Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Is It Safe to Download from Download Sites?

//

Hi, Leo. I seem to remember reading some time ago that it was not safe to download anything from CNet plus I suffered a malware infection, which might have been caused by a download from that site. I’ve been reading your article about Macrium Reflect and considered downloading the free version from the CNet website. What’s your opinion on CNet? Do you think it’s safe to download from this site? I’m presently using Windows XP.

I actually now recommend that you avoid all download sites if at all possible. There are simply too many stories exactly like yours: downloads that come with much more than is expected.

Become a Patron of Ask Leo! and go ad-free!

A good download site is hard to find

There are good download sites; I just don’t know which ones they are.

And to be clear, the download sites themselves aren’t always the problem. Often, the actual software you’re downloading includes the malware that people end up with on their machine. Still, all too often, through download managers, download accelerators or even direct downloads from these sites, people are getting much more than they bargained for in the form of malware.

My recommendation: always, and I really do mean always, download only from the original manufacturers website. That means you might need to do a little research to locate that site, but that research really pays off big when you end up avoiding malware or foistware or who-knows-what-ware.

Use a download site only when explicitly told to

Download ButtonNow, there’s an odd scenario that we also need to mention – and you’re probably shaking your head about this right now – because it’s the very scenario that you’re talking about. Some vendors will actually point you to a download site. Macrium does with their free version of Reflect. It’s downloaded from CNet’s download.com.

One important point: always start at the manufacturer’s site.

Just because you happen to find the product on the same download site doesn’t mean that it’s the same or the official product. Only go to the download site via the link provided by the software manufacturer.

Direct downloads are preferable

Sometimes you may have no choice. Sometimes the software is only available at a download site. All I can say is be careful. I’ve certainly downloaded Macrium from CNet, and it’s been fine. However, when you’re given the option, always avoid any and all download managers or download accelerators. They’re really not that helpful, and often they are the cause of a lot of these problems.

Choose instead any direct download link that’s offered by the download site.

Ultimately, things really are just too risky. Many formerly reputable download sites have lost a tremendous amount of trust in the community. I strongly recommend avoiding them all unless there’s no alternative – and even then, do think twice about whether you really want that download.

And for the record, yes, I think you really do need Macrium Reflect.

24 comments on “Is It Safe to Download from Download Sites?”

  1. Just one small point: If you want to download Macrium Reflect from the Macrium website, you are actually redirected to the CNet download site. There is no direct download link on Macrium’s website. Just saying…

  2. This is why i always scan every file i d-load before i even open it or run it and if its a zip folder i always scan. i got in the habit years ago when i got a bad infection.

  3. Just to remind everyone downloading from CNet and the like.

    Even though you have been very careful to UNCHECK those confounded
    (very small) boxes offering additional programs, etc. and to have successfully
    downloaded the desired program that does not mean all is well. Go to Control
    Panel and All Programs to see what strangers may have piggy-backed their
    way onto your equipment.

    This is where the danger lies !!!!!

    I started to remove such an interloper only to find my system crash
    completely – yes irretrievably!! I could not do a malware check before
    removing it – could I – or could I? All I know is that nobody could advise
    me how to deal with the problem leaving me with the usual re-install.

  4. I highly recommend http://www.ninite.com for installing and updating many popular programs. Our firm subscribes to the professional version to keep 250 PCs up-to-date and therefore less vulnerable. The free version is excellent for home use. Ninite installs applications with no third party toolbars or add-ons.

  5. Cnets ” downloads.com ” used to be a safe place to find software. However, over the last couple of years, I have been nailed with three viruses from that site, and yes , I have scanned the downloads before installing them. I once was nailed with a ” drive by ” infection from Cnet also. I no longer down load anything from that site, as they seem like they can not be trusted to keep themselves secure.

    • Nowadays, I find that even Downloads.com is very misleading. You click the download button of a program, only to find a page opening with a lot of Download Buttons strewn around. Among the maze of buttons, you’ve to find the one that is meant for the intended program. I wonder why a reputed site should misguide the users.

  6. I recently downloaded from CNet (download.com) and was “infected” with:
    The weDownload Manager.
    I’ve trusted the site for years, not any more.

  7. I, too, am leery of downloading things from download sites, including Cnet. However, I will say that at least on Cnet’s site the big green “Download Now” button is the actual button you want to click to get the actual product you came for. On many sites the big, green, and prominent download button is for something completely unrelated that you probably don’t want, often something you REAllY don’t want, like a “download manager” that tries to piggyback adware with everything else you download. To get the software you actually want requires careful perusal of the page, and even then one must be sure to check the name of the file they are downloading.

    If clicking a link at the official page for a product like Macrium takes me to the Cnet site, I at least feel a bit more secure there, as the Cnet site does not try to trick me into downloading something unrelated. But I still make sure I am backed up, scan the download, and set a system restore point before installing. And I know that setting a restore point is often not efficacious; it simply makes me feel I have been just that little bit more proactive. 🙂

    Also, I think what you are downloading is a major factor. If it is a free version of something you would otherwise have to pay for, shame on you, and you probably deserve the malware that comes with it. If you think you can trust people who are offering pirated software, you are just being foolish and greedy. However, I trust the folks at Macrium, therefore I feel a bit safer in downloading their product from a site like Cnet. Though I still wish they would host the download at their own site.

    My advice is only download from a download site if you followed a link there from the official site, and even then be very careful. If the software you think you want is only available from a download site, with no official site at all, find something else that does the same thing. Chances are there will be at least several to choose from for just about anything that is available as free or shareware.

  8. Thank you, Leo, for good advice! As a computer service tech, I have removed a lot of malware, scamware, foistware, junkware, crapware (you get the idea). And much of it has come through the means of CNet, Downloads com, and other formerly trusted sites. But I will recommend one with the caveat that it may change someday as well, so always follow Leo’s advice, download direct whenever possible, always scan before you run anything (I scan with both MalwareBytes and Norton first), and only download what you really need. At this point in time, majorgeeks dot com still appears to be a safe download site (of course they have their ads as well). Last point of info, just because a site has a name similar to what I’m looking for, that doesn’t mean it’s their site. So sometimes I have to go to a download site just to determine the author of a program in order to accurately locate their site.

  9. In some cases, download sites only download downloaders that bundle software with them, and then download the installer directly from the manufacturer’s that a user would have gotten by an official link anyway.

    Another problem with some download sites is that their versions of software could be outdated. While sometimes a user may absolutely need a specific version of legacy software, the official website is always going to be the first to have the newest version. You know, come to think of it, the fact, if true, that these sites get the software from the provider anyway is even more reason to avoid them.

    I also especially avoid downloads that are not from download sites. Here’s what I’m trying to say:

    For example, several sites require flash player these days. Sometimes they have that Adobe Provided “Download Adobe Flash Player” that links to the official http://get.adobe.com/flashplayer or similar page. Other times it may give a notification (or, worse yet, auto redirect to the .exe file and automatically download the file, depending on the browser)and download it from their own server. Even if these are official Adobe Installers, these are often outdated, sometimes even for the website. I’ve even seen a website download Abode Flash Player…5 I think, which was to old for the website’s content anyway.

  10. Cnet {download.com} is no longer trustworthy …much of their software includes toolbars and browser hijacks & worse.

    I still use snapfiles.com and the editor does warn in the review if a toolbar or other program is ‘offered’ during installation so it can be unckecked.
    Even so , a fantastic range of free and trialware is available at this site

  11. What perfect timing of this report on download sites. Recently I downloaded a program from CNet which contained malware. Now I did scan it with MSE after the download and before I installed it but MSE found nothing. After I installed the program I noticed I was infected with malware. I am very careful with my PC and practice safe surfing. I have WOT installed on Firefox and I am very careful about which websites I visit. Needles to say I will avoid these download sites like the plague.

    This was a perfect time to test my image backup. I took Leo advise and installed Macrium Reflect Free. I did the image backup two weeks ago. Now I had various backup programs in the past which made the image backups but when the time came to use them, the image backup failed to restore. Not so with Macrium Reflect! The image backup restored with no problems! As the Guardian of Forever stated, (Star Trek – City on the Edge of Forever) “All is as it was before!” Thanks to Macrium Reflect my PC is back!! It’s the very first image backup that successfully restored!

  12. @ Cornelius

    Your remarks in para 3 regarding those of us downloading something which otherwise would be free
    are unjustified. To suggest that myself and others might have brought the trouble down upon our own heads and deserve the malware was unpleasant and spoiled the tenor of the article and thread.

  13. Hi Leo,
    I would like your input on this situation. I myself and several people who commented on this report have scanned the downloaded file before opening or running the download program. This does not seem to be of any use because I know in my case, I did scan the downloaded file immediately with MSE before running the program and it still infected my PC with malware after the program ran. So my takeaway from this: It does absolutely no good to scan the downloaded file. If it’s going to infect your PC then it’s going to do so after the program has been installed. That is my takeaway . What do you think?

    • @Mick W
      Correct ….much malware is not a virus or spyware …it is more foist-ware or unwanted-ware which many malware programs fail to detect
      Best run your browser in a sandbox and test the program in a sandboxfirst. If all looks fine then it can be installed and run unsandboxed.
      I use Sandboxie regularly and it has never failed .Check it out at sandboxie.com

    • Doesn’t seem that scanning the file would do much good, unless your particular malware program recognizes the install file itself as malware. What an install file does is unpack numerous files and install them on your computer. Sometimes an install file will download more information from online. In the unpacked state all it is is a file.

    • As Connie pointed out many installers do download additional materials and others obfuscate their contents. Hopefully your real time scanner would catch the download as well as the installation of malicious software. But the fact is not all scanners can catch everything, and there’s no 100% effective technique. Scanning your download increases security but does not prove there is no malware if it turns up empty handed.

  14. I’ve read all over about the saftety of Ninite, and today when I went to download the installer (because my automatic Firefox update failed), a Norton popup told me that Norton uninstalled the Ninite installer because it was unsafe. What is going on with Ninite?

  15. Folks, if you’re browser is MSIE, you should get IE’s download dialog when you click on a download link, which should state the exact filename about to be downloaded. THAT has saved my buttocks on more than a single occasion! It’s not infallible, of course — nothing ever is — but careful attention to this one small detail can rescue your bacon perhaps 85% of the time. NEEDLESS TO SAY, if the filename displayed isn’t something related to the file or program you’re seeking, or is in any other way unexpected or puzzling… CLICK “CANCEL”!!! :/

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.