It could look like the website and the average person wouldn't even know. I'm paranoid that someone has set up a website that looks just like my banks, but is utilizing dns cache poisoning to target me. I mean it's not difficult to miss something like this.
I find it very interesting that there is a business around creating download sites for free/opensource apps. SEO optimization there has to be cut-throat.
Trivia: notepad++ is open source but with a clause that you are not allowed to bundle it with spywhare. So while most sites that make money off bundling open source software with spywhare are in the twilight zone - anyone bundling notepad++ with spywhare are clearly in the wrong territory
Citation needed. It looks to me like it's just GPL, which has no such clause. I'm also skeptical that any license with such a clause would qualify as open source.
1. Apply the license restriction to the official binary. The distributor would have to recompile from source to get a binary they can redistribute without restriction. That might stop some low effort redistributors.
2. Trademark the name of the software. The distributor would have to rebrand. That should be a bit more effective.
Had a look at chip.de, that's even worse (used to be an alright site). The installer tries to offer installs of Opera, Avast and Avira - ridiculous as you shouldn't have multiple AV's installed. Albeit if you just click through nothing does actually get installed but the product you want. And then Avast tries to install Google Chrome also.
at this moment, if anyone pays google enough they will serve the result on top no matter what they serve. So if you want to survive malware, please enable an adblocker.
Install Pihole and set your home's wifi AP to use it as the default DNS. It's the only way to get universal adblocking in all browsers (until DNS-over-HTTPS ruins everything) and more importantly in phone apps. Fortunately most phone apps are just wrappers around the native browser, so it works great in most of the ones I use (e.g. BBC News). It's a great way to help everyone in your home without having to install stuff on all their devices.
heads up for pihole. I cannot,for the sake of my sanity, run internet without ublock and pihole. I teach all my friends and family how to install ublock origin.
If not for gorhill and pihole the internet is an absolute abomination of fb/google/media sites where everywhere u go, someone is holding a big billboard in your face. And god forbid if u block ads they guilt u to feel u are stealing from them.
Some months ago when the Paramount+ streaming service launched in Latin America the top Google Result in Argentina was for a fake site that imitated the original and stole credit card numbers. The domain seemed 100% legit except that it wasn’t the real one.
One of my kids likes to draw and play Minecraft. They’ll read about a program, Google it and try to install. 90% of the time that the software is legit, there’s some malware/adware wrapper they click on and try to install.
Yeah. Similarly German Goo Girls is higher ranking than Girls Go Games as my 9 year old found out by accident by typing ggg in Google search. Man that took some explaining.
I worked for a company once where IT Desktop Support had to install all software, even for teams who worked in Technology. I was tasked with starting a whole new program and needed a bunch of new tools installed, and needed to supply them with a list of all these applications we'd ever need.
Out of curiosity, after they didn't provide the right software a few times, I asked the guy how he was validating they were securely sourced, etc. His reply was "Oh I just googled it and grabbed the first one." After that, I at least sent him the links of where to download it from, but I couldn't convince any of the IT executives that this policy is pretty useless if they're just grabbing and installing.
It’s an interesting question - I (an ex-sysadmin) would always go to official sites.
My parents on the other hand, retired and not good with computers, would just search in google and click whatever’s at the top. Their generation are completely clueless with computers and the internet. Any time I teach them something they forget it…
The bait is that Don Ho, Notepad++'s creator, is very political, and while I use it daily, it's always in the back of my mind that he (or his detractors) could use the huge installation base to make a point.
I think his tribute update to Charlie Hebdo (2015) did more bad than good for his reputation.
Yeah, but it’s not as if the official site was infected. A random .exe from a completely unrelated site seems to be the vector for the trojan, which brings it back to "very much not interesting" to me.
28 comments
[ 3.0 ms ] story [ 78.7 ms ] threadAs an example case, when you search for "vlc player", the top 3 Google results are:
- vlc.de (A scammer site blocked by my ad blocker)
- videolan.org (The authorative source and official site)
- chip.de (A german tech tabloid providing their own downloads of popular programs serving their own ads)
1. Apply the license restriction to the official binary. The distributor would have to recompile from source to get a binary they can redistribute without restriction. That might stop some low effort redistributors.
2. Trademark the name of the software. The distributor would have to rebrand. That should be a bit more effective.
https://www.vlc-forum.de/
Seems shady though.
Had a look at chip.de, that's even worse (used to be an alright site). The installer tries to offer installs of Opera, Avast and Avira - ridiculous as you shouldn't have multiple AV's installed. Albeit if you just click through nothing does actually get installed but the product you want. And then Avast tries to install Google Chrome also.
fun times with google and all !! /s
Sneakily installing an adblocker without consent is within my realm of ethics.
If not for gorhill and pihole the internet is an absolute abomination of fb/google/media sites where everywhere u go, someone is holding a big billboard in your face. And god forbid if u block ads they guilt u to feel u are stealing from them.
One of my kids likes to draw and play Minecraft. They’ll read about a program, Google it and try to install. 90% of the time that the software is legit, there’s some malware/adware wrapper they click on and try to install.
Well, you see son, when a mommy and a daddy and a daddy and a daddy…
Also crap like sourceforge might be the official distribution platform but looks like an adware shit show site.
Out of curiosity, after they didn't provide the right software a few times, I asked the guy how he was validating they were securely sourced, etc. His reply was "Oh I just googled it and grabbed the first one." After that, I at least sent him the links of where to download it from, but I couldn't convince any of the IT executives that this policy is pretty useless if they're just grabbing and installing.
My parents on the other hand, retired and not good with computers, would just search in google and click whatever’s at the top. Their generation are completely clueless with computers and the internet. Any time I teach them something they forget it…
I think his tribute update to Charlie Hebdo (2015) did more bad than good for his reputation.
https://thedavidjohnson.com/2015/01/12/notepad-tribute-to-ch...
Also curious, what's the feedback to this "variant" from virustotal?