Be careful when downloading software
Like so much else on the Internet, you have to be skeptical about the star ratings of software. Perhaps you suspected this, but now there is proof.
A software developer in the U.K., Andy Brice, was suspicious about the ratings assigned to his software, so he did a test--a lab experiment if you will. He started with a plain text file that said "this program does nothing at all" a few times. Then he renamed the file so that it ended with ".exe" and submitted it to 1,033 download sites. The "program," if you can call it that, won't even run.
Being as obvious as he possibly could, Andy called the program "awardmestars" and included a description of the program that said, "This software does nothing at all." He even included a screenshot that said very plainly that the software does nothing. See his blog for the full details: The software awards scam.
Andy says his nonfunctional software was listed on 218 Web sites, and some even gave him an award. "Approximately 7 percent of the sites that listed the software e-mailed me that it had won an award," he said. His submission was rejected by 421 Web sites, but since he listed it as a utility, many of these rejections were because the site didn't include that type of software. Many submissions are still pending.
Since a picture is worth a thousand words, take a look at a screenshot of awardmestars version 1.0 at Topshareware.com where it was certified as having no spyware, adware or viruses. The user reviews are hilarious. PC World magazine listed it originally, but has since withdrawn their listing. As I write this, however, the listing at PC World as of August 15, 2007 at 17:01:08 GMT is still available in the Google cache.
Trustworthy software downloads
Andy mentioned three Web sites where a human being obviously reviewed the software because they wrote back to him, either appreciating the joke or being annoyed by it. The sites were Filecart.com, Freshmeat.net and Download-tipp.de. He considers the fact that a human responded to him sufficient to recommend these sites. I consider it just the first step.
In his Security Fix column in the Washington Post, Brian Krebs wrote about this today (Beware of Five-Star Vaporware) and concluded with " ... I've never strayed far beyond a handful of sites that I have come to know fairly well, such as CNET's Download.com, SourceForge.net and Tucows.com."
If you want to judge CNET's Download.com Web site, which I trusted for years before having any involvement with the company, then see:
- CNET Download: How we test and rate
- How we test for adware and spyware
Here is a quote from the first page above:
"In addition to screening for common viruses and spyware, we look for other threats that might interfere with our users' security, privacy, and control. When evaluating a submission, we consider publisher Web sites, publisher conduct, and our own experience with a particular product."
It's a cruel world out there.
Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure. 
- by warsor September 29, 2009 9:26 PM PDT
- This is very important information that you have set up for people like me to be aware and get the knowledge needed.
- Like this Reply to this comment
-
(4 Comments)warsor