Re: [fyodor@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-... In case no one saw this yet. -Kyle
Kyle Duren wrote:
http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-...
In case no one saw this yet.
-Kyle
Sean's apology for their 'mistake' rings hollow. They've had almost 4 months to implement a solution to rectify these 'mistakes', but chose to ignore it until the uproar caused by the nmap community. http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-b... It's always about the Money. --Michael
On Thu, Dec 8, 2011 at 7:00 PM, Michael Painter <tvhawaii@shaka.com> wrote:
Sean's apology for their 'mistake' rings hollow. They've had almost 4 months to implement a solution to rectify these 'mistakes', but chose to ignore it until the uproar caused by the nmap [snip]
I would say it doesn't read 'unhollow' It's just plain inadequate and doesn't do anything to settle the concerns, whether you accept the apology as sincere or not. Yes, it is obviously a mistake... but the clear mistake is not a technical one of "bundling an open source application"; the mistake is actually a bad decision. The decision to "bundle" anything; something they obviously haven't admitted yet is a bad practice or failure in judgement. Apparently they don't comprehend that, if you are a download repository, you don't surprise your users by tampering with files, regardless of whether the application is open source or proprietary. Oh.. that they apologized about one thing, essentially means they admit the existence of the other bad thing that they don't apologize for. Their explanation of the problem is they don't intend to bundle open source software. Well, that implies there _ARE_ things they intend to tamper with the file for by bundling in their own installer. Otherwise they wouldn't have written the bundling system in the first place. I'm saying... if Download.com wanted to continue to be a trusted download site, they shouldn't have been tampering with any author application files, whether open source or not. They got caught red-handed. The de facto admission that they do ever, has one simple implication... Download.com is simply not to be trusted, anymore, to not bundle executables with unknown software. In my book, nothing download.com does can redeem their trust at this point, they destroyed their sites and CNET's status permanently; end users need to be warned that they are no longer safe for any download, even "known programs", period. -- -JH
participants (3)
-
Jimmy Hess
-
Kyle Duren
-
Michael Painter