CNet's Download.com has been secretly installing adware alongside the free and open source software in its archive, in violation of its own stated policies, which claim "zero tolerance" for adware. EFF has some harsh words and stern advice for the company to make this right.

So, CNET, here's what you need to do to really make it right:

Stop bundling adware into your installer. Failing that,

1. Rewrite your adware policy to admit that Download.com no longer has a "zero tolerance" policy for bundled adware, and make the change public, so users and developers know about it.

2. If you are going to allow ads, make sure they are not deceptive. This means it should be very clear that the ad is entirely separate from the install process (and no "accept" buttons where "next step" should be), and that the developer of the software the user actually wants has nothing to do with the advertised app.

3. Clean up the mess: prominently offer, on the front page of the Download.com site and as part of the ads themselves, to assist users with uninstalling any advertised software they may have unknowingly installed.

4. Right now, many users won't know they can download the software without the adware. Direct download should be the default process, and users who choose to use the Download.com installer should know, before they do, that the process will include advertising or other software they might not want.

5. Until the "opt-in" procedure is well-established, cease bundling adware for commercial as well as open source applications.