Download.com
Type of site | Downloads |
---|---|
Owner | CBS Interactive |
Created by | CNET |
Website | Download.cnet.com |
Alexa rank | 12,448 (April 2014)[1] |
Commercial | Yes |
Registration | Optional |
Launched | February 24, 1996[2] |
Current status | Active |
Download.com is an Internet download directory website launched in 1996 as a part of CNET. Originally, the domain was download.com and is now download.cnet.com. The domain download.com attracted at least 113 million visitors annually by 2008 according to a Compete.com study.[3]
Overview
The offered content is available in four major categories: software (including Windows, Mac and mobile), music, games, and videos, offered for download via FTP from Download.com's servers or third-party servers. Videos are streams (at present) and music was all free MP3 downloads, or occasionally rights-managed WMAs or streams until it was replaced with last.fm.
The Software section includes over 100,000 freeware, shareware, and try-first downloads. Downloads are often rated and reviewed by editors and contain a summary of the file from the software publisher. Registered users may also write reviews and rate the product. Software publishers are permitted to distribute their titles via CNET's Upload.com site for free, or for a fee structure that offers enhancements.
CNet uses Spigot Inc to monetize the traffic to download.com. According to Sean Murphy, a General Manager at CNet, "Spigot continues to be a great partner to Download.com, sharing our desire to balance customer experience with revenue."[4]
Malware distribution
In August 2011, Download.com introduced an installation manager called CNET TechTracker for delivering many of the software titles from its catalog.[5] This installer was accused of potentially including trojans, and was also accused of containing bloatware, such as toolbars.[6][7][8] CNET admits in their download FAQ that "a small number of security publishers have flagged the Installer as adware or a potentially unwanted application". [9]
See also
References
- ↑ "Download.com Site Info". Alexa Internet. Retrieved 2014-04-01.
- ↑ "Download.com WHOIS, DNS, & Domain Info - DomainTools". WHOIS. Retrieved 2016-07-20.
- ↑ Download.com attracts over 100m visitors yearly
- ↑ "Search Extensions". Archived from the original on March 16, 2015. Retrieved May 4, 2015.
- ↑ "Download App - Free download and software reviews - CNET Download.com". Cnet.com. Retrieved 2015-05-04.
- ↑ "Download.com wraps downloads in bloatware, lies about motivations". ExtremeTech. Retrieved 2015-05-04.
- ↑ Neal, Dave (December 6, 2011). "Cnet is accused of bundling malware with downloads". The Inquirer. Retrieved May 4, 2015.
- ↑ Parrish, Kevin (December 7, 2011). "CNET Accused of Bundling Software Downloads with Trojans". Tom's Guide. Retrieved May 4, 2015.
- ↑ best pc cleaner
In December 2011, Gordon Lyon, writing under his pseudonym Fyodor published his strong dislike of the installation manager and concerns over the bundled software, causing many people to spread the post on social networks, and a few dozen media reports. The main problem is the confusion between Download.com-offered content<ref>{{cite web|url=http://krebsonsecurity.com/2011/12/download-com-bundling-toolbars-trojans/|title=Download.com Bundling Toolbars, Trojans?|author=Brian Krebs|authorlink=Brian Krebs|work=Krebs on security|date=2011-12-06|accessdate=2015-05-04}}</ref><ref name=insecure>{{cite web|url=http://insecure.org/news/download-com-fiasco.html#exec|title=Download.com Caught Adding Malware to Nmap & Other Software|date=2012-06-27|quote=we suggest avoiding CNET Download.com entirely|author=Gordon Lyon|authorlink=Gordon Lyon|accessdate=2015-05-04}}</ref> and software offered by original authors; the accusations included deception as well as copyright and trademark violation.<ref name=insecure />
In 2014, The Register and US-CERT warned that via download.com's "foistware", an "attacker may be able to download and execute arbitrary code".<ref>{{cite web|url=http://www.theregister.co.uk/2014/07/08/download_wrappers_spruiked_vulnerable_avg_tool_cert_us_warns/|title=Insecure AVG search tool shoved down users' throats, says US CERT|quote=Sneaky 'foistware' downloads install things you never asked for|date=2014-07-08|author=Darren Pauli|publisher=The Register|accessdate=2015-05-04}}</ref> In 2015, research by EMSISOFT suggested that all free download providers bundled their downloads with potentially unwanted software, and that Download.com was the worst offender.<ref>{{cite web |url=http://blog.emsisoft.com/2015/03/11/mind-the-pup-top-download-portals-to-avoid/ |title=Mind the PUP: Top download portals to avoid |publisher=EMSISOFT |date=March 11, 2015 |accessdate=May 4, 2015}}</ref>
A study done by How-To Geek in 2015 revealed that Download.com was packaging malware inside their installers. The test was done in a virtual machine where the testers downloaded the Top 10 apps. These all contained crapware/malware; one example was the KMPlayer installer, which installed a rogue antivirus named 'Pro PC Cleaner' and attempted to execute
WajamPage.exe
. Some downloads, specifically YTD, were completely blocked by Avast.<ref>{{Cite web|url=http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps/|title=Here's What Happens When You Install The Top 10 Download.com Apps|quote= |date=2015-01-11|author=Lowell Heddings|publisher=How-To Geek|accessdate=June 20, 2015}}</ref> Another study done by How-To Geek in 2015 revealed that Download.com was installing fake SSL certificates inside their installers, similar to the Lenovo Superfish certificate. These fake certificates can completely compromise SSL encryption and allow man-in-the-middle attacks.<ref>{{Cite web|url=http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/|title=Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware|quote= |date=2015-02-23|author=Lowell Heddings|publisher=How-To Geek|accessdate=January 6, 2016}}</ref> However, in July 2016, How-To Geek discovered that Download.com no longer included adware/malware in its downloads and that its Installer program had been discontinued.<ref>Chris Hoffman (2016-07-27). "Download.com Has Finally Stopped Bundling Crapware". How-To Geek. Retrieved August 8, 2016.