Download.com Site Feedback forum

Alert

CNET Installer - Facts, Benefits, Detrements, and Discussion

by John.Wilkinson / August 28, 2011 6:07 AM PDT

There has been quite a bit of press and controversy regarding July 2011's launch of the CNET 'secure installer,' and as the questions continue I decided to create my own summary for interested parties.


1.) What is the change?
By default, the 'Download Now' link for most on CNET's download.com now downloads a small installer instead of the download you requested. This installer will download and install the desired program after prompting you to install third-party software (usually a toolbar), which is installed unless you specifically uncheck the option. The installer itself does not need installed.


2.) Are all downloads affected by this change?
No. The change only affects Windows downloads, and has not been rolled out to all software that CNET offers. In addition, software from developers who subscribe to a Premium listing package or a Pay-Per-Download program is automatically excluded. Finally, developers can ask that their software be excluded by emailing a request to cnet-installer(at)cbsinteractive[dot]com.


3.) Was a notification of this change sent out?
Yes. There was a notification in the July 26th issue of the Upload.com newsletter, as well as a public blog post on July 28th.


4.) Can I avoid this CNET installer?
UPDATE: You no longer need to be logged in to use the Direct Download Link. You will see the link underneath the green "Download Now" button for all CNET Installer Enabled products on the site, whether or not you are logged in.

If you are a registered CNET member, you do also have the option to turn off the Installer for the whole site. To do so, login to the site, mouse over your username in the top right corner of the page and click the "My profile" link, then click the "Update my Download.com Preferences" link, select the "Off" option and click the "Save Changes" button.


5.) Why was this change made?
CNET states they made the change for the user, to improve security and reliability of downloads. In addition, it provides additional information regarding download experience to CNET, which it and developers can use to improve their products.


6.) Where can I read the latest FAQs from CNET?
The full CNET Installer FAQ is here.


7.) Does the installer honor my opt-out?
Yes. There have been a few reports that third-party software was installed by the CNET installer despite user opt-out, but in those cases it was either third-party software from the developer, not CNET, or unreproducible by myself and/or other users.


8.) Does the installer spy on my computer?
No. The installer only reports basic information specific to the download/installation process. It does not report on other installed software, user activities, et cetera. It is also a stand-alone application; deleting the executable completely removes the installer from the computer.


John


Disclaimer: Please note that this is not an official FAQ - it was written by myself as a knowledgeable user, and will be updated to correct any errors it may contain. CNET/CBS Interactive is not responsible for its content.


Note: This post was edited by a forum moderator to update info and links on 12/05/2013 at 2:07 PM PT

Discussion is locked
You are posting a reply to: CNET Installer - Facts, Benefits, Detrements, and Discussion
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: CNET Installer - Facts, Benefits, Detrements, and Discussion
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Why the CNET Installer is a benefit to CNET and users...

Following up on my CNET Installer summary, I am posting my own thoughts and analysis of the benefits provided by the installer. Hopefully, this shows that the installer is more than a nuisance, legitimately benefiting users.


1.) The installer helps ensure the downloads remain free.
Many sites link directly to downloads hosted by CNET so they can increase their visitors (and advertising revenue) without the cost of hosting the files themselves. That increases CNET's costs while decreasing revenue. The installer helps deter direct the practice and increase revenue from the offers displayed in the installer, thus helping to ensure the downloads remain free.


2.) The installer provides valuable feedback.
It enables CNET to provide better monitor details regarding software installation, with possibilities including whether the user's interested in the offers displayed, how long the download takes, and whether the download completes successfully. This helps CNET automatically detect problems with the download experience, including download failures, and make changes to increase download speed and reliability in the future.


In short, those who use the installer can help make the download experience better for everyone. And in comparison to some other sites using such installers, CNET's is less invasive, easier to use, and optional for members who are logged in, leaving download.com head of many competitors using similar strategies.


John


Disclaimer: These are my own opinions and do not necessarily reflect those of CNET/CBS Interactive, which are not responsible for its content.

Collapse -
installer is more than a nuisance
by rywill770 / August 10, 2012 11:46 AM PDT

the installer is more than a nuisance as i am cannot download anything now from this site

Collapse -
Why the CNET Installer isn't all it is cracked up to be...

Following up on my CNET Installer summary, I am posting my own thoughts and analysis of the issues raised by the changes. Hopefully, this can start a dialog that will help a compromise be formed between the desires of all parties.


1.) Notification of the changes was insufficient.
CNET did announce the changes publicly. However, the blog post was both short and vague, and the Upload.com newsletter notification was limited to its subscribers. It is too late to give users an advance warning now, but a wide-scale notification of this change would surely be appreciated. Including one to all registered developers with explicit opt-out instructions.


2.) All of the third-party software should be opt-in.
Users often skip reading options/disclaimers during software installations, leaving them to believe the third-party software was installed without their permission. In addition, those aware of the opt-out option must opt-out for each and every program they download using the CNET Installer. This should either be made opt-in or both options should be unchecked, ensuring the user chooses one before proceeding. (Most offers are currently opt-out only.)


3.) The 'direct download' option should be made more clear.
The difference between the 'download now' link and the 'direct download link' should be made more evident to logged-in members - the re-purposed tooltip text mentioning the CNET Installer is obscure and easily overlooked. In addition, the direct download should be extended to users who are not logged in - everyone should have a choice.


4.) The installer provides no evident security benefits.
The blog post and FAQ articles state that the CNET Installer was introduced for the users to, in part, increase security. However, the CNET Installer downloads the same program from the same servers over the same unsecured HTTP connection as the direct download. Any security benefit from using a stand-alone CNET Installer instead of the browser to download the software is minimal, and is more than negated by the installer being downloaded by the browser in the first place. Not to mention that some of the current 'offers' are considered ad-ware/bloatware and occasionally flagged as such by security software.


5.) The installer provides questionable reliability benefits.
The blog post and FAQ articles state that the CNET Installer was introduced for the users to, in part, increase reliability. As I previously noted, the CNET Installer can indirectly help by reporting download failures. However, the installer lacks the pause and auto-restart functionality of download managers and newer browsers, does not let the user choose where to save the downloaded program, and requires a second download before you can install your software, directly decreasing reliability.


6.) The installer provides no procedural benefits.
The user FAQ article states that the CNET Installer was introduced for the users to, in part, make it easier for users to install software. However, it actually makes it harder to do so since the user must first download the CNET Installer using their normal download procedure, then follow a multi-step process to download the software they requested in the first place. Finally, the user must still go through the software's normal installation procedure.


7.) There is no direct download link on category/search pages.
Members who are logged in and visit a download page see a "direct link download" option under "Download Now." However, there is no such option from the category listings pages and search pages, both of which feature a "Download Now" link pointing to the CNET Installer. That means those members may be unaware what the CNET Installer is or that there's an alternative download option.


Summary:
Taking all of that into consideration, it is clear that the benefits of the CNET Installer are overstated and more than outweighed by the inconvenience and reduced functionality incurred. Further, it is clear that the CNET installer currently provides greater benefit to CNET through increased advertising revenue and installation feedback than to the users through reported security, reliability, and straightforwardness enhancements. Finally, if the addition of the CNET Installer were primarily for users' benefit, CNET would let ALL users choose the alternative in ALL cases, and also not check the unwanted third-party software during installation by default. Thus, I believe the change is NOT in the users' best interests, and that both prominent clarification regarding, and changes to, the CNET Installer are necessary to make the stated motives plausible and the default download option more tolerable.


John


Disclaimer: These are my own opinions and do not necessarily reflect those of CNET/CBS Interactive, which is not responsible for this content.

Note: This post was edited by its original author to add a missing link on 08/28/2011 at 1:12 PM PT

Collapse -
By my definition
by TWB404 / August 28, 2011 7:21 AM PDT

I define these type of wrappers as spyware. I do not like anything that phones home with how things worked or what is on my hard drive. Most people run their firewalls in auto mode allowing someone else to decide what gets access to the internet and what does not. This type of program is most likely going to be flagged as ok to access because it is not phoning home with financial information or passwords. As you stated if there was op in approach to everything I would not have a problem. When I say op in, I also include in that the collection of data on how the install went and how they determine what recommendations will be made to the user. I wonder how many people know exactly what is being transmitted when it phones home. The real purpose of this wrapper is to track what we download and to collect info on what we already have installed on our hard drives.

It also appears that CNET is allowing some developers to op out of the program all together.

http://forums.cnet.com/7723-12543_102-537471.html?messageId=5193155#message5193155

When you go to go to download.com home page and look at the most popular downloads you will find, as of yesterday, that of the 20 programs only 3 require you to sign in or use the wrapper.The other 17 you can download without any tracking of your programs usage.

My advice to anyone who wants to listen is not to participate at all in this type of data collection. I will never sign in to download a program or will I ever use this type of wrapper.

Collapse -
You will never sign in to download....
by gargamel360 / August 31, 2011 3:52 AM PDT
In reply to: By my definition

Yet you freely sign in to complain relentlessly. Wink
I do not like this thing either, though. I saw it for what it was the day they released it, a revenue generator. You seem a fairly privacy/security savvy person, so you probably know the golden rule is never use download centers anyway, always go to the source/homepage to download. Of course, that does not work when the developers homepage redirects you back to Cnet for the download Angry

Collapse -
WOW
by TWB404 / August 31, 2011 7:15 AM PDT

If you had read some of my other post you would see that I do use the developers site to do my downloading. As far as the complaining comment, I always find it amazing when a person offers a counter opinion it is considered complaining. To many people have tried to gloss over some of the worst part of this kind of practice. You got to realize this wrapper is aimed at the people who do not understand what its true purpose is. All you have to do is look at the difference in the fonts size used to show the 2 ways to download and you will realize that something more then offering a secure way of downloading is going on. I just hope that people who are not tech savvy that come to this forum looking for opinions on how and why this is happening can find more then just the company line being dished out and can make a more informed opinion.

There is one benefit to my posting, it has given you a chance to sign on and post 2 counter opinions to mine. lol The day we all agree is the day life will get really boring. I am glad it furnishes you with a good laugh from time to time.

Collapse -
Actually...
by gargamel360 / August 31, 2011 3:54 PM PDT
In reply to: WOW

.....I have read your posts. I just can not remember all of them, as there are so many and they are so wordy. I'm not saying complaining is a bad thing, btw, despite the inherent negative associations with the word itself. You can easily flip it to call it constructive criticism. Point was, they have given us, their registered users, a work around of sorts. Log in and click the direct link. And if you readily log in to state your opinion, what is the problem with logging in to DL?

Collapse -
Don't need to re-log in
by MarkFlax Forum moderator / August 31, 2011 10:51 PM PDT
In reply to: Actually...

the one log in works for all CNET sites.

Mark

Collapse -
Its a security thing
by TWB404 / September 1, 2011 1:30 AM PDT
In reply to: Actually...

It is my believe that just about all programs have a security risk. If someone can gain access to what you have installed on your hard drive it makes it easier to mount an attack. If they have a data base that reveals the most installed programs that allows them to mount an attack that has a higher degree of success. The best example is Windows vs Lion vs Linux. I am not sure of the figures but I think it is safe to say that 99.99% of all attacks are mounted against Windows because it is installed on 85% to 90% of all puters. Well, that and it has so many holes in it. lol If Lion or Linux held 80% to 90% of the installed OS we would be seeing a higher number of attacks on them.

That is my argument against this type of behavior. Signing in to express an opinion is not going to reveal anything about my hard drive. It just reveals how strongly I feel about things. Signing in to do a download allows a data base that will contain what I am using and trying. Combine that data base with what others are downloading and you setting the stage for that data to be compromised. If data base exist somewhere on a hard drive it can be compromised. One of the reason I argue against the cloud.

In the end I see this more as a security risk then a invasion of mine and others privacy. Remember, most user run their firewall in auto mode and let other people make the decision on what is getting in and out of their puter.

Collapse -
Right, sort of....
by gargamel360 / September 1, 2011 2:57 AM PDT
In reply to: Its a security thing

...but unless you use your name, address, social security number, or something else equally naive for a username or have that stuff listed in your profile bio somewhere, anything collected will be anonymous, in regards to any kind of real personal data. From breaching Cnet's database, you would get, in regards to you, "TWB404 said this", "TWB404 downloaded these softwares", "TWB404 frequents these types of articles"....all of this can be leveraged by someone as advertising profit, but poses no risk to you personally. The highest risk a session cookie poses to you is from cookiejacking....and everything I have ever seen about cookiejacking, it is a fairly elaborate process, only time it would be suitable to use against someone is to steal a bank login, where an attacker would get the highest payoff, no one wants to jack a Cnet cookie.
I think, like a lot of people I run into, you have privacy mixed up with security. Despite the fact these two often have a lot to do with one another, they are not the same thing, it is an apples/oranges comparison.

Collapse -
privacy mixed up with security
by R. Proffitt Forum moderator / September 1, 2011 3:03 AM PDT
In reply to: Right, sort of....

Nice point!

Collapse -
Right, sort of
by TWB404 / September 1, 2011 3:50 AM PDT
In reply to: Right, sort of....

I think you missed my point, sort of. lol Pun intented. It is not so much what I have downloaded but how they can combine these to form a better attacked platform. While you might believe that things are collected anonymously, I have been around long enough to know that is not always true. If you go back to 06 when AOL data got onto the net, people who had the know how was able to take totally innocent types of searches and trace it back to the person. I know all they would find on me if CNET data base got compromised would be very little. I have not used the site for years to download from. The only thing they would find period is when I sign on to post a comment or review and if Mozilla had not gone to the dark side I would not even be doing that. I do not sign on just to read an article or review. I practice a very strict form of internet security and privacy. I block all cookies and only turn them on when they are required. If someone look at my log on and log off log they would find it to be kind of helter skelter of a read. I turn them on and log in and after posting I turn them off and delete all cookies and go to the next thing I want to do.

In the end I find these kind of data bases to be a bigger security risk then a privacy issue and, trust me, I know the difference. Attacks are generated and used by the probability of success. The more the coder who writes attack platforms knows about the puters he intends to attack the higher his chance is of success hence the reason Windows is the most popular machine to attack. Have you ever heard the term exploit Wednesday.

In the end you can call it either or but it comes down to the object between the chair and keyboard to determine what kind of data is to be collected and the same goes for where security begins. It is my believe the less they know the safer we are, you might think it does not matter and that you can stop anything thrown at your machine.

I will close out with the same warning I put in the last post, Turn the firewall auto mode off and make decision for yourself about what gets into and out of your puter. Do not let the corporations who build these data bases be the one making those chooses for you.

P.S. Is this what you refer to as a wordy post LMOMBO

Collapse -
Here is a less wordy comment
by fred64ha / September 30, 2011 5:14 AM PDT
In reply to: Actually...

This new download process is BAD. It preys on newbies and serves no valid purpose that you can't call spying or covert revenue generation.

Cnet has greatly soiled a sterling reputation and will rue forcing this on the community.

Collapse -
Maybe time to start using brothersoft or other such sites
by Lancs-it / October 11, 2011 6:10 AM PDT

Babylon Toolbar
Incredimail

Collapse -
I agree, this wrapper is a GREAT reason to ditch cnet
by cnetdownloaderhate / May 13, 2012 9:19 AM PDT

Cnet spyware installer, thank you for forcing me to find a malignant free download site. Thank you for wasting my time learning to trust you, and forcing me to go elsewhere. Thank you for installing spyware on only idiots pc's. Thank you for ruining your reputation as a trustworthy site.

Collapse -
Thanks for posting
by gargamel360 / August 31, 2011 4:01 AM PDT

Good summary. Happy This so far affects me not at all, as I am logged in when I download, so the direct link is a good way around for me. But Cnet sure just made things harder for their users, as you pointed out. Saying it makes things easier to install, Cnet? Please. Laugh I hope the money you pull out of this crapware makes it worth it for you.......
I wonder at how this applies to open-source programs you host, doesn't the Cnet installer violate GPL? In that case, should open source programs even need to apply for an opt-out, should not they be left out of this by default?

Collapse -
"A Variant of Win32 Generic Trojan"
by econotwist / September 1, 2011 11:21 PM PDT

...that's what my A.V. software (ESET NOD32, 5 rc) calls the new CNET downloader...
If that's true, it's really nasty!
In addition: The optional toolbar - "Babylon" - who comes with the downloader are being describes as an annoying bug in other forums, almost impossible to uninstall and some users say they can't even find it on their hard drives...
As a long time user of CNET, I'm surprised by this development, and I think it's sad...
BestRegards
"econoTwist's"

Collapse -
It is not a trojan...
by John.Wilkinson / September 4, 2011 2:21 PM PDT

It is a false positive on the part of NOD32. The CNET Installer can be classified as suspicious due to it downloading and installing other software (with your consent), but it is not actually a trojan.

As to Babylon toolbar, I would certainly classify it as unwanted. The claims of it being unremovable are exaggerated, but it is better to decline the offer than try to remove it later.

Regardless, I too find the actions of the CNET Installed disheartening.

John

Collapse -
I knew it would come someday
by TWB404 / September 5, 2011 2:27 AM PDT
In reply to: It is not a trojan...

That we would agree on something. lol I to find this disheartening.

Collapse -
FINALLY....
by barl472 / September 7, 2011 9:43 PM PDT
In reply to: It is not a trojan...
Cool I have been banging my head on the desk for 2 days trying to figure out how my computer got infected with WIN32/AGENT.32 BIY trojan. That's how it is listed when my security software catches it. I guess I was asleep when the email went out about this because this is the first I heard of it.


Glen...
Collapse -
What security software?
by John.Wilkinson / September 8, 2011 2:03 AM PDT
In reply to: FINALLY....

I'm curious which security application is detecting it. The CNET Installer does not fit the definition of WIN32/AGENT.32 BIY, so I'm wondering if it's a false positive or if it's a legitimate detection caused by something else. "A Variant of Win32 Generic Trojan" is a reasonable detection, although the CNET Installer isn't a trojan, but WIN32/AGENT.32 BIY is less so.

John

Collapse -
It is a trojan, in the sense that is disguises spyware.
by cnetdownloaderhate / May 7, 2012 5:47 PM PDT
In reply to: It is not a trojan...

Trojan generally means it disguises something inside. That is exactly what this is doing, and why it was a valid positive result from the scan.

Collapse -
StartNow Toolbar installed without my express consent...
by geekanin / September 12, 2011 6:48 AM PDT

Yes, I understand I "opted in" by not opting out. The truth is I have been using cnet downloads for so long it is a site I had come to trust implicitly, so I was not on the look out for the bloatware install option. It is because I am concerned about malware/bloatware/spyware that I use a site like cnet, a site I thought I could trust to protect me from that garbage. Make no mistake, cnet is violating a trust here. This installer will be detrimental to cnet's reputation as a trustworthy download site.

By the way, even if cnet were to make the bloatware default to opt out, just the mere presence of the installer is nothing more than a foot in the door for bloatware, and harms cnet's reputation.

All that said I appreciate the great service this site provides and will continue to use it until something better comes along.

Collapse -
I think you hit the matter squarely on the head
by Darth_Buddha / September 14, 2011 4:47 AM PDT

"All that said I appreciate the great service this site provides and will continue to use it until something better comes along."

I have to believe that it is financially possible to run a site without this kind of annoyance, so one way or another, a service without this added complication will come about.

CNET will come up with something less onerous and more reliable (the wrappers aren't working for me) OR one of their competitors will see the opening and step up their game. I've had to ditch enough freeware programs when too many strings became attached or reliability became an issue: all too often they seem to come hand in hand. This sort of thing seems to be the norm when it comes to freeware. Sooner or later greed, bad judgment, or what else I don't know throws in a buggy toolbar, an added annoyance, or whatever and it's time to move on.

As I've said elsewhere, MY problem is the reliability part. I don't mind clicking through opt out screens.

Be hopeful that CNET will realize it has stepped in it, but be ready to move on to a competitor willing to take advantage of CNET's soiled shoes if they don't.

Collapse -
Why lie to your current users and force new ones away?

I am confused as to the market strategy that would nearly force spyware onto the consumers who just want ease of use and who [used to] trust cnet and download.com to provide reliable and safe downloads.
I think we can all agree at this point that the cnet downloader is in fact a spyware installer. It's in the agreement that it does collect information and supply it to a number of sources. That is spyware, nearly by definition.
My real question is why would cbs, cnet, and download.com target you users with this? What made us consumers and people who [used to] trust you become your target of malice?

Collapse -
I am still avidly waiting a response.

I seriously demand to know why we, the consumers and users of cnet services, have become your target of malice.

Collapse -
24 days, no response?

I realize that not every can hire competent staff... So I will dumb my question down a bit to better suit cnet. Why, when you acknowledge that adware is bad and even offer programs to remove it, Why do you endorse, promote, and even offer an easy way to install adware, something cnet specifically states in emails, and multiple other pages.

oh crap, I started making long sentences.... I should not have done that, I need to keep it simple for you.

Why does cnet promote anti-adware then make it publicly available, nearly forcing it upon your users, yet... crap I did it again. I have trouble coming down this far....

Why do you spread adware if your supposedly against it?

There, I did it... I think that's easy enough for you. Easy enough for you to possibly take less than 24 days to respond at least, although I won't hold my breath.

Collapse -
Are you guys done cowering yet?
by cnetdownloaderhate / June 3, 2012 4:59 AM PDT
In reply to: 24 days, no response?

I am still waiting for a response, I want you to explain why your targeting your consumers with software you know you don't want or like, yet you push it onto others. Cnet has become comparable to that heroin pusher who knows it's bad, so doesn't use it himself, but feels worthy to push it onto others for a profit. Is that really what cnet wants to be compared with? Does it satisfy you to know your basically on the same level as a drug pusher? I WANT AN ANSWER.

Collapse -
I find it funny how much credibility John has lost.

I am assuming tainting your reputation by defending adware is not something you did without being paid to do so. I hope it was worth it. You've proven to be a deceptive individual who is a puppet of cnet. I would like to know one thing, seriously... Do you actually run the applications that the cnet wrapper installs on your own pc? If so, how do you endorse it. And come on, unless your a incompetent moron, then you don't run it on your own pc, yet you still defend it. You realize how 2-faced that is?

Collapse -
at 4:26 I started logging a DOS attack...
by cnetdownloaderhate / May 29, 2012 8:34 PM PDT

Denial of Service attack, and an amateur one at that... Why is it that 4 hours after I posted that, I get hit with a DOS attack? Well, let's see... Revenge maybe? From a jilted cnet staff member? Why I do think so...
I'll be posting logs of the ip's involved once the list completes. I'll post it on a trustworthy site, not cnet.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.