Malware

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
Masonic
500 Command not understood
Posts: 1
Joined: 2019-02-12 20:46
First name: Mason
Last name: Sher

Malware

#1 Post by Masonic » 2019-02-12 20:51

Hi Guys,

With much sadness, I have asked Users at my organization to not use Filezilla any longer as it is bundled with adware.
When you decide to removed adware from your product, I am sure we will start using you again, unless everyone likes cyberduck more.

Cheers
Mason

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: Malware

#2 Post by boco » 2019-02-13 05:29

With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead. :(

You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

alv0
500 Command not understood
Posts: 2
Joined: 2020-09-01 12:49
First name: al
Last name: v0

Re: Malware

#3 Post by alv0 » 2020-09-01 12:57

boco wrote:
2019-02-13 05:29
With much sadness, I declare that the art of reading (and clicking on one more link) is officially dead. :(

You know that the bundled installer/package isn't mandatory to use?
https://filezilla-project.org/download.php?show_all=1
With much sadness bad-faith never will be...
What is it exactly you don't understand sir ?

The point is not only that a file without malware is available but rather that the main installer when you go on https://filezilla-project.org/download. ... form=win64
contains a malware.
Which is not acceptable.
If a company/organization/association is proposing a malware among any of its downloads, even if other files are "malware free" what does it change in the end ?
Trust in that company/organization/association is gone.

I understand the principle of Filezilla people trying to make some money out of their free software, but not that way, I cannot accept it.
That's a red card

So do you understand now or is English not clear for you ? Maybe I should've wrote this in german ?

Damn :?

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: Malware

#4 Post by boco » 2020-09-01 13:34

Oh, I did understand fully, believe me. Just a little sarcasm after hearing the same bullshit for the 100th time...

1. The bundled installers do not contain Malware. The bundled third-party offers are classified as Adware or PUP (Possibly unwanted software). Unfortunately, AVs like to be dramatic and don't make any distinction.
2. All offers can be fully declined without any negative consequences, per the official policy. Violations of that possibly have to be reported.
3. Bundled Installers were the logical result of not getting enough donations to cover costs.
4. Please note that I'm not involved in any of the decisions made by the developer, thus, I'm the wrong tree to piss on.
5. The FileZilla Pro version has many advantages over the free one and is always Adware-free.

If that is not acceptable by yourself or anyone else, you and they are free to just not use the software. The fact that it is not Malware pretty much makes the point moot.

You can try in German, but I doubt you'll get a different answer.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

alv0
500 Command not understood
Posts: 2
Joined: 2020-09-01 12:49
First name: al
Last name: v0

Re: Malware

#5 Post by alv0 » 2020-09-01 15:39

Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link

https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.

Very simple you see ?

Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.

You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.

In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?

Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future :)

Now I already lost too much time, I wish you good luck Filezilla forum moderator...

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: Malware

#6 Post by boco » 2020-09-01 16:11

alv0 wrote:
2020-09-01 15:39
Yes Filezilla's concerned installer DOES contain malware/bloatware/unsafe-unwanted software. Period. You understand ?
What now are you going to play on semantic I guess ? Bull**** !!
No matter how many times you come back saying it doesn't, it ain't going to change it. This is a very simple fact.
It is not me saying that but multiple worldwide recognized enterprise-grade AV companies.
In this link

https://www.virustotal.com/gui/file/6a9 ... /detection
the number of AVs, who are flagging your installer.

Now, who are you exactly to pretend it is safe ? Let me tell you : nobody. Did you read the source of that bloatware ? No of course you didn't.

You saying they are "dramatic" is nothing else than your personal interpretation. It has no value. I prefer trusting an enterprise AV company rather than a random forum moderator who obviously has a clear conflict interest.
So, of course the decision is not yours, nevertheless you are defending it. Comes down to the same for me, so in the end you deserve what I am throwing at you.

In my job, if it happens that somebody from my hierarchy takes a decision I don't support, at least I shut my mouth if I am not in position to do otherwise. But I never, ever, publicly defend it.
Or, last ressort solution, if the bull**** level I'm faced with is too high, I do a quick market search and get another job. Simple isn't it ?

Of course I am free to use something else. Believe me that as an IT professional, that is exactly what I am going to suggest to everyone who asks me something about Filezilla in the future :)

Now I already lost too much time, I wish you good luck Filezilla forum moderator...
Insisting on your opinion doesn't make it a fact. Good bye, random stranger.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Malware

#7 Post by botg » 2020-09-02 07:28

Regarding "the number of AV vendors crying wolf": They all copy each other signatures, a single false-positive from one AV product and an hour later most other products flag it as well. It's fully automated, there is no human interaction involved. It's all machine learning, with all its faults like the abysmal false-positive rates. One badly trained neural network mysteriously flags a file for reasons nobody understands and all other AV vendors clone the new signature and further use it to retrain their own neural networks.

kuku
500 Command not understood
Posts: 2
Joined: 2024-02-13 07:34
First name: ku
Last name: ku

Re: Malware

#8 Post by kuku » 2024-02-13 08:22

Hi

As of today (13.feb.2024) Microsoft Defender quarantines both sponsored and "not-sponsored" versions of windows x64 installer as PUA FileZilla_BundleInstaller.

1) "not-sponsored" FileZilla_3.66.5_win64-setup.exe , SHA-512 hash: 959f0c48831b53407787d4dab2efa4ce43101b5dc6b6ad08379e6dd4ab3e272598f11867a3e08d89f06fed3e29212b088a94b99be7d20acbdc1cccc449bd2214
2) "sponsored" FileZilla_3.66.5_win64_sponsored2-setup.exe , SHA-256 dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce

Could author(s) shed a light - is it Microsoft false positive, or really now both versions include sponsored content (adware)?

Thanks

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Malware

#9 Post by botg » 2024-02-13 08:30

You need to report this false-positive to your AV vendor.

kuku
500 Command not understood
Posts: 2
Joined: 2024-02-13 07:34
First name: ku
Last name: ku

Re: Malware

#10 Post by kuku » 2024-02-13 12:56

response from Microsoft on submission of non-sponsored file
At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions

User avatar
JasonD
450 Internal Error
Posts: 36
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA

Re: Malware

#11 Post by JasonD » 2024-02-16 07:06

Windows 11 (Microsoft Defender Antivirus) refused to launch the sponsored installer.

PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus

https://www.microsoft.com/en-us/wdsi/th ... tid=311942

I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.

iam_sysop
226 Transfer OK
Posts: 62
Joined: 2021-10-08 21:33

Re: Malware

#12 Post by iam_sysop » 2024-02-16 14:48

JasonD wrote:
2024-02-16 07:06
Windows 11 (Microsoft Defender Antivirus) refused to launch the sponsored installer.

PUABundler:Win32/FileZilla_BundleInstaller
Detected by Microsoft Defender Antivirus

https://www.microsoft.com/en-us/wdsi/th ... tid=311942

I get caught with this every time, as the website doesn't make this obvious -- it's designed purposefully knowing that people won't notice. Thus, it shouldn't be a shocker when people get upset.
Uhm.

The website CLEARLY STATES the intent of the "main installer" as containing "potential bundled offers" as well as the availability of "other download options:
Screenshot 2024-02-16 084451.png
Screenshot 2024-02-16 084451.png (43.21 KiB) Viewed 1983 times
-- and clicking "one more link" gets you an entire page of "bundle free installers":
Screenshot 2024-02-16 at 08-49-47 Download FileZilla Client.png
Screenshot 2024-02-16 at 08-49-47 Download FileZilla Client.png (71.71 KiB) Viewed 1981 times
If two link clicks are too much, the full version is available commercially. Actually paying for the product (and the paid support that comes with it) is also an option that provides an "unbundled release" as well as extra features.

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Malware

#13 Post by botg » 2024-02-16 19:57

The most perplexing part about this is that it's users of Windows that are complaining. Windows, which on a fresh installation comes out of the box with a ton of bundled and definitely unwanted third-party software one cannot even uninstall. :roll:

When will we see Windows Defender flagging Windows itself as malware as it should clearly do by the very same definition of "potentially unwanted"?

User avatar
JasonD
450 Internal Error
Posts: 36
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA

Re: Malware

#14 Post by JasonD » 2024-02-16 20:50

Consider -- clearly stated words do not need highlighting.

The design of this page is: large green button screams for attention for the desired action --> to download the bundled client.
If there were two choices, equally viable, then another large green button would convey that.
If two green buttons said "sponsored bundle" and "just the app", this would convey info even better.
If you expect all new users to read every word on the page, you could remove the green button.

The application is fantastic.
The only issue folks have is getting something unexpected.

Even hyper-cautious people (myself) have accidentally installed bundled apps when it was added unexpectedly to a commonly used app. These bundles are not always vetted by the app owner, and in some cases, their uninstaller just mangles itself -- taking me hours to debug and fix. The app owner admits to being unaware. Consider being bitten like this -- you may install applications by accident (accidentally installing the green-box-install app, accidentally missing unchecking the bundle) that have not even been tested by the application owner.

Post Reply