[noxToken]

> At the end of the day, online businesses serve things to customers just as venues serve performing acts and stores sell goods. There is some expectation of due diligence over what they provide.

Devil's advocate: where does this line start and stop?

I'm not advocating for download.com. Stores aren't held responsible for bad products. Physical stores like Walmart and Target as well as digital entities like Amazon and Newegg have shelves full of products designed to break under minimal use, high markups for mediocre products, and products that have been cleverly advertise to look better than exected. This is not completely analogous to serving malware, but the onus is not on the store to vet the products before selling.

Why should download.com be held responsible for hosting crapware when we don't hold stores pushing goods liable for selling us gold-painted trash?

[anexprogrammer]

Devil's advocate: where does this line start and stop? Stores aren't held responsible for bad products

I don't know about the US, but in the UK and Europe they are. The contract is with the retailer, so you can sue them. There is an expectation that things we get are safe. They are frequently crap, but rarely damage your other things or injure you. If something breaks after minimal use it would not be of "merchantable quality" and you'd be entitled to a full refund from the retailer. Likewise claims and statements to the public and in advertising must be true. (IANAL)

Now, Download make a big deal of being a trusted source, and will not accept "Software that installs viruses, Trojan horses, malicious adware, spyware, or other malicious software at any point during or after installation". There's a very lengthy list of what they don't allow and how they are curating their offerings. They have, for quite some time, been failing in this. For pity's sake they even have dark patterns and show ads with prominent download buttons, which aren't.

As they want to be a trusted source, and have lengthy text telling us they won't accept malware and that they curate everything, I think they should fall foul of the browser's safe browsing filters.

http://www.donotlink.com/framed?614744 Their malware policies.

If, on the other hand they said plainly "we make only limited checks, downloader beware", fair enough. Just like a forum disclaiming views of posters.

TL;DR Yes, they should be held responsible for what they serve, or stop claiming to be so trustworthy and "We test all submitted software products according to comprehensive criteria.".

[ori_b]

> Devil's advocate: where does this line start and stop?

I would say that it stops as soon as the venue starts doing any reasonably in depth vetting -- or even more, actively curating -- what they're serving. In this case, Google already has a malware detection service that is hooked into their browser, and this malware detection service can reasonably be expected to catch sites like download.com that serve trojans.

Download.com actively choses what to provide for download, and actively makes sure it has malware.

> This is not completely analogous to serving malware, but the onus is not on the store to vet the products before selling.

Sure it is. If the store sells low priced crapware, then it's 100% the responsibility of the store. The difference here is that the crap that they sell is legal, non-intrusive, and can generally be returned for a refund.

[braythwayt]

> Stores aren't held responsible for bad products

I certainly stop shopping at supermarkets that sell me tainted food.

[rms_returns]

> Why should download.com be held responsible for hosting crapware when we don't hold stores pushing goods liable for selling us gold-painted trash?

There is a vast amount of difference between download.com hosting a binary and Walmart hosting a product. In the latter, there is a due process whereby any defective goods could be returned to the manufacturer. More importantly, a manufacturer's guarantee/stamp is involved.

If the binaries are signed by the original developers' public key, then I can agree somewhat to your analogy. Otherwise, its download.com who is 100% responsible.