The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Unfortunately, it seems all good things come to an end!
I was recently setting up a shiny new laptop and this included installing Filezilla. All went well and within a few minutes I was up and running. ...But the next time I went to use the PC I found that my browser(s) had been hijacked with some type of Yahoo! search page?!
Poking around I found addons in Chrome, Firefox and MS Edge for "Search Know"!
Looking though the Windows logs I was able to see this arrived on the same day I installed Filezilla!
A quick Google for Filezilla malware showed that I had been caught out by trusting a previously decent product! :¬(
It looks like this affects both Windows and MAC computers.
I got my browsers back to normal by removing all the dodgy 'Search Know' addons and removing the program using the normal Windows 'remove programs' options.
There are many reports about the dodgy behaviour of the Filezilla people. It looks like they have sold out. This started a few years ago by having 'opt out' options for programs packaged with the install file. But as time has moved on they are no longer avoidable if you use their 'recommended' download route!
They host the install files on SourceForge. This also used to be a trustworthy site - lots of daft ads, but safe if you clicked the real 'download' for the file you were looking for. Unfortunately in the last year or so they have become untrustworthy and bundle all sorts of malware and PUPs (potentially unwanted programs) in their downloads! A number of legit open source software producers have been caught out with the change within SourceForge and have moved away from them!
Here's a Filezilla forum thread that shows the issue (there are many more threads) and mentions how you can avoid the malware by not using Filezilla's 'recommended' download link! But going by their behaviour, this has put me off Filezilla somewhat!
So Filezilla users be careful if you are going to re-install it - I wish I had read a post like this before I did!
Also be aware of issues with SourceForge.
OpenOffice also host their files with them - as far as I can see their direct install is still safe, but that could change!
Finally, I was disappointed that the browsers were so easily hijacked. These days this is supposed to be harder. I guess an install program can still do whatever it wants. Google have made a lot of noise in the last year or so about how Chrome won't allow rogue addons to be installed - it looks like they've still go some work to do!
[s]Hmmm...[/s]
I've added a comment as a "heads up" to Freeola's Filezilla support page.
EDIT:
WinSCP sounds like a popular alternative to Filezilla.
Lots of people burnt by Filezilla's behaviour seem to have moved to them. If anyone uses this please post your experiences - I'll do the same if I end up using it :¬)
But this shouldn't happen or be necessary ... time to dump the software and try something else! The 'owner' may then realise that something needs to be done ;¬)
After my recent experiences with Filezilla I don't want to let the program automatically update as I no longer trust them!
I've noticed that in the more recent versions of Filezilla even when the option in settings to check for updates is turned OFF it still goes ahead and shows an updates popup and downloads (but doesn't install) the updates!
The older versions don't act in this way.
Searching the FZ forum I can see others mentioning this issue and there is a fix. (the owner just says to keep updating!)
1. Close FileZilla.
2. Navigate to %APPDATA% / FileZilla
3. Make a backup copy of filezilla.xml, just in case.
4. Use notepad to remove the following line (the actual value might be different for you, note this is all on one very long line):
<Setting name="Update Check New Version">nightly 20xx-xx-xx http://filezilla-project.org/ nightlies/20xx-xx-xx... ... ... </Setting>
Now when restarting Filzilla I don't see the updates popup and it's no longer downloading new s/w.
[s]Hmmm...[/s]
I created this thread to highlight the current issues with Filezilla downloads/installs to hopefully help others from being caught out with unwanted adware/malware.
[s]Hmmm...[/s]
Warhunt wrote:
[i]You got a source for the FZ creators being aware of it. Last time I read they were 'blissfully ignorant' or not responding on the issue.
They had to be aware of course, if you want to be cynical but....
EDIT: Never mind is clearly in your link provided. Hmmmm dodgy. Shame, it's still he best software out there.
What's 'wrong' with Core FTP then? It does the job admirably.[/i]
I repeat ... for FTP what's wrong with using CoreFTP;¬)
"We told FileZilla to stop bundling unwanted software and they stopped hosting with us. They now host themselves and bundle."
I pointed out that the Filezilla SF page is still there...
Apparently they are going to put a warning up "soon"!
So for me downloads from both Filezilla and SourceForge are still risky.
[s]Hmmm...[/s]
...As I mentioned below, the new SF owners say they have removed the Devshare scheme that was involved with this - so things 'might' be safer but they've both (Filezilla & SF) spoilt their reputation.
[s]Hmmm...[/s]
UPDATE:
I had a Tweet earlier today from someone saying they know someone that's just downloaded Filezilla from SourceForge which still came with malware! :¬(
The SF owner responded saying that they will be introducing a system that checks to see if the developer has bundled other s/w with the install.
...so Filezilla and SourceForge still appear to be risky!
[s]Hmmm...[/s]
You got a source for the FZ creators being aware of it. Last time I read they were 'blissfully ignorant' or not responding on the issue.
They had to be aware of course, if you want to be cynical but....
EDIT: Never mind is clearly in your link provided. Hmmmm dodgy. Shame, it's still he best software out there.
What's 'wrong' with Core FTP then? It does the job admirably.
They had to be aware of course, if you want to be cynical but....
EDIT: Never mind is clearly in your link provided. Hmmmm dodgy. Shame, it's still he best software out there.
...can't believe they still use SourceForge
They were using SourceForge to create income from the packaged software! i.e. They were aware of the packaged s/w.
As I mentioned below, the new SF owners say they have removed the Devshare scheme that was involved with this - so things 'might' be safer but they've both (Filezilla & SF) spoilt their reputation.
[s]Hmmm...[/s]
I advised the link to FIlezilla 'official' download is removed from our site some time ago, and it's been done as far as I can see. We also still suggest customers use the software, but do not provide suggestions as to where to get it cleanly.
It's a protection for us, as much as for the customer yes, but until we find a decent reliable source, or Filezilla produce a clean link themselves (can't believe they still use SourceForge), nothing we can do.