Forgot your password?
typodupeerror
Privacy Your Rights Online

Cnet Apologizes For Nmap Adware Mess 231

Posted by samzenpus
from the careful-how-you-click dept.
Trailrunner7 writes "Officials at Cnet's Download.com site have issued a statement apologizing for bundling the popular open source Nmap security audit application with adware that installed a toolbar and changed users' search engine to Microsoft properties. Fyodor, the author of Nmap, raised the issue earlier this week, saying that his app was being wrapped in malware on Download.com. It's not unusual for download sites to bundle free applications with some kind of adware or toolbar, but the creators of open-source applications take a dim view of this practice, given the nature and ethic of open source projects. Nmap is a venerable and widely used tool for mapping networks and performing security audits and Fyodor wrote in a message to an Nmap mailing list earlier this week that Download.com, which is part of Cnet, a subsidiary of CBS Interactive, was bundling the application with its installer, which, if a user agreed, would install a search toolbar and change the user's search engine to Bing."
This discussion has been archived. No new comments can be posted.

Cnet Apologizes For Nmap Adware Mess

Comments Filter:
  • by InsightIn140Bytes (2522112) on Thursday December 08, 2011 @07:26PM (#38309646)
    But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff. In fact, Google does exactly the same with Chrome, so you should blame them too.
  • Re:Who? What? (Score:5, Interesting)

    by cavtroop (859432) on Thursday December 08, 2011 @07:35PM (#38309740)

    I work in security for my company, so we keep an eye on unauthorized software in our enterprise. We had a guy just today download PuTTY from a download site, that came bundled with all kinds of shitty toolbars and adware. This guy is a Sr. Software Manager and Developer at the company and should know better.

    I wish I could clue these supposedly 'smart' users in, but they'll download and install anything without any critical thinking at all.

  • Re:It's Legal (Score:4, Interesting)

    by Bruce Perens (3872) * <bruce@perens.com> on Thursday December 08, 2011 @07:43PM (#38309806) Homepage Journal
    Over at nmap.org, there's a GPL license. See this [nmap.org]. They also offer a commercial license.
  • by sconeu (64226) on Thursday December 08, 2011 @08:08PM (#38310034) Homepage Journal

    Or if PIPA or SPA were law, he could have tried to seize the domain "download.com"

  • by Hatta (162192) on Thursday December 08, 2011 @09:17PM (#38310608) Journal

    Nmap is distributed with clarifications to the GPL that explicitly define bundling the software as a "derivative work". Since the bundled software was not also GPL licensed, this was in fact contrary to the license.

  • Re:It's Legal (Score:4, Interesting)

    by Bruce Perens (3872) * <bruce@perens.com> on Thursday December 08, 2011 @10:46PM (#38311160) Homepage Journal
    The license, however, doesn't prohibit you from distributing the software as part of a commercial installation package. Instead, a little note off to the side of the license says that they consider a commercial installation package to be a derivative work. So, that sets the question for the judge: was the commercial installation package a derivative work? All that the judge knows of law and case law says "no".

    This is why I referred to those terms as being written "in crayon". The author doesn't seem to have understood what would happen when a judge attempted to parse the information. It doesn't seem to be the work of a legal professional. And it has the effect of deceiving programmers on the project that it is a valid license term, while legal professionals would immediately know that it isn't.

    Poorly-written licenses always have this effect of deceiving the programmers who work on the project. This has cost some people real money, Bob Jacobsen (JMRI) being one. His case ended up being terribly more complicated than it should have been, costing years of hardship and some money.

  • by EdIII (1114411) on Friday December 09, 2011 @12:27AM (#38311766)

    I would ban day trading, and I will tell you why.

    It's that mentality for short gains that has lead to our economic collapse. If it was illegal from the start to securitize mortgages, or that it would require very very well documented and physical transfers of the mortgage note from one owner to the other, we would not be in this situation.

    It was the intense building greed of Wall Street that made the packaging and reselling of mortgage backed securities go faster and faster and faster, and eventually, the demand was so great that loans were originated that anybody with a brain new could not be repaid and would default within 4 years.

    Subprime? Subprime my ass. Guaranteed 99.99% Loss Financial Loans is what I would have called them at the end.

    The need to trade faster and faster only encourages this bullshit, and I don't buy for one second, that it is beneficial to the stock market by blah blah blah economist reasoning inserted here.

    It also introduces arbitrage . Do you think they are building a multi-billion dollar fiber optical trans-Atlantic cable to reduce latency for shits and giggles? No. It is so they can link the stock exchanges and game the system even more. It won't be Call of Duty packets going across that pipe, but it will be warfare.

    Why is it that in a certain building in New York that colocation of a server costs 50-100x that of the going rate?

    Why is that some people are trying to make microsecond trading and "stock exchange on a chip"?

    It's called unfair advantages far worse than insider trading and it is bullshit. So yes, screw day trading.

    I want to see a federal tax on all trades based on the time the stock was held. 1 microsecond? 99.99% tax rate. 1 year? .01% tax rate.

    That would start people thinking again about what the company will look like in two years instead of two minutes. That's a culture we need to get back to in this country desperately.

    Even the executives that didn't know anything ? If bribery and corruption are the problem, then the solution would be to punish the people responsible, which is not necessarily, all of the executives.

    Never said that or implied it. Only the executives directly responsible, or had knowledge, would be prosecuted and sent away. At some level, a board member claiming they had no knowledge is unreasonable. BP had a long history of disregarding safety for profit and even if the board member did not specifically know about the decisions around the blow out presenter, he damn well knew everyone had a corporate culture of having such disregard.

    In any case, all executives would be innocent until proven guilty. Let the investigators determine who was really at fault and who knew what.

Man must shape his tools lest they shape him. -- Arthur R. Miller

Working...