Setup bundled - warning?
Moderator: Project members
Re: Setup bundled - warning?
Of course not. botg just explained that the hash is for another file (hence the file name is different).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###
Re: Setup bundled - warning?
Fairly confident that creates a red target for GDPR complaints, let alone the sketchy factor of not clearly disclosing this.botg wrote: ↑2018-01-04 23:39Two reasons for this kind of behavior: Fraud prevention and side-stepping false-positives.
The reason for the former is simple, preventing malicious customers from fraudulently generating fake clicks.
The reason for the latter is also simple if you consider that AV products compete in the market of installer monetization. It's an open secret that AV companies purposefully block offers from or for competing companies.
All that being said, the choice is with the end-user. If you do not wish to use the offer-enabled installer, have a look at the additional download options page. Even if you do use the offer-enabled installers, nothing unwanted is being installed without your consent.
Someone should probably take this thread to Reddit.
-
- 500 Command not understood
- Posts: 1
- Joined: 2018-06-23 14:58
Re: Setup bundled - warning?
Well. This is interesting. Linked here from Reddit. Guess I won't be using filezilla anymore. I also happen to work at a very large tech vendor who uses filezilla as the tool of choice for our hundreds of thousands of clients. I have a suspicion that will be changing after this news gets around.
Re: Setup bundled - warning?
Dangerously ignorant user. Not matching filename = the checksum is NOT for that file. Checksums can only be provided for the non-bundled packages, because they're static. Bundled installers are not.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###
Re: Setup bundled - warning?
There's something better than the checksums: Digital signatures. You will find the files signed.
-
- 500 Command not understood
- Posts: 1
- Joined: 2018-06-23 17:47
Re: Setup bundled - warning?
I just scanned the file FileZilla_3.34.0_win64-setup_bundled.exe with Eset antivirus. I got this warning
"C:\Users\User\Downloads\FileZilla_3.34.0_win64-setup_bundled.exe » NSIS » Fusion.dll - a variant of Win32/FusionCore.Z potentially unwanted application - action selection postponed until scan completion"
When I compare this installer to the installer I downloaded yesterday the name is different: "FileZilla_3.34.0_win64-setup.exe" yesterday 2018-06-22 5:04 PM vs "FileZilla_3.34.0_win64-setup_bundled.exe" today 2018-06-23 10:22 AM. Of course the hashes don't match, newer file is 955KB bigger.
I think there may have been a breach.
"C:\Users\User\Downloads\FileZilla_3.34.0_win64-setup_bundled.exe » NSIS » Fusion.dll - a variant of Win32/FusionCore.Z potentially unwanted application - action selection postponed until scan completion"
When I compare this installer to the installer I downloaded yesterday the name is different: "FileZilla_3.34.0_win64-setup.exe" yesterday 2018-06-22 5:04 PM vs "FileZilla_3.34.0_win64-setup_bundled.exe" today 2018-06-23 10:22 AM. Of course the hashes don't match, newer file is 955KB bigger.
I think there may have been a breach.
Re: Setup bundled - warning?
It's a tautological false-positive, by the very definition of the term, _everything_ is potentially unwanted.
Forget about the hashes, check the digital signature of the file.
Forget about the hashes, check the digital signature of the file.