Malware distributed with FreeFileSync

[Author2]

Dear Sir,

I was reading about your program and noticed that it is distributed with OpenCandy Malware:

1. Why is this?
2. Why don't you disclose this on your website?
3. How do I obtain a version of the program WITHOUT the malware?
4. Why doesn't the author name appear on your website so you can take responsibility for any damage the malware does to systems it is installed on?

See: Wikipedia on the subject of "Comparison_of_file_synchronization_software"

Thanks,

Mark

[Zenju]

The Wiki article is uninformed and obsolete: viewtopic.php?t=5068

[Author2]

The above post is not a complaint about the program, but a statement of fact. I appreciate the work you have done. More facts:

1. I have in fact installed the program and none of the virus scanners, including Windows Defender, flagged the install.

2. I am aware that SourceForge likes to package posts on that site with malware, even if the original author didn't do so.

3. If you want to avoid the malware, you may wish to consider posting the download file directly on your own site, rather than SourceForge. This may adversely impact your revenue by doing so, because SourceForge may pay you for hosting the file with them.

So far, I have seen no evidence of malware activity on the machine it was installed on. I am also VERY happy with the product so far. It's a great alternative to paid programs. I was previously a user of Goodsync, but they gouge you way too much for their product and I don't need the support of cloud protocols that it offers that your product doesn't offer, such as Onedrive, AWS, Dropbox, etc.

Based on your link above, I would GUESS that the editor and owner of the erroneous Wikipedia article you nobly tried to correct is one of your PAID or COMMERCIAL competitors who wants to trash free alternatives and promote their own. This conflict of interest is the main reason behind why Wikipedia can find pro bono editors to maintain its content and also why I don't trust ANYTHING posted on Wikipedia. Making the article owners anonymous also makes this problem worse. That's why I gave you the benefit of the doubt in this case.

:-)

Thanks for your prompt reply.

[Zenju]

1. I have in fact installed the program and none of the virus scanners, including Windows Defender, flagged the install.

That's great, but I wouldn't give too much on AV flags. Currently at least one version of MS AV is flagging all versions of FreeFileSync with some alleged installer malware. This doesn't even make logical sense since they flag also the app after installation, as well as some age old FFS 6.10 version which by their very own standards was clean for years up to until now. What many users don't realize is that AV software is not as clever as it likes to sell itself. In MS's case it's obvious that they simply check for some string "FreeFileSync" in the code signature and call that a "heuristic".

2. I am aware that SourceForge likes to package posts on that site with malware, even if the original author didn't do so.

This was the old SourceForge policy for "abandoned projects" up to until 2015 I believe. When SourceForge was acquired by new owners they changed that as their first measure.

3. If you want to avoid the malware, you may wish to consider posting the download file directly on your own site, rather than SourceForge. This may adversely impact your revenue by doing so, because SourceForge may pay you for hosting the file with them.

FreeFileSync is not hosted on SourceForge anymore since beginning of 2016 and has moved 100% to freefilesync.org. As a project FreeFileSync is completely independent. Practically however it's dependent from its users' goodwill and their donations that keep the project alive. Therefore it hurts when AV vendors occasionally tarnish FFS's reputation for no reason other than to make themselves look more useful.

I don't need the support of cloud protocols that it offers that your product doesn't offer, such as Onedrive, AWS, Dropbox, etc.

Who knows, maybe FreeFileSync will add support in the future. But this isn't so much a technical problem as a market research one: How relevant is each of these cloud providers in reality and is there some real benefit that FreeFileSync could add?

Based on your link above, I would GUESS that the editor and owner of the erroneous Wikipedia article you nobly tried to correct is one of your PAID or COMMERCIAL competitors

This is quite possible.

I don't think addressing each of such concerns changes much (the people who should read them are probably not on the FFS forum), but maybe it's a bit therapeutic. :D