Ean Schuessler <ean brainfood com> writes:
Hi, My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a Malware/Adware package called "Sweetpacks" bundled with it. I realize that the Windows version of GIMP is linked with a "hey, this isn't us" kind of disclaimer but the fact that GIMP.org links to it gives the sense that its contents are trustworthy or, at least, not hostile. If there is really no validation of that distribution and it contains these kinds of softwares then it may not be such a good idea to have GIMP.org linking to it.
I guess you're referring to this paragraph from gimp.org/downloads: GIMP for Windows The GIMP team doesn't officially provide any Windows installers. You can, however, install GIMP easily using the Windows installers by Jernej Simončič. Download GIMP 2.8.6 – Installer for Windows XP SP3 or later which _should_ link to http://gimp-win.sourceforge.net/ ? That page says gimp-2.8.6-setup.exe should have an md5sum of c0e253c5c4124c8b881ca44828839f5e (and I get that too when I download the exe). I don't have a windows to test with, maybe someone else can confirm that md5sum on this list, or maybe you could check if your download has a different md5sum? (Could it be that someone has registered some similar-looking typo to gimp.org and is serving malware? Or that some already-installed malware is redirecting downloads?) -- Kevin Brubeck Unhammer GPG: 0x766AC60C
Attachment:
pgpEe9y34E0F5.pgp
Description: PGP signature