Posted 25 February 2015 - 02:29 PM

In 2012 it was reported that CNET's Download.com started wrapping safe 3rd party software with an installer that would also install adware unless a developer opted out. This allowed CNET to generate extra revenue for each installation of an adware program on a user's computer. It appears, though, that even for downloads that are commonly bundled with the adware installer, some browsers are giving their users safer and preferential treatment. This is the case for users of Google's Chrome browser who are only offered a clean adware-free download. On the other hand, if you visit the same page with a different browser such as Internet Explorer, Safari, SeaMonkey, or Firefox, you will instead be given the adware installer version.



Same page offering Chrome the Secure Download and Internet Explorer the Installer

Click on image to see full size version.

When downloading from Download.com it is possible to differentiate whether or not an offered program is a clean download or an installer. This is done by looking at the text under the Download button on a download page. If the text is, then the download is not wrapped with CNET's adware installer. On the other hand, if it states, then that means that the download will use the installer and prompt you to install adware. You can see examples of these download buttons below. It should also be noted that just because it states Secure Download, does not mean the program will not have adware bundled by the original developer. It just means that the program will not use CNET's adware installer.





Secure Download and Installer Enabled download options.

Click on image to see full size version.

Chrome: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.89 Vivaldi/1.0.83.38 Safari/537.36

When examining the download page for KMPlayer , the third most popular download on Download.com, I noticed that CNET would offer me a secure download if I was using Chrome, but the Installer version if I was using Internet Explorer. At the time of this writing, the KMPlayer Installer version would not only install KMPlayer, but also Spigot, Slick Savings, StartPage, Ebay Assistant, and changes your browser to the Yahoo homepage. I then checked with an older version of Opera, the latest Firefox, and the latest Safari and they too were offered only the adware Installer version.When testing further it was discovered that Download.com will offer a clean and secure download if a browser's user agent contains the word Chrome in it. A browser's user agent is a unique string sent by a browser to a web server when browsing web pages. This string can be used by the server to determine what browser and operating system the user is using. For example, the user agent string for the latest Chrome is:To further test this, someone tested going to the KMPlayer download page using the latest Opera, which is based off of Chrome. When they browsed to that page, they too were offered the Secure Download version because their user agent string contains the word Chrome in it as well.Last, but not least, we tried a simple experiment of installing an add-on in Chrome that allows us to change our user agent so a web site thinks we are different browser. When we changed our user agent in Chrome so that it was pretending to be Internet Explorer 9, Download.com immediately started offering the adware Installer versions of their downloads as shown in the image below. Once we switched back to the default Chrome user agent, we were no longer offered the installer.



Chrome masquerading as Internet Explorer 9 and being offered the Installer

Click on image to see full size version.

As you can see, any Download.com visitors, other than those using Chrome, will be offered a download that contains adware that can not only slow your computer, but also cause security issues. Chrome on the other hand has a much safer download experience.It is unsure at this time whether or not Google and Download.com have an agreement in place to only offer clean downloads to Chrome users. It is also possible that Download.com is doing this to avoid being constantly flagged by Google Safe Browsing. We have reached out to Google regarding these questions, but have not heard back as of yet.