I was just reading up on how CNet’s Download.com was wrapping all of the downloads in their own installer, which in turn was then installing spyware on client’s computers:

http://insecure.org/news/download-com-fiasco.html

As I was checking out some of the downloads mentioned in the article I noticed that Avast was listed as the second most popular download on the site. I went to the Avast page there and checked, and sure enough the downloaded file was named “setup_av_free_cnet.exe”, so obviously something has been added to the installer. I am on a Linux box and was unable to run the executable under wine (it errored out trying to open the self-extracting archive), so I don’t know exactly what the installation screen looked like in this instance. I am curious though, are the authors of Avast aware of this custom bundling and the issues with CNet distributing spyware? If so, what is their opinion on it?

Thanks.

-Michael

As far as i’m aware, no, avast! is not wrapped into C|net garbage (at least i never got it wrapped).

No, it never gone bundled with CNET.
Hope it never will.

The avast! download was always clean.
I’ve only gotten their downloader once when I wasn’t signed in on their Site.
Since I’m a member of their forum and while I’m logged on,
I’ve never gotten anything except the actual download I requested.

There is no way I would sign up to a forum and be logged on just to avoid their cr*p. I would just rather avoid cnet.

Whilst avast isn’t meant to be in their wrapper, that policy at cnet could change. This is what has always concerned me when the user starts to blame avast for the associated cr*pware additions.

There is no way I would sign up to a forum and be logged on just to avoid their cr*p. I would just rather avoid cnet.

Yes, I’m aware of that, but I haven’t got that and there is no way I would/should sign-up to avoid what shouldn’t be there, easier to avoid cnet ;D

That is also why you won’t see me on the cnet (avast sub-forum) forum.

No arguments Dave.
By the way, up to now, it’s been a very quiet "avast sub-forum)

I’m registered there, but I won’t login for each download I want. I’ve moved away.

So to get a ‘clean’ download, you have to be logged in at cnet?

Otherwise you get the bundled nonsense?

What about the Avast devs though? Are they aware that CNet is doing this in general? Isn’t using CNet as their main download supporting them?

There is a another concurrent thread on the subject. Vlk posted there: http://forum.avast.com/index.php?topic=90003.msg716301#msg716301

We have mentioned this in another topic when cnet started bundling this cr*p. Over and above the link Scott gave.

OP can’t read there…!

Heh, no, he can’t

Is it permissible to quote some of the discussion from there, get an idea of what the sentiment is from the devs?

-Michael

Sorry, but it isn’t.

Ahhh…I’m very sorry about that, I thought that was in the general forum.

I rarely browse the forum by subforum so I end up not knowing where I am.

What about a general paraphrasing, or posting in that thread asking if anyone would like to share their opinion here?

-Michael

I leave the decision/answer to Scott, as he started this.

Even KrebsonSecurity blogged about this:
Download.com Bundling Toolbars, Trojans?
http://krebsonsecurity.com/2011/12/download-com-bundling-toolbars-trojans/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+(Krebs+on+Security)