Tuesday, December 13, 2011

download.com needs a couple of dope slaps from all of us

One of the longest-visited and most useful sites on the Web is showing signs of what happens when you get acquired by a giant corporation. I've noticed a couple of serious problems, including:

  1. Download links that lead to third-party sites, at least one of which served up something that is clearly not what is advertised on the page, and

  2. Software that is stored on download.com's servers, but which contains malware-like behavior; i.e, attempting to open up a webpage dubious enough to cause my antivirus software to block it.

Starting nearly a month ago, I have been trying to report these problems through a number of channels, including clicking the "Report a problem" link on the relevant page, posting advisories in the user review sections, sending email to several different support addresses, and tweeting @CNETDownloads, and I have gotten no response. Nor, more importantly, were the problems I reported addressed.

Mark ZuckerborgI finally thought to look on Facebook, and did at least get an acknowledgment there. However, the discussion thread seems to have been removed from their wall. You can still see it, but only if you know the exact link.

I am happy to report that the two specific problems I reported have been addressed as of late this morning. (He said after checking his links for this post. Thanks, Nathan.) Still, it seems worth leaving this little rant up, because I shouldn't have had to work so hard to get my messages delivered. A "Report a Problem" link should actually do something, shouldn't it?

And ideally, some sort of algorithm would scan user input and add a little weight to posts and emails from people who have been members since forever. I mean, the word Community hasn't become completely empty, has it, CBS?

Don't answer that.

The truck from 'Duel' bearing down on youAnd there is of course the larger problem of putting up a download link that points to a third-party server. I mean, if there is an easier way to open up a security hole that you could drive a truck through, I can't think of it.

That should never have happened.

I don't have a problem with them referring users to highly credible sites, such as addons.mozilla.org, but you can't let the guy running joes-sketchy-server.ru or whatever cash in on the trust that the download.com name carries. Or once carried.

There's yet another new annoyance. I am grateful to Trent Todd, in that FB discussion thread, for pointing out that it is actually much more obnoxious than I had realized. Here's a brief description.

Rather than just serving up the software directly, download.com has recently begun serving up their own wrapper installation program. It has been using this approach for an increasing number of specific software packages, at least based on my sampling. In addition to handling the download you actually want, this wrapper program also tries to get you to install other stuff. While I have found it easy enough to spot what I should uncheck or decline, I realize now that for a less cynical experienced computer user, the authoritative appearance of this wrapper program -- including large-type phrases like "Strongly Recommended" -- would likely intimidate a lot of people into accepting whatever was about to be shoveled onto their machines.

I'm a little late to the dance on this one, as a look at the report by insecure.org that Trent referred me to will show. It appears that, at last, some notice has been taken by management at download.com. Perhaps not enough, if the comments under that post, and the updates at insecure.org's post, are any indication, but at least the new direction is encouraging. And as noted above, I am happy to report that my specific reports were acted upon.

EFF logoThe other bit of good news, which I have no doubt actually caused the response by download.com's management, is that some of the bigger guns on our side, like the EFF, Boing Boing, and a bunch of computer security pros, have been taking a hard look at download.com recently. Let's hope download.com continues to clean up its act, and let's all keep up the pressure on them until they do.

(pic. sources: Moredigital, Bullet Proof Poet, Forgotten Flix, The Girl Who Loves Horror)


Substance McGravitas said...

Yet another reason to avoid Windows. I know it's out there, but you just don't encounter these problems with other operating systems.

Brendan said...

Certainly true, of course. On the other hand, there has long been a lot more software, either free, shareware, or trialware, that you could get if you had a PC. Add that to the erstwhile huge price difference in hardware. Add that to ease at which the same cheaper hardware can be set up to run Linux, merely by partitioning the HDD or adding a new one.

I know things aren't nearly as different these days, but old habits die hard.

In my own defense, I am no longer a Mac-hater. It's just that I keep getting given hand-me-down PCs, and it's hard to beat that with a stick. If I had instead been showered with working Apple products, I'm sure I'd be on the fringes of the Cult of Steve by now.

As to why I don't just go to Linux full-time, there are two reasons. First, Mozilla and other browser companies pay the most attention to the Windows platform. The browser is where I spend most of my time. Second, Freecell. Can't listen to a podcast without it!

Substance McGravitas said...

My freebie Mac laptop died, so I'm gonna get a Windows machine and try running other stuff on it. The only Windows thing I really want to play with is this.

Brendan said...

I saw over at the House that you were having laptop difficulties. Sorry to hear that. Good luck with the new machine.

Re vvvv: I'm instantly attracted to any software package whose builders introduce it thus: "For a detailed overview of vvvvs features read the Propaganda ..." And it's made more appealing by the thought that no rightwingers will use it, because one of its features is boygrouping. (Or who knows. That'll probably make it more attractive to some of them, on the downlow.)

In all seriousness, it looks cool in other ways, too. Thanks for that pointer.