Cnet de-trojans Nmap, but outrage continues

Tech publisher CNet has removed the controversial proprietary installer it overlaid the penetration testing tool Nmap with, but critics are angry it is still used for "thousands" of other downloads.

Gordon Lyon, aka Fyodor, the creator of open source penetration testing tool, Nmap, slammed Cnet for using his software, distributed on title’s file site, as bait to lure people in to downloading various sponsored software, such as browser toolbars.

The StartNow toolbar that was offered in the CNet-altered Nmap download process, for example, would make Bing the default search engine and MSN the home page.

CNet's proprietary "installer" has been identified by several antivirus vendors #8212; at least by its behavior #8212; as a trojan, and was first noticed in August when ExtremeTech reported an altered install process for the popular VLC media player.

CNet describes its Installer as “a tiny ad-supported stub installer or “download manager” that helps securely deliver downloads from’s servers to the user's device.”

The publisher began adding its own installer on Windows-compatible non-premium software in July but claims it is not actually installed on the user’s machine and that the process offers a clearly labelled option to accept or decline additional software.

In the Nmap case, Microsoft was initially suspected of doing a deal to promote Bing through for the StartNow toolbar, however, it claims it was unaware of the practice until Lyon complained about it.

Lyon speculates that due to the attention the story was getting CNet on Monday replaced the Microsoft-affiliated StartNow with another toolbar, Babylon, which on Tuesday changed again to CNet's own TechTracker software.

Besides perceiving that his software was adulterated, Lyon criticised CNet for exploiting the trust users had in getting software from the site.

The publisher has since replaced its installer for Nmap on with Nmap's original installer, however Lyon remains unhappy that the process remains for "thousands" of other software downloads.

"CNET has (at least for now) removed the trojan installer for Nmap. But they could bring it back at any time, and they still infect thousands of other packages," he said.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.


Copyright © 2011 IDG Communications, Inc.

The 10 most powerful cybersecurity companies