Pay attention when you are downloading FileZilla from the official site - gHacks Tech News

Pay attention when you are downloading FileZilla from the official site

FileZilla is an open source cross-platform file transfer solution that supports FTP, FTPS and SFTP. We have followed the development of the program since 2007 when we published our first FileZilla review here on this site.

The application was selected for the European Union's bug bounty program among other software applications.

The maintainers of the application have released FileZilla Pro, a commercial version with features that add support for WebDAV and several file storage services such as Google Drive, Box, Dropbox, and Microsoft OneDrive.

The main download page offers a download for Windows only; this particular version includes a bundled offer, aka adware. Text on the page highlights this: "This installer may include bundled offers. Check below for more options".

filezilla adware bundleinstaller

If you download the client anyway using that option, you may get a Windows Defender warning about potentially unwanted software. The threat "App:FileZilla_BundleInstaller" is listed with a low severity rating when the file has been scanned by Defender.

It is not possible to run the installer until the file is allowed by an administrator of the system by loading Windows Security from Start, selecting the App:FileZilla_BundleInstaller threat under Virus & Threat protection, and setting it to "allow on device".

However, there is a better option as the project maintains copies of the client version that are adware free. All you need to do is point your browser to the following URL instead: https://filezilla-project.org/download.php?show_all=1

The download page lists downloads for Windows, Mac OS and Linux, and all are free from any bundled additions. The Windows version is offered as a setup version or portable version, and both can be used, as both are free of sponsored content.

You may check the filenames as well to verify that. The version of FileZilla that comes with adware has "sponsored" added to the filename, the clean version names come without the word.

To sum it up: if you have to download FileZilla from the official site, make sure you download the version that does not come with bundled software, that you don't need. If you want an alternative, check out the excellent WinSCP.

Now You: do you use file transfer software? (via Nixcraft/Twitter)

Summary
Pay attention when you are downloading FileZilla from the official site
Article Name
Pay attention when you are downloading FileZilla from the official site
Description
Find out why you should not download the FileZilla software from the main download page, and what you should be doing instead.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Breppo said on March 27, 2021 at 12:25 pm
    Reply

    When I was webmaster for a football club we had a license for CuteFTP.
    Nowadays as a mere “civilian” I’ve been looking for an alternative to CuteFTP and I ended up using WinSCP for file transfers between my PC and external hard disks hooked up to a Raspberry Pi 400.
    Tried FileZilla and Cyberduck, but both are not as flexible and easy to use as WinSCP. IMHO.

  2. Pedro said on March 27, 2021 at 1:28 pm
    Reply

    WinSCP is better, actually offers a dark mode, and the developer isn’t rude to users that asked him for one like the Filezilla dev did.

    1. Salvatore said on March 28, 2021 at 8:53 am
      Reply

      I have your back and you have mine.
      WinSCP is the best client.

  3. Ayy said on March 27, 2021 at 5:24 pm
    Reply

    Funny you mention that, I remember years back when users asked FileZilla to stop storing passwords in plaintext the developer scoffed at the idea and said if you get owned its your own fault. That kind of arrogance led me to switch to FlashFXP and then FTPRush.

    Doesn’t surprise me in the slightest that the developer would, years later be bundling malware with his product to make money.

    1. John Wold said on March 28, 2021 at 4:51 am
      Reply

      I also remember him defending the adware installer and banning people from the filezilla forums.

      During that time, there were no clean installers.

      I started using WinSCP, which uses some of the filezilla code but integrates better with SFTP/SSL connections with Putty.

  4. hg said on March 27, 2021 at 5:34 pm
    Reply

    haven’t used a ftp client in over a decade or more, used to use flashfxp. just googled it for nostalgia and apparently the guy has been in jail for a few years already.

  5. Martin P. said on March 27, 2021 at 5:36 pm
    Reply

    This deception has been going on for a long time. It’s too bad that, sometimes, developpers take this download model to generate some revenue but, at least, with Filezilla, clean downloads are offered. It not always the case with other software and I stay well away from these.

    Filezilla still remains an excellent piece of software, without bundleware that is.

    1. DrKnow said on March 28, 2021 at 1:12 am
      Reply

      And WinSCP is better. Workspaces are superb.

      You really should try it, if you still use Filezilla.

      1. Martin P. said on March 28, 2021 at 4:22 pm
        Reply

        @DrKnow

        Will do. Thanks.

  6. VioletMoon said on March 27, 2021 at 6:02 pm
    Reply

    Nice to have a watchdog reminding those who download programs to read before downloading; in this case, there isn’t a malicious, nefarious attempt to sucker those who download the program. The developers post it in BOLD letters:

    “This installer may include bundled offers. Check below for more options.”

    Show additional download options.

    Click–more options available.

    Even if one were to click on the Filezilla Pro link, he/she is taken to a payment page.

    A rather patronizing attitude because it’s implausible that gHacks readers would download the program with so many obvious clues about the Pro version.

    1. Robert Morris said on March 29, 2021 at 3:39 am
      Reply

      Found Tim Kosse’s account.

  7. Paul(us) said on March 27, 2021 at 6:26 pm
    Reply

    When I started up my FTP program today I received automatically, the not even on the download page visible, the latest release version. Named: FileZilla_3.53.1_win64-setup when i started up FTP.

  8. Peterc said on March 27, 2021 at 6:49 pm
    Reply

    I’m curious whether Unchecky intercepts and unchecks FileZilla’s bundled offers. (I don’t currently have a need for this kind of software, so I’m not going to test it myself.)

    The only “file-transfer” software I’ve used recently is OnionShare and TeamViewer’s file/folder transfer function, so … more “user to user” than “user to server.” OnionShare is (ostensibly) private, but not a speed demon, and I *have* run into a couple of minor bugs. TeamViewer *is* a speed demon, seemingly limited only by available bandwidth on both ends, but I’m guessing TeamViewer can monitor what you’re transferring if it wants to. In short, I send my public-domain wallpapers via TeamViewer, and my secret plans for world domination via OnionShare.* ;-)

    *Seriously, though, I’m fed up with blanket mass surveillance. As Snowden said, “Saying you don’t care about privacy because you have nothing to hide is like saying you don’t care about freedom of speech because you have nothing to say.” Basta.

    1. owl said on March 29, 2021 at 4:11 am
      Reply

      @Peterc,
      > I don’t currently have a need for this kind of software, so I’m not going to test it myself.
      > *Seriously, though, I’m fed up with blanket mass surveillance. As Snowden said, “Saying you don’t care about privacy because you have nothing to hide is like saying you don’t care about freedom of speech because you have nothing to say.” Basta.

      I completely agree with you!
      However, “dignity of privacy” is not only the cunning of vendors, but also the indifference of home users.
      The apathy of the users is really disheartening.
      https://www.ghacks.net/2021/03/25/the-curious-case-of-clearurls-removal-from-the-google-chrome-webstore/#comment-4490214

  9. Anonymous said on March 27, 2021 at 10:51 pm
    Reply

    Those bastards think they are allowed to put ads on the browser startpage, get paid to choose a nasty search engine for us, spy on us without consent, and download more adware from their adware. I’m glad it’s detected as a threat. Firefox does that too btw but is not detected.

  10. Jeff M.S. said on March 28, 2021 at 6:39 am
    Reply

    FileZilla’s developer is a jerk. I moved to WinSCP not back.

  11. Jeff M.S. said on March 28, 2021 at 6:40 am
    Reply

    long* back.

  12. Yuliya said on March 28, 2021 at 7:26 am
    Reply

    Good on Microsoft/Windows Dedender not tolerating PUPs. I’ve been using WinSCP for over a decade I think. Incidentally it’s been this long since I’ve had to deal with FileZilla.

  13. X said on March 28, 2021 at 1:39 pm
    Reply

    Does the Linux version from various distribution’s repositories also suffer the same? Or is it clean? How would we know?

  14. Anonymous said on March 28, 2021 at 3:12 pm
    Reply

    I’m happy with Filezilla. I didn’t even know there was a Pro version.

  15. Anonymous said on March 28, 2021 at 10:37 pm
    Reply

    Why use that junk when there’s WinSCP?

  16. diamond said on March 28, 2021 at 10:51 pm
    Reply

    Not really surprised, I switched to WinSCP because there’s no way I could trust it. The developer is a jerk.

  17. Jeremy said on March 29, 2021 at 1:42 am
    Reply

    Crossing fingers that winrar doesn’t go down this path.

  18. Yet Another Jason said on March 29, 2021 at 4:58 pm
    Reply

    See, this is why I keep coming back to ghacks. The tech news from Martin is nice but the user comments often give me so much more!

    I used FileZilla a lot in the late 2000s and remember it as a nice little utility program. I had no idea the developer was so pissy about everything :) and I also had never heard of WinSCP. Thanks, ghacks commenters!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.