CNET Joins the Dark Side

I have written on numerous prior occasions about the proliferation of malware on the Internet. For the last several years, plague after scam after exploit has flooded cyberspace, with hundreds of millions of victims collectively losing billions of dollars. As if all that mischief weren’t enough already, lately we have been seeing a new and different kind of pest. This new pest isn’t openly malicious; it doesn’t steal your data or your identity–not yet, anyway. But it annoys, degrades the online experience, and compromises the performance of computers blighted by it. It is yet another altogether unwelcome intrusion on our digital sovereignty.

What makes this latest assault different is that it arrives in plain sight, usually as part of a software installation from a trusted source. You run the downloaded software, often called something like an “Installation Manager,” and are immediately met with a series of screens offering you harmless-looking notifications, the sorts of screens we all click through without even reading. But each screen, if not fully deselected, delivers a program. They sound great, promising to enhance the browsing experience, improve security, or help you catalog your precious digital memories, that sort of thing. Wonderful stuff, all. But what each of those programs really does is try to sell you something, one way or another. Some fill the blank spots on your web pages with advertisements. Some reset the home page of your browser to a Google-like search portal that delivers–surprise!–tainted results heavy with ads. Some make their home on your desktop and deliver a steady stream of audio and video alerts. Some pester you with unrelenting and various alarming messages about the health of your system, with the intent of–best case–selling you some form of digital snake oil, or–worst case–stealing and selling your personal data.

Now in theory, you can keep the pestilential software at bay by simply de-selecting the install options presented at each stage of the process by the Install Manager. In theory. Most of the time deselecting does exactly nothing, other than providing the illusion of control. The software loads anyway. It’s a headache and most unwelcome.

I usually quiz my customers to get some idea of how they came to be infected, on the theory that if we figure out how it happened, we can avoid a recurrence.  More and more often, the common denominator is CNET, also known as downloads.com. Specifically, the problem began when they downloaded and installed a program from CNET.

Founded in 1994, CNET is an Internet institution. Originally a provider of creative content for radio and television, it evolved into perhaps the dominant site for technology news and reviews, tech-related blogs, and consumer-products information and reviews. For years, CNET was a trusted source for freeware, shareware, and trial versions of commercial programs. I personally went to it many times over the years. Downloads.com was, for a time, the largest distributor of downloadable software on the planet. That has begun to change, however, as the realization sets in that CNET has gone over to the dark side.

The issue burst into the limelight when Mark Lyon, founder of the security-related website insecure.org, who is better known by his nom de guerre “Fyodor,” issued a mass email that accused CNET of bundling the StartNow trojan with his Nmap software. Nmap, an open-source network analysis tool, has been downloaded millions of times, is among the most popular freeware applications in history. Following a massive outcry, CNET publicly apologized, removed the offending wrapped software from Nmap–and then promptly started wrapping other popular programs with software that was even worse. To further muddy the waters, CNET worded the Terms of Service (TOS) agreements accompanying the wraps in such a way that it appeared Nmap et al were responsible.

As with a lot of disasters, it started innocently enough. In August of 2011, CNET began replacing standalone software offerings with software wrapped in something it called TechTracker, which purports to inform you when updates to the software installed on your system become available. OK, fair enough. But Techtracker was followed by, and here is only a very partial list, Claro-search, Babylon, Delta-Search, White Smoke, Mix.DJ, Sweetpacks, Snap.do, funmoods, Wajam, Coupon Companion, Default Tab, Top Arcade Hits, Youtube Downloader, Regclean Pro, Registry Clean Pro, Conduit, Conduit-Search.

The above list is a compilation of pests that we have encountered in the last few months. It is not a complete list of software covertly delivered by CNET; the full listing would run to over a hundred entries. Some of this software is fairly harmless, placing a toolbar in your browser, for example, which you are free to ignore. Others, like Regclean Pro, are merely irritants. They run impressive-looking scans that purport to find all manner of problems with your system. If you allow the scan to complete and then elect to “fix” what the software finds, however, you will be prompted to upgrade to a “Professional” version that will cost you $20 or $30. If you simply close the alert, typically the software will run again, automatically, every few minutes. Others, like Claro-Search, Conduit, or Babylon, are more insidious. These “search engines” are actually marketing vehicles for unscrupulous companies who have paid big bucks to get your eyes on their websites. Furthermore, this scamware actively resist removal, forcing you to hunt down and remove manually their many components. In some cases, if any trace is left  behind, the software will regenerate.

Now, to be fair, it is a common practice among lots of content aggregators to do exactly as CNET has. And when you really get down to it, you could reasonably ask what is so wrong about adding to your free downloads some harmless application that generates a little bit of revenue for the host site. The problem is that the software CNET knowingly adds is simply horrible stuff. It is in no way useful, interferes with key functions, poses security risks, compromises the host computer’s performance, and does it all without asking your permission. For the user, it’s all downside.

There was a time when CNET could credibly claim ignorance, but that time is no more. It has stonewalled and sidestepped, attempted to cover its tracks, pointed fingers at alleged duplicitous partners, done everything but own up to the fact that CNET alone is responsible. The Internet seethes with righteous indignation over this insidious practice. Even popular CNET forums make no effort to deny it. Meanwhile, the silence from company executives is deafening.

You would think that this would be a no-brainer for CNET management. Why risk incurring the wrath of millions of users over what is clearly an indefensible practice? In a word: greed. CNET has bought into the philosophy, which has come to infect American business culture, that absolutely every corporate activity must generate money, and that profit trumps all other concerns.

A reputation is a precious, fragile thing. What takes years to build may be destroyed in minutes. CNET, for years THE place to go for news, information and good, trustworthy content, is now a tainted brand. Once an icon, it is now regarded by millions, perhaps rightly, as just another con artist waiting for the chance to scam the unwary. Years from now I suspect that students in business schools all over the planet will study this as an example of the terrible things that can happen when good judgement is upended by greed.