If you download java from java.com, you will get the installers with the
bundled toolbar.  If you go to Oracle's java site or ftp site, you will get
installers that don't have bundled toolbars.

e.g., http://www.oracle.com/technetwork/java/javase/downloads/index.html

Also, on Windows, the toolbar installer can be disabled with a switch to
setup.exe I think.

-Rob


On Mon, Dec 5, 2011 at 8:27 PM, Justin Krejci <jus at krytosvirus.com> wrote:

> Seems kind of shameful to me. I don't think I remember the last time I
> downloaded anything from download.com either, too many ads and misleading
> links from the looks of it to me.
>
> I love nmap and feel sad for any infected with other junk, looking at you
> Java JRE installer for Windows and the Yahoo search bar crap. If I wanted
> Yahoo search bar its pretty likely I would have installed on my own. Its
> not like they are even related programs.
>
> Of course I don't use nmap on windows but its cool its a supported OS
> family.
>
>
> Jason, does Swift have nmap installed by default?
>
>
> -----Original Message-----
> From: Fyodor <fyodor at insecure.org>
> Sender: nmap-hackers-bounces at insecure.org
> Date: Mon, 5 Dec 2011 14:35:30
> To: <nmap-hackers at insecure.org>
> Subject: C|Net Download.Com is now bundling Nmap with malware!
>
> Hi Folks.  I've just discovered that C|Net's Download.Com site has
> started wrapping their Nmap downloads (as well as other free software
> like VLC) in a trojan installer which does things like installing a
> sketchy "StartNow" toolbar, changing the user's default search engine
> to Microsoft Bing, and changing their home page to Microsoft's MSN.
>
> The way it works is that C|Net's download page (screenshot attached)
> offers what they claim to be Nmap's Windows installer.  They even
> provide the correct file size for our official installer.  But users
> actually get a Cnet-created trojan installer.  That program does the
> dirty work before downloading and executing Nmap's real installer.
>
> Of course the problem is that users often just click through installer
> screens, trusting that download.com gave them the real installer and
> knowing that the Nmap project wouldn't put malicious code in our
> installer.  Then the next time the user opens their browser, they
> find that their computer is hosed with crappy toolbars, Bing searches,
> Microsoft as their home page, and whatever other shenanigans the
> software performs!  The worst thing is that users will think we (Nmap
> Project) did this to them!
>
> I took and attached a screen shot of the C|Net trojan Nmap installer
> in action.  Note how they use our registered "Nmap" trademark in big
> letters right above the malware "special offer" as if we somehow
> endorsed or allowed this.  Of course they also violated our trademark
> by claiming this download is an Nmap installer when we have nothing to
> do with the proprietary trojan installer.
>
> In addition to the deception and trademark violation, and potential
> violation of the Computer Fraud and Abuse Act, this clearly violates
> Nmap's copyright.  This is exactly why Nmap isn't under the plain GPL.
> Our license (http://nmap.org/book/man-legal.html) specifically adds a
> clause forbidding software which "integrates/includes/aggregates Nmap
> into a proprietary executable installer" unless that software itself
> conforms to various GPL requirements (this proprietary C|Net
> download.com software and the toolbar don't).  We've long known that
> malicious parties might try to distribute a trojan Nmap installer, but
> we never thought it would be C|Net's Download.com, which is owned by
> CBS!  And we never thought Microsoft would be sponsoring this
> activity!
>
> It is worth noting that C|Net's exact schemes vary.  Here is a story
> about their shenanigans:
>
>
> http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations
>
> It is interesting to compare the trojaned VLC screenshot in that
> article with the Nmap one I've attached.  In that case, the user just
> clicks "Next step" to have their machine infected.  And they wrote
> "SAFE, TRUSTED, AND SPYWARE FREE" in the trojan-VLC title bar.  It is
> telling that they decided to remove that statement in their newer
> trojan installer.  In fact, if we UPX-unpack the Trojan CNet
> executable and send it to VirusTotal.com, it is detected as malware by
> Panda, McAfee, F-Secure, etc:
>
> http://bit.ly/cnet-nmap-vt
>
> According to Download.com's own stats, hundreds of people download the
> trojan Nmap installer every week!  So the first order of business is
> to notify the community so that nobody else falls for this scheme.
> Please help spread the word.
>
> Of course the next step is to go after C|Net until they stop doing
> this for ALL of the software they distribute.  So far, the most they
> have offered is:
>
>  "If you would like to opt out of the Download.com Installer you can
>   submit a request to cnet-installer at cbsinteractive.com. All opt-out
>   requests are carefully reviewed on a case-by-case basis."
>
> In other words, "we'll violate your trademarks and copyright and
> squandering your goodwill until you tell us to stop, and then we'll
> consider your request 'on a case-by-case basis' depending on how much
> money we make from infecting your users and how scary your legal
> threat is.
>
> F*ck them!  If anyone knows a great copyright attorney in the U.S.,
> please send me the details or ask them to get in touch with me.
>
> Also, shame on Microsoft for paying C|Net to trojan open source
> software!
>
> Cheers,
> Fyodor
>
>
>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20111206/9b12099e/attachment-0001.html>