Pay attention when you are downloading FileZilla from the official site
FileZilla is an open source cross-platform file transfer solution that supports FTP, FTPS and SFTP. We have followed the development of the program since 2007 when we published our first FileZilla review here on this site.
The application was selected for the European Union's bug bounty program among other software applications.
The maintainers of the application have released FileZilla Pro, a commercial version with features that add support for WebDAV and several file storage services such as Google Drive, Box, Dropbox, and Microsoft OneDrive.
The main download page offers a download for Windows only; this particular version includes a bundled offer, aka adware. Text on the page highlights this: "This installer may include bundled offers. Check below for more options".
If you download the client anyway using that option, you may get a Windows Defender warning about potentially unwanted software. The threat "App:FileZilla_BundleInstaller" is listed with a low severity rating when the file has been scanned by Defender.
It is not possible to run the installer until the file is allowed by an administrator of the system by loading Windows Security from Start, selecting the App:FileZilla_BundleInstaller threat under Virus & Threat protection, and setting it to "allow on device".
However, there is a better option as the project maintains copies of the client version that are adware free. All you need to do is point your browser to the following URL instead: https://filezilla-project.org/download.php?show_all=1
The download page lists downloads for Windows, Mac OS and Linux, and all are free from any bundled additions. The Windows version is offered as a setup version or portable version, and both can be used, as both are free of sponsored content.
You may check the filenames as well to verify that. The version of FileZilla that comes with adware has "sponsored" added to the filename, the clean version names come without the word.
To sum it up: if you have to download FileZilla from the official site, make sure you download the version that does not come with bundled software, that you don't need. If you want an alternative, check out the excellent WinSCP.
Now You: do you use file transfer software? (via Nixcraft/Twitter)
thank you for the work
Even if you say “no” to all the bloatware inside Filezilla these days… you’ll STILL get the bloatware. (Why would they want to lose thousands of dollars by actually allowing you to *NOT* install their bloatware?)
See, this is why I keep coming back to ghacks. The tech news from Martin is nice but the user comments often give me so much more!
I used FileZilla a lot in the late 2000s and remember it as a nice little utility program. I had no idea the developer was so pissy about everything :) and I also had never heard of WinSCP. Thanks, ghacks commenters!
Crossing fingers that winrar doesn’t go down this path.
Not really surprised, I switched to WinSCP because there’s no way I could trust it. The developer is a jerk.
Why use that junk when there’s WinSCP?
I’m happy with Filezilla. I didn’t even know there was a Pro version.
Does the Linux version from various distribution’s repositories also suffer the same? Or is it clean? How would we know?
Good on Microsoft/Windows Dedender not tolerating PUPs. I’ve been using WinSCP for over a decade I think. Incidentally it’s been this long since I’ve had to deal with FileZilla.
long* back.
FileZilla’s developer is a jerk. I moved to WinSCP not back.
Those bastards think they are allowed to put ads on the browser startpage, get paid to choose a nasty search engine for us, spy on us without consent, and download more adware from their adware. I’m glad it’s detected as a threat. Firefox does that too btw but is not detected.
I’m curious whether Unchecky intercepts and unchecks FileZilla’s bundled offers. (I don’t currently have a need for this kind of software, so I’m not going to test it myself.)
The only “file-transfer” software I’ve used recently is OnionShare and TeamViewer’s file/folder transfer function, so … more “user to user” than “user to server.” OnionShare is (ostensibly) private, but not a speed demon, and I *have* run into a couple of minor bugs. TeamViewer *is* a speed demon, seemingly limited only by available bandwidth on both ends, but I’m guessing TeamViewer can monitor what you’re transferring if it wants to. In short, I send my public-domain wallpapers via TeamViewer, and my secret plans for world domination via OnionShare.* ;-)
*Seriously, though, I’m fed up with blanket mass surveillance. As Snowden said, “Saying you don’t care about privacy because you have nothing to hide is like saying you don’t care about freedom of speech because you have nothing to say.” Basta.
@Peterc,
> I don’t currently have a need for this kind of software, so I’m not going to test it myself.
> *Seriously, though, I’m fed up with blanket mass surveillance. As Snowden said, “Saying you don’t care about privacy because you have nothing to hide is like saying you don’t care about freedom of speech because you have nothing to say.†Basta.
I completely agree with you!
However, “dignity of privacy” is not only the cunning of vendors, but also the indifference of home users.
The apathy of the users is really disheartening.
https://www.ghacks.net/2021/03/25/the-curious-case-of-clearurls-removal-from-the-google-chrome-webstore/#comment-4490214
When I started up my FTP program today I received automatically, the not even on the download page visible, the latest release version. Named: FileZilla_3.53.1_win64-setup when i started up FTP.
Nice to have a watchdog reminding those who download programs to read before downloading; in this case, there isn’t a malicious, nefarious attempt to sucker those who download the program. The developers post it in BOLD letters:
“This installer may include bundled offers. Check below for more options.”
Show additional download options.
Click–more options available.
Even if one were to click on the Filezilla Pro link, he/she is taken to a payment page.
A rather patronizing attitude because it’s implausible that gHacks readers would download the program with so many obvious clues about the Pro version.
Found Tim Kosse’s account.
This deception has been going on for a long time. It’s too bad that, sometimes, developpers take this download model to generate some revenue but, at least, with Filezilla, clean downloads are offered. It not always the case with other software and I stay well away from these.
Filezilla still remains an excellent piece of software, without bundleware that is.
And WinSCP is better. Workspaces are superb.
You really should try it, if you still use Filezilla.
@DrKnow
Will do. Thanks.
haven’t used a ftp client in over a decade or more, used to use flashfxp. just googled it for nostalgia and apparently the guy has been in jail for a few years already.
Funny you mention that, I remember years back when users asked FileZilla to stop storing passwords in plaintext the developer scoffed at the idea and said if you get owned its your own fault. That kind of arrogance led me to switch to FlashFXP and then FTPRush.
Doesn’t surprise me in the slightest that the developer would, years later be bundling malware with his product to make money.
I also remember him defending the adware installer and banning people from the filezilla forums.
During that time, there were no clean installers.
I started using WinSCP, which uses some of the filezilla code but integrates better with SFTP/SSL connections with Putty.
WinSCP is better, actually offers a dark mode, and the developer isn’t rude to users that asked him for one like the Filezilla dev did.
I have your back and you have mine.
WinSCP is the best client.
When I was webmaster for a football club we had a license for CuteFTP.
Nowadays as a mere “civilian” I’ve been looking for an alternative to CuteFTP and I ended up using WinSCP for file transfers between my PC and external hard disks hooked up to a Raspberry Pi 400.
Tried FileZilla and Cyberduck, but both are not as flexible and easy to use as WinSCP. IMHO.