TechByter Worldwide

Speak softly and carry a large microphone

 

February 15, 2015

FileZilla Is The Best FTP Client if You Can Get It

I have recommended FileZilla for years because it's the best and most versatile FTP client available and it's offered for free. Recent changes, though, place the FileZilla installation file in the middle of a mine field and good luck trying to obtain it. I'll show you some options.

The fault doesn't lie entirely with FileZilla, but the developer could take one of several steps to eliminate the problem. The problem is SourceForge.

SourceForge has been a repository of open-source software, but now all downloads from SourceForge are wrapped in "installer" software that brings adware, spyware, and malware with it. And, yes, that's every bit as bad as it sounds. My advice is to avoid SourceForge entirely. What was one a worthwhile service is now nothing more than a malware depot.

Press ESC to close.Unfortunately, FileZilla is being blamed for the malware. The FileZilla installer is clean; it's the wrapper from SourceForge that contains the malware. In a test last week, I installed the latest version of FileZilla as downloaded from SourceForge. I expanded every dialog box and carefully read every notice. After declining every "offer" from the installer, I allowed the FileZilla installation to proceed.

When the installation was complete, I found that "FoxTab Speed Dial" had been installed. Whether or not you consider the browser helper object (BHO) to be adware or malware is unimportant. What is important is that it was installed without my permission and after I had explicitly declined all offers of additional products.

Click any of the smaller images for a full-size view.
Press Esc to dismiss the larger image.


Press ESC to close.FoxTab is a browser extension that works with Chrome, Firefox, and Internet Explorer. It modifies the browser's search and home pages, and it handles page not found (404 errors) and DNS redirection. Because it changes the browser's performance, I consider it to be potentially dangerous and certainly unwanted. And it will push unwanted advertisements to the browser.

Press ESC to close.Although this isn't a problem caused by FileZilla, the developer of the application is often blamed for the problem. Examples of recent FileZilla reviews:

  • This file IS DANGEROUS! IT'S TROJAN.
  • Sourceforge Web Installer contains malware, watch out if you intend to install!
  • Malware city - let the downloader beware. I declined all agreements except for GNU (which it required to proceed with install) and still received some extremely nasty malware. Do not use!
  • It is so sad that I have to rate this project with only one star. Sourceforge installer comes with bunch of malware (to be clear, software that you would normally stay away) and turns your Windows PC into a useless box.
  • MALEWARE INCLUDED!!! BE CAREFUL! Decline the first EULA's (Thirdparty-Software), then you can install FZ only!
  • FileZilla IS A VIRUS!!! It INFECTED my computer!
  • WARNING! FileZilla bundles MULTIPLE MALWARE. It sort of warns you about one of the malware apps. It does not warn you at all about the second. "PC Optimizer Pro" will take over your PC within a few minutes of installing FileZilla.
  • Malware. Do not download. I went through the installation multiple times, carefully reading through, and unchecking EVERY optional piece of bloatware, and yet SourceForge's sketchy-ass installer decided that I still needed 'Optimizer Pro'. This is the last time I use SourceForge for anything. This has been extremely dissappointing. The people who are claiming that 'you don't download anything without explicit consent' are liars.

That's sad and doubly so because another formerly trusted resource, SourceForge, can now no longer be trusted. Apparently SourceForge was acquired by a new company and that company effectively forces developers of the most popular projects to use the SourceForge installer that includes various types of adware, spyware, and malware.

Other download repositories exist (CNET and MajorGeeks, for example). But wait. I've seen complaints about both of these using wrappers that install questionable software, too. Previously, both of them sometimes surrounded the download link you wanted with other offers, but when you found the right link, the application you wanted is the one you received. So I did some testing.

  • CNET and Download.com (CNET operates Download): File size 6.224MB - The FileZilla installer without any "accessories".
  • MajorGeeks: File size 9.276MB - What's in there besides FileZilla? ***QUESTIONABLE***
  • Softpedia: File size 6.224MB - The FileZilla installer without any "accessories".
  • SourceForge: File size 748KB - This is only the wrapper. It will download FileZilla and other applications. ***DANGER!***

Software publishers that have used SourceForge should remove their applications immediately. Those who want to download open-source software should find some other repository.

The Trick: How to Obtain the Latest FileZilla Version Safely

Two possibilities exist for obtaining a clean installer for the latest version of FileZilla.

  1. If FileZilla is installed on your computer, select Help from the menu and then click "Check for updates." If an update exists, FileZilla will offer to download and install it for you. In this case, the file will be downloaded directly from the FileZilla site. In addition to installing a clean copy of the current version, the process will save the clean installer in the computer's default Downloads directory.
  2. Press ESC to close.The second option is a bit more complex. If you visit the FileZilla website's download page (https://filezilla-project.org/download.php), you'll see only one download option, the one that will take you to SourceForge. The one shown at the right is not the one you want.
    Instead, add "?show_all=1" at the end of the URL (https://filezilla-project.org/download.php?show_all=1). Instead of the button that references SourceForge's poisoned installer, you will see a list of installers (example: FileZilla_3.10.1.1_win32-setup.exe). Hover over this link (the version number will differ as updates are issued) and you'll see a URL like this: http://sourceforge.net/projects/filezilla/files/FileZilla_Client/3.10.1.1/FileZilla_3.10.1.1_win32-setup.exe/download?nowrap. The "nowrap" switch at the end tells SourceForge to omit its malware-ridden wrapper.

I consider option 2, at best, to be a temporary workaround. Given the recent history of SourceForge, there's no guarantee that the nowrap switch will continue to be honored. The better solution would be to capture the installer during a FileZilla update. An even better option would be for the developer of FileZilla, Tim Kosse (write to him here), to sever all ties with SourceForge.

SourceForge contains downloads for many of the most popular open-source projects. Filezilla, of course, but also the popular VLC media player, Apache Open Office, and many more. It used to house the popular open-source graphics program, GIMP, but the developers have removed GIMP because of SourceForge's questionable policies. More developers should follow GIMP's lead.

It's one thing when an installer offers additional features openly and clearly, and then allows the user to opt out of them. The SourceForge wrapper hides all of its "offers" unless the user is wary enough to look for them and then, even if the user opts out of everything, it still installs some of the unwanted components.

This is not acceptable.

Safe Communications with Open Wi-Fi Hotspots

Wi-Fi hotspots can be dangerous. The threat level varies from one location to another. At a small coffee shop in a suburban location, you could expect to be relatively safe. Using a public Wi-Fi connection at a busy airport in New York, Chicago, or Los Angeles (or any busy airport anywhere) would carry more risk. Crooks like it when lots of people use a Wi-Fi connection because their chances are better. But any public Wi-Fi carries some risk.

If you're just browsing the Internet and not connecting to any website or e-mail service that requires a password, you might be safe. But if your e-mail program automatically checks for new messages every few minutes, you would be broadcasting your credentials in plain text and not even know it.

For that reason alone, it's wise to activate virtual private network (VPN) software whenever you're away from your home or office. Connecting to your secured network at work or at home can be considered safe. Connecting to any public network, no matter where it is, should be considered unsafe.

Some VPN software is available only for desktop and notebook systems (Windows and OSX). Other applications may work only for Android or Apple devices. A few vendors have applications that are available on all 3 platforms and, if you have multiple portable devices (a Windows or Apple notebook or tablet, for example, and a smart phone or phablet) using one piece of software makes a lot of sense.

The problem with Wi-Fi connections is that communications are in plain text so that anyone nearby can see whatever you send or receive. As dangerous as this sounds, the threat level is probably relatively small in many locations. A small threat, though, is still a threat. Eliminating the threat is better and that's where VPN software enters the picture.

The threat is relatively low for several reasons: First, it's a labor-intensive crime. The crook has to go to a location with a public Wi-Fi setup and wait for someone to use the hotspot in a non-secure manner. In addition, the crook has to be smart enough to figure out how to intercept signals to and from your computer and to make sense of them. And finally, the crook has to obtain information that has some value. Crooks generally prefer to use social engineering to convince prospective victims to hand over their user names, passwords, and PINs. Even so, safer is better.

A VPN turns your connection via a public network into a private connection by encrypting it. A VPN connection is nearly the equivalent of being connected directly to whatever remote resource you need. The software creates a VPN A by establishing a virtual point-to-point connection by using dedicated connections, virtual tunneling protocols, or traffic encryptions.

When the VPN connection uses the public Internet, the functionality is similar to a wide area network (WAN) link between locations. To the user, everything looks the same and all of the security measures occur in the background so that users can securely access their corporate resources while traveling or individuals can connect to resources that hold sensitive personal data.

Press ESC to close.I had been using SurfEasy on my Android devices. A $48 annual plan covers 5 devices and SurfEasy is available for Windows and Mac computers as well as Apple and Android phones. The price is reasonable, but I had identified one problem when another problem caused me to remove the application. The first problem was relatively minor: SurfEasy frequently refused to start, claiming a credentials problem. If the VPN software won't start, it doesn't provide much security.

The more serious problem occurred when SurfEasy crashed while starting and corrupted the Android operating system to such an extent that I had to wipe all programs and data from a Nexus 7 tablet, restore both applications and data from backup, and reconfigure the device.

So I started looking for something else.

Click any of the smaller images for a full-size view.
Press Esc to dismiss the larger image.

 

Press ESC to close.I've been using Avast's protective applications on both desktop and portable devices and found that Avast offers SecureLine VPN for Apple and Windows computers as well as for Android and Apple tablets and smart phones. Besides being easy to set up, it also seems to be reliable.

At least it's easy for portable devices. The hardest part about Avast for standard computers is figuring out which of their seemingly endless series of combinations will work best for you. SecureLine for Android devices costs just $20 per year and a single subscription seems to cover all of your Android devices.

One feature I like is that SecureLine can be configured to turn itself on whenever it senses that the device is attempting to connect via non-secure Wi-Fi. Or you can turn off the automatic connection and enable it whenever you need it. Additionally, SecureLine can be configured to enable itself and connect to any of several servers in the US and Europe when it senses that you're attempting to log on to a specific Wi-Fi connection.

Press ESC to close.Setting an action based on a connection to a specific Wi-Fi hotspot is as easy as selecting the hotspot and the server location you prefer to use with that hotspot.

Press ESC to close.For example, if I take the tablet into a Bob Evans restaurant, SecureLine will activate itself and connect to the server in Singapore.

Press ESC to close.The control panel shows information about your subscription to the service and, if you have the control panel open during the connection process, the background of the switch turns from red to amber ...

Press ESC to close.... and, when the connection is complete, the indicator turns green and SecureLine will display the location of the server the device has connected to.

Press ESC to close.You can also change the server location at any time. Here I've moved from New York to San Jose.

4 CatsKeep your private information private with SecureLine

SecureLine is free to download and try, but the trial period is uncommonly short, just 3 days. SecureLine provides good security and ease of use.
Additional details are available on the Avast SecureLine website, or for Apple or Android devices use the appropriate store application.

Short Circuits

Microsoft Wants to Be Your Mobile Computing Company

Microsoft missed the Internet and was slow to react to mobile computing, but the current management team seems intent on making the company relevant in an age when computers are becoming smaller and work is done in more locations than ever before. In that regard, Microsoft is adopting the Adobe model: Buy the best applications you can find and make them part of your business.

Microsoft has acquired the Sunrise calendar app, which runs on Mac computers, IOS phones, and Android phones. That deal was announced this week. Just two month ago, Microsoft acquired the Android and IOS e-mail app Acompli, rebranded it, and released it late in January with the name "Outlook".

When Windows 10 ships, some of the Office suite will be included with Windows phones and, Microsoft has been manufacturing its line of Surface computers that attempt to bridge the gap between desktop systems and tablets. Microsoft seemed, though, to be ceding the mobile operating system market to Apple and Android. That may be changing, too.

Microsoft vice president Rajesh Jha, in a blog post, said that the creative talent and fresh thinking Microsoft will gain from its acquisitions of Sunrise and Acompli will help Microsoft "reinvent productivity."

The Outlook mobile application already has a calendar and e-mail, so the expectation is that functions from Sunrise and Acompli will find their time into the Microsoft products over time. Microsoft says that Sunrise will continue to be available without cost for Android and IOS devices.

Oh, No! My Television Is Snooping on Me!

Sometimes being too honest can get you into trouble. Just ask Samsung, the maker of televisions that can listen to you and perform functions based on what you tell them to do. When Samsung recently updated its privacy policy, the result was a firestorm in the media because of a poorly worded bit of text.

Some of the televisions include voice recognition that a user can enable or disable. When enabled, users can speak to the television instead of using a remote control, but Samsung said this: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

How many breathless stories have you heard in the past week or two on radio or television about Samsung eavesdropping on your conversations at home? Well, it isn't so. Samsung should have written the sentence better, but "journalists" should have investigated the matter a bit before jumping on their horses and riding off in all directions spreading alarm.

This week Samsung provided a better explanation. The previously unnamed third party that receives voice recordings is Nuance Communications. Nuance is the world's leading creator of voice recognition technology. Samsung also noted that its televisions listen only when owners explicitly click the activation button on their remote controls or screens.

If you don't like the idea of a television that listens to you, just turn the feature off. So, relax, and carry on.