From Wikipedia, the free encyclopedia
Jump to: navigation, search logo.png
Type of site
Owner CBS Interactive
Created by CNET
Alexa rank Increase 44,494 (October 2017)[1]
Commercial Yes
Registration Optional
Launched February 24, 1996; 22 years ago (1996-02-24)[2]
Current status Active is an Internet download directory website launched in 1996 as a part of CNET. Originally, the domain was, which became for a while, and is now The domain attracted at least 113 million visitors annually by 2008 according to a study.[3]


The offered content is available in four major categories: software (including Windows, Mac and mobile), music, games, and videos, offered for download via FTP from's servers or third-party servers. Videos are streams (at present) and music was all free MP3 downloads, or occasionally rights-managed WMAs or streams until it was replaced with

The Software section includes over 100,000 freeware, shareware, and try-first downloads. Downloads are often rated and reviewed by editors and contain a summary of the file from the software publisher. Registered users may also write reviews and rate the product. Software publishers are permitted to distribute their titles via CNET's site for free, or for a fee structure that offers enhancements.

CNet uses Spigot Inc to monetize the traffic to According to Sean Murphy, a General Manager at CNet, "Spigot continues to be a great partner to, sharing our desire to balance customer experience with revenue."[4]

Malware distribution[edit]

In August 2011, introduced an installation manager called CNET TechTracker for delivering many of the software titles from its catalog.[5] This installer included trojans and bloatware, such as toolbars.[6][7][8] CNET admitted in their download FAQ that "a small number of security publishers have flagged the Installer as adware or a potentially unwanted application".[9]

In December 2011, Gordon Lyon, writing under his pseudonym Fyodor wrote of his strong dislike of the installation manager and the bundled software. His post was very popular on social networks, and was reported by a few dozen media. The main problem is the confusion between the content offered on[10][11][unreliable source?] and the software offered by the original authors; the accusations included deception as well as copyright and trademark violation.[11]

In 2014, The Register and US-CERT warned that via's "foistware", an "attacker may be able to download and execute arbitrary code".[12] In 2015, research by Emsisoft suggested that all free download providers bundled their downloads with potentially unwanted software, and that was the worst offender.[13]

A study done by How-To Geek in 2015 revealed that was packaging malware inside their installers. The test was done in a virtual machine where the testers downloaded the Top 10 apps. These all contained crapware/malware; one example was the KMPlayer installer, which installed a rogue antivirus named 'Pro PC Cleaner' and attempted to execute WajamPage.exe. Some downloads, specifically YTD, were completely blocked by Avast.[14]

Another study done by How-To Geek in 2015 revealed that was installing fake SSL certificates inside their installers, similar to the Lenovo Superfish certificate. These fake certificates can completely compromise SSL encryption and allow man-in-the-middle attacks.[15]

However, in July 2016, How-To Geek discovered that no longer included adware/malware in its downloads and that its Installer program had been discontinued.[16]

See also[edit]


  1. ^ " Site Info". Alexa Internet. Retrieved 2017-10-04. 
  2. ^ " WHOIS, DNS, & Domain Info - DomainTools". WHOIS. Retrieved 2016-07-20. 
  3. ^ attracts over 100m visitors yearly
  4. ^ "Search Extensions". Archived from the original on March 16, 2015. Retrieved May 4, 2015. 
  5. ^ "Download App - Free download and software reviews - CNET". Retrieved 2015-05-04. 
  6. ^ " wraps downloads in bloatware, lies about motivations". ExtremeTech. Retrieved 2015-05-04. 
  7. ^ Neal, Dave (December 6, 2011). "Cnet is accused of bundling malware with downloads". The Inquirer. Retrieved May 4, 2015. 
  8. ^ Parrish, Kevin (December 7, 2011). "CNET Accused of Bundling Software Downloads with Trojans". Tom's Guide. Retrieved May 4, 2015. 
  9. ^ CNET Download Installer[dead link]
  10. ^ Brian Krebs (2011-12-06). " Bundling Toolbars, Trojans?". Krebs on security. Retrieved 2015-05-04. 
  11. ^ a b Gordon Lyon (2012-06-27). " Caught Adding Malware to Nmap & Other Software". Retrieved 2015-05-04. we suggest avoiding CNET entirely 
  12. ^ Darren Pauli (2014-07-08). "Insecure AVG search tool shoved down users' throats, says US CERT". The Register. Retrieved 2015-05-04. Sneaky 'foistware' downloads install things you never asked for 
  13. ^ "Mind the PUP: Top download portals to avoid". EMSISOFT. March 11, 2015. Retrieved May 4, 2015. 
  14. ^ Lowell Heddings (2015-01-11). "Here's What Happens When You Install The Top 10 Apps". How-To Geek. Retrieved June 20, 2015. 
  15. ^ Lowell Heddings (2015-02-23). " and Others Bundle Superfish-Style HTTPS Breaking Adware". How-To Geek. Retrieved January 6, 2016. 
  16. ^ Chris Hoffman (2016-07-27). " Has Finally Stopped Bundling Crapware". How-To Geek. Retrieved August 8, 2016.