Malware

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
Masonic
500 Command not understood
Posts: 1
Joined: 2019-02-12 20:46
First name: Mason
Last name: Sher

Malware

#1 Post by Masonic » 2019-02-12 20:51

Hi Guys,

With much sadness, I have asked Users at my organization to not use Filezilla any longer as it is bundled with adware.
When you decide to removed adware from your product, I am sure we will start using you again, unless everyone likes cyberduck more.

Cheers
Mason

User avatar
boco
Contributor
Posts: 25251
Joined: 2006-05-01 03:28
Location: Germany

Re: Malware

#2 Post by boco » 2019-02-13 05:29

With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead. :(

You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

alv0
500 Command not understood
Posts: 2
Joined: 2020-09-01 12:49
First name: al
Last name: v0

Re: Malware

#3 Post by alv0 » 2020-09-01 12:57

boco wrote:
2019-02-13 05:29
With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead. :(

You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
With much sadness bad-faith never will be...
What is it exactly you don't understand sir ?

The point is not only that a file without malware is available but rather that the main installer when you go on https://filezilla-project.org/download. ... form=win64
contains a malware.
Which is not acceptable.
If a company/organization/association is proposing a malware among any of its downloads, even if other files are "malware free" what does it change in the end ?
Trust in that company/organization/association is gone.

I understand the principle of Filezilla people trying to make some money out of their free software, but not that way, I cannot accept it.
That's a red card

So do you understand now or is English not clear for you ? Maybe I should've wrote this in german ?

Damn :?

User avatar
boco
Contributor
Posts: 25251
Joined: 2006-05-01 03:28
Location: Germany

Re: Malware

#4 Post by boco » 2020-09-01 13:34

Oh, I did understand fully, believe me. Just a little sarcasm after hearing the same bullshit for the 100th time...

1. The bundled installers do not contain Malware. The bundled third-party offers are classified as Adware or PUP (Possibly unwanted software). Unfortunately, AVs like to be dramatic and don't make any distinction.
2. All offers can be fully declined without any negative consequences, per the official policy. Violations of that possibly have to be reported.
3. Bundled Installers were the logical result of not getting enough donations to cover costs.
4. Please note that I'm not involved in any of the decisions made by the developer, thus, I'm the wrong tree to piss on.
5. The FileZilla Pro version has many advantages over the free one and is always Adware-free.

If that is not acceptable by yourself or anyone else, you and they are free to just not use the software. The fact that it is not Malware pretty much makes the point moot.

You can try in German, but I doubt you'll get a different answer.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

alv0
500 Command not understood
Posts: 2
Joined: 2020-09-01 12:49
First name: al
Last name: v0

Re: Malware

#5 Post by alv0 » 2020-09-01 15:39

Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link

https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.

Very simple you see ?

Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.

You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.

In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?

Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future :)

Now I already lost too much time, I wish you good luck Filezilla forum moderator...

User avatar
boco
Contributor
Posts: 25251
Joined: 2006-05-01 03:28
Location: Germany

Re: Malware

#6 Post by boco » 2020-09-01 16:11

alv0 wrote:
2020-09-01 15:39
Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link

https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.

Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.

You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.

In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?

Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future :)

Now I already lost too much time, I wish you good luck Filezilla forum moderator...
Insisting on your opinion doesn't make it a fact. Good bye, random stranger.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 33125
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Malware

#7 Post by botg » 2020-09-02 07:28

Regarding "the number of AV vendors crying wolf": They all copy each other signatures, a single false-positive from one AV product and an hour later most other products flag it as well. It's fully automated, there is no human interaction involved. It's all machine learning, with all its faults like the abysmal false-positive rates. One badly trained neural network mysteriously flags a file for reasons nobody understands and all other AV vendors clone the new signature and further use it to retrain their own neural networks.

Post Reply