Download.com "apologises" for bundling
In a statement, Sean Murphy, the Vice President and General Manager of Download.com, says that the company's policy was not to bundle open source software with the installer it used for other software. The author of the Nmap network scanning software, Gordon "Fyodor" Lyon, had complained that Download.com – a CNET company and part of CBS Interactive – had repackaged the open source software with an installer which, if the user accepted it, installed one of a number of toolbars which changed the user's browser home page and default search engine.
"The bundling of this software was a mistake on our part and we apologize to the user and developer communities for the unrest it caused" said Murphy, adding that the company had "reviewed all open source files in our catalog to ensure none are being bundled". Nmap has been removed from the download manager on Download.com, according to Murphy, and attempts to download it from the site will now send the user what appears to be an unmodified setup file for the network scanner.
Lyon had earlier posted an update on the initial reaction to his complaints, noting that Microsoft had contacted him and said they "didn't know they were sponsoring CNET to trojan open source software". Microsoft told Lyon they had stopped the practice. But as soon as that happened, the Download.com installer switched to installing a "Babylon toolbar" which did different search engine redirection. CNET later removed that and has replaced it with its own "techtracker" tool for updating downloaded software.
On the security front, Murphy says that all the warnings of malware from files included in the Download.com installer were false positives and that the company also ensures the "third-party offers are clearly identified, and there is no requirement for the user to download and install the offer; rather, a user has the option to Accept or Decline". That said, Download.com is also restoring the "Direct download link" which allows users to download files without having to download the "download manager".
Whether the changes made by Download.com will calm the controversy is unclear. The changes will only affect open source software and much of the proprietary freeware and trial software on Download.com will retain its Download.com Installer packaging. Initial reactions on the net also noted that a number of popular open source programs still had an installer wrapping them and there appears to have been no apology for specifically bundling GPL, or enhanced GPL in the case of Nmap, software with closed source installers.