Others download sites rather than sourceforge.net

[didier]

Hi all,

I am really a newbie in here and i tried to download scummVM however my anti-virus and also firefow says that sourceforge.net is not reliable and it may come with some malware bundled with it.

After some research over the internet, I realized that this is actually true. So my question is: Is there any safe place to download scummVM?

Regards,
Didier

[sev]

Try http://www2.scummvm.org, downloads section.

We're in progress of transitioning to a new server from sf.net.


Eugene

[didier]

Thanks a lot!

[Tomaso]

my anti-virus and also firefow says that sourceforge.net is not reliable and it may come with some malware bundled with it.

Those files are easy to spot.
At SourceForge.net, projects that are infected with these kind of online installers has got an option at the top of the 'Files' page that says "Direct Download Link".
Clicking this option, and thereby changing its state to "On" will give you the clean offline installers instead:



ScummVM's SourceForge page doesn't have this option, because none if its installers have been hijacked in this manner.
At least, not yet.

[LogicDeLuxe]

At SourceForge.net, projects that are infected with these kind of online installers has got an option at the top of the 'Files' page that says "Direct Download Link".

I've never seen this. Any infected examples?

[Tomaso]

I've never seen this. Any infected examples?

Code: Select all

http://sourceforge.net/projects/filezilla/files/
http://sourceforge.net/projects/miranda/files/

[LogicDeLuxe]

Code: Select all

http://sourceforge.net/projects/filezilla/files/
http://sourceforge.net/projects/miranda/files/

The only hint I see is the text "SourceForge Installer will be downloaded shortly and will provide you some options during the installation process...
Problems with the download? Please use this direct link.". No download is started automatically and there is no switch either. The link works as expected.

I have all domains blocked with noscript, except for sourceforge.net. Probably that makes a difference for the better.

[Tomaso]

The link works as expected.

If you don't set the "Direct Download Link" to "On", the EXE installers that you download will be much smaller than the original ones.
When launched, those small installers will connect to the internet to download the necessary install files + additional crapware!
I haven't tried running those nasties myself, but this is how I assume that it works.
As an example, I downloaded the latest installer for FileZilla 64-bit, with and without the Direct Download Link set to On.
In this picture you can see the difference between the two files:

I have all domains blocked with noscript

Keep in mind that most people don't use NoScript, and they don't even filter outbound traffic on their systems.
This is a very sneaky approach by SourceForge!

--

EDIT:
I uploaded the online installer to VirusTotal.com..
Here are the results:
https://www.virustotal.com/en/file/97d7 ... /analysis/
At least, some of the engines recognizes it for what it is.

[Tomaso]

The ad-supported online installers has actually been removed from SourceForge now!

[sev]

But we anyway moved away from SF.net. The old downloads still live there, though.

[Tomaso]

But we anyway moved away from SF.net.

I know.
It was JFYI.