This is just a small reflexion about the last Notepad++ story. Notepad++ is a powerful and free alternative to the original Notepad application delivered with all Windows operating systems.
The Notepad++ developer reported that his application was found on a download portal wrapped with a new installer which also installed a rogue software on the computer (a browser toolbar). This is not the first time that this bad story happen. Do you remember the Nmap case reported by Fyodor a few months ago? Both stories have something in common: softwares were distributed by big portals like 01net.com or download.com (they are many others). Those platforms propose, amongst other services, reviews and huge collections of softwares. But they also push ads to the visitors – it’s part of their business model. In most cases, their rogue softwares are not dangerous, just annoying, but they are installed without the consent of the end-user. This is not acceptable!
From my point of view, such big portals must be compared to super-markets where you can find almost everything in a central place. When you’re doing some shopping in a super-market, it’s something difficult to differentiate the good and the bad. Unconsciously, they push you to buy unnecessary things. That’s why corner shops find back the path to success: they give a better service and are more focused on customers. The safest model remain “from producer to consumer“… My preference goes to downloading files directly from the developer’s website.
But, this is the best advice, never trust files downloaded from online services…