I think Softpedia and FileHippo are the only big sites left not doing this ridiculous practice. I'm debating whether or not to pull the application listing. What do you guys think?
The benefit of our freeware not being open source is that we retain full control over distribution and packaging. Unlike nmap and others, we actually have a legal right to demand that CNet, et. al. either host the unaltered EXE or pull their listing.
I have just sent CNet a "cease and desist"-ish open letter, which we've also published on our blog. We will be forwarding this to any and all download sites we find bundling EasyBCD with their intrusive downloaders and installers, as that goes explicitly against the products' licensing agreements, which are there to prevent exactly this type of behavior.
tl;dr of link: C&D bundling of EasyBCD with installers and downloaders or pull the listing.
Perhaps the easiest way of doing it is to actually put the restriction on the trademarked name, forcing them to distribute it under a different, likely unrecognized, name if they want to change the officially distributed package.
(What would Microsoft's reaction be if BestBuy modified Office to install iTunes?)
This isn't correct. Having open source software only means that you have to provide a way to get the source (for example, a download link, or an email address to contact; note you don't have to provide the source itself directly). You can control the branding of your application so only the official bundle can be distributed under your applications's name.
If you take a look at Mozilla Firefox, it can only be branded as such if it hasn't been modified. If you do modify it, you have to turn off branding, and you get a generic globe icon with the development name. This only applies to the program itself however, not the installer. For your case you could probably mandate that distribution of a binary installer with your application name must be your official installer.
The gallery link appears to 404:
BTW, here's a discussion about this from ~three months ago:
Would be a good community project which would likely attract the kinds of people who use nmap anyway.
Debian has a social contract (http://www.debian.org/social_contract ), a constitution (http://www.debian.org/devel/constitution ), and a policy (http://www.debian.org/doc/debian-policy/). Each of these serves to describe what the Debian Project does, and more importantly, doesn't do. The social contract clearly states "Our priorities are our users and free software". Software which violates this principle will, at the very least, generate rancorous debate, if not be pulled outright. Odds are very good that behavior such as that CBSi / CNET / Download.com has exhibited would NOT be tolerated.
This is among the key benefits of using Free Software (in the FSF sense). You aren't the enemy or product of your software vendor. You are the goal.
I've got very strong reasons for believing that the Microsoft Windows applications model is fundamentally and philosophically incompatible with this mode of operation.
The Mac world seems slightly better, but it's likewise got some serious conflicts of interest, though there's far less a record of useless OEM bundling (forbidden by Apple) and force / drive-by installs. Mostly due to Apple's very focused attention on the end-user experience, if not freedom.
I downloaded VLC to my netbook through apt-get and ran it from the terminal. When run from the terminal it was outputting errors like the below (not actual domains):
cannot reach 442g.com => skipping...
cannot reach muzak.com => skipping...
cannot reach 3g3.com => skipping...
cannot reach gewedw.com => skipping...
cannot reach ewfr.com => skipping...
I've always wondered why but never really looked into it.
I knew at that moment that Sun had lost its self respect and had no credible strategy for Java. I immediately went back to developing C++ for MS Windows and Perl for Linux.
Rest assured that they have now ceased this insane pratice.
Now the JRE installer force install the Ask Toolbar instead.
That's why companies trying to increase revenues are continually blind sided when their actions outrage people.
(a) Vendors are looking to make money (simply speaking) and bundling crapware is a low-hanging fruit to do so. They have a choice between making $X per customer and $X+30 cents. Which choice should they pick?
(b) Users are not savvy or discerning enough to notice that they are getting the said crapware. We, techies, care. Do mainstream users care? They buy a new computer (or download an app), and they get the computer or the app, as far as they are concerned. How can grandma know that the "monthly anti-virus subscription" popup is "unwanted"?
People will buy/download from $VENDOR with or without crapware. Companies want to make more money and they have no reason to be "good." They gain more than they can lose. Until these variables change (say, if users revolt, or class action suits arise, or $CONGRESS_PERSON complains, or advertising revenue somehow diminishes, etc.), this will sadly keep on happening.
What about all the the open source projects hosted there? A quick search shows that they offer VLC and Firefox - are they clean?
I've just discovered that C|Net's Download.Com site has started
wrapping their Nmap downloads (as well as other free software
O how the mighty have fallen.
For CNet to make money on the deal, Microsoft would need a way to attribute the increased traffic to CNet. If Microsoft is paying them significant sums and yet remaining willfully ignorant of the means, then Microsoft is no better than your bottom feeding pay-per-install malware services.
The fact that we're even discussing Microsoft's reputation in this way is what led me to say "O how the mighty have fallen." It's quite sad IMHO.
Hope it was worth it.
What stops them from doing it again a month later?
According to Alexa, somewhere between 0.6% and 0.8% of the entire web goes there every day.
"The StartNow Start page is owned and operated by Zugo Ltd, a start page platform company. Our start pages are usually official operated on behalf of one of our clients or partners. Some pages may be "unofficial" and in support of/dedicated to improving the user experience for an existing product or extending a product's existing functionality."
This sounds like really bad PR for Microsoft. I wonder what they will do.
Given the cheapness of s3 storage and such-like I'd say it's smart to avoid hosting on download sites in general.
Technically speaking Download.com is not modifying the original EXE file as some people alleged but using an 'download manager' to intermediate the download of the file.
The bundled 'malware' comes inside this intermediary application and does not touch the original installer other than downloading it to the disk.
No wonder everybody complains about Windows being slow and full of popups and spam, almost everything you try and install on it seems to want to also install some free trial/browser toolbar/sign up for some online service etc.
"6. User Submissions
Some of the Services may allow you to submit or transmit audio, video, text, or other materials (collectively, “User Submissions”) to or through the Services. When you provide User Submissions, you grant to CBS Interactive, its parent, subsidiaries, affiliates, and partners a non-exclusive, worldwide, royalty-free, fully sublicenseable license to use, distribute, edit, display, archive, publish, sublicense, perform, reproduce, make available, transmit, broadcast, sell, translate, and create derivative works of those User Submissions, and your name, voice, likeness and other identifying information where part of a User Submission, in any form, media, software, or technology of any kind now known or developed in the future, including, without limitation, for developing, manufacturing, and marketing products. You hereby waive any moral rights you may have in your User Submissions."
Many anti-virus software packages flag nmap, netcat & other network utilities as malware.
Thankful for apt-get install beauty.
"We remove the installer from pretty much all publishers who request it removed, and the wrapping of nmap was an error. Fyodor has been contacted and had the issue explained. The Download.com Installer has been removed from the product, and we shouldn't be wrapping open-source software. It was a mistake and when Fyodor contacted us, we fixed it."
I believe it goes like this:
- User clicks on link to download software
- User is being asked to install Cnet download manager
- Download manager downloads more software, including the crapware
Because the actual download does not happen on the Cnet site, it does not gets marked as a distributor.
I can be wrong though, this is just my hypothesis of what is happening.
This is indistinguishable from malware.