rysiek ✅ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Wow, FileZilla’s bundled installer includes a malware downloader and the dev defends it horribly.

If using FileZilla, uninstall and find something else. Even if this issue is fixed, the morally ambiguous and defensive response is very concerning.

forum.filezilla-project.org/vi

rysiek ✅ @rysiek

@entreprelife searched through their wiki and their website for "bundle" to find any explanation of what is "bundled".

Not a single hit.

Ugh, now I need a different decent SFTP client for Windows to recommend to people.

· Web · 0 · 2
@rysiek @entreprelife WinSCP is pretty good (but I don't know if their installer is bundleware-free either)

@elomatreb @rysiek @entreprelife

I use it quite often and installed a new version recently.

It did have some "sponsored link" in the install but does not appear to auto install any part of the thing being advertised, you would have to specifically click on the big picture in the middle (nor are there other dodgy things like swapping round the order of accept/decline icons either like some other "freeware" does)

@entreprelife I mean, I heard about this, but assumed this was SourceForge being SourceForge:
en.wikipedia.org/wiki/FileZill

Turns out FileZilla was in on that? Dang. :/

@rysiek @entreprelife I had a similar reaction. Interestingly, I was poking fun at Sourceforge on twitter a few days ago and the CEO of SF came to let me know that SF is under new management and they are trying to clean up their tarnished brand now.

@jerry @entreprelife ah, good to know. It used to be a great place. Hope they succeed.

@jerry Yeah, Sourceforge has been adware-free for a while.
There UI is a mess, still, though :-).

@jerry @entreprelife sure, but that interface...

I guess one cannot have everything.

@rysiek @entreprelife yeah, they need a consultation from an apple or google UI person.