Brian Krebs, who writes the Krebs on Security website, points out Dec. 6th, that CBS/CNET's Download.com site now uses a downloader program that frequently includes the preselected option to install unnecessary "toolbars" or other "invasive or annoying" programs that many long time computer users frankly call "crapware." You can read the full article at: http://krebsonsecurity.com/2011/12/download-com-bundling-toolbars-trojans/I've also recommended Download.com as a convenient and safe source for home users and seniors to download software. However, Krebs' testing found that some of the extra programs were tagged as malware by more than one antivirus program. At least one of the extras was difficult to remove. Krebs even included an explanation from CNET as to why extra programs are bundled with the program you actually requested.
New Christmas computers are a prime target for multiple downloads of games, and utilities after Christmas. But this Christmas, remember Krebs reexamination of one of the most popular download sites and carefully consider his advice:
"...In the meantime, it’s always a good idea to download software directly from the source whenever possible, and to pay close attention to the prompts during the installation process."Very good advice indeed. And as an old-timer myself, I've been burned often enough that I now carefully look for the extra little check marks in fine print during installation process of any downloaded software. Just be cautious and do try to go to the original source of the software if you can.
UPDATE: 12/09/11- Insecure.org also has a news page with more information on the additional software and changes added by CNET's Download.com. You can find the executive summary, and a list of related web posts concerning the topic at: http://insecure.org/news/download-com-fiasco.html
Gordon Lyon, developer of NMap and other security projects, also suggests downloading software applications from their official sites or more ethical aggregators such as FileHippo, Ninite or Softpedia.
