CNet's downloader app looks like it's signed. It warns that it was downloaded from a website (which it was), but you don't have to do the right-click-open song and dance.
I'd love to see Apple take a stand and revoke their certificate. Usually I strongly support developer freedom / openness, but these apps are straight-up malware. Having a decline option somewhere doesn't matter if essentially all users who accept do so unintentionally.