Re: [Gimp-user] Adware/malware in Gimp Windows distribution?



Ean Schuessler <ean brainfood com> writes:

Hi, 


My girlfriend downloaded the GIMP windows build referenced off the
GIMP.org website and it seems to have a Malware/Adware package called
"Sweetpacks" bundled with it. I realize that the Windows version of
GIMP is linked with a "hey, this isn't us" kind of disclaimer but the
fact that GIMP.org links to it gives the sense that its contents are
trustworthy or, at least, not hostile. If there is really no
validation of that distribution and it contains these kinds of
softwares then it may not be such a good idea to have GIMP.org linking
to it.

I guess you're referring to this paragraph from gimp.org/downloads:

    GIMP for Windows

    The GIMP team doesn't officially provide any Windows installers. You can, however, install GIMP easily 
using the Windows installers by Jernej Simončič.

        Download GIMP 2.8.6 – Installer for Windows XP SP3 or later

which _should_ link to http://gimp-win.sourceforge.net/ ? That page says
gimp-2.8.6-setup.exe should have an md5sum of
c0e253c5c4124c8b881ca44828839f5e (and I get that too when I download the
exe). I don't have a windows to test with, maybe someone else can
confirm that md5sum on this list, or maybe you could check if your
download has a different md5sum?

(Could it be that someone has registered some similar-looking typo to
gimp.org and is serving malware? Or that some already-installed malware
is redirecting downloads?)


-- 
Kevin Brubeck Unhammer

GPG: 0x766AC60C

Attachment: pgpEe9y34E0F5.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]