Re: [Gimp-user] Adware/malware in Gimp Windows distribution?

From: Jehan Pagès <jehan marmottard gmail com>
To: Michael Schumacher <schumaml gmx de>
Cc: GIMP-User Mailing List <gimp-user-list gnome org>
Subject: Re: [Gimp-user] Adware/malware in Gimp Windows distribution?
Date: Thu, 10 Oct 2013 22:22:19 +1300

Hi,

On Thu, Oct 10, 2013 at 8:30 PM, Michael Schumacher <schumaml gmx de> wrote:

Gesendet: Donnerstag, 10. Oktober 2013 um 08:10 Uhr
Von: "Ean Schuessler" <ean brainfood com>

My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a 
Malware/Adware package called "Sweetpacks" bundled with it.


We found that some people get confused by the ads on the Sourceforge site and click on them instead of 
wainting for the real downloads. It has become a common practice by malwertizers to emulate those big green 
download arrows to lure in visitors. This is why ad blockers are no longer an optional add-on, but 
mandatory.


This being said, if this is really what happens, that's still bad. I
indeed remember a previous bugzilla report (and maybe even some email
discussions), where someone was complaining about what I think was the
same issue:
https://bugzilla.gnome.org/show_bug.cgi?id=703834

And as I said on this ticket, I think we should consider backing off
from Sourceforge for any official release of GIMP. Sourceforge is one
of the first big forge for Free Software, and I am thankful for its
history, but it has become clear that it is now a center of completely
unfiltered over-advertising and phishing. If I go on any Sourceforge
page, I have more blinking ads than actual project text.
And the "wait 5 seconds while looking to our ads before download" is
completely unacceptable too in my opinion.

Also the disclaimer that the Windows build is half true in my opinion.
As the user says, we are still linking it from our main download page,
and we are clearly taking the Windows platform more seriously. Jernej
is a GIMP committer, and his installer is in the gimp-2-8 branch, we
fix bugs for Windows now, and if someone uses Jernej's build, we don't
say "sorry, that's not official". So somehow, it is official, in my
opinion.

I realize that the Windows version of GIMP is linked with a "hey, this isn't us" kind of disclaimer but 
the fact that GIMP.org links to it gives the sense that its contents are trustworthy or, at least, not 
hostile.


As said above, please try to verify whether this was the actual installer, or one offered via one of the 
ads.
We have agreed to move the installers to the gnome ftp servers to get rid of this problem.


Good, that's what I was going to propose, as I already did in the
bugzilla report. :-)

Jehan


--
Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD
_______________________________________________
gimp-user-list mailing list
List address:    gimp-user-list gnome org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list

References:
- [Gimp-user] Adware/malware in Gimp Windows distribution?
  - From: Ean Schuessler
- Re: [Gimp-user] Adware/malware in Gimp Windows distribution?
  - From: Michael Schumacher

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]