***Palican malware in install site***

Anmeldedatum: 17.11.2011 Beiträge: 14

Hi,
Downloading MPE from FossHub last week, the ad (in div class="top-banner) contained a download button for an exe that installed the palican virus.

The ad doesn't look much like an ad and this button was much more prominent than the actual download. Someone who I had recommended MPE to ended up infected with Palican, and, rather embarrassed, I had to help them fix their PC.

Going back and checking the site again, I saw a different ad (not necessarily malware) but again the download button on the ad was much more prominent than the MPE software itself. So I feel FossHub is trying to trick users into navigating to a different product from what the users had wanted.

I appreciate that you have no direct control over the FossHub site. However you do have the choice of which download provider to use. There are many well-known established sites that I have found trust-worthy and safe.

I love MPE, and have made a generous donation. By installing your software we are trusting you with the health of our PC. Please honour that trust by keeping us safe from viruses.

I hope you can see this was a very negative experience with MPE. Please can you re-evaluate your arrangements for downloading?

Thanks

Verfasst am: Mo Feb 08, 2016 12:42

AdamPS hat Folgendes geschrieben:

Downloading MPE from FossHub last week

Why don't you use the official download which can be found here: http://www.fjsoft.at/de/downloads.php?

BTW: I just downloaded the MPE setup file from FossHub and it was identical to the original file which resides on FJ's server (same MD5 checksum).

Anmeldedatum: 17.11.2011 Beiträge: 14

Thanks for the reply.

Interesting language difference. From the EN page http://www.fjsoft.at/en/highlight.php it seems that all the download links have been redirected to FossHub. The direct download seems only possible from DE.

Yes if you download from FossHub without xxx the ad then it is fine. The problem is that the ad is much more prominent than the actual download link (turn off your ad-blocker obviously). It was a particularly malicious ad on the one case in question when the ad was just a big download button that downloaded the virus.

My suggestion would be to put the EN download link back like DE to allow a direct download. Forcing people to use Foss seems unhelpful. I wonder why it's like that - maybe Foss are paying per click? I recognise the need to make revenue, but please find a way that doesn't wreck users' PCs.

Anmeldedatum: 01.08.2013 Beiträge: 9

@AdamPS - instead of posting an accusation like this why don't you report the bad ad to us?

We blocked deceptive/misleading ads for years and now you claim that we have ads that installs malware directly?

Are you sure that your client/friend got the malware from FossHub? Also, you seem to be pretty sure that the malware came from us.

How can you be sure? Do you have a qualification? I assume you are a malware researcher and I would be grateful if you can show us how or where the malware comes from.

Thank you, Sam - FossHub

Anmeldedatum: 17.11.2011 Beiträge: 14

Hi Sam,
Thanks for your reply. I can see that you are likely to be upset to read a post like this about your site. Hopefully you can see that I am likely to be upset to have had a PC infected.

In terms of the rest of your post and all the assumptions/questions. Well reporting the problem here seems fairly reasonable given I had a problem when downloading MPE. Fairly obviously I am not a malware researcher although I have worked as a software professional for 20 years. Surely you can see that I don't have to be a specialist with cast iron proof to want to report a problem like this that I hit and try to prevent other users from having the same experience.

I notice that you didn't respond to my observation that "the ad is much more prominent than the actual download link". I have just taken a snapshot from http://www.fosshub.com/MyPhoneExplorer.html and here is an image of part of it [img]http://postimg.org/image/nxvjluovj/[/img]. That big "get it now" button in my current case links to http://myofflinebackup.com/?prw=12&country=uk&ver=tty&.

So in my personal view this FossHub page is likely to cause users to download different software from what they intended. Irrespective of the matter of malware, in my personal opinion, this is sufficient evidence to recommend anyone to avoid FossHub and ask MPE to pick a different site. I'm happy to listen to your view on this matter.

And finally, hopefully you can understand that I am not suggesting the malware exe was downloaded directly from FossHub site. My suggestion is that there was a prominent download button on Foss site that linked to another site that installed the malware. Sorry if I didn't make this clear enough.

I'm very happy to work with FossHub to investigate the malware issue further. I guess there is a possibility that the various caches on the PC in question to contain clear proof of what occurred.

Anmeldedatum: 01.08.2013 Beiträge: 9

Hello,

AdamPS, after looking over the image you've sent me I can understand your frustration. It's now on my side.

I will answer your question but first let me explain what I did.

- I just blocked all running ads from that advertiser.
- That ad missed due to a Google bug that was not showing this advertiser crappy/misleading/deceptive ad, here is the proof: http://s13.postimg.org/o34nuwrt3/sshot_2.png
- Right-now I will contact Google and send a complaint.

You are right, I was extremely upset to read such a comment. Especially because FossHub does not allow such ads to run. We never did, we removed them on a daily basis. Add at least 1 hour each day for several years and see how much energy and time was put in removing this kind of ads.

Those who allow such ads "owe" me weeks from my life.

Back to your answer, why do we use links instead of download buttons.

We use links for a couple of reasons:

- the first layout we used was created using links, it works best on all browsers and all OS.
- we tried in the past using the standard download button but sometimes, on a rare ocassion, the image was not loading correctly so the user couldn't see the download link.
- it is easier to obtain the direct link to the file, just click on the link, perform a right-click with your mouse and choose "Copy link location" or "Copy link address" depending on your browser and you get the link that starts the download or it can be easily shared. Example of the result:

http://www.fosshub.com/MyPhoneExplorer.html/MyPhoneExplorer_Setup_v1.8.7.exe

I am aware that MyPhoneExplorer has only one version listed but please keep in mind that most software titles use several versions and let me show you some examples:

http://www.fosshub.com/Audacity.html
http://www.fosshub.com/SMPlayer.html
etc.

We can't list links under different sizes because we need consistency among all pages.

Furthermore, until I clarify this issue with Google I have disabled all display ads and allow only text ads for now.

I don't know if my answer pleases you but I want you to know that I am taking all measures to fix this.

Regards, Sam - FossHub

Anmeldedatum: 17.11.2011 Beiträge: 14

Hi Sam,
Thanks for a detailed, considered reply and for blocking that specific ad. I can understand what's going on a bit better now.

If I can summarise where we have got to, you have told me that you spend time filtering dangerous ads. However there are enough of them that some tend to slip through. I easily found one and posted the screen shot and you agreed it was one example. Given that, it seems likely that the exact same mechanism was what caused the malware infection.

So coming back to the question of "is FossHub safe", I'm sorry but I tend to stick to my conclusion that the answer is very much NO. I realise this view will tend to upset you, but we have to face reality.

Sadly, I don't think it's realistic to expect to change the situation with the ads. They exist and affect you and any other download site. However there is a factor with FossHub that is different from other download sites and is fully within your control. This key factor is the relative prominence of the ad versus the actual download link.

A) Currently on FossHub if the ad is dangerous, the user IS quite likely to click it believing it to be the download hence NOT SAFE. Mind you I guess a really prominent ad does mean more click through and more advertising revenue for FossHub.

B) Take a look at CNET for example by comparison. http://postimg.org/image/vekqxwayl/. They have an ad with a download button, but the user IS NOT so likely to click it by mistake hence MUCH SAFER
1) The ad is in a sidebar and out of the way.
2) It is wrapped in a box with "Ads by Google" at the bottom.
3) The correct download button is big and green and really clear.

In the second half of your post, you seem to be saying that you would like to make your site safer but lack the technical know-how to do it.

Well just take a look at other sites. Or engage a web-site specialist (in fact I am one if you need help). For example you can style a link to look like a button using CSS - and it is still usable to right-click. Very many sites manage to get button links to work - it's not really rocket science. You can investigate the cause of your image loading errors and fix, or make sure the page falls back to a plain link if the image is unavailable. In terms of the multiple downloads, it should be fairly easy to auto-detect the most likely correct one based on user agent (Windows installer if a windows PC etc), and make link prominent with the alternatives less prominent as they are. And moving the ad to a sidebar is easy. You can make the sidebar responsive so it comes out beneath the main content on a small screen.

Anmeldedatum: 17.11.2011 Beiträge: 14

Sam,
Maybe I can clarify my last post and try to be more constructive.

At the moment it seems that FossHub is allowing advertisers free rein to take over the key part of the page, with the risk that this is not in the interests of either FossHub or the users downloading.

I'm not trying dictate an exact specific solution. However I feel something needs to change to set some boundaries and priorities.
- Show the download link prominently because this the reason your users are here, and whole point of your site: a decent size, strong colour, early in the page etc.
- Make it clear that the advert is an advert. Yes I recognise adverts are how you make your money and so it needs to be seen. But also it needs to be seen for what it is: 3rd party content, with some risk that it is malicious despite your best efforts; not your own site. So for example put it in a box with a textual "this is an advert" label; separate it from the main page to some degree; make sure it isn't more prominent than the primary download link.

These measures help protect us, your users and hence your reputation. Honestly I don't want to be sitting here trying to persuade people to avoid a particular site - I'd much rather help that site change so I could support it. But it's really not nice to have a PC taken over by malware, and I am keen to do what it takes to encourage some changes to avoid it happening in the future.

I'm very happy to be a usability tester of any UI changes. Thanks for listening,
Adam

Anmeldedatum: 01.08.2013 Beiträge: 9

Hello AdamPS,

I want you to understand that the screenshot with that deceptive/misleading ad was caused by a technical glitch. It means that I was not able to verify that crappy ad.

Google replied last evening and I fixed the issue, now I can view all running ads properly. I blocked 3 of them last evening.

Third-party advertisers ads are blocked on FossHub for the same reasons we discuss here. Most of those stupid ads are coming through them. If I would allow them you would see a flood of bad ads.

Yes, you pointed me that ad but we never agreed that the malware your friend/client came trough an ad via FossHub. I apologize but I find this to be pure fiction because Google, despite its obvious greed never allowed such ads to run.

You stated that the client clicked on "a download button for an exe that installed the palican virus". I can tell you that Google never did such a thing. Yes, you might land on a page where you would download a bundled software but you claim that your friend/client clicked on an ad and it was served directly with an EXE that was infected with a virus.

I repeat: pure fiction

That's why I asked you in the first place if you are a malware researcher. A true one would bring solid evidence and this would make me remove the ads completely from FossHub if that was true.

Feel free to express your opinion about FossHub. Are we 100% safe? No way...there's no such thing in this world.

Is FossHub safer than many other download websites? My opinion is that we are.

Unlike other websites we started blocking ads from the first day we noticed them. Did we missed 1,2,3,5...20 of them in 5 years? I am sure we did because we are humans not robots.

CNET - are you serious? I am not going to answer this and to explain why please search for a few phrases regarding the controversy with the adware installer.

Please don't compare us with CNET, I cannot speak for them.

In the second half of my post I gave you a few reasons. Fair enough you gave some suggestions and will keep those in mind.

There are technical limitations as we use several technologies. Please note that it's not just an HTML page we run a lot of tools and although your suggestions are welcome we have other priorities.

To answer another question. We didn't created the page layout it was made by several web designers and each one tried to kept the original layout to avoid a radical change.

It takes time to come up with something new and the sad thing is that we don't have much money.

I know you must be probably thinking that we make millions. I can tell you this:

None of the FossHub team members is currently being paid. We do have millions of downloads and we earn nothing. The costs to keep this running are high and the only thing we used so far was passion. We made a lot of personal sacrifices in real life.

In the end, the discussion was about you and your friend/client. We made you look bad.

If you're asking me, Google, FossHub, you, me we all have a percent of guilt here.

Google for allowing them
FossHub for failing to create the perfect download button
You - for not recommending your friend/client a decent anti-malware tool.
Me - for missing an ad like that

What would you do if this happened on any other website? Do you think that other site owners would even bother to reply and recognize they made a mistake?

I can do the following:

- do my best to block/filter the damn ads.
- forward your complaint and your suggestions to my colleagues
- write a personal email to your friend/client to apologize him and attempt to explain him what happened and how bad we make you look.
- buy him a personal antivirus license for 1 year from my own pocket, a one that would block malware.

I am truly sorry and I wish this never happened.

Regards, Sam - FossHub

Anmeldedatum: 17.11.2011 Beiträge: 14

Hi Sam,
Thanks for another reply and for an apology - honestly that makes a big difference. I think we are close to being able to close this off.

However I need to correct you in terms of what I am claiming. Here is a quote from my earlier post:

"And finally, hopefully you can understand that I am not suggesting the malware exe was downloaded directly from FossHub site. My suggestion is that there was a prominent download button on Foss site that linked to another site that installed the malware. Sorry if I didn't make this clear enough."

You say "Feel free to express your opinion about FossHub." That is exactly what I am doing - and I'm not encouraging you reply to this thread - that is your choice.

My opinion is that FossHub is dangerous exactly because of the above scenario that lead to my friend's PC being infected (BTW I don't care that I look bad, I care because it upset her). So long as you claim that this didn't in fact happen, then I guess I am going to continue dispute it, which you will notice keeps this thread visible in the forum, so not necessarily what you want. Misquoting my claims and then stating "PURE FICTION" isn't helping end this matter.

If on the other hand, you are apologising for this one specific incident and explaining that it is extremely unusual, then that's completely different. I am prepared to leave the matter at that and move on.

By the way, my friend has an anti-virus program but for some reason it didn't seem to catch this problem - maybe a new variant? But I regard such software as a last resort that should not be relied upon because it cannot catch 100%. This is probably a digression as I think you are actually trying to say that FossHub is relatively safe rather than that it should only be used by people with top-of-the range anti-virus.

Best wishes,
Adam

Anmeldedatum: 01.08.2013 Beiträge: 9

Hello Adam,

As I said, I don't think I can change the past and will continue to apologize on this matter.

You explained things better than me. I wanted to highline that the malware didn't came directly from FossHub and more important that we are against such practices.

We state this on several pages that we are against this practice.

I said "pure fiction" if you were suggesting that we wanted this to happen, that we are some bunch of greedy guys looking to make profit from innocent people - which is so untrue. A lack of inspiration from my side, let me try again.

Just think about this.

One day an advertiser makes you an offer to install a large banner in your yard in exchange for a small monthly payment. You think it's a good deal because you can use this kind of money to pay your own bills.

The advertiser setup an image with a beer. It looks neutral. After one month, the message changes, it now shows the cheapest air plane tickets and so on.

In one day your neighbour says: You know what Adam? You're an #$!)($#). My kid saw your large banner with that beautiful chick and immediately called at that number and I got a huge phone invoice. Who does this when all your neighbours have childrens around.

You agree with your neighbour, you feel guilty and frustrated that the advertising company could do such a thing with no warnings whatsoever. You never imaginated such a crazy scenario.

I experience something similar. I do feel guilty and I already apologized.

As for the anti-virus, any decent antivirus should be able to catch and block this kind of malware before installing.

I am not saying that FossHub is safe only for skilled people, it can be safe for anyone but once you access the Internet you do have a minimum responsability, you just don't click on all images, links etc.

This doesn't mean that we don't have to listen to your suggestions or that we don't have any responsibility. I will make sure that you will be heard but assuming we will improve things in the future, if someone clicks on a similar ad despite of your recommendations who will be responsible?

The answer is: FossHub

No matter what we do, if a similar scenario repeats we will be found guilty.

A lot of effort, time to prevent this and all in vain. I don't know if this makes you happy but since I read your first post, I am under much stress than you and this will continue to last for a long time.

Fair enough, people will read this and this will be a negative feedback for us for many years to come.

Finally, do a little test. Choose 5 super popular download websites and search on Google for "adware", "misleading ads", "deceptive advertising", "software bundles" and note down the amount of people complaining.

I did this a long time ago and I can tell you that I've read hundreds if not thousands of negative reviews.

After you do this, please count the number of their ads on their pages. We use only 1 (and apparently even 1 is too much) but I noticed that most websites use 2-3 or even 5 ads / page. It would be interesting to see if there was any response for each user.

If you compare the results you will see that I am right. Despite of your opinion FossHub is safer than most websites that use ads, not just download websites.

Unfortunately, this doesn't please me either because we disappointed you and your friend.

I hope we can prevent this for other users in the future.

If anyone reads this and notice anything similar on our website, we would be grateful to report deceptive/misleading ads using our "Contact Us" form available here: http://www.fosshub.com/contact.html

P.S. My offer is available for your friend, will pay for a full anti-virus license as a minimal gesture for the unwanted damage that we caused. I can also write him a letter to apologize him directly and explain again what happened.

Regards, Sam - FossHub

Anmeldedatum: 17.11.2011 Beiträge: 14

OK, thanks Sam.
I am satisfied with your response and your apology.

Yes we had a negative experience with FossHub. But I now understand that you mostly protect against these, and that any system is fallible. If you are right that you are better than most alternatives, then on average you will get better reviews so it should work out for you in the long run.

I still strongly encourage you to take on my suggestion for altering the prominence of the ad and the download link. And I am very happy to be involved giving outside user feedback if you need it.

To a degree I think you cause your own problems. You blame the advertiser for switching the picture of a beer for plane tickets or call girls. But when your site shows the advert looking like key content of your site, surely I am going to blame your site. If you don't want to be held responsible for the ad then make it clear that it is an advert. My friend would have ignored an ad that looked like an ad, and none of this would have happened.

Or another way: 1 problem ad seems much worse than 5 adverts in a sidebar that are clearly ads.

I'm glad we've found a mutual understanding, so thanks for your time.

Best wishes,
Adam

Anmeldedatum: 01.08.2013 Beiträge: 9

Hello Adam,

Thank you for your understanding. I wish to make another comment after your post.

I promise that I will consult with my colleagues regarding the single ad we have, see if we can find a better solution. I appreciate the feedback you provided.

The problem with ads if you forget about deceptive/misleading ads is that you do want them to be seen by people. You don't want to hide them, otherwise it makes no sense to list ads.

However, while an ad should be visible to user, ideally it should be relevant with the content. For example, I as a visitor would like to see an ad to a similar program like MyPhoneExplorer.

I don't care if it's free or not, if there's an alternative I think it would fit perfectly for me as an user. In this case, everyone is happy.

If the ad would show me a beer, a plane or a house I wouldn't care and I would ignore this kind of ad because it is not relevant. In this scenario, everyone is neutral.

The deceptive/misleading ads are a pain for both parties: website that shows them and visitors. The only winners here are a bunch of people who doesn't care about you, me or anyone else. They have a single purpose: money.

It wasn't always like this. I miss the old days when there were relevant ads, blending nice with the website layout.

The future belongs to ad-blockers thanks to the greedy people that ruined this.

Thank you Adam and apologies again!

Regards, Sam - FossHub

Informationen zum Datenschutz auf dieser Website