Sourceforge is bundling malware in the GIMP for Windows installer



  • Worse still, it installs GIMP for Windows.


  • SockDev

    Sourceforge has been bundling crap in their installers for ages now


  • SockDev

    .;... they're still in business?



  • AFAIK it's still clean if you get it from Ninite.



  • People on Windows use GIMP?


  • SockDev

    @loopback0 said:

    People on Windows use GIMP?

    :wave:
    Mainly because I don't want to pay for Photoshop. Plus, I find Photoshop to be almost impossible to use.



  • Paint.net.


  • SockDev

    Got that too; at this point though, GIMP is more familiar



  • @RaceProUK said:

    GIMP is more familiar

    :giggity:



  • Whoops, missed that there's already a topic for this. glares at Discosearch



  • The malware is called GI--

    @hungrier said:

    Worse still, it installs GIMP for Windows.

    Damnit.



  • @RaceProUK said:

    Mainly because I don't want to pay for Photoshop. Plus, I find Photoshop to be almost impossible to use.

    And you don't like Paint.NET because... raving insanity? I guess?


  • SockDev

    *reads through thread*
    …I never said I hated Paint.NET…


  • SockDev

    @RaceProUK said:

    Plus, I find Photoshop to be almost impossible to use.

    PS7 was the last usable photoshop IMNSHO

    i wonder if i still have that ISO of it?

    i know i have the original disc somewhere but.... not sure which stack of CDs it's in.



  • Well first of all, assuming I read the entire thread before replying is a mistake.

    Secondly, you wrote a post about a replacement to Photoshop on Windows without mentioning the BY FAR AND AWAY BEST OPTION BY FAR which is seriously loonyville.



  • I haven't used Paint.NET in years, but when I last did it had some weaknesses compared to Photoshop. Next time I need to mess with sprites, I'll try it again and see how it is.

    Disclaimer: What those weaknesses were, I no longer remember.


  • SockDev

    @accalia said:

    PS7

    Was that before or after CS2? I'm guessing after?
    @blakeyrat said:
    Secondly, you wrote a post about a replacement to Photoshop on Windows without mentioning the BY FAR AND AWAY BEST OPTION BY FAR which is seriously loonyville.

    I first heard of GIMP back at uni, where all the labs were Linux or dual-boot machines; they had GIMP installed. Paint.NET I only found a few years ago; by then, I'd grown accustomed to GIMP, and I edit images so rarely to worry about switching.


  • SockDev

    @blakeyrat said:

    And you don't like Paint.NET because... raving insanity? I guess?

    missing features would be my guess. unless you want to install a bunch of outdated plugins (i havent seen anyone update in ages) you can't do animated GIF editing in PDN,

    then there's the colourspace mapping and transformations. PDN does not do the best job at this and does not include the option to tweak setup.

    if you're using a digitizing tablet that inclused pressure data PDN ignores that, GIMP respects it.

    for day to day casual use PDN works just fine, but it is by no means a feature complete replacement for photoshop.


  • SockDev

    @RaceProUK said:

    Was that before or after CS2? I'm guessing after?

    before. it was the precursor to the original Creative Suite (CS) version.



  • @Magus said:

    I haven't used Paint.NET in years, but when I last did it had some weaknesses compared to Photoshop.

    One's a thousands-of-dollars piece of software, the other is a free and simple to use Paint replacement. No shit there will be some weaknesses.



  • But the weaknesses were actually relevant to me at the time, which is probably not the usual case.



  • Photoshop:

    Paint.NET:

    GIMP:


  • SockDev

    as a replacement for MSPaint. PDN is fantastic

    as a repalcement for Photoshop.... for the average person it'll get the job done because buying photoshop to crop photos and adjust contrast is overkill. but for photoshop power users, and particularly those that use photoshop to create digital art instead od photo editing, well those people will need something more than PDN even attempts to be.



  • My problem is that I come from a diagrammetric background, and thus am not well versed in the concepts of pixel-based image editing to begin with. (I'd probably wind up wrestling with Photoshop just as much as I do the GIMP when I do need to do anything beyond what can be drawn in a diagram tool such as Dia...)



  • Paint Shop Pro 4 Life

    I wonder if that's still a thing.



  • Only if you run XP. Won't install on Win7.



  • @accalia said:

    PS7 was the last usable photoshop

    I still have, but haven't used for a while, PS5.5. I never upgraded because I got it at the employee price (I have a friend who worked there at the time); upgrading would have cost me 10x what I paid for it in the first place. I don't remember why I started using GIMP (Linux? Work computer I couldn't install PS on?). I definitely found some features lacking, but either GIMP has improved significantly since then, or I've gotten used to the way it works. Working with alpha channels is still a little weird, though.


  • mod

    @accalia said:

    before. it was the precursor to the original Creative Suite (CS) version.

    Point of interest: all official hattings are done in PS CS2 or CS3 (depends if I'm at work or home, respectively).


  • Winner of the 2016 Presidential Election

    @abarker said:

    Point of interest: all official hattings

    Hattings are officialated? I thought people were just trying to class the joint up.



  • @abarker said:

    Point of interest

    Of interest to whom? :P


  • SockDev

    It's not just GIMP, if you grab the mainline binary for FileZilla Server, you will also find malware.

    And no, the malware isn't FileZilla Server (well, it is if you're me because I don't actually like FileZilla Server, lack of SFTP support is an issue for me)



  • As was noted by several people above, SourceForge (properly, its owner Dice Holdings) has been bundling malware--or at least drive-by software--since 2013.

    What has changed is that SourceForge has started taking over important dormant accounts and posting its own downloads as if it were the official source. Not just for GIMP, either: They've done this with a whole series of accounts for top-line products, including:

    • Apache Allura, Derby, Directory Studio, the Apache HTTP server, Hadoop, OpenOffice, Solr, and Subversion
    • Mozilla Project's Firefox, Thunderbird, and FireFTP;
    • The Evolution and Open-Xchange mail clients;
    • The Drupal and WordPress content management systems;
    • The Eclipse, Aptana, Komodo, MonoDevelop, and NetBeans integrated development environments;
    • The VLC, Audacious, Banshee.fm, Helix, and Tomahawk media players;
    • The Reaver WPS Wi-Fi hacking tool;
    • and a bunch of other stuff

    (See SourceForge grabs GIMP for Windows’ account, wraps installer in bundle-pushing adware on ars technica.)

    See, most of those major projects left SourceForge back in 2013 when it first started bundling (saw the writing on the wall). So their project accounts have sat dormant for two years, and now SourceForge is simply seizing and using the accounts to push malware.

    Don't download anything from SourceForge, basically.

    Oh, and BTW, Dice Holdings bought SlashDot as well.


  • Winner of the 2016 Presidential Election

    @CoyneTheDup said:

    SourceForge (properly, its owner Dice Holdings)

    @CoyneTheDup said:

    Oh, and BTW, Dice Holdings bought SlashDot as well.

    @CoyneTheDup said:

    Don't download anything from SourceForge, basically.

    Yeah, they sound kind of dicey.



  • @CoyneTheDup said:

    Don't download anything from SourceForge, basically.

    Probably the only thing that can be done, GPL and friends being what they are.

    Although at least some large projects protect their name under a different license than the product itself (EG, you're allowed to fork firefox, but you can't call your fork firefox) this probably won't protect them here as long as the product itself isn't modified.


  • SockDev

    @abarker said:

    @accalia said:
    before. it was the precursor to the original Creative Suite (CS) version.

    Point of interest: all official hattings are done in PS CS2 or CS3 (depends if I'm at work or home, respectively).

    opinions will vary of course. ;-)



  • Internet adds market is crashing. Sites that rely CPM prices are growing increasingly desperate. Notice how all your favorite YouTubers are suddenly pimping t-shirts and patreons? Yup.



  • Got any source for this? Sounds interesting.



  • @swayde said:

    Got any source for this? Sounds interesting.

    CGP Gray and Total Biscuit talked about it in audio form. No handy text link, but I'm sure there's something out there.



  • @Dreikin said:

    class the joint up.

    YMBNH :laughing:




  • Winner of the 2016 Presidential Election

    @loopback0 said:

    YMBNH :laughing:

    More like intermittently present. I missed the Burns thing, too



  • @cartman82 said:

    Internet adds market is crashing. Sites that rely CPM prices are growing increasingly desperate. Notice how all your favorite YouTubers are suddenly pimping t-shirts and patreons? Yup.

    Oh great, it's 1999 all over again.

    The real truth is ad prices respond to supply and demand. Right now there's a huge glut of video ads, and therefore the price is going down.


    This whole story strikes me as one of those "people choose open source license then get pissed when other people actually use license as intended". You picked GPL or whatever, you lost the ability to control your software's distribution. No sense bitching about it now, you're the one who done fucked-up.

    You also see this with the annual, "Apple takes open source software and doesn't give back!" article. Does the license require them to "give back"? No? Then fuck the shut up and get out of here. You morons chose the license, don't get bitchy when people follow it.



  • @blakeyrat said:

    This whole story strikes me as one of those "people choose open source license then get pissed when other people actually use license as intended". You picked GPL or whatever, you lost the ability to control your software's distribution. No sense bitching about it now, you're the one who done fucked-up.

    Maybe. I CBA to look into SF's ToS (and certainly not how it's changed over time). TRWTF is how they're taking over what they presume to be abandoned accounts and then acting as the original creators, which they obviously aren't.

    If they created a sister project, say, "SourceForgeGIMP" and put the crapware in there, it would fit your GPL analogy, and potential downloaders would look at that name and have a reason to think that they aren't getting the official / original GIMP.


  • BINNED

    @tarunik said:

    My problem is that I come from a diagrammetric background, and thus am not well versed in the concepts of pixel-based image editing to begin with.

    Ditto. I find both PS and GIMP equally confusing and useless (to me). When I draw something, I use some kind of a vector editor, and for basic stuff like cropping something like gthumb does the job for me 99% of the time.



  • @Onyx said:

    Ditto. I find both PS and GIMP equally confusing and useless (to me).

    All graphics programs feel like they need to get off my lawn. I just don't do that stuff much, though I've mastered Krita's crop feature, which is 99.99% of what I need.



  • @boomzilla said:

    TRWTF is how they're taking over what they presume to be abandoned accounts and then acting as the original creators, which they obviously aren't.

    Oh yeah, it's seedy as shit. When has SourceForge NOT been a shitty crap site full of ass? Even when it was new it sucked.

    @boomzilla said:

    If they created a sister project, say, "SourceForgeGIMP" and put the crapware in there, it would fit your GPL analogy, and potential downloaders would look at that name and have a reason to think that they aren't getting the official / original GIMP.

    You missed the point. With the GPL, there's no such thing as "the official" or "the original". Every copy of the source is equally redistributable.

    They PICKED THIS LICENSE, so why are they bitching that a third-party is making use of it? YOU SAID THEY COULD, IDIOTS!



  • @blakeyrat said:

    With the GPL, there's no such thing as "the official" or "the original". Every copy of the source is equally redistributable.

    Huh? There's certainly an original. And official in this context probably means that you're dealing with the guys who are part of the project that came up with the name or originated the software or whatever.

    I apologize for my use of crazy moon languageNOTHING.



  • @blakeyrat said:

    They PICKED THIS LICENSE, so why are they bitching that a third-party is making use of it? YOU SAID THEY COULD, IDIOTS!

    Yes, I agree with this criticism, but that's not what this topic is about.



  • Yes it is. SourceForge is doing something they're explicitly allowed to do, software creators who explicitly gave them permission to are bitching about it.


  • BINNED

    Personally, I'm comfortable working with vector images. Sure, that limits what I can do, but most of my scribblings are diagrams, or logos / banners.

    Also, next time I see someone making a logo in PS instead of Illustrator or something, I'm personally going to choke them to death. Fuck off. If you're making shit like that, it better be a fucking vector, so when you or your client want to use it on the web I can just export the thing into PNG with alpha channel at a sensible resolution. But noooo, what do I get? A blurry fucking JPEG at 157px × 217px. Fuck off!

    ... sorry, went on a bit of a personal rant there ...


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.