Malignant freeware
After getting a new Windows Vista PC I visited my favorite freeware site to look for a free FTP program to upload files to my various web sites.
I’ve used the open source FileZilla in the past, but had some issues with large transfers dropping out.
Anyway, I had to upload Wordpress today for the Hannans Rotary Club site and used the freeware program I discovered.
I went to install and found an error message related to the functions.php file. I checked the file and found some code had been inserted to promote the freeware FTP program. I deleted this, only to come across a similar error message in the admin/functions.php file, and sure enough, more foreign text had been inserted.
I’ve thought about naming and shaming the program, but won’t at this stage. They have a paid version of their product, which presumably doesn’t add unwanted messages. This fact is probably hidden in the licence agreement. It’s not prominent on the web site though. It simply says:
The free version is fully functional and there are NO nag screens. The free version is free to all individuals, companies, and corporations with 50 employees or less. Please read our license agreement for more details.
I still had error messages after reloading the two corrupted files, so there was obviously another one (or more) infected. I switched to FileZilla and reinstalled Wordpress from scratch, wasting about half an hour or so.
Anyone offering freeware should be upfront about any promotional text insertions they add to code, or they should insert promotional text benignly in safe places.
I’ve used many free scripts and I always maintain the integrity of those in terms of leaving developers’ names and contact details in the code.
This is the first time though that I’ve encountered a program which adds promotional text to files without notification. I think it’s unethical. It was also harmful in the sense it derailed my Wordpress installation.
The message I take home from this is to use open source.
These articles might be of interest:
