Internet download directory
CNET Download
(originally
Download.com
) is an
Internet
download
directory
website
launched in 1996 as a part of
CNET
. Initially it resided on the domain
download.com
, and then
download.com.com
for a while, and is now
download.cnet.com
. The domain
download.com
attracted at least 113 million visitors annually by 2008 according to a
Compete.com
study.
[2]
Overview
[
edit
]
The offered content is available in four major categories:
software
(including Windows, Mac and mobile),
music
,
games
, and
videos
, offered for download via
FTP
from Download.com's
servers
or third-party servers. Videos are streams (at present) and music was all free
MP3
downloads, or occasionally
rights-managed
WMAs
or streams until it was replaced with
last.fm
.
The Software section includes over 100,000
freeware
,
shareware
, and try-first downloads. Downloads are often rated and reviewed by editors and contain a summary of the file from the software publisher. Registered users may also write reviews and rate the product. Software publishers are permitted to distribute their titles via CNET's Upload.com site for free, or for a fee structure that offers enhancements.
Up until 2015 CNet used Spigot Inc to monetize the traffic to download.com. According to Sean Murphy, then a General Manager at CNet, "Spigot continues to be a great partner to Download.com, sharing our desire to balance customer experience with revenue."
[3]
Malware distribution
[
edit
]
In August 2011, Download.com introduced an installation manager called CNET TechTracker for delivering many of the software titles from its catalog.
[4]
This installer included trojans and
bloatware
, such as
toolbars
.
[5]
[6]
[7]
CNET admitted in their download FAQ that "a small number of security publishers have flagged the Installer as
adware
or a
potentially unwanted application
".
[8]
In December 2011,
Gordon Lyon
, writing under his pseudonym
Fyodor
wrote of his strong dislike of the installation manager and the bundled software. His post was very popular on social networks, and was reported by a few dozen media. The main problem is the confusion between the content offered on Download.com
[9]
[10]
and the software offered by the original authors; the accusations included deception as well as copyright and trademark violation.
[10]
In 2014,
The Register
and
US-CERT
warned that via download.com's "
foistware
", an "attacker may be able to download and execute arbitrary code".
[11]
In 2015, research by
Emsisoft
suggested that all free download portals bundled their downloads with potentially unwanted software, and that Download.com was the worst offender.
[12]
A study done by How-To Geek in 2015 revealed that Download.com was packaging malware inside their installers. The test was done in a
virtual machine
where the testers downloaded the Top 10 apps. These all contained crapware/malware; one example was the KMPlayer installer, which installed a
rogue antivirus
named 'Pro PC Cleaner' and attempted to execute
WajamPage.exe
. Some downloads, specifically YTD, were completely blocked by
Avast.
[13]
Another study done by How-To Geek in 2015 revealed that Download.com was installing fake
SSL certificates
inside their installers, similar to the
Lenovo
Superfish
certificate. These fake certificates can completely compromise SSL encryption and allow
man-in-the-middle attacks
.
[14]
However, in July 2016, How-To Geek discovered that Download.com no longer included adware/malware in its downloads and that its Installer program had been discontinued.
[15]
References
[
edit
]
- ^
"Download.com WHOIS, DNS, & Domain Info - DomainTools"
.
WHOIS
. Retrieved
2016-07-20
.
- ^
"Download.com attracts over 100m visitors yearly"
. Archived from
the original
on 2011-08-13
. Retrieved
2008-05-15
.
- ^
"Search Extensions"
. Archived from
the original
on March 16, 2015
. Retrieved
May 4,
2015
.
- ^
"Download App - Free download and software reviews - CNET Download.com"
. Cnet.com
. Retrieved
2015-05-04
.
- ^
"Download.com wraps downloads in bloatware, lies about motivations"
. ExtremeTech
. Retrieved
2015-05-04
.
- ^
Neal, Dave (December 6, 2011).
"Cnet is accused of bundling malware with downloads"
. The Inquirer. Archived from the original on January 7, 2012
. Retrieved
May 4,
2015
.
{{
cite web
}}
: CS1 maint: unfit URL (
link
)
- ^
Parrish, Kevin (December 7, 2011).
"CNET Accused of Bundling Software Downloads with Trojans"
. Tom's Guide
. Retrieved
May 4,
2015
.
- ^
"CNET Download Installer"
. Archived from
the original
on 2019-05-18
. Retrieved
2019-05-18
.
- ^
Brian Krebs
(2011-12-06).
"Download.com Bundling Toolbars, Trojans?"
.
Krebs on security
. Retrieved
2015-05-04
.
- ^
a
b
Gordon Lyon
(2012-06-27).
"Download.com Caught Adding Malware to Nmap & Other Software"
. Retrieved
2015-05-04
.
we suggest avoiding CNET Download.com entirely
- ^
Darren Pauli (2014-07-08).
"Insecure AVG search tool shoved down users' throats, says US CERT"
. The Register
. Retrieved
2015-05-04
.
Sneaky 'foistware' downloads install things you never asked for
- ^
"Mind the PUP: Top download portals to avoid"
. EMSISOFT. March 11, 2015
. Retrieved
May 4,
2015
.
- ^
Lowell Heddings (2015-01-11).
"Here's What Happens When You Install The Top 10 Download.com Apps"
. How-To Geek
. Retrieved
June 20,
2015
.
- ^
Lowell Heddings (2015-02-23).
"Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware"
. How-To Geek
. Retrieved
January 6,
2016
.
- ^
Chris Hoffman (2016-07-27).
"Download.com Has Finally Stopped Bundling Crapware"
. How-To Geek
. Retrieved
August 8,
2016
.
|
---|
CNET Media Group
| |
---|
Healthline Media
| |
---|
Other assets
| |
---|
Defunct/
former assets
| |
---|