Download.com doesn't write the malware, it just serves it. Are they a custodian? The argument here is that download.com knowingly serves malware to make money.
By that same argument, if Google knowingly serves a link to download.com to make money, how is this different?
At the end of the day, online businesses serve things to customers just as venues serve performing acts and stores sell goods. There is some expectation of due diligence over what they provide.
We can argue about whether they should be legally compelled to not serve malware, or whether we should simply stop doing business with companies that serve malware, but it's reasonable to consider them responsible for the things they serve to make money.
> At the end of the day, online businesses serve things to customers just as venues serve performing acts and stores sell goods. There is some expectation of due diligence over what they provide.
Devil's advocate: where does this line start and stop?
I'm not advocating for download.com. Stores aren't held responsible for bad products. Physical stores like Walmart and Target as well as digital entities like Amazon and Newegg have shelves full of products designed to break under minimal use, high markups for mediocre products, and products that have been cleverly advertise to look better than exected. This is not completely analogous to serving malware, but the onus is not on the store to vet the products before selling.
Why should download.com be held responsible for hosting crapware when we don't hold stores pushing goods liable for selling us gold-painted trash?
Devil's advocate: where does this line start and stop?Stores aren't held responsible for bad products
I don't know about the US, but in the UK and Europe they are. The contract is with the retailer, so you can sue them. There is an expectation that things we get are safe. They are frequently crap, but rarely damage your other things or injure you. If something breaks after minimal use it would not be of "merchantable quality" and you'd be entitled to a full refund from the retailer. Likewise claims and statements to the public and in advertising must be true. (IANAL)
Now, Download make a big deal of being a trusted source, and will not accept "Software that installs viruses, Trojan horses, malicious adware, spyware, or other malicious software at any point during or after installation". There's a very lengthy list of what they don't allow and how they are curating their offerings. They have, for quite some time, been failing in this. For pity's sake they even have dark patterns and show ads with prominent download buttons, which aren't.
As they want to be a trusted source, and have lengthy text telling us they won't accept malware and that they curate everything, I think they should fall foul of the browser's safe browsing filters.
If, on the other hand they said plainly "we make only limited checks, downloader beware", fair enough. Just like a forum disclaiming views of posters.
TL;DR Yes, they should be held responsible for what they serve, or stop claiming to be so trustworthy and "We test all submitted software products according to comprehensive criteria.".
> Devil's advocate: where does this line start and stop?
I would say that it stops as soon as the venue starts doing any reasonably in depth vetting -- or even more, actively curating -- what they're serving. In this case, Google already has a malware detection service that is hooked into their browser, and this malware detection service can reasonably be expected to catch sites like download.com that serve trojans.
Download.com actively choses what to provide for download, and actively makes sure it has malware.
> This is not completely analogous to serving malware, but the onus is not on the store to vet the products before selling.
Sure it is. If the store sells low priced crapware, then it's 100% the responsibility of the store. The difference here is that the crap that they sell is legal, non-intrusive, and can generally be returned for a refund.
> Why should download.com be held responsible for hosting crapware when we don't hold stores pushing goods liable for selling us gold-painted trash?
There is a vast amount of difference between download.com hosting a binary and Walmart hosting a product. In the latter, there is a due process whereby any defective goods could be returned to the manufacturer. More importantly, a manufacturer's guarantee/stamp is involved.
If the binaries are signed by the original developers' public key, then I can agree somewhat to your analogy. Otherwise, its download.com who is 100% responsible.
I'm not sure if it is still the case, but being hosted on download.com used to have a cachet over other sources. Today, their about us page has this to say:
"All products in our library go through a rigorous testing process."
So, Google should blacklist most torrent sites as well, then?
See, I think Google's job (let's call it that for lack of something else as I'm typing) is indexing the web and showing me relevant links based on what I search for. And that's basically it. If I choose a wrong word and a naughty site pops up, hey, that's my bad. I don't think Google should filter that for me (unless it's an option that I can opt in). Similarly, if I search for software, i don't want Google giving me a curated list of vendors. Good, bad or otherwise.
The point is that they're not showing you what you wanted - if you search for Firefox, I'm pretty sure you don't want a malware-infested version. You want plain old regular malware-free Firefox.
So Google isn't showing you what you searched for.
If you search for torrents or illegal downloads well that's different, isn't it?
I _WANT_ every available option shown. They can sort by relevance, but I best darn well see Download.com on some page of the returned results. I _don't_ need Google censoring the internet.
> You really want Google to be the custodian of all things bad?
I expect them to manage their products (chrome, search) in an ethical way. If I'm using their search, then yes, I expect that they'll give these warnings. If I'm using Bing, then I expect MS to do the same.
Download.com doesn't write the malware, it just serves it. Are they a custodian? The argument here is that download.com knowingly serves malware to make money.
By that same argument, if Google knowingly serves a link to download.com to make money, how is this different?
At the end of the day, online businesses serve things to customers just as venues serve performing acts and stores sell goods. There is some expectation of due diligence over what they provide.
We can argue about whether they should be legally compelled to not serve malware, or whether we should simply stop doing business with companies that serve malware, but it's reasonable to consider them responsible for the things they serve to make money.