Everything, Everything - December 2011

2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Bad C|Net
Thursday 8th December, 2011 10:56
How dare C|Net wrap "my" Nmap installer with their own. Okay, so it's not really my installer, but given how I've written most of it (including all the NSIS WIN32 API calls in the WinPcap installer to register the WinPcap service), it feels like it's mine. Fyodor posted this to the mailing list earlier this week:

The problem is that users often just click through installer screens, trusting that download.com gave them the real installer and knowing that the Nmap project wouldn't put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them!

The article on The Register seems to focus on it being a bad thing and installers shouldn't be wrapped with additional Cnet stuff, but they seem to have missed the point Fyodor was making about it breaking the law:

Note how they use our registered "Nmap" trademark in big letters right above the malware "special offer" as if we somehow endorsed or allowed this. Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer.

In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright. This is exactly why Nmap isn't under the plain GPL. Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't). We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS!

The Register also didn't quote one of the final sentences from Fyodor, which he did later apologise for to anyone that was offended:

F*ck them! If anyone knows a great copyright attorney in the U.S., please send me the details or ask them to get in touch with me.


For updates on the C|Net story, you can follow it here.
© Robert Nicholls 2002-2018
The views and opinions expressed on this site do not represent the views of my employer.