Or at a more simplistic level, why haven't Google, Firefox et al simply blocked download.com as serving malware? Even something that simple happening far more frequently, might mean sites carrying ads gained some ethics. Maybe some of the ad networks would then be held responsible for the crap they regularly carry.
...and sites whine at the unfairness of the growing number of adblocking users. Right.
This is something I have been curious about as well. It seems like Google at the very least should be blacklisting download.com or at least showing the message they show for "bad" sites: "Warning: Visiting this site may harm your computer!"
Download.com doesn't write the malware, it just serves it. Are they a custodian? The argument here is that download.com knowingly serves malware to make money.
By that same argument, if Google knowingly serves a link to download.com to make money, how is this different?
At the end of the day, online businesses serve things to customers just as venues serve performing acts and stores sell goods. There is some expectation of due diligence over what they provide.
We can argue about whether they should be legally compelled to not serve malware, or whether we should simply stop doing business with companies that serve malware, but it's reasonable to consider them responsible for the things they serve to make money.
> At the end of the day, online businesses serve things to customers just as venues serve performing acts and stores sell goods. There is some expectation of due diligence over what they provide.
Devil's advocate: where does this line start and stop?
I'm not advocating for download.com. Stores aren't held responsible for bad products. Physical stores like Walmart and Target as well as digital entities like Amazon and Newegg have shelves full of products designed to break under minimal use, high markups for mediocre products, and products that have been cleverly advertise to look better than exected. This is not completely analogous to serving malware, but the onus is not on the store to vet the products before selling.
Why should download.com be held responsible for hosting crapware when we don't hold stores pushing goods liable for selling us gold-painted trash?
Devil's advocate: where does this line start and stop?Stores aren't held responsible for bad products
I don't know about the US, but in the UK and Europe they are. The contract is with the retailer, so you can sue them. There is an expectation that things we get are safe. They are frequently crap, but rarely damage your other things or injure you. If something breaks after minimal use it would not be of "merchantable quality" and you'd be entitled to a full refund from the retailer. Likewise claims and statements to the public and in advertising must be true. (IANAL)
Now, Download make a big deal of being a trusted source, and will not accept "Software that installs viruses, Trojan horses, malicious adware, spyware, or other malicious software at any point during or after installation". There's a very lengthy list of what they don't allow and how they are curating their offerings. They have, for quite some time, been failing in this. For pity's sake they even have dark patterns and show ads with prominent download buttons, which aren't.
As they want to be a trusted source, and have lengthy text telling us they won't accept malware and that they curate everything, I think they should fall foul of the browser's safe browsing filters.
If, on the other hand they said plainly "we make only limited checks, downloader beware", fair enough. Just like a forum disclaiming views of posters.
TL;DR Yes, they should be held responsible for what they serve, or stop claiming to be so trustworthy and "We test all submitted software products according to comprehensive criteria.".
> Devil's advocate: where does this line start and stop?
I would say that it stops as soon as the venue starts doing any reasonably in depth vetting -- or even more, actively curating -- what they're serving. In this case, Google already has a malware detection service that is hooked into their browser, and this malware detection service can reasonably be expected to catch sites like download.com that serve trojans.
Download.com actively choses what to provide for download, and actively makes sure it has malware.
> This is not completely analogous to serving malware, but the onus is not on the store to vet the products before selling.
Sure it is. If the store sells low priced crapware, then it's 100% the responsibility of the store. The difference here is that the crap that they sell is legal, non-intrusive, and can generally be returned for a refund.
> Why should download.com be held responsible for hosting crapware when we don't hold stores pushing goods liable for selling us gold-painted trash?
There is a vast amount of difference between download.com hosting a binary and Walmart hosting a product. In the latter, there is a due process whereby any defective goods could be returned to the manufacturer. More importantly, a manufacturer's guarantee/stamp is involved.
If the binaries are signed by the original developers' public key, then I can agree somewhat to your analogy. Otherwise, its download.com who is 100% responsible.
I'm not sure if it is still the case, but being hosted on download.com used to have a cachet over other sources. Today, their about us page has this to say:
"All products in our library go through a rigorous testing process."
So, Google should blacklist most torrent sites as well, then?
See, I think Google's job (let's call it that for lack of something else as I'm typing) is indexing the web and showing me relevant links based on what I search for. And that's basically it. If I choose a wrong word and a naughty site pops up, hey, that's my bad. I don't think Google should filter that for me (unless it's an option that I can opt in). Similarly, if I search for software, i don't want Google giving me a curated list of vendors. Good, bad or otherwise.
The point is that they're not showing you what you wanted - if you search for Firefox, I'm pretty sure you don't want a malware-infested version. You want plain old regular malware-free Firefox.
So Google isn't showing you what you searched for.
If you search for torrents or illegal downloads well that's different, isn't it?
I _WANT_ every available option shown. They can sort by relevance, but I best darn well see Download.com on some page of the returned results. I _don't_ need Google censoring the internet.
> You really want Google to be the custodian of all things bad?
I expect them to manage their products (chrome, search) in an ethical way. If I'm using their search, then yes, I expect that they'll give these warnings. If I'm using Bing, then I expect MS to do the same.
The sort of person who installs uBlock Origin is also generally the kind of person that knows to avoid these websites. However, people like my mother don't know how to install uBlock, and don't know to avoid download.com (I mean, with a domain name like that, it has to be legit!).
This is what uBlock shows me when visiting a page on download.com [0]. It also changes the URL to "chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/...". If my mother saw this, I'd get a phone call right away that some virus was stopping her from downloading something. It looks scary, and the most visible information is the most obtuse, while the most useful information is grayed out on the page.
If the most prominent text was something like "We've blocked this page, because it matches our list of 'Badware risks'." I'd feel better about installing uBlock for a casual user. As it is now, I only install Adblock Plus because it hides malicious ads and fake download buttons without also presenting scary things to the user.
Yep, but I would not dare suggest ublock origin to any of my non-techie friends or relatives as my unpaid support load would go up hugely. Adblock is far enough for them! I run it always, but one thing it is not, in any respect, is non-techie friendly.
I love that it tells me what triggered a block, and which filter it pulled it from, but Joe User would be baffled. Then clicking random buttons to make it go away (likely disable strict blocking, permanently), or phoning their ISP because the Net's broken...
Well maybe if it was a new site with no backing, they would block. Unfortunately Download was part of CNET. CNET was purchased by CBS. This is CBS serving malware.
They know what they're doing. It's probably the only portion of the CNET properties that makes a good amount money in CBS's eyes.
...and sites whine at the unfairness of the growing number of adblocking users. Right.