Malware in installer

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
David Anton
500 Command not understood
Posts: 1
Joined: 2021-02-10 15:39

Malware in installer

#1 Post by David Anton » 2021-02-10 15:46

I know that previously people have said "just read and bypass the offered adware", but the install never gets to that point because the installer is prevented from running by reputable anti-malware (e.g., MalwareBytes).

I'm really curious - is FileZilla getting so much from the malware producers (or 'scumbags') that it's worth doing this to its reputation?

I remember when WinZip did this a few years ago - I went straight to 7-zip. I couldn't believe then that the benefits would ever outweigh the harm to reputation, but here we are again with FileZilla doing the same thing.

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Malware in installer

#2 Post by botg » 2021-02-11 13:57

There is no malware in the offer-enabled installer. It does exactly as instructed by the user.

Miss_S
500 Command not understood
Posts: 2
Joined: 2022-07-30 13:22

Re: Malware in installer

#3 Post by Miss_S » 2022-07-30 16:55

I might be able to shed some light on this as I have done research on "dark patterns."

From the Wikipedia entry on "Dark Patterns":
Misdirection
Common in software installers, misdirection presents the user with a button in the fashion of a typical continuation button. A dark pattern would show a prominent "I accept these terms" button asking the user to accept the terms of a program unrelated to the one they are trying to install. Since the user typically will accept the terms by force of habit, the unrelated program can subsequently be installed. The installer's authors do this because the authors of the unrelated program pay for each installation that they procure. The alternative route in the installer, allowing the user to skip installing the unrelated program, is much less prominently displayed, or seems counter-intuitive (such as declining the terms of service).
This 2016 article provides insight into MalwareBytes rationale for blocking of dark pattern installers from Sourceforge:

https://blog.malwarebytes.com/cybercrim ... s-ask-why/

A dark pattern installer works like a trojan horse, except that they skirt the issue of legality by giving the user some means of opting out, but that opt-out is counter-intuitively placed, designed, and worded to maximize the number of users who inadvertently permit the installations. That lets the software distributor blame the victim 'the second time you clicked 'I agree,' you were giving it permission to install Adaware Web Companion" -- described by safetydetectives.com as software that "adds an annoying toolbar to your browser, slows down your PC, and changes your web browser’s home page." I'm not here to debate their characterization, but a search for that program on Google provided results that were overwhelmingly about how to remove it and people questioning how it got on their computer.
Adaware.png
Adaware.png (45.66 KiB) Viewed 2735 times
So how did you end up with an installer that contained that? More dark patterns, this time on the web page for downloads:
fzdownload.png
fzdownload.png (98.14 KiB) Viewed 2735 times

This is a classic example of a dark pattern web interface. There's one button on the page -- a huge, green one that says "Download FileZilla Client." It's only if you read the relatively small font notice below the button that you see "This installer may contain bundled offers." What that really means is "This installer uses dark patterns to trick users into installing as-of-now unspecified, and probably unwanted, software." At the bottom is a vaguely worded text link that says "Show additional download options." Like what? Bittorrent? FTP? Nope. That link means "Show me how to download what I came here for, without any additional third-party software."

Legislators and regulatory agencies in the EU and US have been chipping away at "dark patterns," invalidating agreements obtained through dark pattern interface design techniques. But the efforts are still in their infancy and far from universal.

User avatar
oibaf
Contributor
Posts: 398
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Malware in installer

#4 Post by oibaf » 2022-07-30 19:17

The big green button lets you download FileZilla, exactly as stated. The installer, as you have shown yourself with the screenshot, clearly displays an "optional offer" (exact quote) that you are asked to either accept or decline, in a way that displays the accept and decline choices at the same level and with the same prominence.

There's no "dark pattern" here.

Miss_S
500 Command not understood
Posts: 2
Joined: 2022-07-30 13:22

Re: Malware in installer

#5 Post by Miss_S » 2022-07-31 00:03

The big green button lets you download FileZilla, exactly as stated.
The button states nothing about the additional payload in the installer. If there were two equally prominent buttons, side-by-side, labeled "Download FileZilla Client Only" and "Download FileZilla Client + Adaware Web Companion," then there would be no dark pattern. The big green button at the top and the little plaintext link, vaguely worded about 'download options', at the bottom is a classic example of a "dark pattern."
The installer, as you have shown yourself with the screenshot, clearly displays an "optional offer" (exact quote) that you are asked to either accept or decline, in a way that displays the accept and decline choices at the same level and with the same prominence.
Again, from Wikipedia: "Since the user typically will accept the terms by force of habit, the unrelated program can subsequently be installed." The use of the word "accept" right after using that same word for the GNU license terms, is an example of a dark pattern. It preys on user conditioning to rapidly select options with the word "accept" as part of beginning a software installation process.
There's no "dark pattern" here.
People well read in the topic of dark patterns, including me, would disagree.

It would be very easy to drastically reduce, if not eliminate, unintended software installations by FileZilla users:
  • Provide two, equally prominent download buttons, next to each other, that are clearly labeled to show which one includes additional, optional software and which one does not.
  • Change "accept" and "decline" in the installer to something more explicit, and less like license-acceptance terminology. For example, "Install Adaware Web Companion" and "Do Not install Adaware Web Companion."
  • Add a confirmation that identifies what will be installed and what settings will be changed, allowing the user to abort an installation where they inadvertently okayed the installation of something unwanted.
If there's no intention to deceive, I'd be happy to privately discuss these and additional changes to make things clearer for users and to reduce user error during installations.

User avatar
mavistepbrand
500 Command not understood
Posts: 1
Joined: 2022-08-04 12:42
First name: MAVI
Last name: STEP
Location: Київ, Украиїна

Re: Malware in installer

#6 Post by mavistepbrand » 2022-08-04 12:51

It's not a malware! You can choose not to install this additional programme. If it was installed without your consent in the background, then it would be possible to create such posts.

Post Reply