Hacker News new | comments | ask | show | jobs | submit login

No way I'm supporting this kind of behavior. Can you suggest an alternative to FileZilla ?

I use WinSCP. I cannot say much about technical differences, but it has worked well for me.

Also, PuTTY comes with a SFTP/SCP client, and unless there are strong reasons you cannot use SFTP, it is a lot better than FTP, security-wise (does not transmit passwords in plain text and allows using cryptographic keys rather than passwords; in fact, on OpenSSH you can configure the server to deny password authentication completely; and the entire connection is encrypted, of course).

It's funny I already use WinSCP but for SSH and SFTP connexions to Linux servers, it didn't even occurs to me that I could use it for regular FTP too. Thanks.


They have some issues with SSL certificate, though.

Cyberduck refuses to implement a two pane interface with a local browser.


Juggling multiple windows is really annoying. The entire UI is awful besides that also.

I don't know why you were downvoted, will check it, thanks.

FlashFXP - been using it since 1999, still love it

FlashFXP doesn't support simultaneous connections.

The problem is not FileZilla, but SourceForge. They do this to all their files.

That's not quite accurate... FileZilla has opted into the bundle-with-crapware program [1] to make some money.

[1] https://news.ycombinator.com/item?id=8849950

Not only that, but the FileZilla Admin is posting in that thread denying any claim that there is anything wrong with the installer, despite repeated reports from multiple users.

FileZilla is maintained by people who want to push spyware to you because it's how they get paid. This isn't an accident.

SourceForge are adding the malware but the FileZilla people are acting as if it's not a problem and refusing to help people / accept that there is an actual virus in the executable they link on their site.

"It's not our problem, it's SourceForge" - stop f'ing using SourceForge then!

Their ambivalence and complicity in distributing this malware is probably the behaviour GP was talking about.

I had contacted FileZilla's developer about this back in 2014.

He let me know that bundling crapware was "intentional"


His statement about alternate download links was also incorrect, because I was asking about Filezilla server, which I could not find anywhere but sourceforge.

Does it mean that I have this crap installed since at least 2014 on all computers at work and Sophos didn't detect it ?

According to this [1] Sophos can detect it:

[1] https://www.virustotal.com/en/file/16e0ecda06ed98f835e449e1e...

The problem is that Google still rank SourceForge highly.

If Google ranked them down, then they harm would be limited.

you can install Filezilla from Ninite. https://ninite.com/

Well - you are trusting that Ninite doesn't include any crapware / malware, but until now I didn't had any problems with it. Makes updating Java Runtime much nicer too.

I think you can avoid the virus by downloading the zip but as I said I don't want to support this kind of behavior, so I have uninstalled Filezilla from my computer and will uninstall it on all computers at work too.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact