While I initially thought this as well, at some point the site admin (botg) posts this:
""MalSign.Generic.F84". Looks like a typical false-positive generated by a heuristic.
There is no malware in the SourceForge Downloader, you can safely use it to install FileZilla. While the SourceForge Installer may present third-party offers, they are
clearly labeled as such. All third-party offers can easily be declined. Nothing unwanted is being installed without your consent. Declining offers does not prevent nor otherwise disturb the installation of FileZilla.
If you do not wish to use the SourceForge installer, have a look at the additional download options listed on the FileZilla website."
His stance seems to be that it's not malware, rather a false positive (I have no proof to claim he's wrong and if he is, it could be a honest mistake; he's trusting SF, which I understand), and he mentions that you can also download Filezilla from their own website, without the SF installer.
That seems pretty reasonable to me, but again: at first I got the impression they (FileZilla's owners) simply didn't care.
I hate what SF has been doing, and I refuse to use their installers (although I'm primarily a Linux-user so I don't have to worry about these installers, thankfully), but I don't really feel like the FileZilla owners should be avoided as it looks like they're simply trusting SourceForge, nothing more. I hope I'm right. ;)
my main issue is that, the offers only exist to either affect the people who don't know any better (and would probably chose the opposite if they were more educated about such practices), or those that mis-click.
Most people, when presented with a) a logo (of a group they trust), and b) accept or decline, they are going to make assumptions and not read the middle.
Which ends up affecting a lot of users: every bad review relating to the installer and every complaint in the forums (once again, in relation to the installer), is a person who has been deceived and had a negative experience, because of a decision of the FZ developers (and the installer is choose-able by the project developer, last I inquired)
""MalSign.Generic.F84". Looks like a typical false-positive generated by a heuristic.
There is no malware in the SourceForge Downloader, you can safely use it to install FileZilla. While the SourceForge Installer may present third-party offers, they are clearly labeled as such. All third-party offers can easily be declined. Nothing unwanted is being installed without your consent. Declining offers does not prevent nor otherwise disturb the installation of FileZilla.
If you do not wish to use the SourceForge installer, have a look at the additional download options listed on the FileZilla website."
His stance seems to be that it's not malware, rather a false positive (I have no proof to claim he's wrong and if he is, it could be a honest mistake; he's trusting SF, which I understand), and he mentions that you can also download Filezilla from their own website, without the SF installer.
That seems pretty reasonable to me, but again: at first I got the impression they (FileZilla's owners) simply didn't care.
I hate what SF has been doing, and I refuse to use their installers (although I'm primarily a Linux-user so I don't have to worry about these installers, thankfully), but I don't really feel like the FileZilla owners should be avoided as it looks like they're simply trusting SourceForge, nothing more. I hope I'm right. ;)