To be absolutely clear I have no reason to think Filezilla Portable has been directly effected.
That said, starting with 3.9.0.5 Filezilla claims that updates to the next version can not be done automatically and directs users to download the installer from sourceforge... the installer for which is laden with malware and scamware which attempts to trick users into installing it.
The original author has been made aware of this and has chosen either self-delusion or outright lies... likely the latter considering the way updates were disallowed for the 3.9.0.5 version. He has
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Without getting into the deeper issue, I wanted to point our that in addition to the "recommended" installer, which will show specific offers during install, you can click the "Show additional download options" link on the page to get to the full set of options. That will take you to this page: https://filezilla-project.org/download.php?show_all=1
On this page, the main installer comes without any such offers. There is also a Windows ZIP available as well as Linux, Mac, and source code. FileZilla has included such offers for quite some time as a way of funding development... well over a year if I recall correctly. They've made the option without the offers available during that time as well.
From the release notes, it seems the FileZilla 3.9.0.5 release specifically fixes an issue with the built-in updater which was introduced in 3.9.0.4. So, you could update automatically (sans manual download) from all previous versions to 3.9.0.4. But, once you installed 3.9.0.4, the automatic update would fail to work. I believe 3.9.0.5 fixes this issue so that updates to 3.9.0.6 and beyond will work as before. If you happened to update from 3.9.0.3 to 3.9.0.5, you were likely unaffected.
It's worth noting that FileZilla Portable does not include any such offers. And that updates to FileZilla Portable continue to be distributed automatically via the PortableApps.com Platform without issue. The bug in FileZilla 3.9.0.4 does not affect updates to the portable version.
Sometimes, the impossible can become possible, if you're awesome!
The links on the page John linked are to the same link as on SourceForge, except with a
?nowrapon the end of the URL, and downloading from the non-'nowrap' links gets you a smaller file which I presume downloads the full installer along with whatever promotional junk they want you to install with it when run.To prevent yourself from getting these downloaders in the future you can click the "Direct Download Link: Off" link at the top of the list (it should change to say "Direct Download Link: On" and add
?nowrapto the links), and to check, you can use a tool like WinMD5Sum to verify the MD5 checksum (or SHA1 if your checksum utility supports it) of the file you downloaded against what the webpage says (click the little circled "i" to the right of the download link to see them).Note: As a Firefox user I really like DownThemAll, for download acceleration, metalink support, and checksum verification. I recommend it highly.
~3D1T0R
Since first know FileZilla, I am not interested in using other FTP client. As I write this comment still using Filezilla version 3.7.3. If the latest version 3.9.0.x contains mallware, better to downgrade to an older version
Tri Wahyudi
FileZilla does not contain malware. Nor does FileZilla's installer contain malware.
What the user who opened this thread was seeing was SourceForge's installation wrapper which (on participating SourceForge hosted apps) get's downloaded instead of the installer, then downloads the real installer as well as offering other (sometimes unwanted) software when run.
You can avoid this by clicking the "Direct Download Link: Off" link at the top of the download list, which will change it to say "Direct Download Link: On", and also change the links to point to the installer itself, or by using the Portable version distributed by PortableApps.com "FileZilla Portable" (PortableApps.com does not participate in SourceForge's wrapped installation program).
~3D1T0R