There are good freeware download sites out there, one just needs to know where to look. If your still using places like Cnet, Download.com or Filehippo then that is your fault, it is very well known that these sites bundle freeware with malware or adware.

A good free piece of software to use if you fool will freeware downloads is Unchecky, it will uncheck all those little boxes that one misses during install.

As for me, I still recommend freeware to people, but I do not send them to places that will install malicious software on their system.

It doesn't matter what download site you use. The people that make the freeware are the ones bundling things.

Yes, some download sites make it worse by bundling on top of the bundling.

Lots of other people recommend filehippo, for instance.

Also clearly you didn't read the article because we illustrated how everybody is bundling.

I looked at that Top 10 list and thought, "aw shiz, I have 2 of them installed." Fortunately, the two are Avast! free, and CCleaner - which were given the OK. But it got me to read the full article. Thanks.

It's all well and good to say "it's your own fault" if you download from those sites. But these sites and developers don't target the people who know what is "well known" about which site, or that they should not use "download helpers" over the program developer's installer, or that they should not install "free" toolbars.

They target the people who know very little about things, who google a program that someone has told them about, and who invariably go for the topmost Google search result, click the shiny green "Download" button, keep all the checkboxes checked and then panic when they get the "Your computer has 190123gazillion errors! Buy our software to totally fix it!" routine. And that's not a tiny minority; I'd wager a guess that it's the large majority of computer users. I've talked to young people (it's not just a problem of the cliché old people) who work in office jobs but are incapable of installing any program on their PC - and they're probably the safe ones compared to the ones that install whatever they find.

One needs to educate people about this sort of thing, which is why posts like this HTG one are useful, because one can link people to them and tell not just where to download, but rather what to look for on those sites too, as there is no guarantee that a site that doesn't bundle things today won't start doing it tomorrow.

It's not always mentioned if things are wrapped. When I first noticed CNet was now bundling things, it was because I had caught scareware from there, and I am positive that there was not a single thing indicating its presence in the installer (and yes, I inadvertently used said installer, that was the part where I did not pay attention). There were a number of people in CNet's user forum saying the same thing.

And where should you do this research and ask these questions? Forums are full of recommendations for software that is doing bundling.

That is exactly why we are trying to bring the problem to the attention of geeks so they will stop recommending freeware to people without doing serious research and linking to a completely safe source.... although that source might not even stay safe.

I mean SourceForge is bundling now. You can't even trust them.

Don't worry though, we will continue to illustrate the problem, which is much deeper than you want to admit.

And sure, you can attack my slight exaggeration for the purpose of illustration and then invalidate my argument.

But when you consider that freeware makers get paid $1 or so per browser-hijacking crapware that gets installed... and most of them bundle multiple into a single installer... and many of these apps have 10 or 50 or 100 MILLION downloads, you're talking about millions and millions of dollars that these freeware vendors are getting paid for this.

If you were a freeware or shareware vendor, and after years of working really hard and almost nobody giving you any purchases or donations you were approached by one of these bundler companies...

Almost anybody would take a $10 to $20 million payday and go live on a yacht and not worry about it anymore.

And that's what has happened to the freeware market.

I would be very interested to see this experiment repeated with Unchecky installed.

Yes, I totally agree. Although I'm a Windows person myself,this is one of the reasons why I recommend Macs to people that aren't computer-savvy.

I had a pc for work and we loaded nothing but paid applications, the company could afford it of course. Strictly productive software. Other than the browser being able to get out to the internet and play around I was more focused on work. 4+ years that PC ran and never seemed to have issues. I loved it. My trusty dusty little workhorse.

Use ninite.com. No Crapware and you can install a bunch of programs at once.

I did telephone IT Help Desk at an international engineering company for a couple of years. It was a huge laugh. If you want to see the results from non-techie inter-webbing, try help desk for a while. One of the best (worst?) I saw was a guy that had no less than 21 IE toolbars. It was wild, he had barely no room to see the porn he was trying to watch.

THIS.

Fortunately, bundling is still optional, but what does it say about the Libre community when FOSS developers are bundling adware in with their software? I've reached the point where I'd rather just pay than deal with "free" ad-supported software.

Let me share some lights intro the adware/toolbar mafia.

First there ware Smilies.Do you remember those pesky/useless Smilies?

After a while, big producers of AV (AVG, Avira etc) saw the opportunity to bundle Google Toolbar. That made them 20 mil $ in one year alone (inside info).

That opened the flood gates for Companies like: - Genieo- IronSource- Somoto (10+ new sites/day)- WeDownload (soft32.com) - after the soft32.com adware success, they now concentrate on Mac Toolbars and fake security programs, like YAC, but for mac)- YAC- Minspark (Ask.com toolbars)- Adknowledge- Bimo Media- PERION NETWORK- Conduit (banned by Google)-Babylon- etc

Read some info here:http://www.haaretz.com/business/.premium-1.542896

There are 3 types of delivery:- via producer (ex CCleaner, IMGburn etc)- via Download Managers (Wrappers), available on the big download sites (Download.com, Filehippo.com, Soft32.com, Softonic.com etc)- temporary sites, made for Adsense, that serve mostly Open Source software, wrapped around downloaders (VLC, Java, AV Codecs, Service Packs, Flash etc)All sites have protected Whois!

I have standing offers up to 1.5$/installation, that's why the fight is so brutal!The deals are exclusive, so the bidding is fierce for the download sites => the next best thing is Adwords/Adsense, where you can push a lot of garbage for 5 cents/click!

Did you see those Download Button Ads or Deceiving text like "Start Download" ?

I block about 10 new sites/day, all made for adware! They trow 100+ new deceiving ads/day!

Adware for mac is growing at an alarming rate I recommend Linux Mint for my appropriate, that uses the PC for browsing and some text editing.

See some pictures with some blocked adwords accounts and ads.I have 400 blocked advertiser accounts and 1500 domains in the last 5 years!They create new accounts each day...

imgur.com/a/xRGcE#0

You must understand that the main culprit here is Google.Those sites are very high in results and Google makes a lot of money from the Button Ads!(you did notice the Softonic and Cnet shameless spam?)

If those sites are marked as "dangerous", the problem will go away in one week

P.S. You must understand that the internet business is tougher each year, and even once giants like Cnet, Winzip, Winrar are doing this in order to survive...

P.S.2 My site has no downloaders and we are proud of this situation! We refused offers of millions of $$$.

You should read the EULA. Sometimes free programs come with some obvious junkware offers you can decline, but hidden in the EULA are additional PUPs that you can't decline. I recently needed a program to perform one task. I found several free choices, but every one of them had junkware listed in the EULA. In the end I downloaded one, used it, and then uninstalled it and the PUP that came with it.

I'm still a big fan of Ninite. I understand that it's not 100% foolproof because nothing is anymore, but then again, I don't overload any computer I use with useless junk freeware just because it's there.

From a clean install of Windows, I use Ninite to download the "standard" things, such as another browser to use instead of IE (read: Chrome), Adobe Reader, runtime apps if needed, Malwarebytes, MS Essentials (Win. 7 machines), VLC, Skype, Evernote, Dropbox, and a few others depending on needs. Ninite saves time...lots of time.

Just downloading something because it's on a "Top 10" list, and if people aren't going to do a minute or two of research, they might as well download all those "PC Optimizing" software from 3am infomercials.

I was thinking that is a great idea for an article and then I remembered we already wrote that one...

You're just wrong about that though... a ton of software is not available on the manufacturer's site and you are forced to click through to CNET Downloads to get the latest version.

For instance, try and download Macrium Reflect Free edition from their site. It'll send you to CNET.

Sure, you can probably do some searching around and find an older version mirrored somewhere like Majorgeeks. But be honest, they have a really confusing site with download ads right next to the download links. Most people are going to be confused.

The only real safe way to distribute non-crapware freeware to your friends is to give it to them on a USB drive, or stick it up into your Dropbox account and share the link with them.

Damn shame what is going on. Windows has security problems to begin with. This just adds to the dilemma. For a novice or uninformed Windows user these things mean aggravation, time and money.

With Mac and Linux available one wonders why people put up with this. But then again the majority of Windows users don't care to be able to do anything except press the power button and shut windows down when they are done.

I've been using FileHippo for a long time, but I never saw any bundling coming from the site. It's true that I only download a specific set of apps. Maybe some of the software listed is bundled with crap by their original authors. When I'm suspicious I usually search the hash of the file using Google. I like the site because it offers an easy way to get older versions of the programs, I can't seem to find anywhere else. Can you point out just one link from that site which downloads crapware, so that I can exclude this site from now on with peace of mind?

I've also used MajorGeeks.com, again without encountering any site-specific bundling for many years now. Never mind the ads on the site itself (they gotta make a living from something, right?), the downloaded bits seemed clean so far. You get the option to download from the original sites or from one of their proxies (always the latest version, and always hash equivalent in between as far as I saw)

I wonder why nothing happens (legally) with Download.com after so many bad reviews recently (not only from HTG). Can they get away with it just by presenting you with all that text, nobody never reads anyway?

This is a huge issue for Microsoft as it's the biggest issue I have with Windows users who bring their kit to me after just downloading one piece of software. One CNET sourced download can cripple a laptop or PC which just ruins the experience for the end user. The customers ask me "how do I avoid this?" and other than trying to push them via Ninite there isn't really anything I can say. They just aren't sharp enough to avoid it. So all I hear is "well maybe I'll get a Mac next time!"

These software vendors/downloaders are just helping to destroy their own market slowly and painfully. Crapware is the biggest negative in the Windows world be it from the likes of CNET or bundled on new machines. Just ruins the experience.

By the way what was Downloads/CNET's response to this? I take it you asked them for comment?

Yeah I've been asking MS reps whenever I see them to say that MS should start selling their own branded laptops far more.

Just good well built laptops with just Windows and that's it. So other than updates and installing only the software you need, its ready out of the box almost. If Apple can do it then why not MS? Who cares if it annoys Dell/HP/Acer/Asus/Toshiba, it might make them up their game and quit putting so much crap on that just makes Windows look bad.

In all fairness, this was the primary selling point of the Mac for a very long time... that it's like a toaster: you don't have to know HOW it works, just that it works. Go watch the "switch" ads again. What you just stated is exactly what every one of those ads says.

So I find it ironic that people will make a statement like that about Windows, when Windows is supposed to be the "hard to use" operating system.

Two points:

A. People are lulled by the CNet brand name associated with Downloads.com. I know I was for years.

It's hard to believe a company with as important a corporate image as CBS (owners of CNet) allows this deceptive and dangerous nonsense to occur under their stewardship. The geeks of the world (including your site) would be well-advised to point out this ownership connection and hold CBS' feet to the fire more loudly and more often.

Won't solve the whole problem, but could tone it down on this much used site at least.

B. After getting a nasty dose of Conduit from Download.com - which I had to use four different anti-malware programs to tame - I personally use the download sites to look for alternatives to the type of app I'm after and skim the user reviews for possible useful takes (though I worry that along with the other problems on the site, the reviews might be "salted" with fake ones).

And then I Google for the app adding terms like program only, no add-ons, malware free - which usually takes me to the developer's site - where, to date - I've gotten noting but relatively clean downloads of the apps I was after. I say relatively because there may be one or two add-on offers I have to decline, but they've all been straight-forward and out in front where "no thanks" is easy to indicate.

E.g., my first download of CalcTape (a really unique and cool app) was done on my last (ever) use of Download.com And I had to thread a maze of tricky option choices all through the down and install processes which still gave me some piece of crap I had to root out. And when I wanted to install it on my new computer, I found the developer site and got a quick, clean install (even tho' the developer's download file was 5+ times the size of the CNet download).

I've repeated this with others, and it's now my default approach. And at the least it removes a spam-supported middleman from the process.

All the people implying that the weaker Windows users should just switch to Mac or Linux are avoiding one massive point. Those users will be just as careless on those systems too. While the basic security posture is better, the users are still going to not uncheck boxes and they'll still install PUA when they inevitably fall back on old habits and Google for the apps they want. Worse, they'll probably still believe the outdated and inflated idea that Mac and Linux don't get malware. Go ahead and tell the careless users to switch away from Windows, but don't expect them to magically become competent.

As a developer of freeware (Win32DiskImager), I personally want to know if you download my app and get malware installed. Please post a bug report on either http://sourceforge.net/projects/win32diskimager or https://bugs.launchpad.net/win32-image-writer. Make sure you include a link to the download that contained the malware.

I release a zip file with the executable and support libraries, along with an installer (made from an open source installer tool) that just puts the program in c:\Program Files and an icon on your start menu. Any extras not in the readme file are NOT mine.

Thanks

As the co-owner of MajorGeeks, there is good reason for this. The PC market has declined around 50% as competition from tablets and phones has come in and Windows has yet to respond with a product that can match the popularity of iOS and Android. Imagine you come to work today and your boss tells you that he has cut your pay 50% to match the 50% loss in business. What would you do? You might quit because you might not have a job soon anyway. But, the answer in the internet market is wrappers, which picks up the slack. We have had discussions about doing it but we just couldn’t get there. We even discussed it with a few who weren’t so sleazy but we have no control of what many wrappers do so we made a conscious decision to take the pay hit and not do it in the hopes people will eventually find us and improve traffic. So, our answer to the 50% pay cut was to work harder and stay the course. Over the years we have seen popups, behind the window ads, in-line ads, wrappers, affiliate sales and much more. We change with the times to do whatever pays best; this is a business after all. We have taken pride in offering only the top 1-5 percent of software and if we added a wrapper it would damage the 15 years we have worked at trying to provide safe downloads. I do miss the old days where we only tested for quality and all of this crap didn’t exist. Articles like this, teaching people to stop installing this garbage hopefully will cut down this market to where there’s no money In it. Thanks for the great, in-depth article. Impressive.

One of my favorite TechNet articles has this covered.

Ten Immutable Laws Of Security

Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.

Portable apps are generally less likely to have crapware. Even if they do, it's generally less likely to be persistent since it's not actually getting "installed". This is especially true for the ones that don't need elevated privileges to run - even if they wanted to, they'd have a hard time dropping in anything persistent, global, or well-hidden, without elevation.

Regardless, Law #1 still applies. Be careful who you're getting the tools from (generally prefer direct from the developer), and mindful of what access you allow them to have to your system.

The first time I tested their Download App updater thing, it installed some serious malware adware. The second time it only installed some regular adware / malware.

Definitely don't install it.