Recently I came across some worrisome information about Mac software update sites
MacUpdate and
CNet Download*. Here are some details for those among our visitors who aren't yet aware of this.
1.
MacUpdate. Sometime last week I noticed that
all MacUpdate pages of Koingo Software products sport a rather unique and prominently placed disclaimer reading '
MacUpdate does not recommend apps from Koingo Software'. Intrigued (I own several of these products), I investigated, and immediately came across
this Koingo web page commenting on this issue.
It seems to me that Koingo made a major mistake allowing a third party access to its web site and ultimately engage in negotiations about a Promo bundle offer with MacUpdate fronting as Koingo reps. Once notified of this by Koingo, MacUpdate apparently wasn't willing to remove Koingo's software from the promotion bundle. This led to Koingo's blocking of serial number registrations of bundle owners (in fact reverting them to an older version), and this in turn resulted in the negative endorsement MacUpdate now places on its Koingo product pages. But by all means, read Koingo's version of the story I linked to above to get a feel of what transpired. Unfortunately, I haven't been able to get MacUpdate's side of the story, but it seems like a good idea to keep an eye out for further developments.
At this point I'd like to insert some information on the history of
MacUpdate. The site is started and owned by Joel Muller, who was—at least in its early days—associated with some arguably shady dealings (e.g., see
this 2006 Rixstep blogpost). It was a topic of discussion in the MacFixIt forums at the time. During the last 5-6 years or so, however, such rumors have stopped and it has developed into the premier Mac software update site, not in the least because its main competitor
VersionTracker was discontinued by its latest owner CNet which folded it into its existing software downloads site. IMHO, CNet's Download.com's interface is a horrible, slow and multi-click requiring mess, a far cry from VT's much clearer interface, a similar version of which is still seen at MacUpdate.
Six years ago MacUpdate followed
MacHeist's lead and started offering heavily discounted software bundles, which have become wildly popular. Here and elsewhere such bundles have also started a discussion about their utility to software developers, and, as happens not infrequently, opinions differ. The current Koingo-MacUpdate flop may rekindle this discussion. But the point I'd like to make here is that since this time in particular MacUpdate seemed to work well, and stopped being a source of rumors of shenanigans. That is, until now.
2.
Download.com. Sometime in the last two weeks I noticed that the main download button on several software items listed here does not download the software in question, but a small installer
**. Since the installer doesn't run under Leopard (which runs on the PPC iMac I still use most of the time), I haven't been able to check it out there. Only after I got annoyed by this development, I noticed the small print direct download link immediately below the main download button. That was a relief, because it no longer forces me into the (for me) dead-end installer route.
Fast-forward to today: this morning I came across
this Advisory on CNET's Download.com issued by SecureMac.com. It speaks for itself, and it turns out that the installer I referred to above and the '
adware bundled with popular apps' are one and the same. Reason enough to alert all of you out there. In case you already ran this installer, please note the link to the
CNet Adware Identification and Removal Guide posted on the SecureMac page. This Guide page also sports an image of the 'boobytrapped' download button, and the safe direct link below.
*) CNet's Download.com may be of special interest to FTM's membership, since it is the successor of VersionTracker, whose mother company TechTracker also operated MacFixIt and the MFI Forums (predecessor of FTM Forums), before selling both VT and MFI/F to CNet and effectively discontinuing them with this move.
**) Regardless of the software involved, the size of this installer is about 736 KB an its name starts with 'cbsidlm'.
