CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Security

Be careful when downloading software

Many download Web sites don't check software. Like so much else on the Internet, you have to be skeptical about the star ratings of software.

Like so much else on the Internet, you have to be skeptical about the star ratings of software. Perhaps you suspected this, but now there is proof.

A software developer in the U.K., Andy Brice, was suspicious about the ratings assigned to his software, so he did a test--a lab experiment if you will. He started with a plain text file that said "this program does nothing at all" a few times. Then he renamed the file so that it ended with ".exe" and submitted it to 1,033 download sites. The "program," if you can call it that, won't even run.

Being as obvious as he possibly could, Andy called the program "awardmestars" and included a description of the program that said, "This software does nothing at all." He even included a screenshot that said very plainly that the software does nothing. See his blog for the full details: The software awards scam.

Andy says his nonfunctional software was listed on 218 Web sites, and some even gave him an award. "Approximately 7 percent of the sites that listed the software e-mailed me that it had won an award," he said. His submission was rejected by 421 Web sites, but since he listed it as a utility, many of these rejections were because the site didn't include that type of software. Many submissions are still pending.

Since a picture is worth a thousand words, take a look at a screenshot of awardmestars version 1.0 at Topshareware.com where it was certified as having no spyware, adware or viruses. The user reviews are hilarious. PC World magazine listed it originally, but has since withdrawn their listing. As I write this, however, the listing at PC World as of August 15, 2007 at 17:01:08 GMT is still available in the Google cache.

Trustworthy software downloads


Andy mentioned three Web sites where a human being obviously reviewed the software because they wrote back to him, either appreciating the joke or being annoyed by it. The sites were Filecart.com, Freshmeat.net and Download-tipp.de. He considers the fact that a human responded to him sufficient to recommend these sites. I consider it just the first step.

In his Security Fix column in the Washington Post, Brian Krebs wrote about this today (Beware of Five-Star Vaporware) and concluded with " ... I've never strayed far beyond a handful of sites that I have come to know fairly well, such as CNET's Download.com, SourceForge.net and Tucows.com."

If you want to judge CNET's Download.com Web site, which I trusted for years before having any involvement with the company, then see:

Here is a quote from the first page above:

"In addition to screening for common viruses and spyware, we look for other threats that might interfere with our users' security, privacy, and control. When evaluating a submission, we consider publisher Web sites, publisher conduct, and our own experience with a particular product."

It's a cruel world out there.