20 November 2011

C-Net’s Downloader Pollutes “My Documents”

You may have noticed C-Net have started using a downloader stub when you download software from them.  The stub adds no value that I can see (it claims to be “more secure”) and tries to push unwanted bycatch, such as browser toolbars etc.

So far, so normal and nasty, but there’s something else that makes this totally unacceptable IMO – it changes the location where your download is saved, ignoring your browser’s settings and providing no UI to see where this is beforehand, or change it.

And where does it save the download?  The Windows Vista/7 Downloads shell folder?  No; in “My Documents”.  So now you have infectable incoming code dumped into your “data” set, where it will pollute your data backups too.

I was wondering why I was seeing so much Incredimail, Babylon Toolbar and other junk on client systems – now I know why.  What I now know, is that I must also clear these code downloads from the data set.