FileZilla Forums

Hi Guys,

With much sadness, I have asked Users at my organization to not use Filezilla any longer as it is bundled with adware.
When you decide to removed adware from your product, I am sure we will start using you again, unless everyone likes cyberduck more.

Cheers
Mason

With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead.

You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1

boco wrote: ↑

2019-02-13 05:29

With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead.

You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1

With much sadness bad-faith never will be...
What is it exactly you don't understand sir ?

The point is not only that a file without malware is available but rather that the main installer when you go on https://filezilla-project.org/download. ... form=win64
contains a malware.
Which is not acceptable.
If a company/organization/association is proposing a malware among any of its downloads, even if other files are "malware free" what does it change in the end ?
Trust in that company/organization/association is gone.

I understand the principle of Filezilla people trying to make some money out of their free software, but not that way, I cannot accept it.
That's a red card

So do you understand now or is English not clear for you ? Maybe I should've wrote this in german ?

Damn

Oh, I did understand fully, believe me. Just a little sarcasm after hearing the same bullshit for the 100th time...

1. The bundled installers do not contain Malware. The bundled third-party offers are classified as Adware or PUP (Possibly unwanted software). Unfortunately, AVs like to be dramatic and don't make any distinction.
2. All offers can be fully declined without any negative consequences, per the official policy. Violations of that possibly have to be reported.
3. Bundled Installers were the logical result of not getting enough donations to cover costs.
4. Please note that I'm not involved in any of the decisions made by the developer, thus, I'm the wrong tree to piss on.
5. The FileZilla Pro version has many advantages over the free one and is always Adware-free.

If that is not acceptable by yourself or anyone else, you and they are free to just not use the software. The fact that it is not Malware pretty much makes the point moot.

You can try in German, but I doubt you'll get a different answer.

Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link

https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.

Very simple you see ?

Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.

You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.

In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?

Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future

Now I already lost too much time, I wish you good luck Filezilla forum moderator...

alv0 wrote: ↑

2020-09-01 15:39

Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link

https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.

Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.

You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.

In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?

Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future

Now I already lost too much time, I wish you good luck Filezilla forum moderator...

Insisting on your opinion doesn't make it a fact. Good bye, random stranger.

Regarding "the number of AV vendors crying wolf": They all copy each other signatures, a single false-positive from one AV product and an hour later most other products flag it as well. It's fully automated, there is no human interaction involved. It's all machine learning, with all its faults like the abysmal false-positive rates. One badly trained neural network mysteriously flags a file for reasons nobody understands and all other AV vendors clone the new signature and further use it to retrain their own neural networks.

Hi

As of today (13.feb.2024) Microsoft Defender quarantines both sponsored and "not-sponsored" versions of windows x64 installer as PUA FileZilla_BundleInstaller.

1) "not-sponsored" FileZilla_3.66.5_win64-setup.exe , SHA-512 hash: 959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214
2) "sponsored" FileZilla_3.66.5_win64_sponsored2-setup.exe , SHA-256 dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce

Could author(s) shed a light - is it Microsoft false positive, or really now both versions include sponsored content (adware)?

Thanks

You need to report this false-positive to your AV vendor.

response from Microsoft on submission of non-sponsored file
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions

Windows 11 (Microsoft Defender Antivirus) refused to launch the sponsored installer.

PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus
https://www.microsoft.com/en-us/wdsi/th ... tid=311942

I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.

JasonD wrote: ↑

2024-02-16 07:06

Windows 11 (Microsoft Defender Antivirus) refused to launch the sponsored installer.

PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus
https://www.microsoft.com/en-us/wdsi/th ... tid=311942

I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.

Uhm.

The website CLEARLY STATES the intent of the "main installer" as containing "potential bundled offers" as well as the availability of "other download options:
-- and clicking "one more link" gets you an entire page of "bundle free installers":
If two link clicks are too much, the full version is available commercially. Actually paying for the product (and the paid support that comes with it) is also an option that provides an "unbundled release" as well as extra features.

The most perplexing part about this is that it's users of Windows that are complaining. Windows, which on a fresh installation comes out of the box with a ton of bundled and definitely unwanted third-party software one cannot even uninstall.

When will we see Windows Defender flagging Windows itself as malware as it should clearly do by the very same definition of "potentially unwanted"?

Consider -- clearly stated words do not need highlighting.

The design of this page is: large green button screams for attention for the desired action --> to download the bundled client.
If there were two choices, equally viable, then another large green button would convey that.
If two green buttons said "sponsored bundle" and "just the app", this would convey info even better.
If you expect all new users to read every word on the page, you could remove the green button.

The application is fantastic.
The only issue folks have is getting something unexpected.

Even hyper-cautious people (myself) have accidentally installed bundled apps when it was added unexpectedly to a commonly used app. These bundles are not always vetted by the app owner, and in some cases, their uninstaller just mangles itself -- taking me hours to debug and fix. The app owner admits to being unaware. Consider being bitten like this -- you may install applications by accident (accidentally installing the green-box-install app, accidentally missing unchecking the bundle) that have not even been tested by the application owner.