There's three things here. First, adding a toolbar and screwing with user settings is freaking lame, but everyone does it and it's something that's been an accepted way to monitize software development.
However, injecting that into other people's software is low, especially if the developers aren't aware of it. CNET should be ashame.
Lastly, the way they present it to users should be plainly criminal. There's a way to offer additional programs, and that's with a checkbox. The screenshot they show is CLEARLY meant to confuse users, whereas even I would have clicked next hadn't I seen the circled text. On this point CNET should be sued for deceptive tactics, because they put NMAP (or the name of whatever you downloaded) as the title, and present buttons that are meant to deceive, making it seem like it's NMAP's own EULA.
I strongly disagree with the following part: "but everyone does it and it's something that's been an accepted way to monitize software development".
Here's why:
- bundling such software with any product kills trust in one single fire; why would I allow such a software to make it into my environment? What if there are additional hidden things inside the code which steal data from my system and send it to a third party or to the maker of the app? What if it steals my credit card info or if it uploads confidential data somewhere?
- it's a "no go" for people in corporate environments - if it has anything bundled with it (optional or not), it's not installed on any system inside the company, no further questions asked
- it doesn't matter if you offer a "paid" version without these things in it, how can I know you haven't added some other "extras" which steal data?
- if you choose to bundle software with your apps, you have some kind of issues with your business model
- bundling such software always exposes the user to all kinds of exploits, hacks and trojans
As for "optimizing" the experience of the persons on the receiving end of this crappy wrapper which shoves adware / malware / trojans down the people's throats, it's like saying we screw you over, but we intend to make it look GOOD and actually make you like it.
CNET and download.com should really be blocked at company level, along with all the security policies. They live in 2005-2006, not at the end of 2011. I doubt the guys running CNET are capable of coming up with any business model which doesn't involve making money off the software of other individuals.
Piriform uses this to great effect. Not sure what they're taking in from their enterprise level offerings, but everyone and their brother uses their free products.
"but everyone does it and it's something that's been an accepted way to monitize software development"
No piece of software that I have installed during the past two years has done so, and I sure wouldn't accept it as a way of funding development. I'd rather pay for a product in that case.
Can you give a few examples from your list of "everyone"?
I think the Java runtime installer asks to install a toolbar. There is something else that I can't recall (flash runtime?) that asks to install the Ask.com toolbar all the time as well. Some popular open source projects too (PDFCreator).
The flash download page asks you if you want to install an antivirus, I believe it's mcafee.
It's funny, though, that I encountered a "not so bright" person who simply told me "oh, I didn't know you could opt out, I was always uninstalling it afterwards".
You can also block the ask toolbar from downloading by killing toolbar.ask.com or the entire ask.com domain. It most certainly will not be missed.
Adobe does not pretent to give you an open source project like VLC player and bundle malware/adware into the installer as if VLC team did it. They even make the .exe signature identical to that of the original to fool people. Its wrong. and puts blame on the original makers. Its like if google wrapped every app submitted with ads that give only google money. The ads are annoying, and apps get bad reviews, but the app makers had no say in it.
They do not injecting it, it's just a small downloader that helps to download applications even with bad connection. And potentially may use a p2p distribution, as for example some game developers upload their game clients(>1gb). Well-known companies pay per download for their software suits, and they don't really like to pay for the interrupted downloads.
Im not sure about the deceptive tactics, they just trying to get people attention, not just unmarking checkboxes without reading.
What an antivirus says about some adware / adware downloader / toolbar doesn't matter - if it's adware, I don't want it; if it's shoved down my throat by some installer, I don't want it.
I had to deal with cleaning up a lot of machines in a corporate environment where the previous admin didn't care about security policies and security.
I found a gem, I think I might still have the photo somewhere, it was a PC which had so many toolbars in IE that they took more than half the height of the screen to display them all. Obviously, the "faces for yahoo messenger" and "good looking email" (incredimail) were among the installed "goodies" on that machine.
Just to make it clear, I see the adware installed by apps as exploits all kinds of assholes use on people who have no clue what security is about. Telling them they might find their bank account empty or that their email account might send emails with porn to their entire list of contacts usually gives them a hint about what they expose themselves to.
P.S.: If you really "worked" there and you stopped doing that, I can hardly see the point in defending them. Perhaps you're the guy they paid to write that adware injector ("the small downloader")? You come off as the guy who defends the company he's working for because he wants to keep his job.
Please stop trying to explain or excuse what CNET is doing. It's not ok.
However, injecting that into other people's software is low, especially if the developers aren't aware of it. CNET should be ashame.
Lastly, the way they present it to users should be plainly criminal. There's a way to offer additional programs, and that's with a checkbox. The screenshot they show is CLEARLY meant to confuse users, whereas even I would have clicked next hadn't I seen the circled text. On this point CNET should be sued for deceptive tactics, because they put NMAP (or the name of whatever you downloaded) as the title, and present buttons that are meant to deceive, making it seem like it's NMAP's own EULA.