Here’s why we’re not too worked up over CNET’s download “malware”

CNET Download.com‘s proprietary software installer downloads “special offer” toolbars and software that some businesses are calling malware. The company has made changes to let people opt out, but according to security software company Nmap, that isn’t enough.

Since Download.com released its installer in July, people have complained about the “special offers” portion. At the beginning, the installer took you through a couple of steps, including one that offered to install a toolbar or new homepage for advertising purposes. At that time, the customer could only click “next” if they wanted to complete the download (see screenshot right). Once done, the installer would change your homepage or launch a toolbar the next time you opened your Internet browser.¬†Since users couldn’t opt-out, they found the process skeevy. CNET was effectively force feeding advertising to users.

The proprietary installer is only available on some software, and customers who don’t wish to use it can use the software’s download URL to bypass it. After taking some heat from its original design, CNET changed its installer to include a “decline” button on the special offers page. But Nmap founder, and self proclaimed hacker of the good kind, Gordon Lyon is still upset with the use of the installer on his software.

CNET explains the special offers in its FAQ section:

“Users will encounter a single offer during their download, which is clearly disclosed and provides the option to accept or decline it before proceeding with the download. We only show offers for software that is approved for listing on Download.com [and] has undergone additional screening to ensure compliance with the Download.com Software Policies.”

For Lyon, it’s not about the decline option, but more about the branding of his company’s name on the installer and the quick-clicking nature of people trying to get through the download cycle.

“The idea is they know people just click through installers,” Lyon explained in an interview with VentureBeat. “They’re trying to get as many people as possible to fall for this.”

How many times have you clicked the “okay” button to get off an interrupting screen and get back to what you were doing? Lyon doesn’t believe the “decline” button helps at all as it is off to the left side of the installer box, with the “accept” and “close” buttons off to the right (see screenshot below). He expects many will bypass decline button and then be annoyed to find the new content on their computer.

CNET Nmap“Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs!” Lyon wrote in a blog post. “The worst thing is that users will think we (Nmap Project) did this to them!”

Another of Lyon’s gripes is that the “Nmap” verbiage is used on each page of the CNET installer, leading consumers to think Nmap is in some way associated with the special offer company, in this case Microsoft Bing. He even goes so far as to call this “trademark violation” and asks for US copyright attorney suggestions at the end of his post.

Lyon also points out that after sending the installer to VirusTotal.com, security companies McAfee, Panda, F-Secure and seven others determine the executable, or code that tells a computer to perform a set of commands, is malware. Eight of these define it as a Trojan. Trojans, at their core, are meant to seem as if they’re performing one approved act, while in the background they steal information or install unwanted software.

“One of the main draws of the site was that they checked the software and made sure it was clean, and doesn’t install any of this crap on your machine,” said Lyon of Download.com’s popularity. “I consider it a trojan because it comes along for the ride with the software we created.”

Part of that popularity came from an Adware and Spyware zero-tolerance policy, which Download.com took on in 2005. The policy banned all bundled adware packages.

At this point, the installer is still a headache for businesses that don’t want to be associated with the special offers, although CNET has taken some steps to alleviate its own liability. Business that don’t want their software installed with CNET’s proprietary installer can request to opt-out, though CNET says it will review these requests on a case-by-case basis.

In general, the issue shows that proprietary installers can easily hide instructions to push content or software onto your computer without your knowledge. Make sure you always know what you’re clicking and don’t get trigger happy with the mouse.

We have reached out to CBS Interactive, CNET’s parent company for comment and will update upon hearing back.

[First screen shot via gHacks, second screen shot via Nmap]


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.