Wow, FileZilla’s bundled installer includes a malware downloader and the dev defends it horribly.
If using FileZilla, uninstall and find something else. Even if this issue is fixed, the morally ambiguous and defensive response is very concerning.
@saxnot What's really disconcerting is the dev's response to the whole thing.
@entreprelife That's spooky shit
@entreprelife It's been like that for years, strange that somebody noticed (or cared enough) just now.
@entreprelife
I'm pretty fucking sure filename and hash have nothing to do with each other
@funbreaker Yeah, that response was insane!
@entreprelife a little bit of bill clinton wordsmithing there: "nothing unwanted is being installed without your consent."
nothing unwanted is being installed
without your consent.
Basically we won't install anything you don't want unless YOU consented to it.
@entreprelife FWIW, this is the reason for the following fork: https://github.com/rain-1/filezilla-ng
@algernon Thanks for this, I use Filezilla and I'm looking for good alternatives. Do you know where I can get the windows version of this fork?
@matt No idea, sorry. :(
@entreprelife Like what? What free software alternatives are there?
@entreprelife yup, filezilla is dead to me as of now
Shame :/
@vgr wow, that's some BS.
It does make me want to rant about the AV protection racket though. The FileZilla dev uses it as a distraction but it's real.
"That's some nice software you got there. Shame if no one installed it. My friend Norton here has something that could make that problem go away."
All of a sudden you're buying a $1,400 USB key. There is of course, an appeals process for FPs but it amounts to begging them to reconsider with no guarantee when they will respond.
@entreprelife
Mac or Windows: https://cyberduck.io
Linux: probably built into your file manager already
@wowaname @entreprelife yeah but why install anything when you probably already have something that does the job by default
@wowaname @trwnh @entreprelife
you don't even need a file manager, just install gvfs 😛
I hope he comes to his senses. First rule when you find yourself in a hole, quit digging.
I love Filezilla and use it all the time and it is GPL. I hate malware in bundlers. I never let software install other software. If I want to install software I go get it.
@entreprelife
i love how this thread went from the OP being told it's a false positive and them going "kk thanks!", and then everybody else slowly going "..hey, waitaminute..."
@entreprelife for the second time. As the lead Filezilla dev was the first person to opt into and an early champion of sourceforge's malware bundling monetization attempts five or more years back.
Time for people to just ditch the product. The dev cannot be trusted.
@entreprelife I use and prefer WinSCP.
@entreprelife or just don't use the bundled installer. Filezilla is still a pretty good piece of software. But I agree the dev is a dick. But keep in mind that generating money from open source software is hard (trying to be the devil's advocate here).
@entreprelife the hell?!
@entreprelife searched through their wiki and their website for "bundle" to find any explanation of what is "bundled".
Not a single hit.
Ugh, now I need a different decent SFTP client for Windows to recommend to people.
@elomatreb @rysiek @entreprelife
I use it quite often and installed a new version recently.
It did have some "sponsored link" in the install but does not appear to auto install any part of the thing being advertised, you would have to specifically click on the big picture in the middle (nor are there other dodgy things like swapping round the order of accept/decline icons either like some other "freeware" does)
@entreprelife I mean, I heard about this, but assumed this was SourceForge being SourceForge:
https://en.wikipedia.org/wiki/FileZilla#Bundled_adware_issues
Turns out FileZilla was in on that? Dang. :/
@rysiek @entreprelife I had a similar reaction. Interestingly, I was poking fun at Sourceforge on twitter a few days ago and the CEO of SF came to let me know that SF is under new management and they are trying to clean up their tarnished brand now.
@jerry @entreprelife ah, good to know. It used to be a great place. Hope they succeed.
There UI is a mess, still, though :-).
@xrevan86 indeed it is terrible still.
@rysiek @entreprelife WinSCP is quite nice.
@jerry @entreprelife sure, but that interface...
I guess one cannot have everything.
@rysiek @entreprelife yeah, they need a consultation from an apple or google UI person.
@entreprelife Is the Linux version ok or what would be a workable alternative... in Linux?
@entreprelife @switchingsocial Interesting- this is in reference to the Windows version, yes? I'm wondering what implications (if any) it might have for Linux users like myself. It *is* one the top results for FTP managers in the Ubuntu and Mint repositories I've used for some years now.
@entreprelife « The hash doesn't match because the filename doesn't match. »
👌
Perhaps its a inside joke on Windows users? Logic:if you use windows, you already like malware?
@entreprelife suspicious behaviour from processes spawned from bundled adware.
If you install FileZilla clean, without selecting adware (e. g. via choco) you're still safe.