0319.sdt-blog-sourceforge

UPDATE: SourceForge has removed the offending Binkiland software from its installer. Read the full story here

If you’ve been working with software for longer than five years, then you can remember a time when SourceForge was one of the pillars of open-source software. It used to be the only good place to go to find fresh builds of open-source projects, as most projects had their own pages spread around the Web.

Rather than poking around those individual sites, SourceForge aggregated the binaries and made them available to people for free, like some sort of saintly Download.com, benevolent and thoughtful in how it provided its services to the community at large.

Sure, there were ads and click-through pages, but SourceForge was still a place you could trust. Download.com, on the other hand, quickly turned into a spyware and malware distribution network, as CNET struggled to squeeze every dime it could out of the poor thing.

But not SourceForge. It was part of the Slashdot network. It understood the way developers thought and acted. It was tied into Freshmeat as a third leg on the stool of hacker culture that had originated in the late 1990s and early 2000s. Yes, SourceForge used to be a thing of beauty, and 3.7 million registered users seemed to agree.

Today, SourceForge is the knowing distributor of virus-laden software called Binkiland that cannot be removed from the host computer without editing the registry. That’s the very definition of a virus, and I consider this to be completely illegal.

This isn’t tacked on to silly programs that have little consequence. This virus is included with FileZilla, the excellent free FTP tool. And worse yet, the FileZilla website actually directs users to the SourceForge download link as the main way to download the tool. The maintainers of the FileZilla Project are culpable in all of this.

This is a step beyond the Ask Jeeves toolbar being installed with Java, which is now standard on even the Mac OS version of that language. It should be noted, however, that we have officially entered territory even Oracle is not willing to explore. This is actively attempting to compromise the user’s computer, and I think SourceForge should not only halt its distribution of this software, it should be very worried about legal repercussions from its users who have now compromised their seemingly secure machines.

About Alex Handy

Alex Handy is the Senior Editor of Software Development Times.