Malware
Moderator: Project members
-
- 500 Command not understood
- Posts: 1
- Joined: 2019-02-12 20:46
- First name: Mason
- Last name: Sher
Malware
Hi Guys,
With much sadness, I have asked Users at my organization to not use Filezilla any longer as it is bundled with adware.
When you decide to removed adware from your product, I am sure we will start using you again, unless everyone likes cyberduck more.
Cheers
Mason
With much sadness, I have asked Users at my organization to not use Filezilla any longer as it is bundled with adware.
When you decide to removed adware from your product, I am sure we will start using you again, unless everyone likes cyberduck more.
Cheers
Mason
Re: Malware
With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead.
You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Malware
With much sadness bad-faith never will be...boco wrote: ↑2019-02-13 05:29With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead.
You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
What is it exactly you don't understand sir ?
The point is not only that a file without malware is available but rather that the main installer when you go on https://filezilla-project.org/download. ... form=win64
contains a malware.
Which is not acceptable.
If a company/organization/association is proposing a malware among any of its downloads, even if other files are "malware free" what does it change in the end ?
Trust in that company/organization/association is gone.
I understand the principle of Filezilla people trying to make some money out of their free software, but not that way, I cannot accept it.
That's a red card
So do you understand now or is English not clear for you ? Maybe I should've wrote this in german ?
Damn
Re: Malware
Oh, I did understand fully, believe me. Just a little sarcasm after hearing the same bullshit for the 100th time...
1. The bundled installers do not contain Malware. The bundled third-party offers are classified as Adware or PUP (Possibly unwanted software). Unfortunately, AVs like to be dramatic and don't make any distinction.
2. All offers can be fully declined without any negative consequences, per the official policy. Violations of that possibly have to be reported.
3. Bundled Installers were the logical result of not getting enough donations to cover costs.
4. Please note that I'm not involved in any of the decisions made by the developer, thus, I'm the wrong tree to piss on.
5. The FileZilla Pro version has many advantages over the free one and is always Adware-free.
If that is not acceptable by yourself or anyone else, you and they are free to just not use the software. The fact that it is not Malware pretty much makes the point moot.
You can try in German, but I doubt you'll get a different answer.
1. The bundled installers do not contain Malware. The bundled third-party offers are classified as Adware or PUP (Possibly unwanted software). Unfortunately, AVs like to be dramatic and don't make any distinction.
2. All offers can be fully declined without any negative consequences, per the official policy. Violations of that possibly have to be reported.
3. Bundled Installers were the logical result of not getting enough donations to cover costs.
4. Please note that I'm not involved in any of the decisions made by the developer, thus, I'm the wrong tree to piss on.
5. The FileZilla Pro version has many advantages over the free one and is always Adware-free.
If that is not acceptable by yourself or anyone else, you and they are free to just not use the software. The fact that it is not Malware pretty much makes the point moot.
You can try in German, but I doubt you'll get a different answer.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Malware
Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link
https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.
Very simple you see ?
Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.
You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.
In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?
Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future
Now I already lost too much time, I wish you good luck Filezilla forum moderator...
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link
https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.
Very simple you see ?
Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.
You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.
In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?
Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future
Now I already lost too much time, I wish you good luck Filezilla forum moderator...
Re: Malware
Insisting on your opinion doesn't make it a fact. Good bye, random stranger.alv0 wrote: ↑2020-09-01 15:39Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link
https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.
Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.
You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.
In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?
Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future
Now I already lost too much time, I wish you good luck Filezilla forum moderator...
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Malware
Regarding "the number of AV vendors crying wolf": They all copy each other signatures, a single false-positive from one AV product and an hour later most other products flag it as well. It's fully automated, there is no human interaction involved. It's all machine learning, with all its faults like the abysmal false-positive rates. One badly trained neural network mysteriously flags a file for reasons nobody understands and all other AV vendors clone the new signature and further use it to retrain their own neural networks.
Re: Malware
Hi
As of today (13.feb.2024) Microsoft Defender quarantines both sponsored and "not-sponsored" versions of windows x64 installer as PUA FileZilla_BundleInstaller.
1) "not-sponsored" FileZilla_3.66.5_win64-setup.exe , SHA-512 hash: 959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214
2) "sponsored" FileZilla_3.66.5_win64_sponsored2-setup.exe , SHA-256 dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
Could author(s) shed a light - is it Microsoft false positive, or really now both versions include sponsored content (adware)?
Thanks
As of today (13.feb.2024) Microsoft Defender quarantines both sponsored and "not-sponsored" versions of windows x64 installer as PUA FileZilla_BundleInstaller.
1) "not-sponsored" FileZilla_3.66.5_win64-setup.exe , SHA-512 hash: 959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214
2) "sponsored" FileZilla_3.66.5_win64_sponsored2-setup.exe , SHA-256 dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
Could author(s) shed a light - is it Microsoft false positive, or really now both versions include sponsored content (adware)?
Thanks
Re: Malware
You need to report this false-positive to your AV vendor.
Re: Malware
response from Microsoft on submission of non-sponsored file
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions
- JasonD
- 450 Internal Error
- Posts: 36
- Joined: 2010-09-04 17:08
- First name: Jason
- Last name: Doucette
- Location: Seattle, WA, USA
Re: Malware
Windows 11 (Microsoft Defender Antivirus) refused to launch the sponsored installer.
PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus
https://www.microsoft.com/en-us/wdsi/th ... tid=311942
I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.
PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus
https://www.microsoft.com/en-us/wdsi/th ... tid=311942
I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.
Re: Malware
Uhm.JasonD wrote: ↑2024-02-16 07:06Windows 11 (Microsoft Defender Antivirus) refused to launch the sponsored installer.
PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus
https://www.microsoft.com/en-us/wdsi/th ... tid=311942
I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.
The website CLEARLY STATES the intent of the "main installer" as containing "potential bundled offers" as well as the availability of "other download options:
-- and clicking "one more link" gets you an entire page of "bundle free installers":
If two link clicks are too much, the full version is available commercially. Actually paying for the product (and the paid support that comes with it) is also an option that provides an "unbundled release" as well as extra features.
Re: Malware
The most perplexing part about this is that it's users of Windows that are complaining. Windows, which on a fresh installation comes out of the box with a ton of bundled and definitely unwanted third-party software one cannot even uninstall.
When will we see Windows Defender flagging Windows itself as malware as it should clearly do by the very same definition of "potentially unwanted"?
When will we see Windows Defender flagging Windows itself as malware as it should clearly do by the very same definition of "potentially unwanted"?
- JasonD
- 450 Internal Error
- Posts: 36
- Joined: 2010-09-04 17:08
- First name: Jason
- Last name: Doucette
- Location: Seattle, WA, USA
Re: Malware
Consider -- clearly stated words do not need highlighting.
The design of this page is: large green button screams for attention for the desired action --> to download the bundled client.
If there were two choices, equally viable, then another large green button would convey that.
If two green buttons said "sponsored bundle" and "just the app", this would convey info even better.
If you expect all new users to read every word on the page, you could remove the green button.
The application is fantastic.
The only issue folks have is getting something unexpected.
Even hyper-cautious people (myself) have accidentally installed bundled apps when it was added unexpectedly to a commonly used app. These bundles are not always vetted by the app owner, and in some cases, their uninstaller just mangles itself -- taking me hours to debug and fix. The app owner admits to being unaware. Consider being bitten like this -- you may install applications by accident (accidentally installing the green-box-install app, accidentally missing unchecking the bundle) that have not even been tested by the application owner.
The design of this page is: large green button screams for attention for the desired action --> to download the bundled client.
If there were two choices, equally viable, then another large green button would convey that.
If two green buttons said "sponsored bundle" and "just the app", this would convey info even better.
If you expect all new users to read every word on the page, you could remove the green button.
The application is fantastic.
The only issue folks have is getting something unexpected.
Even hyper-cautious people (myself) have accidentally installed bundled apps when it was added unexpectedly to a commonly used app. These bundles are not always vetted by the app owner, and in some cases, their uninstaller just mangles itself -- taking me hours to debug and fix. The app owner admits to being unaware. Consider being bitten like this -- you may install applications by accident (accidentally installing the green-box-install app, accidentally missing unchecking the bundle) that have not even been tested by the application owner.