s big green download button. still downloading from Cnet, minus the installer garbage. i’m a die-hard Cnet fan.
Yes, and that is my biggest objection — when the big guys ‘cross the line’, that gives everyone else an excuse to ;o.
Couple of days ago I had to download a software from CNET. When I got the 400 KB file in my first thought I considered it a malware which somehow got into the software portal. Then I started downloading another software and got another 400 KB file. I finally came to understand what was wrong.
They just dug their own grave for the sake of some extra money.
Another alternative : http://www.filehippo.com/
how do I remove this from Firefox’s addon even though it is disabled ?
The download installer? Or what do you mean?
I downloaded an application and installed the Babylon toolbar without knowing; Have remove it from IE but the entry is still being displayed in Firefox’s addons
Check here for now, I will write about it soon. http://forums.mozillazine.org/viewtopic.php?f=38&t=1138775&start=0&st=0&sk=t&sd=a
I always find it difficult 2 downlaod on my phone
got rid of \[email protected]
I was using the CNET Tracker software but I have now uninstalled it.
I refuse/dislike being forced to install side packages just to get the download I want. Not even an option to bypass this.
I use CNET basically now to review and note changes and then download from a different site or author’s site.
I hate to say it but I hope CNET suffers from this decision.
I also don’t like the idea of these portals,cnet used to be my top download site but not anymore.
Also, wherever I see the company “Truste” I’m more like “unTruste”
These guys just protecting their ad-customers. For IE9 they have provided one “anti-tracking” list, but that lists actually blocks a few tracking cookies and ensures that will opt-in and penetrate your PC, all of their ad-customers.
Disgusting. I don’t have any of those problems but this due to my knowledge about. It requires efforts. This is why the new Fx’s addon’s protection will help much.
The cnet download pages also provide a link to directly download the respective programs. It’s called “Direct Download Link” and should be visible right below the big “Download Now” button – the only caveat to this is, you have to be logged in to cnet to be allowed to use it and that’s their way to obscure that ability. Very bad move.
I’ll always prefer a direct download over any kind of downloader/installer type of ad-ware propagator.
I’ve also stated this opinion in a sub-related post over at the cnet forums:
(you may remove this, if you think it’s unsuitable)
Did not know that since I do not have an account. Thanks for mentioning it.
Ya.. I saw it..it has quality contents and free downloads of movies, games, wallpapers..People vl get all for their taste..!!
Good find, Martin!
thanks for alerting us…
Yes I am also avoiding C NET and will do so in the future. They have lost their integrity as far as I’m concerned
I am aware of this situation since a couple of weeks and I really dislike it.
I fully agree with your conclusion : download from Softpedia and Major Geeks when it is possible and that is exactly what I have done since a couple of weeks.
If I can find another site to download from, I now try to avoid CNET.
As a rule I never trust a web installer.
I look for the actual installer elsewhere
at some of the sites mentioned and if it
is not available anywhere else I just pass.
I think that this new installer could become a problem for software developers who link to download.com for downloads of their programs exclusively.
Definitely. A real problem if download.com is the only source.
I saw it in my search results, but I have strong old-school ‘offline’ mentality (it was 1998, guys, when I played my first computer game). I reject web installers always if it is possible to.
So, I went to Softpedia and got what I wanted there.
Don’t be ‘next-next-next’ – too many adware around nowadays.
Yup, I’ve encountered this thing and it’s a pain in the ass; I usually look for the developer’s site and download any software in question from them directly. It’s absolutely ridiculous on Cnet’s part to create some corny-ass piece of software that does nothing but download a download–and try to get you to unwittingly install some adware on your system in the process. Very bad form on their part. I go there even less now as a result.
Also: thank you for bringing this up; thery need to be made aware that they can’t do this kind of thing and expect people to just take it.
I also have encountered this installer few weeks ago..
filehippo.com still the first choice and then softpedia.com
I prefer downloading directly from developer’s site. I don’t like to have to install installers on my PC. Also, don’t be in a hurry to install to click next, read carefully to make sure you don’t install something you don’t want to install
>>This can make sense from a business perspective, but removes some of the controls they have over the user experience.
Can somebody explain me what is that sence? And what kind of business perspective it provides?
Maybe i have to upload all my software to CNET download.com
Well you do not pay for the traffic that the software downloads cause, that’s what I meant. CNET might also offer other incentives for software developers, like ad revenue sharing. Not sure about this but it would make sense if they offered something for exclusivity.
Long while ago, I loved Download.com. But – that was a long while ago. Now CNET gives me: 1) very odd search results; 2) too little information on an application without having to click my way to find the cost and other details; 3) way too few screenshots which forces me to go to the developer’s site for a peek. 4) fewer and fewer reviews.
Now a toolbar.
Well, I do my software searching on Major Geeks these days.
+1 for SnapFiles.com and FileHippo.com
I just went to download CCleaner from download.com/cnet and ran into this. Talk about bs. I’m not installing an installer to install an install program. GTFO. Looks like they’re dead to me now. They used to tout their files as being spyware free and such and now they are using an installer and trying to get you to download a toolbar that’s adware. Don’t know what happened to them but they just shot themselves in the foot.
Thank you for this article. I have a fairly extensive film library which has updates that are downloaded. In the past all these updates were done from the supplier, except this last one that went through cnet. It was in a nano that this Babylon program was downloaded and installed. Of course the first thing I thought was a malware program was in my computer. I asked the supplier of the updates about Babylon and was told they had never heard of it, although I was told that they are using cnet. After some research and reading this article I feel confident that I do not have malware and can use the computer using a creddit card.
I would also like to add MBAM and SAS detect it as malware. Also unchecking it seems (or at least did) to stop the install.
More over here:https://www.wilderssecurity.com/showthread.php?t=304653
Since Bitsum Techologies is staunchly ANTI-BUNDLE, I was *shocked* when I saw that CNET Download.com had made this change. I was using them as a mirror, as they kept the product up to date and were reliable. I was even paying them $9 a month.
To say I was unhappy to discover that they had made this change is an understatement. Despite what they may say about more statistics, there is only one reason they added it — to throw in bundles (BING Toolbar right now).
Other download sites do this, and I’ve always considered them ‘rogue’. CNET Download.com used to have a policy against listing programs with bundles. Now they do it themselves.
I no longer can direct users to Download.com until they change this policy. It is a shame. Other vendors will feel the same, trust me. Even the vendors that bundle their own toolbars don’t want a wrapper with its own bundles that precedes theirs. In these cases, users are twice given the chance to ‘miss’ the checkbox to not install whatever the bundle of the month is.
I am very disappointed and strongly encourage them to revisit this terrible decision. Whatever short term gain in revenue they may have will not be worth the permanent loss in reputation.
I forgot, their official announcement about this was back on July 27th. I hate that I missed it for nearly a month, sending my users to this crap. Here it is, where they proudly announce the addition of their Download.com Installer: https://upload.cnet.com/8301-21_5-20084419-9978525.html?part=rss&tag=feed&subj=DownloadProductReview
I am sure you are right about their financial calculation. What these calculations don’t take into account is the long-term image of the site. It is all about short-term revenue. There is no consideration given to the end user, but that is true for most companies. The consumer is only important when considering how to maximize ‘milking’ them.
Indeed Download.com does have high search engine rankings, especially with Microsoft’s Bing. With Microsoft, they have a special relationship. Again in Windows 8 Microsoft is attempting to develop its own ‘Windows App Store’. They tried this in Windows 7 but it never really took off. All the listings come from Download.com. In fact, on the site (Windows Marketplace), they say to get your app listed, go add it to Download.com.
For Google, they have a special way of displaying Download.com listings that includes the editorial rating of the software (which is scary considering how unreliable their editorial reviews are). I would hope that Google would downgrade them, or at least not give them special treatment, but I don’t see it happening.
They should have notified software developers per mail about this change.
@Martin: *Maybe* it was in one of their newsletters that I hardly ever read, but I don’t know. Their newsletters are so.. useless.. that after a while I quit reading them. For an important change like this though, they should have more aggressively tried to inform vendors.
Ironically, I was ranting about how terrible bundles are only days ago, and ranting about the 2011 proliferation of rogue download sites that are buying up adwords for popular freeware and shareware. Then I happened to download my own software from CNET, using the mirror link I have used for years on my site. I saw this and I nearly lost my head!
To make matters even worse is that the darn ‘download.com installer’ doesn’t even work very well. It dump’s the intended software’s ZIP file onto disk and just opens an Explorer window to that folder. You have to then click on the ZIP file, then on the setup EXE. It would be confusing for many newbies. Its only real purpose is to install the BING toolbar, and they do mention they may use other bundles later.
Oh well… Nothing new I guess. Another site sells out. This is just a particularly big sell out.
They have probably made a calculation and came to the conclusion that even though they might lose some traffic in the long run due to disgruntled users, they will be making a nice buck from the rest. And since Google and Bing loves the site (I noticed that download.com is often the first place on Bing right before the developer site), they have no shortage of traffic coming their way.
@Martin: I had replied again, but don’t see it, so I apologize if this is duplicate.
In their defense, I reviewed my email archives and they did mention it in one of their newsletters late last month. Since their newsletters are.. how should I say.. less than useful, it is no surprise I didn’t read it. I suppose I therefore only have myself to blame for missing it, but I would have *never* thought they would stoop to this level.
I found your other post in the spam folder :)
The bastards have done it to my software as well, without telling me. Not impressed. I guess the download sites must be in their final death throes to crap all over the people who provide their content in such a blatant manner.
I noticed this last month, it is really horrible.
However, they do have the size to keep this up, and claim it is for the good of the users.
I guess I’ll just ignore it. However, if I had one their download buttons on my site I would have removed it the second I saw this.
I can’t find the topic on how to remove Babylon from Firefox’s extensions;
removing the extension is not sufficient; have to go to about:config to remove all Babylon references as well
The leftovers have no function if the add-on is uninstalled.
JUST SAY NO
cnet … you are dead to me now
An update on my rant about cnet posted August 20 @ 1:30 am. I sent my supplier this web site talking about cnet and obviously it was researched and I received a reply. I was told that they have removed all cnet download links. They were not aware cnet had started bundling their download manager. They did it without informing my film library supplier. They advised they will not use cnet anymore unless cnet stops bundling the tool bar. At least I can no download updates directly with ease of mind.
Likewise, I informed fellow software vendors. Some, who hadn’t yet updated their software since the change, haven’t yet had the bundles attached and are still in denial, thinking they will be treated differently than everyone else. They’ll find out the truth when their next version is published, lol. Others removed their links immediately.
This whole thing could backfire big time for Cnet.
Iâ€™ve got a couple of apps on their site one of which is PPD the other is not. The PPD app is ok for now but the other app has this download manager horseshit. I used to also link directly to their site for downloads needless to say I removed this immediately. Disgraceful and penny pinching behaviour at its best, cheers!
It is truly a shame that such big website are following this business model.
I work for http://www.Allmyapps.com. The first Windows Application Store. With Allmyapps you can Install, Update or uninstall al your software in a single click. We remove crapware ( Toolbar, malware, etc ) from the installation process.
Give us a try and let us know if you like it. Feedback is always appreciated ;)
Kill it with fire. Add http://www.download.com
to the hosts file on the family NAT box and just redirect everybody to somewhere else. Disconnect them from your Internets.
ARGH! Don’t put an “http://” in front of things that I type!
This is automatic, not sure how to disable.
Yes this is the last straw for me. I will now no longer frequent any of the CNET properties AT ALL. I will be using something else like MajorGeeks, NoNags, Snapfiles, or something else. I no longer use adobe because they started this crap, i switched from OpenOffice to libreOffice, I just want to get away from companies who treat THE COMPUTER THAT I BOUGHT AS THEIR PERSONAL MONEY MAKER. IT IS MY COMPUTER !!!!
FOR MORE DETAILS:
The only download most tech savvy users should try is Linux
it seems Linux Mint is the best for folks coming from windows,
much nicer than Mac OS X too i think, free too.
a blank DVD is needed
(North American download link)
Mint’s Website ,, http://www.linuxmint.com/about.php
check it out .. ! — no toolbars, adware spyware adware, you dont even need antivirus.
Boycott Download.com. Don’t let them get away with this.
In Soviet Russia toolbars install browsers
I have removed my apps from cnet now too. Using my software to make $ for themselves – nope, not happening.
And the kicker is….my apps were FREEWARE.
There is another big one out there too – OPEN CANDY. Many packages don’t even tell you that you’re installing it, and it is silent, working away in the background.
PS: Did I mention that CNET uses this too?
Yup, I have seen this but I always pay attention when I click through installs, so wasn’t caught. I also try and download direct from the developer where at all possible as this is not the first time I have seen unwanted toolbars and/or “foistware” offered. The Babylon toolbar option being pre-checked and “recommended” is despicable. I thought Download.com had more integrity than that. I see it’s inspired loads of negative comments – and quite right too, in my opinion.
CNET member By Web Form 08/17/2011 04:48 AM
I’d like to know what moron came up with the notion of preceding each application download with an installer setup.
I came to depend on Cnet as my Windows “repository” (Linux pgm database) and it’s with sadness I bid you goodbye.
A portion of their auto-response:
* We also offer our registered users that login a “Direct Download Link”, that can be found directly under the “Download Now” link. Those files do not include our installer.
Please let us know if we may be of further assistance.
CNET Customer Support
When I send customers to ‘Download Now’ from CNET (using their buttons), they aren’t typically registered CNET members, nor will they go and take the time to join. The download is instant, after all – wait 5 seconds, starts.. You know. Also, even registered members are hardly going to notice a little ‘Direct download’ link. That is a lame excuse of theirs.
Can anyone Help me?
Recently, I downloaded the web installer for Microsoft 2007 trial version.
While the web installer provided by cnet download was downloading the main installer of Microsoft 2007 trial version, the net had a problem and the download was canceled. The problem is, the downloaded part of the installer was not deleted and is still consuming space on my hard disk.
Can anyone tell me where did the downloaded part of the installer go? so that I can delete the file to conserve the space on my hard disk.
Although this isn’t a technical forum, off the top of my head, I would have thought it would be in the download folder you normally use when you download anything off the net. Try it again and see where your computer offers to put it and at the same time, if necessary, take a note of the actual file name and do a search for it. I use a search-as-you-type program called “Everything” from http://www.voidtools.com which indexes everything on your drives.
If it behaves as Windows applications *should*, and as I believe I observed it, it stores it in the user’s local AppData directory. That is where it dumps the user to run the ZIP, iirc. I need to double check before saying that, but check %APPDATA% … usually c:\users\myusername\appdata … then check those sub-folders (Roaming, Local, LocalLow).
Hey Ghacks readers,
I’m a writer at CNET and Download.com, and personally I’ve been getting a lot of feedback on the Download.com Installer. I have absolutely nothing to do with the development or approval of the installer, but I wanted to assure you that I’ve been forwarding on your complaints to the appropriate people.
I have no news of changes being made to the installer as of yet, but I can assure you that the people in charge of it are listening to your complaints and are strongly considering options for improving the experience. I can’t say whether the installer will ever go away because CNET is seeing a much higher download completion rate than before it was in use. I have not been provided with numbers to back this up, yet. However, your feedback does appear to be reaching its target.
In the meantime, if you’re a developer and would like your software to be excluded from the installer, you can send a request for exclusion here: [email protected]. No requests have been denied so far, to the best of my knowledge.
If you’re a Download.com reader, logging into your CNET account (at the top right corner of the page) will give you a text link on the download page that allows you to directly download the program you want, bypassing the installer. The link appears just below the green Download.com icon, and reads, “Direct Download Link.”
You are all more than welcome to continue sending your complaints and concerns to me, and I can forward them on. I can be reached at [email protected]. You can also send them to [email protected].
Thank you for your feedback, and I promise not to throw hatred towards you, as I (we) all realize YOU didn’t do this ;). Question:
“In the meantime, if youâ€™re a developer and would like your software to be excluded from the installer, you can send a request for exclusion here: [email protected]. No requests have been denied so far, to the best of my knowledge.”
Would they just de-list my software, or are they sincerely adhering to these requests and simply not bundling the toolbar with requested software? I fear them taking it ‘personally’ and saying ‘screw ya then’, and removing the software. Not that it matters much, but Download.com is still the largest download site (quickly shrinking now though ;o).
Requests for removal from the installer are being respected. I know they still want to keep the catalog of software as robust as possible, so unless a developer specifically asks to be removed from the catalog, that’s not going to happen.
After contacting the Download.com team about the installer, they have removed the web installer for our software Autorun Eater. Now when you click on the download button, the actual software installer is downloaded, not the web installer. As mentioned by Seth, you can email your requests to [email protected]. It will take about 2-3 days to reply. Hope this helps. :)
2-3 days max, it was same day for me (I got lucky, as I’m definitely not an important person, lol)
C NET has good features .i have downloaded this software in my pc.thanks for giving valuable information and sharing with us.
I agree. I saw this and refused to assimilate! CNET needs me more than I need them and I too have now moved on to other s/w dl portals.
good that people write about it. The installer has been detected to inject spyware right after it opens. Check it at http://hightechreality.com/2011/08/cnet-download-com-install-spyware/
I have been one of the first critics of all this, but I must say that article is a little misleading.
From what I can see at a cursory glance, the installer is simply dropping the toolbar installer into a temp folder – not necessarily running it. Now, I may be wrong, I looked at it for 2 seconds, but I do not think CNET would do something subversive like that. It is one thing to add a toolbar, another thing to do something explitly against the wishes of the user. Do you understand what I mean? It ‘drops’ the toolbar, but doesn’t run it unless the user checks the box to do so… Again, I did just do a cursory glance, so if my assumption is wrong, then I am shocked, and I do apologize.
Since CNET allowed vendors to so easily opt-out of this, respecting my request, I have been less critical of this new policy. The next important thing is to make vendors aware that they have this option, and that the toolbar was added.
To me this is all shocking from the first moment. Considering the uproar, CNET have let up and I hope will eventually withdraw from this idea.
I don’t think the article is misleading. It describes a documented fact and I think that the details are supported by evidence. The facts are that CNET have tricked people into downloading an unwanted piece of software, which having been run does undesirable actions on their PCs, including the modification of the firewall, before it even displays any prompts. It’s also true that the CNET installer has been detected as malware by other anti-virus software, not only AVG.
I do understand your point, but what guarantee do we have that this is not data extraction? It certainly looks this way. Or that the software, which we’ve been tricked to use, won’t suck some other unwanted things through the connection it makes with some server, having first modified the firewall settings? The dropped load also stays there when you discontinue the installation. To me this approach has much exceeded the limits of decency, and I agree with those who see it as malware.
How does the installer modify Firewall settings with UAC enabled? Or DEP for that matter?
If it actually does so then it’s basically a RootKit.
I have *not* evaluated the CNET Installer in depth, so I will not comment on what it does or does not do.
However, on the UAC issue, most every installer first asks for elevation. Once elevated by the user, it then can do whatever (depending on user permissions) – that is how all modern programs are able to install themselves. They can write to the HKLM hive, modify firewall permissions, and anything else the user has permission to do.
DEP has nothing to do either, it is a different technology more design to prevent code execution resulting from buffer overflows and other exploits.
Again, this is not any comment on what the CNET Installer does or doesn’t do, I am just saying what software can do – and what UAC and DEP does and doesn’t protect against. Once you hit thet ‘OK’ button on the elevation dialog, UAC is out of the picture.
The installer creates an entry in the registry:
This will happen on an XP machine. Windows 7 doesn’t have such a key, however the installer may have modified a different one, considering it does it on XP. This entry will stay until the installation is completed, then it’s removed. However, during the install process the wrapper will download the Babylon toolbar files to %USERPROFILE%LOCAL SETTINGSTEMPis1598539481 even if you opt out in step 2.
When it comes to UAC, I think that it depends on the account. If the default, user administrator account is used, the program will receive all the necessary rights to make system changes after hitting ‘yes’ when prompted.
There is actually a userscript (called NoBadware) that fixes this dumb problem, although I still prefer Softpedia and FileHippo. Any way here is the download:
If you have Chrome, then just click on the install button, and if you have Firefox, first install Scriptish (https://addons.mozilla.org/en-US/firefox/addon/scriptish/), then click install. For Opera users, have a look here: http://goo.gl/bJ3bG.
I’d been testing the CNET installer in a test WMware virtual machine. I’d let it run a couple of times, let it through AVG to see what it does. To my surprise, yesterday when I was shutting down the VM machine in question I got an alarm from the host’s antivirus G Data, that it had detected a virus infected file, which was the virtual machine’s hard disc:
File: C:Virtual MachinesWindows XP ProfessionalWindows XP 1.vmdk
Virus: Win32:Hupigon-ONX [Trj] (Engine-B)
If you check this signature, you will find a rather long thread, where a concerned user tries to verify with the Avast support if this is a false positive on all his ghost backup images as it turns out that this particular signature had been often associated with disc images, virtual hdds and so on. The solution to this was to fill up the free space with data, remove and defragment. After this the virus trace was said to be wiped from the drive. But surprisingly it would come back some time later.
The conclusion of the discussion was, that something definitely had been going on and that’s the trace it left, however the possible infection was deemed impossible to find, as it may have been using some advanced rootkit technique.
I’m not stating that the CNET installer plants some advanced rootkit in the system. But taking into account all facts I think that there’s something really strange going on and that it may do much more than it seems. After all, it does have all the necessary means to do whatever system changes it wishes to and has the ability and does download files from somewhere, a part of the payload being the Babylon toolbar, deposited in the user profile and this is highly alarming.
Its the worst download manager in the whole universe.
I will never ever come back again to the download.com
My chief problem is that the downloader removes any control I have over where the installer file is saved, and what it is named. Neither does it tell you, and if, for some reason, it can’t run the installer after downloading, you’re left searching for the installer file yourself. Bad behaviour, CNET!
It is really annoying – I wont be using CNET again
This is a copy of the email I sent their support team, and the response I got:
I have been a faithful user of Cnet downloads since I started browsing the web. I trust your claim of no adware or viruses in the programs I download, and will very often leave a developer’s website to visit the CNET download area for the safety of my computer.
Upon trying to download two programs, SpeedFan and HW Monitor, I instead encountered your download agent. A download agent that is trying to get me to install crapware. This is the entire reason I go to your site, to get away from underhanded practices like this. You have lost ALL credibility to me, and I will discontinue use of your services.
I’m not one of those people who automatically complains whenever there’s a change to a service I’m familiar with. I do complain when a company I know and trust(ed) starts acting like a 3rd rate 419 scam.
You have lost a customer, and I will stay lost until you get rid of that godawful download/installer program.
I would appreciate an explanation of why a respected company like CNET needs to stoop so low for a little more revenue; the way I see it, you’ll just drive away your most dedicated customer base.
We value your comments and have forwarded them on to our Downloads team. Our goal is to make CNET an easy to use, friendly and safe site that helps people find and learn about the latest tech and consumer electronics.
* We also offer our registered users that login a “Direct Download Link”, that can be found directly under the “Download Now” link. Those files do not include our installer.
Please let us know if we may be of further assistance.
CNET Customer Support
Same meaningless auto-response I got 2 weeks ago (and probably everyone else who sent a protest).
Cnet is showing its true colors with this fiasco and I’m through with them. Fortunately we have a wealth of alternatives so just forget them and let go already.
So now you have to make an account with them in order to download something directly? My goodness.. Now, I just download directly from the developer’s website or from another reliable place. I rather not have an account with them. Since when does it require an account to download a program? I’ve seen email subscriptions, but not this.
I found CNET’s new download approach to be doubly annoying: on top of the blatant “you NEED this awesome new toolbar and homepage” install options, the pile of crap NEVER completed a single attempted download–always erroring out somewhere close to 95~100%!
I’m sticking with MajorGeeks and Softpedia… I don’t have time to waste on CrapNET.
Fuck cnet, they can burn in hell and go out of business. Cnet = spyware now. Sorry, you can say that they give you an option of not installing the crapware, but in reality they know that eventually someone will accidentally install it even if they don’t want to.
I used to like cnet, I won’t even click a google link to their site now, and I’ll tell everyone I know and work for to avoid it as they would a russian hacker site.
I’d like to state that ESET NOD32 Antivirus and ESET Smart Security report the CNET installers as “a variant of Win32/InstallCore.C”. That’s not going to instill confidence in the users of their download service.
I had always trusted CNET downloads that is why today when I am in an urgent need of flv player I did not mind continously clicking the next button.
After that my IE is ruined, I cannot remove that annoying Babylon. I have to do a system restore that have wasted precious time. NEVER AGAIN WILL I GO IN CNET WEBSITE.
I will not be using CNET anymore to download my software. THis CNET installer they are using makes most of their software unusable and I AM BOYCOTTING IT UNTIL THEY CHANGE IT. YOU NOT GETTING MY CLICKS ANYMORE CNET!!!!
I just downloaded Auslogics Disk Defrag from Cnet, and the Cnet download installer also installed without warning Photojoy and Photojoy Toolbar which also tried to change my search provider to Photojoy. BOYCOTT Cnet!!!
UPDATE: CNET sent some developers an email asking their opinion. It included things like, “Would the toolbar bundle be acceptable to you if we could provide more detailed stats?” — Umm, no ;). Other questions were asked as well, with the clear intent to find some way to keep this ‘bundle wrapper’. I recommended they kill it immediately, as they are losing users and vendors in droves.
However, with all things corporate, money rules. They must be shown it will cost them more revenue if they keep this policy than the bundles generate. That is the only argument they will listen to.
I agree, it is all about the money. They have probably included a percentage for users and developers leaving the site for this, and likely came to the conclusion that revenue > that.
That’s true unfortunately. Corporate requires a drop in numbers. The number of people downloading from CNET should have reduced,but it’s hard to tell for sure. From what it seems the software developers are rather not happy too, opting-out by email and don’t want to have their software bundled. It would logically sum up as a fiasco, however a CNET rep had mentioned above that the numbers had risen. How about now?
Judging by their adopting techniques they trying hard to keep this strategy by aiming at people first, before doing any more defined change. From what I know about the corporations, that’s their first and actually very successful approach. By contacting and asking a lot of questions, making the other side feel important decision-wise etc. corporations somehow manage to turn the situation around…
All in all if this doesn’t die a natural death, it will automatically make it a success which others will follow and I don’t think we would have to wait for long. This is very unsettling.
I suddenly noticed an app called PhotoJoy popping up and scanning my hard drive for photos. Whoa! I killed it, and in the process of uninstalling the app, I found it had also changed my IE homepage, default search engine, and toolbar. I removed CNET Tracker permanently and will use Secunia to track my software.
Well….there may be one indirect benefit from all this.
Perhaps _finally_ some of the clickmonkeys will actually observe what they’re doing with that mouse instead of just blindly clickety-click-click-click on every damn thing that pops up on the screen lol.
UPDATE: When you opt-out of the CNET Download.com Installer they no longer mirror your software. They instead direct users directly to your download at your site. I was not aware of this, and thought maybe other vendors might not be as well. After all, they did not not mention this. In other words, if using them as a mirror, you are not doing much good.
This problem with CNET downloads has only begun to happen to me over the past week, and it’s happening a lot. I managed to do ONE download that was a full and evidently direct one, but the several others all downloaded CNET’s installer ; not that I executed any of them, yet, but having now learned, this evening, what cnet is now doing.
I had a problem with a download of KMPlayer from softpedia, and it took me some hours to completely determine what the problem was. It was first downloaded from softpedia, but the installation installed some adware that I finally found out is from some other South Korean company and does not conform with what is said at the kmplayer.com forums about what adware is officially authorized by the company. KMPlayer authorizes the optional Yahoo! toolbar, or some other silly toolbar, but makes it optional for installation, or not installing it. Anyway, after the hours of problems determining what the source of the problem was with the download from softpedia, I decided to head over to the kmplayer forums to do the download from there, and also downloaded from cnet. The latter two were identical and 2MB or more smaller than the DL from softpedia.
I also posted one time at softpedia about Antivir from Avira having reported detection of a virus or trojan or some other nasty critter in a download from softpedia; and what did they do ? Rather than corresponding in a mature and professional manner, a curteous one, which’ld inform other users of softpedia, they deleted my post.
So softpedia definitely is American-pig-headed, but does provide some clean downloads. Another thing I dislike about the website’s maintainers, however, is that they don’t update their software reviews very often. I find many reviews for softwares that have 2011 releases for new versions, while the reviews are from 2006 and possibly even older than that ; many versions of the software, ago.
MajorGeeks has always been reliable for me for clean downloads, but one thing I dislike about it is the lack of editor reviews. We only get user ratings, which are OFTEN unreliable, but it’s about all users of MG have to go on, unless using the forums, a lot ; something many people don’t have the time to do. But, the downloads have always proven to be clean and very authentic; nothing of bs added by MG.
There’s also Snapfiles.com, but it’s much more limited in terms of the number of softwares or apps in any category. I never had any problems with downloads from snapfiles though. Their reviews are present, but very limited, nothing like found at softpedia and cnet, when their editors provide reviews; and techsupportalert.com has been helpful to me. It’s not a download site, but is a site about freeware and free versions of commerical ware, and provides reviews. They’re not extensive, as found at softpedia, but still provide some useful basic information about apps.
Perhaps, some of these problems, though not all of them, have something to do with the USA going through a recession, if not depression.
I neglected to click the “Notify me of followup …” checkbox for my post, above, so am using this one to ask that anyone who replies to my post, above, please use this post to ensure that I’m notified.
Maybe the “Notify me …” checkbox should be checked, by default ? For myself, it would be handy ; because of always desiring to be notified whenever anyone replies to anything I post online.
Mike, enabling the box by default would cause a storm of complaints from users. I prefer opt-in whenever possible.
In the case of online forums, everyone always wants to see replies. Some people ridiculously prefer to do that by an on-site notification only if they are a frequent user, but these settings are typically in the forum’s general settings, not on individual posts. It is obvious that in the case of forums, replies should always be sent notifications/e-mails unless specifically opted out of, which most users will never remember to look for checkboxes at the bottom of a forum post since they are typically useless things such as disabling graphical emoticons. Additionally is the fact that removing these e-mails if you see them and didn’t want them is an easy single click that could not possibly ever be complained about legitimately.
….Even worse yet, there no is no such option whatsoever to even be notified in the first place! It is literally the worst thing that a good or legitimate forum can do, much worse then having captchas or annoyances, and worse then unreasonable tracking too since you are always tracked everywhere anyway and is nearly impossible to stop.
Mike thanks for posting. I actually never had problems downloading from Softpedia.
Until the two incidents with Softpedia, I also had never had a problem downloading software from that website. But the two experiences I had were enough to cause me to seek other websites for actually downloading software.
They deleted my post about a software that’s supposed to be clean and one AV scanner that I used reported a potential virus, trojan, or some other malware that Softpedia didn’t mention. This deletion was unacceptable. Human decency would be to reply by stating that, sure, ok, some AVs will report positives, but they’re false, which happens often enough. Instead, they simply deleted my post, a very uncivilized way to act.
I’ld say what the particular software or app was, but am not sure. It’s well or broadly known in the freeware world. Without being sure of this, I don’t think it was freeware, but a free and limited version of some commercial ware, instead. I don’t recall what it was, only recalling that it’s a well-known app. in the world of freeware and free versions of non-freeware.
KMPlayer was a very different matter. I don’t think that it’ld be ever downloaded again from softpedia, for me ; after my last experience. That download, and it’s of a relatively recent version of kmplayer, installed adware or extra-ware that didn’t come with the downloads from kmplayer forums and cnet, both of which provided identfical download files.
When i download installation packages for software to install, then it’s from different websites. Once downloaded, I compare file sizes, and there regularly are differences, which should not happen, if all downloads are exact copies of the original work of the author or producer. Consider the different sizes for the current version of kmplayer. It varies from 14.x MB at majorgeeks.com, to over 17MB at kmplayer and snapfiles ; all for the same version of kmplayer. And the downloads from kmplayer and snapfiles are both 17+ MB, but not quite equal sizes. There’s a very small difference in size, enough that both can be generally said to be 17 MB.
There are different possible reasons for this, but even if I have a bach. degree in computer science and worked in industry in IT for roughly ten years, I don’t have a clue what reasons would be most regular or constant among the people who provide downloads that don’t conform with and should, instead, conform to the author’s offering, say. For me, it makes no sense to do that, and only assholes would.
Antivir has a VERY high false positive rate, so I would not believe its results alone. Run anything you think it detects through VirusTotal (42 scanners). False Positives are a huge problem and only getting worse. The same goes for web site ratings.
Virustotal.com is not a complete verification, and VT has a page in which this is explained, that users need to understand that VT’s service is far from being thorough verification. I think, if understood correctly, that VT runs all of the scanners in command line mode, rather than dynamically. Anyway, you can and evidently should read about this at VT.
I’ve known about Antivir producing false positives for years and haven’t had any problems in dealing with these cases. Sometimes, it’s an FP that I recognize and know to immediately dispose of, knowing the app. is ok. When I don’t know, then I do research, before deciding what to do with the file or files that are supposedly infected, disease carriers.
But VT is not a one-shop solution and VT provides a page warning users about this, to be very careful about misinterpreting VT as if it’s a one-shop solution. They clearly say that they aren’t, and they’re right about that. I use VT for every app installation or installer that I download, but also run Antivir, Malwarebytes, and Emsisoft Anti-Malware, besides PCTools Threatfire always running, as well as WinPatrol. It’s possible, but not likely that I’ll install infected software when it’s downloaded.
For a free AV, Avira Antivir is very good. Some people prefer Avast! or AVG, but they’re not really better, and I don’t need all of the additional shields Avast and AVG provide ; only needing to protect my system, and Antivir does a pretty good job at this.
And Antivir’s FP rate has quite drastically dropped over the past several years. That Antivir once had a high FP rate is true, but no longer. I know that from personal experience, being an Antivir user for many years, now, but people should also check reports from the following website.
Does someone know where this installer puts the downloaded files? … I’ve just downloaded some file and I want to copy it to another computer
Oh my bad… yep the file is in C:\Users\\Downloads … thanks
I gotta say, this is no worse than you popup ads on this site, dude.
Popups here on this site? Should not happen, can you please show me a screenshot and provide additional information?
You say there shouldn’t be popups here and it makes sense to me, since none ever popped up here when I’ve visited this site. And I wouldn’t expect this to happen to some visitors, while not to everyone who visits this site. Otoh, I just checked what the AdBlock Plus add-on for Firefox says and it says 13 items in this page have been blocked, so maybe one of them is a popup. To test this, I just instructed AdBlock Plus to allow all of this page, the add-on then indicated that this page is now whitelisted, and no popups occurred after reloading the page.
The NoScript add-on is also being used and it blocked fmpub.net, kontera.com and crowdscience.com, so I had Noscript temporarily allow these links. The page was then reloaded, since i have noscript automatically reload pages when I give noscript instructions like these, and no popups occurred.
This info. will hopefully be of some use to you.
Thanks. There are some ad forms that I’d never run on Ghacks, and one of them is popup ads.
The ad problem is one thing. I don’t like Babylon all over my browser. But have you noticed that the window you have made a picture of (page 2/4) freezes. You can’t go anywhere from there. Click everything on the page. Nothing works. Hey, CNET, haven’t you noticed that no one likes your ad page and the ad page doesn’t work? Haven’t you guys and gals at CNET noticed that nothing is being loaded these days? Is anybody at the switch? Wake up guys. I’ll never come back to CNET. And nobody else is able to get through the 2/4 wall, either. You guys are maybe making lots of money from the Babylon people, but you will lose all your business if this continues much longer. It’s been going on for weeks. Wake up! Knock knock is anybody alive there at CNET?
I’d like to point out, that since I use Linux as my main OS, especially for pre-downloading for use on a Windows box, that this instantly meant the end of CNet downloads for me. Not only do Windows exe’s not natively work, I have no desire to run their adware installer under wine, even if it does work that way.
I won’t be back to their site, for anything, ever – unless of course they fix it. If that means they are “making a pile of money” on the toolbar flavor of the month, hey good for them. They can be next “DriverGuide” or “warez” -alike site if they want. Harming your user base is never good for business, even if it does increase revenue – for a while. I have quite enjoyed and trusted CNet in the past. But, this is a big black mark on them. Oh well, if they don’t want me to use their site, click on targetted web ads, that’s fine by me.
Seriously, who in their right mind came up with this? It’s time you looked carefully at your marketing and IT teams, CNet. Thankfully, most self-resepected developers will pull their software from CNet’s site. Perhaps it will get their attention.
C-Net needs to suck the Quest Airlock on the space station.
With the hatch open.
I just ganked a download from C-Net that I wanted, and I was alert enough to avoid the freak-warez it wanted to put on my comp.
I had this very article open too. Heh heh heh.
Just like Jeremy said below, it popped [pooped!? ]open the good ol’ Explorer window and I leaped right in and grabbed the loot out of my handy default download folder because *I wanted it on the dang
At least this time I got it to operate more on MY terms than C-Net’s terms.
Two VERY important updates today. CNET has *changed* their vendor opt-out policy. Apparently now instead of any vendor who wants to opt-out can, they do so on a case-by-case basis. Second, apparently one of their bundles is detected as malware by many security companies.
On the opt-out issue, this is super-important, as it shows a major shift in their policies. No longer do all vendors have the same rights, apparently. They must be making a lot of money with these bundles.
On the malware issue, i personally look at *all* bundles (even if they are a free AV scanner) as malware, since they violate user *intent*.
You know, this problem has gotten *so bad* that I recently had to decline FIVE (5) separate bundles when installing a popular freeware utility. That’s right, 5 in one freaking utility. Now, throw in a few more from a download site, and how many declines for bundles does a user have to go through?
Oh, also you have to see the Clean Water bundle by We Care Corp (yes), see: https://plus.google.com/b/111452122533164797807/111452122533164797807/posts/4kwG8NwQsCS
Consumers MUST make a stand and REFUSE to download FREEWARE that uses bundles. It is not true freeware if it has bundles. The price is contamination of users’ PCs. Even if we assume all bundles are good, 100 good bundles=1 bad PC.
The new policy, BTW, is specifically stated as:
“If you would like to opt out of the Download.com Installer you can submit a request to cnet-installer () cbsinteractive com All opt-out requests are carefully reviewed on a case-by-case basis.”
Original link: http://seclists.org/nmap-hackers/2011/5
Also, tiny link to the Clean Water bundle, which you just HAVE to see, lol:
That’s a funny one ;)
The installer recently received more bad press, seems like some sites are finally catching up and reporting about it. Took them some time.
They need to make it opt-out, otherwise no one would opt-in and they would not make no money. It would probably be different if they would throw together a revenue sharing program.
I’m not a computer genius so what this “portal” has to really offer is probably beyond my comprehension. On a general note for myself, it was an awful experience. When it downloaded, at first I was thinking “wow this program is 400kb? Must be some strange virus or I clicked something by accident”, instead it turns out to be the program except not the program.
I wanted to download a setup for a screenshot utility to save on my external hard drive, but download.com doesn’t let you do that anymore. If their excuse is to make things easier, such as pausing a download, there’s something these browsers have now that’s called a download manager add on, or for Firefox and Chrome, from my knowledge, already lets you pause downloads. So why bother with this thing?
This practice is so old, I have not seen download portals in years until now. I think AIM does the same thing too, and it’s so unnecessary.
There are still some reputable download portals out there, Softpedia.com for instance.
EFF have waded in here:
although a little late into the fray, I feel!
Interesting, to bad they did not link to Ghacks ;)
Yea the cnet downloader totally sucks! I don’t even know where it saves the files to
Hi, I agree with you. I would also like to add that in order to run the downloader, you have to bypass the default windows 7 protection. If the software wants, it can probably download and install some other things as well in the background. Not good from security point of view!
Thanks for the article.
I think it’s a load of bull. I do NOT want CNET Downloader. What I WANT is the setup file as a direct download. Forcing me to download their #$%ty software first, and almost trick me into installing their other ad-related rubbish is rediculous. I used to get all my downloads from there, never again.
If it’s taught me one thing, I’m not longer a Next Next Next guy, lol.
Hey Ghacks folks,
Just wanted to chime in here to clear up what seems to be some confusion, and please remember that, just like my comment from September, I have had nothing to do with the design or implementation of the Installer. I’m and editor and writer, and at CNET we keep a strict separation of the business church and the editorial state.
The “wrapping” of the Installer around any open-source software has been done without intent. It was an accident. That’s what I’ve been told here internally, and I’ve seen no evidence that that’s not the case. I’ve also been told that the company is in the middle of a more thorough vetting process, to ensure that the Installer isn’t wrapped around any open-source software.
Two other points about the Installer that I’ve been told, that I don’t think many people realize: One is that Download.com is still seeing massively, significantly higher download completion rates than without it. The second is that the people who are managing the Installer have heard your complaints, and they’re working on a solution to improve both the quality of the offers being made and the manner in which they are presented, so it’s more obvious as to what’s going on. However, I’ve been told that this is not a simple switch that goes on or off. I’d expect to start seeing changes within a few weeks or so, given that they’ve been working on it for a while, but I have no hard data to relay on that.
As to the point about the direct download link: If you go to a download page such as this one
you’ll see the Download Now button and then a direct download link in text immediately below it. However, on this page
there’s no text link. That does not mean that there’s no direct download option, but in fact it means the opposite. It means that there’s no Installer wrapped around it.
If you’ve got any further questions about the Installer, you can email me at [email protected] and I’ll forward them to the appropriate people, or you can e-mail [email protected]. Developers with questions or concerns about the Installer can also contact [email protected].
Hope this helps, and for those of you who read my stories: thanks!
-Seth Rosenblatt, Senior Editor, CNET.com
The mantra repeated twice now is stated here by you, “… Download.com is still seeing massively, significantly higher download completion rates than without it”‘ . OF COURSE the download completion rates of a very small ‘installer’ are going to be higher than that of a larger ‘real’ installation package. I must question the accuracy, validity, and applicability of this metric. I am sorry ;o.
It doesn’t change the fact that the installer is UN-WAN-TED; and nothing you can say will justify it’s existence to us end-users.
If the installer was a CNET application that allowed people to browse available software and download it via the application and have the program keep track of said downloads and provided updates to the software (similar to those automatic driver update programs) and it was an optional download .. that would be different. But it’s not.
Instead, users are expected to download CNets “SPECIAL DOWNLOADER OF AWESOMENESS” just to download ANOTHER file – when the file they originally wanted could have been downloaded and installed already. So that’s TWO downloads, instead of one. What if someone was severely limited on bandwidth? Or the proxy at work allowed direct downloads via CNET but the proxy blocked the Crapware Installer? What then?
I had to download the 600~kb installer for a 1.0mb file (no jokes) using my phone as a modem. So instead of a 1.0mb file, I downloaded a 1.6mb file, and while this may not seem like a lot, if I have to do this for almost every piece of software from CNET, it’s going to add up; data is NOT cheap in South Africa (not sure about elsewhere). All I wanted to do was convert FLAC to MP3 .. and I had to download the Installer (which was fast 45 kb/s) but then I had to use the installer to download the main program I wanted and it was slow (MAX: 11 kb/s). How does this benefit me at all?! Answer: It doesn’t. It’s greed on CNET’s part, nothing but filthy dirty nasty greed.
In addition, I like to keep my setup files in one location (eg: C:/Downloads/Software), but now I don’t even know where the 1.0mb file I downloaded is, all I have is the stupid installer – guess what that means? It means that I have to redownload the 1.0mb every time I want to install it. Where is the setup file for the program I wanted? Can anyone tell me? :(
Finally, I will NOT “register” (said with derision) JUST to download a file from CNET; that’s almost as bad as gaming websites charging you x-dollars per month to download the game patches (which is not theirs) from it.
Again, it doesn’t matter how much you try to justify this horrid travesty, CNET #$%^ed up big time, and until the installer is removed, they can consider another customer lost.
@Jeremy: The metric refers to the software installation, not the Installer installation.
@Sebastien: As I said, you no longer have to register to get the direct download link. That link will appear on all pages with the Installer, and if you don’t see the link, then it means there’s no installer attached. So I’m not really clear on what your complaint is. Is it that the Installer was done in the first place? Or the way it was implemented? Well yeah, there’s a lot of people – starting with many here at CNET – who believed that we could’ve done it better.
But changes have been made – such as making the direct link available to all – and it appear that the business side is learning from its mistakes to improve the experience. However, by all means do send an email to the addresses I posted above. The more voices the business side hears about this, the better your chances are of effecting change.
I’m glad to learn of what Seth Rosenblatt is saying here, but would nevertheless use the CNET download pages for softwares in order to read reviews. If the unwanted stuff wasn’t wanted, then people could just click on the specifications or full specifications link to go to that page and then use the link for the software vendor in order to download from their website. Plus, CNET hasn’t, not as of early December or else last month anyway, rebundled all free downloads with the CNET installer.
There was no crutch about this at all for me; no need to panic. If a download file was small, half a MB or so, then I knew it wasn’t the actual software that I wanted, so ignored these downloads and would then check at MajorGeeks.com, Snapfiles.com and Snapfiles.com, as well as TechSupportAlert.com; plus, of course, the software vendors’ or makers’ websites. But there are still downloads at CNET that are the full software downloads, rather than the CNET installer. In those cases, I’ld have no worry in downloading the files; never having had any infected files when obtained from CNET, while the same is also true for MajorGeeks and Snapfiles.
I won’t say that about Softpedia, which was very reliable for years, but they screwed up a KMPlayer download, including some bogus adware with it that we wouldn’t get when downloading the same player from CNET and KMPlayer.com (the link being in the forums, there). Since that happened, I only use Softpedia for reviews and links to the software authors’ websites. But all downloads I’ve done using CNET, MG and SF have always been clean, so when using these websites, I’m not worried. It’s still a good thing to download from the vendors’ websites though. Speed, however, might be much slower, so when that happens, we can just do the DLs from CNET, MG and SF; and, normally, also SoftPedia.
So, it’s been a little hilarious seeing all the panic about the CNET installer when it’s very easy and simple to avoid it.
Sebastien said that he couldn’t find the downloaded file. I don’t know why that’ld happen, but while I use Win XP, I don’t use Win Explorer, which possibly lacks a file search feature or function. I use the last free version of PowerDesk, version 6, which should still be available for download from some safe websites; forgetting exactly which one I downloaded this from though. PD has a file search function built-in and immediately accessible with the cick of a button in the main window or bar, and we can easily search an entire hard drive.
It’s important to properly name files being downloaded, in order to be able to remember what the names are, though. I always make sure the downloaded files are automatically assigned appropriate names, and to help make this clearer for me, I make sure that the version and the date of release are part of the filename. It can be very helpful when doing file searches, for I can have multiple versions of any particular software that I’ve downloaded.
So, it seems odd that Sebastien couldn’t find the download; but, maybe there’s another reason in his case. I haven’t a real clue what the other reason might be, except for the file possibly having been deleted without Sebastien knowing this, due to not being notified about it.
All my downloads go into subfolders of my own downloads folder (not the Windows one, due to being on a separate partition and disk) sorted by category or type of software. And I’ve never had any “mysterious disappearances” of downloads after using the Web and performing downloads for around 17 years, now. (Using a separate disk for these files didn’t change anything, except for not unnecessarily filling up the disk or partition containing the OS installation, btw.)
There’s usually a solution we can think of or find when encountering problems with softwares; not speaking of viral, trojan, … problems though, for I’ve read that people sometimes have to do complete system reinstallations in some of these cases. It hasn’t happened to me, yet, but I’ve read about others needing to sometimes do this. I’m very careful before downloading any softwares and it’s why I use CNET, MG, and the other websites mentioned further above. It’s time-consuming, but helps for safety.
And, lastly, one way I’ve been able to come to trust these websites is that many downloads were done from them and the vendor or author websites, in order to compare the files. Only one bad case happened with Softpedia for KMPlayer, though forget which version; not an old one though, for this was maybe 2 years ago, at most. CNET and MG had the correct files, but Softpedia, for some reason, provided a download that was perhaps 2MB larger and the installer installed, without prompting for permission, junkware that took a while to completely get rid of by deleting the files and the Windows Registry entries or keys (or whatever to call it).
KMPlayer disclaimer (of sorts, anyway) :
I’ve mentioned it many times now in this post, but it’s not for recommending it. It’s a great freeware multimedia player, but the creator or author has since created Daum PotPlayer, which is the freeware multimedia app. that I now use, while having some others also installed for cases when PotPlayer doesn’t work for a particular video file (doesn’t often happen, but can sometimes happen). KMPlayer is still installed and very good, but can be eliminated, but I haven’t bothered with doing that, yet, because it’s not a problem in any respect whatsoever and either of these apps are fine to use, though I read earlier this year that there was a problem with a recent version. That’s also not a problem, though, for the prior version worked just fine for me anyway, and I think to have read that there’s a newer version than the one that had a problem; a security-related problem, I think to have read. But, PotPlayer apparently has good improvements over KMPlayer.
Long post, but it’ll hopefully be helpful to some people who happen to take the time to fully read it.
Sorry for the late post here… just came across it, but the subject matter points up a major web annoyance.
CNet used to be a reliable SW info and DL site for me. Similar to another post stated, I have been using them as a resource for at least 10 years.
Now, they have fallen down to the second or third tier for me.
I will be avoiding them because of their use of their Downloader, over which I have little control of what really is going to happen and no reliable indicator of true size or kind of actual download object. As well as their making the incorrect assumption that I wish to install the SW immediately through their tool. Bad Cnet.
Seems similar to what happened to Brothersoft download site – used to have direct downloads, now must use their own downloader junk-ware. They have fallen from my 2nd or 3rd tier into 4th or 5th (didn’t know a SW site could fall that low… ;)
I noticed CNET’s trick lately and planning my next move.
It’s an abuse of trust.
CNet started this @#^#[email protected]#$ practice months ago. Since then, I have refused to use CNet and cancelled their newsletters.
I have found that, if searching Google for an application does not show an alternative to the software I want, I can usually search Softpedia or Majorgeeks and find it.
By the way — Not all software has the direct download link on the page. It’s my understanding that software developers have to request it.
Thank you for this article. I have been a dedicated user of Download.com for years, and now they’ve lost me.
All those users who said “CNET is dead to me” and “CNET was terrible for doing this”… Indeed, I am *very* disheartened that they, the arguable largest download site, set this *precedent*. Other, smaller download sites that would have been considered rogue for doing something like this are now legit. All thanks to CNET. Now, don’t get me wrong. CNET is still an important partner for me, so I can only go so far in my criticizing. I don’t have much of a choice. I definitely want my software listed there. In fact, its near mandatory. If you’re not listed there, you aren’t going to be picked up by the Windows Marketplace and such, who recommends listing at CNET.
Anyway, after all these comments, I expected to see a user rebellion at CNET. NOPE. What happened was the roar died down, the installer tweaked a bit, and guess what — It is now here to stay. *sigh*.
Again we see the larger masses take precedence. Those who don’t even know what an installer bundle is – the ones most likely to be harmed by this practice, especially after they get 100 different little toolbars and browser extensions installed. These are the people we should be protecting, but due to their ignorance on the issue, they don’t ‘know’ to care about it, and thus — it stays.
I would say I’m disappointed, but I’ve been in a constant state of disappointment with the entire desktop software industry ever since installer bundles became the norm. I still do not use them at my site, but guess how many people appreciate me not using them? VERY FEW. In fact, many advanced users have publicly stated that they would rather get a product for free, and deal with bundles they know to deselect, than have a bundle free product that cost something. Of course, it isn’t them who pay the end price, it is the aforementioned less sophisticated users.
Avoid download.com like the plague! It not only installs that malware “babylon” toolbar, but it also makes it the default search engine. It took me half a day of googling and visiting forums to get rid of this malware! There was a time when I even uninstalled Chrome and IE9 out of frustration. But when I installed it back, babylon was still there! This is disgusting. I thought download.com was a reputable website. That company deserves to fry in cyberhell!
i havent downloaded from cnet in years (except in moments of desperation usually followed by a complete reinstall of the OS… heck it only takes 20- minutes)
I am officially done with CNET/download.com! My computer is not an advertising platform for them or anyone else. Pushing ads and toolbars on users is very bad form and should be illegal. I encourage everyone to seriously consider using the site if and only if the item you need can’t be downloaded elsewhere. They used to be a really great place. Now they are just another greedy website.
Its a real pain in the ass. The downloads are much faster when downloaded directly through a download accelerator like Internet download manager or orbit downloader in comparison to cnet downloader or any other downloader provided by the 1st party itself. Also, we cannot resume our downloads nor can we get a clear idea of how much time is left for the download to complete or how much data have we downloaded already and how much is still to be downloaded. It really is a deal breaker if u have a slow and interrupted internet connection. I often prefer downloading the offline installers due to this reason. CNET has made it compulsory for everyone to download their downloader which also adds to 1 more junk .exe you need to remove from your system once you have installed the software which you wanted to. And last but not the least, if you aren’t carefull get ready to take the pain to uninstall the babylon toolbar, search engine and dunno what other bull shit which I atleast have no intentions of trying till THE OLD FAITHFUL GOOGLE is on the world wide web. Better look for an alternative for the site… Gess they have left us with no other options…
I used to use download.com almost exclusively, but since they put that installer in, I’m going to avoid them from now on. They just lost me as a customer…
I never expected this coming from Website such as CNET! I’ve been one of their big fans since their early days. Nowadays, they have no difference from those malicious sites. This babylon is not only intrusive but very stubborn program that it took me hours just to remove. This stinking program not only became parasite but also installed to all of my browser that I have to clean my registries and all! Shame on you CNET! You Suck!
Use Revo Uninstaller in Hunter Mode next time. Took me just a few minutes to clean it out (including registry leftovers).
I got mine from downloading an Android screen access over usb app from the developer’s website . I unchecked the Babylon toolbar but it installed anyway.
Then the developer had the nerve to include a popup asking for PayPal donations – what an A-hole!
I hate download installers and no matter how badly I want to download something, I will not download it if it comes with a download installer attached to it.
When I detected Babylon on my system, I was perplexed on how that old dreaded fuckery spawned out of Israel had managed its way back in my ass! I assumed it had generated from an old thumb drive in which I had downloaded a few programs, but now I realize why. I would not have suspected in a thousand years that CBS or CNet would have whored their followers to such. Few know that Babylon is one of the largest used browsers in the world and has made It’s creator (an Israeli programmer) one of the wealthiest men on the planet. I’ve noticed Babylon has tried to reverse it’s image with a more respectable face but it is still an intrusive pile of crap that boggles internet speeds. I imagine CNet will pay a price for their blatant stupidity and betrayal twards public confidence. How sad.
I am sick of this kind of bullshit that c|net CNET has become. They suck period for a site that one time was legit. The babylon tool bar will completely f**k your firefox install your IE and any other browser it can touch. The easiest way to turn it off in Mozilla is to type about:config in the url and set all references to babylon to false . Or uninstall it. I sent an email to those a$$h0les in Israel that made it. They responded with its easy to uninstall follow these directions. Good luck. CBS who owns CNET now should get to know from its users that no one wants any of these files anymore as its just adware contamination.
Please email the stupid idiots at the top of Â© CBS Interactive Inc.
Snapfiles is another software download site I use sometimes that still doesn’t bundle installer, adware, etc. – just the original software. One of the vanishing few that doesn’t, I’m sorry to say.
I forgot to mention that since this was written another formerly good download site, Softonic, has been infected with the greed of the other big download sites and now bundles their installer with each download I’ve ever tried there, including all the adware of course. At least CNET responded to customer feedback and gave us a backdoor way to download directly. I would love to know if anyone has found a similar direct backdoor on some of the other download sites like Softonic, Softpedia, Tucows, Brothersoft, …
Thanks for any feedback on this, and Martin, thanks for the very informative article on this. I love it when people include a graphical depiction rather than trying to explain it in text, like you did with the CNET direct download link.
Falcon, screenshots help a lot and I try to include them whenever possible to visualize the articles.
For a site that reviews software, this is ridiculous. The installer is a horrendous user experience. It installs multiple pieces of adware if you don’t pay attention and you have to click through each one of the screens to install the product. You cannot minimize the window during the download process, either. If CNET reviewed their own installer, it would get half a star out of 5 stars.
What made me think I could trust CNET for download software? I got my home pages changed, I got unwanted software. I had an attempt on changing search. I got unwanted plugins. All just after a download of a spreadsheet file. I won’t get back the half hour of my time to correct all the crap. Shame on you CNET.
I got a redirect virus(?) malware(?) after downloading an ISO burner from CNET.
I trusted CNET – that’s why I chose the CNET option from the search results.
Immediately after the download was finished, I got a PC Optimizer Pro pop up down by the date/time on my monitor. When I went to search about it online, my Google search home page in FireFox had been changed to Bing but without the usual cool background pic. The search engine(? or url?) has changed from Google.com to SweetSearch to about 3 other things I can’t remember now.
I’m usually pretty good about un-checking pre-filled boxes (like in Java updates), but apparently, I missed this one. If it was there, I never saw it.
Like others, I agree that hiding malware/viruses in an installer should be illegal! EVEN IF YOU CAN OPT OUT. Non pros do not know what they are accepting or opting out of.
That’s playing on the ignorance of the consumer – which is bad business in the long run!
I’ve been battling with it for about 3 weeks now.
I’m going to contact a professional, and that’s going to cost money I don’t have.
I will NEVER, EVER use CNET again unless I’m doing it from a computer belonging to someone I hate. And then, I’ll be doing it for one reason only – to install something BAD on their computer!
Thanks loads, CNET.
May you rot!
It is literally impossible to “cost money that you don’t have,” unless your reaction to the cost is to say, “Fuck!! I don’t have that money!”, and therefore not pay or buy the item. Please do not ever again lie to anyone claiming that you “do not have” money, which you obviously do have, since paying for some thing would obviously otherwise be impossible.
I just wasted 30 minutes removing a firewall app they installed. I was very careful about not accepting their toolbar when I ran the installer, but they installed it and a bunch of other crap anyway. Cnet used to be a reputable site. Not I see it as just another sleazy place to avoid.
Can’t help but wonder how much their antics cost the economy. We should start mailing out junk to the CEO.
Yeah, may CNet and the sordit hot that are at the helm rot in hell!
CNET downloads “spam toolbar installer” is the worst. It has plastered itself all over about 40 of our 55 office machines.
I have to spend each day going from dept to dept and TRYING to uninstall that mess.
Avoid cnet.com and downloads.com
While I’ve been using CNet’s download.com (now download.cnet.com) for more years than I care to remember, I haven’t downloaded anything directly from them in quite some time.
I was about to grab a program update when I spotted their notice that you first had to download CNet’s installer. Downloading an installer in order to download a program with it’s own installer struck me as more than a wee bit odd. Your posts confirmed my suspicion that it’s a CNet adware program.
I will no longer use CNet to download any files whatsoever. I refuse to deal with dishonest companies and I would urge everyone else to do likewise and so advise CNet.
I’m not sure if it continues to be like this, due to not having download software from CNET for a long time now, but when I last did and which is after CNET added its downloader installer, then I’d check the Specifications page, which states the size of the download. If it’s 1 MB, say, when the download of the application you want should be larger, including much larger, then I’d check MajorGeeks.com, f.e., for I’ve never had any problem with MG after a decade or more of using it. I also check TechSupportAlert.com to see what links are provided there for downloads, but if the links aren’t for the authoring website for the software and also aren’t for MG downloads, then I check MG. There’s also snapfiles.com, but I’ll always check MG for third-party website for downloading software because while it doesn’t provide reviews, it’s always provided me with exact downloads.
F.e., download Daum PotPlayer from the official or main download website, download also from MG. You get the same file, an identical match. Softpedia screwed up with a couple of softwares I downloaded, so I may download from the website, but this’ll never be done without also downloading from the author’s website as well as MG. Once that’s done, then I examine the file sizes, and Softpedia has screwed up a couple of times. Since then, some years ago, I only use that website for editor reviews. MG has never screwed up in my experience.
Nonetheless,. the safest approach is to check these and other reputable websites for reviews, user ratings, and download from the author’s website, when and if possible. If it isn’t, then I check MG, first, if I know to want to download the application. If I want reviews, then MG doesn’t provide this at its website, but it has user ratings and MG has a YouTube channel where we can certainly get reviews as well as demos of software. Softpedia sometimes provides editor reviews, as well as user/downloader ratings. Snapfile seems to provide both, but if there’s an editor review, then it isn’t obvious to me. The user comments are, but I’m not sure how to understand the star-based rating at snapfile.com or snapfiles.com. Is it based on what the editors of the website think, or on the user ratings? I’m not sure.
TechSupportAlert.com is worth checking for reviews of free software. I regularly check it for this purpose. If it provides download links at Softpedia, however, then I check MG. Got burned two times with Softpedia and never with MG, so …. One time was for KMPlayer, while the other time was for an anti-malware software from I think Amsisoft, but am not sure if that’s the right name. Until this happened, I downloaded from Softpedia without worry, but getting “burned” twice, we have to be foolish to want a third time. I posted at Softpedia about the anti-malware incident and they deleted my post rather than replying, so this additionally decreased confidence. I’ll still check the website for reviews, but nothing else.
For CNET, I check the full specifications page. If the download file size seems realistic, then I can download it; but, I’ll also download from the author website and usually also from MG. Then I compare the file sizes, run tthem through VirusTotal.com and MalwareBytes Anti-Malware, plus have Malware Defender and WinPatrol installed real-time, in addition to Avir Antivir, free version. Most of this isn’t necessary when downloading from the author website, but some of those have their downloads located at other websites. Also, MG hasn’t let this downlaoder down once; never.
If you don’t check CNET’s full specification page for a download, then you can easily and readily get the CNET download or installation launcher. It’s why it’s necessary to check the download size specified in the specifications page.
I normally skip CNET altogether due to the cnet launcher, but even before this became known for CNET practice, I learned years ago to check the specs page and to compare the file size against those of downloads from other websites. Have your file manager display full details and compare the sizes of downloads of the same application from different websites. Eliminate all those that have a size different from the author website, if the website offers a direct download link. Etc.
It’s a little long for process, but it provides greater assurance, plus the opportunity to compare the reliability of third-party download websites.
Softpedia promptly deleted my expressed concern without explanation, so it’s lost my support; not wholly but nonetheless very.
CNET office should be bombed by a scud missile and its owner castrated and incarcerated for 100 life sentences.