One of the primary points of using a site like CNet’s Download.com to download little freeware programs is that they are a trustworthy company that has established a solid reputation for ensuring that all the software is virus-free. They even include a little blurb “Tested spyware free” with every download. Their Software Policies page says the following:
We test all software products submitted to us against a comprehensive set of criteria. In addition to screening for common viruses and spyware, we also look for other threats that might interfere with our users’ security, privacy, and control. [...]
We will not list software that contains viruses, Trojan horses, malicious adware, spyware, or other potentially harmful components.
Now I realize that it’s very difficult–nearly impossible in fact–to detect a custom-written virus made to be distributed in a certain program, especially if the virus/program writers are smart enough to time-delay payload delivery/internet communication.
However, detecting a standard-issue, in-the-wild, generic virus like Win32/Funlove which was first discovered in 1999 is beyond easy for a company like CNet.
Therefore it is inexcusable that they are hosting a program (Wave To Text 5.5890.9831) that is a delivery tool for this virus. It puts their entire inventory of files into doubt and shows that their testing procedures are not adequate.
Beyond the aspersions it casts on their testing procedures, they apparently don’t even do rudimentary monitoring of the user-ratings of the software. This piece of software (which CNet editors rate as five star) has a 1.5-star user rating with most of the ratings screaming “Virus!”
