[qjighap]

Outside the filehash thing there isn't anything wrong with his responses. The project chose to get third party products from sources outside their control. There is nothing "technically" wrong with it. The thread is littered with poor security practices, but I see TightW's response as more painful. The admin is already clearly aware of the concern and is stating why it is setup that way. I would much rather see somebody state the practices are wrong rather than just calling this guy out since it is really counter-productive.

[verroq]

If your software installer bundles crapware for any reason then you've completely lost the plot and nobody should trust your software ever again.

[DmenshunlAnlsis]

Admin of FileZilla,

Your reactions to this post deeply concern me. I do believe this is a serious problem you should at least entertain investigating whomever you have an agreement with in regards to bundling their stuff into your installer.

Those domains its communicating with have several hits on known malware/RATs reports. For instance, https://www.maltiverse.com/sample/a98b1 ... 38233c50b7.

Here is another that spawns the same type of .exe which turns out to be NJRAT malware -> https://www.hybrid-analysis.com/sample/ ... mentId=120

Your defensive attitude is what alarms me the most. Almost as if you might care more about your bundle agreement profits than your users security/safety.

Hole in one. I wouldn’t trust those admins to make me a cup of tea, and I agree that their attitude reeks of deception for selfish reasons. Nobody should ever trust their software again, full stop.

[ksk]

I don't support crapware but I'm not going to tell someone how they should make their living. That post looks like rabble rousing to me. I have yet to see any factual information except a whole lot of "it seems" "it appears" "I believe". I'd rather reserve judgement till the facts emerge.

[michaelmrose]

If I see someone being immoral I'm going to tell them "how to make their living" not because I hope they are going to be so inspired as to change for the better because you and I both know that's not going to work.

I do so because I hope other people will listen and stop doing business with them leading to a decrease in profit and THEN changed behaviour from the culprit.

There is lots of factual information. They are factually doing a lot of malware like behaviour in their installer and bundling software from questionable sources they have no control over. At best they are putting their customers at risk.

The only facts that can possible emerge is that its actually worse and customers are getting their identities stolen or some such.

Rabble rousing is literally the only way anything gets fixed.

[ksk]

Okay, but malware "like" is not actually malware. If it turns out that it is, then ofcource why would anyone support a malware distributor.

>They are factually doing a lot of malware like behaviour in their installer and bundling software from questionable sources they have no control over.

Their explanation was that AV vendors flag their competitors, so now in the 'arms race', competitors have resorted to downloading individual bits from random URLs and then merging them together. While this would be a technique that malware software would use to possibly defeat security software, but hey, its also how torrents work. Tools can be used for good or bad.

[michaelmrose]

Their explanation is obviously a lie they are getting around Antivirus software flagging it as adware.

[dahdum]

If it were the first instance of this with Filezilla, and the admin response wasn't dismissive, I'd agree with you.

They earned their reputation as untrustworthy.

[ksk]

Which facts did they dismiss? I just saw a lot of rabble rousing..

[gmueckl]

The admin's replies are clever smokescreens: they stay neatly of the periphery of the matter and avoid giving actual answers to the questions being posed.

Whoever wrote these replies would probably do well in politics.

[effingwewt]

Dude you are all over these comments defending indefensible behavior. What they are doing is wrong. Full Stop. You seriously sound like the admins in the forums.

[9935c101ab17a66]

I'm wagering he has some kind of connection or relationship with the software or developers. There's just no way someone would espouse the views KSK holds without some kind of external factor / ulterior motive.

[ksk]

I'll take you up on that wager. $10,000? I'm dead serious..

[ksk]

Huh? I am not defending them. You are either willfully or otherwise twisting my words.

[code_duck]

Personally, I abandoned FileZilla after the prior incidents and would never consider installing it again.

[ksk]

There is pretty much no freeware download site that doesn't bundle crapware. I guess all freeware is untrustworthy by your logic.

https://www.howtogeek.com/207692/yes-every-freeware-download...

[rspeer]

Oh my god. You're talking to competent computer users on Hacker News, not people who use crapware download sites and need to be warned away from them by "HowToGeek".

Of course there is trustworthy freeware. You can get it using Apt, Yum, Ninite, Chocolatey, Homebrew, or just by going to the actual site of a trustworthy software product.

The fact that the people who run most download sites are scum isn't a problem with the software. It's a problem with those sites.

[privateSFacct]

this guys is trolling, seriously, just stop responding to them.

ksk - many hn readers build using free software for places like google, amazon etc, that are trusted all the way up to places like the CIA. Seriously, please troll somewhere else. Basically no one working in almost any open source project wants to be working with an author that bundles in crapware, ESPECIALLY if the author doesn't actually even control the crapware. If you don't get why this is a bad idea you'll have to trust folks who use open source software regularly that this is a bad thing.

[justinclift]

PortableApps (https://portableapps.com) seems pretty good. :)

[yjftsjthsd-h]

Yes, that would logically follow.

[jlgaddis]

It's threads like these that remind me, quite clearly, that not everyone shares the same ethics that I do.