Opened 2 months ago

Closed 2 months ago

#12385 closed Bug report (rejected)

Remove Virus infected versions from download section

Reported by: chuckthetekkie Owned by:
Priority: low Component: Other
Keywords: Virus, Malware Cc: chuckthetekkie
Component version: Operating system type: OS X
Operating system version: macOS 10.15.7

Description

You still have Virus infected versions on your servers. Please remove them as my favorite Mac updating app will not allow FileZilla to be checked for updates as you've been known to distribute malware in the downloads. These infected downloads are still present on your servers.

Attachments (1)

Screen Shot 2021-02-09 at 9.22.56 AM.png (137.3 KB ) - added by chuckthetekkie 2 months ago.

Download all attachments as: .zip

Change History (9)

comment:1 by Tim Kosse, 2 months ago

Priority: criticallow
Resolution: rejected
Status: newclosed

You need to report this false-positive to your AV vendor.

comment:2 by chuckthetekkie, 2 months ago

It's not a false positive. All of the files that say "Sponsored-Setup" contain malware. Everything else doesn't. Even Apple's own malware software says it contains malware.

comment:3 by chuckthetekkie, 2 months ago

Priority: lowcritical
Resolution: rejected
Status: closedreopened

by chuckthetekkie, 2 months ago

comment:4 by Tim Kosse, 2 months ago

Priority: criticallow
Resolution: rejected
Status: reopenedclosed

That's a false-positive. You need to report it to your AV vendor.

comment:5 by chuckthetekkie, 2 months ago

Priority: lowcritical
Resolution: rejected
Status: closedreopened

This is not a false positive. The infected version install malware on the computer. All the files that have "Sponsored-Setup" do this. "https://download.filezilla-project.org/client/" contains several files with "Sponsored-Setup" in them. Every single one of them installs malware. These files do not have the "filezilla" executable in them. They have a "scissorsbird" executable in them which contains the malware. Why do you keep denying that they contain malware?

https://www.bleepingcomputer.com/news/security/filezillas-use-of-bundled-offers-sparks-outrage-from-users/

comment:6 by Tim Kosse, 2 months ago

Priority: criticallow
Resolution: rejected
Status: reopenedclosed

It's not a virus, you need to report this false-positive to your AV vendor.

If someone proclaims the software to be malware, the onus is onto the claimant to explain in detail why it is malware.

There's a reason we stopped burning people at the stake merely because someone decried "Witch" in public.

comment:7 by chuckthetekkie, 2 months ago

Priority: lowcritical
Resolution: rejected
Status: closedreopened

The "Sponsored-Setup" files install hard to remove adware. If this was really a false positive then why haven't any anti-virus companies have fix it? It's been classified as malware for years now when you started bundling adware into the setup.

comment:8 by Tim Kosse, 2 months ago

Priority: criticallow
Resolution: rejected
Status: reopenedclosed

There is nothing wrong with the offer-enabled installer, it only presents an offer during installation and ask the user ifs he wants the offered software. At no point is anything installed the user doesn't agree to. No different than a vendor offering you his wares as you stroll over the farmer's market.

Crying wolf is in an AV vendor's best interest. The more they cry, the more uneducated users feel protected and think their purchase is justified.

Note: See TracTickets for help on using tickets.