You are here

Sourceforge Adware Injection

8 posts / 0 new
Last post
pastymage
Offline
Last seen: 7 years 3 months ago
Joined: 2015-09-08 09:11
Sourceforge Adware Injection

I'm having trouble updating both Chrome and Skype - it appears that the SonicWALL Gateway AV now considers SourceForge's injected adware worthy of blocking. ("This request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: InstallCore.A_43 (Adware)")

SF used to be great, but these days...any chance you guys will be switching to less scummy project hosting soon?

-Dave

vf2nsr
vf2nsr's picture
Offline
Last seen: 6 years 1 month ago
Developer
Joined: 2010-02-13 17:10
Interesting

Since only the installer is hosted at Sourceforge for those two apps.....Sounds like False positive

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

pastymage
Offline
Last seen: 7 years 3 months ago
Joined: 2015-09-08 09:11
AFAIK, it's only installers

AFAIK, it's only installers that SF injects adware into. *shrug* Doesn't really help me either way.

John T. Haller
John T. Haller's picture
Offline
Last seen: 3 hours 22 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
No Adware Ever, Live Installers

None of our installers have had adware included/injected ever... in our entire 10+ year existence. Are you able to download the installer itself but it then fails when you try to install? If so, that's likely because it's a live installer that downloads Skype/Chrome as you install. They can't be included for licensing reasons. If that's the case, your gateway has some borked definitions or configuration and you'll need to check with their support. The Chrome Portable installer downloads Chrome from Google during install. The Skype Portable installer downloads Skype from Skype/Microsoft during install.

If you're blocked from downloading the base installers from SourceForge, you won't be able to download any of our software as nearly all our open source software is hosted there (Firefox, Thunderbird, GIMP, Pidgin, etc). This would be odd as only 12 out of 430,000 projects participate in the SourceForge Dev Share project allowing them to include bundleware and make money to fund development. PortableApps.com does not participate in this program. If your gateway blocks 430,000 projects due to 12, then you likely can't download any software at all from any large site as most large sites have some projects with adware included.

Sometimes, the impossible can become possible, if you're awesome!

pastymage
Offline
Last seen: 7 years 3 months ago
Joined: 2015-09-08 09:11
No, it was only when I tried

No, it was only when I tried (and failed) a manual download via browser that I was able to see the AV message. In the PA updater, I just get the "downloaded copy is not valid" message.

FWIW, I've had no problems downloading software from other sites since this started last week, it's just you guys, but Chrome and Skype are the only things that have pinged for updates on PA recently - if this happens with more projects subsequently, I'll let you know. In the meantime, I can work around it by downloading the installs elsewhere and bringing them in on a USB or something, I suppose.

John T. Haller
John T. Haller's picture
Offline
Last seen: 3 hours 22 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Publisher

Try downloading basically any other open source app to confirm. Firefox, for example: https://portableapps.com/apps/internet/firefox_portable

If the publisher of your software firewall is just blocking those two apps, their definitions/configuration is broken and you should let them know. As always, Google Chrome Portable and Skype Portable are perfectly clean as proved here:
https://www.virustotal.com/en/file/204a5fafbe1785e6aec41516de1435648f6f2...
https://www.virustotal.com/en/file/79a7d86075d3c4baa9d2c512df8d61d540644...

If the publisher of your software firewall is blocking all of SourceForge due to 12 projects, they've got some major issues. Blocking a site with 430,000 projects for 12 projects with clear bundleware (clear as in it clearly says what it is and won't install if you tell it not to) would mean they should be blocking nearly every other freeware site in existence because they all have a far greater fraction of adware than 12/430,000. Heck, they should be blocking the standard local installers for Skype, uTorrent and most other freeware apps since they all contain adware. Or Chrome's installer as Chrome is offered as bundleware all over the place (Java updates, Flash installs, free antivirus updates, etc).

Either way, this issue is specific to your software firewall and you should contact the publisher to fix their issue.

Sometimes, the impossible can become possible, if you're awesome!

pastymage
Offline
Last seen: 7 years 3 months ago
Joined: 2015-09-08 09:11
Intermittent/resolved

Firefox comes down fine. I noticed that something Skype and Chrome have in common is that they're Online Installers, so I tried a couple portable apps that are also online installers, though they worked as well. Then, just to be sure, I tried Skype and Chrome again, and they actually downloaded this time. So, not sure any of those tests had useful info, since the original problem doesn't seem to be occurring for me anymore.

vf2nsr
vf2nsr's picture
Offline
Last seen: 6 years 1 month ago
Developer
Joined: 2010-02-13 17:10
Wondering

Since both applications Skype and Chrome are updated regularly and they point to a specific file if the update had not come thru yet on the PortablesApps and it was trying to download an older file Hence because the file was taken offline it was unable to install it?

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

Log in or register to post comments