Jump to content

Talk:FreeFileSync

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Virustotal wierdness

[edit]

When I download the installer and run the file through virustotal, I get several alerts:[1]

But when I instruct virustotal to go to the url and download the file it comes up clean.[2]

It looks like they send a malware-free copy to virustotal (and presumably other antivirus websites) but send malware to users who download the installer. --Guy Macon (talk) 04:35, 2 February 2018 (UTC)[reply]

More weirdness: virustotal gives the filename "FreeFileSync_9.7_Windows_Setup.exe.1tvz971.partial" for the file I downloaded. This made me suspect that I had tested a partially-downloaded file, so I double checked by downloading it again and checking that the filename I downloaded did complete and was indeed "FreeFileSync_9.7_Windows_Setup.exe". plus at least three other virustotal users have uploaded the exact same file and commented on it.
I did the same test with the file at https://wiki.riteme.site/wiki/File:500_x_500_SMPTE_Color_Bars.png (I know that file has no malware because I created it and have personally inspected every byte of it) and didn't see the ".partial" weirdness. [3][4]
Notice that both Wikipedia files have the same file size and the same SHA-256 hash but the two FreeFileSync files[5][6] don't, and the one that is flagged as having malware is much larger. It really does look like the FreeFileSync website sends a smaller, malware-free file to online virus scanners and a larger, malware-infected file to anyone who downloads the installer. --Guy Macon (talk) 16:46, 6 February 2018 (UTC)[reply]
Maybe you only misinterpreted your observations? The "partial weirdness" is explained here: https://fileinfo.com/extension/partial You didn't happen to use IE to download FreeFileSync? Additionally, why are you checking an old version of FreeFileSync (i.e. version 9.7) when the release notes of the current version 10.0 state that the installer is now ad-free. Obviously, the installer wasn't ad-free before so what point are you trying to make? If you run FreeFileSync 10.0 through Virustotal you'll notice that the alerts have gone and now 65 of 67 scanners report the installer to be clean, see this analysis result of the installer I downloaded and ran through Virustotal https://www.virustotal.com/en/file/e1bb810352495373225c9bf004360fee5695ec50eb0a92fa241d3d2b8ba9f10f/analysis/ (127.0.0.1) (talk) 20:50, 22 May 2018 (UTC)[reply]

Adware/Malware

[edit]

Currently, this page says:

"Although FreeFileSync claims that the installer "never contains malware or viruses",[7] the free version contains OpenCandy adware,[8][9][10][11][12][13]"

Someone from Bavaria who keeps shifting IP addresses keeps claiming that FreeFileSync no longer bundles OpenCandy,[14][15][16] but despite repeated requests is unable to provide a source that verifies that claim.

The IP is, most likely,[17] Bavarian developer ZenJu.[18][19] It may very well be that he no longer bundles OpenCandy with FreeFileSync, but it is pretty clear from the virustotal results (and the attempt to hide the malware from virustotal -- see section above) that he is still bundling some kind of malware -- possibly PlugX (RAT)[20][21] or FusionCore[22] -- unless you pay him for a malware-free version.

I would encourage Zenju to stop edit warring and shifting static IP addresses, register a Wikipedia account, and join this discussion. If indeed he no longer bundles OpenCandy with FreeFileSync we should discuss how that claim can be verified by a reliable third-party source so we can correct this article as needed. --Guy Macon (talk) 05:06, 5 February 2018 (UTC)[reply]

You are misinterpreting effects of DSL in Germany. In Germany, IP addresses usually change automatically at least every 24h (or more often). So this "someone from Bavaria" is most likely not shifting IP addresses actively but her internet provider is forcing new IP addresses upon her once every 24 hours. And while I don't know this Bavarian, I assume that she is not paying an upgrade to get a static IP address just because you demand it. On the subject matter, the release notes of FreeFileSync 10.0 state that it is "ad-free" now. So, please provide some evidence that FreeFileSync 10.0 is still including ad/mal-ware or close this case. To me it seems that you are running a campaign against FreeFileSync for your own personal fun and maybe profit. (127.0.0.1) (talk) 21:32, 22 May 2018 (UTC)[reply]

Zenju's (FreeFileSync project lead) response to the accusations

[edit]

Virustotal wierdness: [...] does look like the FreeFileSync website sends a smaller, malware-free file to online virus scanners and a larger, malware-infected file to anyone who downloads the installer.

Now this sounds like a great conspiracy theory. Unfortunately (and boringly) it's untrue. FreeFileSync doesn't host the installer files, it just redirects to the file hoster "MediaFire" during download. When checking the MediaFire URL directly via VirusTotal, there are also no hits: [23]

One explanation could be that MediaFire is somehow involved in this conspiracy (which would somewhat overestimate the power of a little open source project). The other is that checking a file and a URL on VirusTotal are simply two different things, whereas the latter seems to check the web reputation of the TLD more than the content that is pointed to.


Notice that both Wikipedia files have the same file size [...] but the two FreeFileSync files don't

FreeFileSync.org has has hotlink protection to keep other sites from stealing bandwidth. This is the reason why VirusTotal sees a "different size". In fact if you'd click on the "Details" tab on VirusTotal, you'd see a "Status Code 403", which is "Access Denied".


More weirdness: virustotal gives the filename "FreeFileSync_9.7_Windows_Setup.exe.1tvz971.partial" for the file I downloaded.

It may be a good idea to first become more acquainted with how VirusTotal works before interpreting its surprising effects as yet another act of manipulation: VirusTotal identifies files by their MD5 signature. The first time you upload a new file (i.e. the MD5 signature is yet unknown), VirusTotal will also store the file name. If you now rename the file and upload it again, VirusTotal will detect the MD5 and immediately show the result - under the *old* name - the one used during the first upload, and it won't change after that.


Although FreeFileSync claims [...] the free version contains OpenCandy adware,[8][9][10][11][12][13]

Le's go through this list one by one:

[8] The 2014 backupreview review: I have quite a few gripes with this article's sentiment, because like most controversial testimonies it's partly true and partly false. Yes, in 2014 FreeFileSync was bundling the OpenCandy platform, but the "and there’s no option to not install it." part has always been a lie. It's not clear what the author meant with "install". Yes, during installation an ad is "shown". For this to happen a few files related to the OC ad had to be temporarily unpacked. If this already constitutes an "install", then by this strange definition there really is no way to avoid it. But with any sane definition of human terminology, when the ad was shown and the user selected e.g. "I do not accept", nothing was installed on the system, and nothing was "left behind" (all temporary files are deleted post install). Anyone with rudimentary IT skill is easily able to verify this behavior during installation. Unfortunately these are not the people who write reviews. "Tries to install malware" Next there is this garish "malware" talk. OpenCandy was a platform that showed individual offers, and must not be confused with one of its offers. Think of it like Google AdSense. One of the occasional offers may be crap, but the platform itself is neutral. And just as with AdSense there is possibility to block individual ads that have slipped through QA (e.g. the "Conduit" one that is mentioned was blocked).

Now you could make a general argument and say that because one offer was crap, the whole platform is crap, therefore FreeFileSync is crap for using it. Really? You want to throw the baby out with the bath water, including offers like Opera, Chrome and Skype? Okay, maybe you're simply annoyed by any advertisements. Fair enough. So what about the impact that the ads have for financing a project that you paid zero dollars for, but was obviously interesting enough for you to download? Also worth nothing, and you'd prefer to have the project die and go into oblivion rather than face the inconvenience of having to dismiss an optional ad every once in a while?


[9][10][11][12][13] I'm not entirely sure what these links are supposed to prove. None of them mentions FreeFileSync. The only conclusion one can draw from them is that OpenCandy existed. We knew that already.


Someone from Bavaria who keeps shifting IP addresses keeps claiming that FreeFileSync no longer bundles OpenCandy

I'm really sorry for the spoiler in the header. Could have been some more great fuel for conspiracies. Some more boring truths: IP addresses are automatically reset once a day here in Germany by all big providers. I'm not a regular Wiki contributor and am not interested in becoming one so there is no official account.


but despite repeated requests is unable to provide a source that verifies that claim.

That's a little lie, isn't it? I provided multiple sources, but they were either dismissed or ignored:

http://forum.imgburn.com/index.php?/topic/24447-was-the-malware-removed-from-2580/

https://web.archive.org/web/*/http://www.opencandy.com/

It baffles me that even on the OpenCandy Wiki page the contributors seem to have no real clue what OpenCandy even *was*, how it worked nor how it was connected to Sweetlabs. But I guess it makes sense, how could you know, if you hadn't used their platform and don't have a sufficiently high level of technical competence. Then OTOH why would you contribute to Wiki without genuine knowledge...? Maybe that's a more general topic.


still bundling some kind of malware -- possibly PlugX (RAT)[20][21] or FusionCore[22]

Yes, FreeFileSync is showing an ad, this has never been a secret. And the new kind of "Ubermalware" that is suspected, is so secret, that it is even mentioned on FreeFileSync.org's very own FAQ!

https://www.freefilesync.org/faq.php#silent-ad

BTW, this is the same ad platform that FileZilla is using, if anyone cares to know. This platform is fully conforming to Google and Microsoft policies, otherwise FreeFileSync.org would be out of Google and Bing search indexes in no time, not to mention blocked by Google Chrome, the most used web browser. Maybe needless to say, if you want users to get access to your download, this is something you really do *not* want to happen.


I would encourage Zenju to [...] join this discussion

This is actually a very reasonable proposition. And as I understand by know, it may be the more standard way to resolve issues on Wikipedia (whose "rules" I only barely understand yet, and which undoubtedly lead to the appearance of "edit warring"). Yet on the other hand I hate these kinds of discussions and usually leave them unresolved, even if FreeFileSync is portrayed unjustly, just because they drain too much energy from all sides for little benefit. Energy that I'd rather invest in programming and coming up with greater software designs.

- Zenju — Preceding unsigned comment added by Max4142 (talkcontribs) 13:45, 21 February 2018 (UTC)[reply]

Thank you for deciding to discuss these issues rather than what you were doing before. If you are willing to work with us, we will do everything we can to insure that this article is accurate. I know that Wikipedia's rules can be a bit overwhelming, but if you keep discussing I will be happy to walk you through the process.
Let's start with the OpenCandy issue. I want this article to be accurate, but because this is an encyclopedia we can only report what is verifiable with a citation to a reliable source. Please read WP:V and WP:RS, then tell me whether you know of a reliable secondary source that say that OpenCandy is no longer bundled with FreeFileSync. In some of your edit comments you claimed that OpenCandy no longer exists. Is there a source that passes the WP:V and WP:RS that says this so I can update Wikipedia with this new information? Assuming that I can verify this, was OpenCandy tied to a server so that them shutting down means that it no longer functions, or is it a standalone program that can it still be used? --Guy Macon (talk) 16:58, 21 February 2018 (UTC)[reply]
(...Sound of Crickets...) --Guy Macon (talk) 09:45, 23 February 2018 (UTC)[reply]
(...Chirp...) --Guy Macon (talk) 09:01, 3 March 2018 (UTC)[reply]
So the bottom line is that we have no sources that confirm that OpenCandy is no longer in the installer, and we have good evidence that the FreeFileSync website sends a smaller, malware-free file to online virus scanners and a larger, malware-infected file to anyone who downloads the installer. And the author went silent when confronted with this evidence. I think we are done here. --Guy Macon (talk) 15:45, 27 April 2018 (UTC)[reply]


Related: "I still had issues downloading the program to a Windows 10 machine. Windows Defender blocked the download."[24] --Guy Macon (talk) 11:37, 23 May 2018 (UTC)[reply]

Note that the title of the article from Ghacks is "FreeFileSync 10.0 updates removes ads from installer". So, there are now 2 sources for this claim (the official website, and Ghacks).
Do you have any source claiming otherwise?
It's also pretty easy to verify this claim: just install FreeFileSync 10.0 (inside a Virtual Machine, if you don't trust the developer), and you'll see that there's no ad anymore. As far as I'm concerned, when I installed it, it displayed a picture of a bird, with a message saying "Instead of an ad, here's an animal.". Other people got different pictures, such as a mouse, a ladybug or a cat (although the last one is using the Donation Edition, which has always been ad-free).
Therefore, I suggest we update the article to reflect the fact that version 10.0 no longer includes ads. (Note that I have refrained from editing the article so far because I noticed there was an edit war going on).
Dislaimer: I'm a long time user of FreeFileSync, but I am not Zenju/Max4142/(120.0.0.1) (I am not German). StayAwhileAndListen (talk) 10:48, 27 May 2018 (UTC)[reply]

More sockpuppetry, still no evidence or willingness to discuss.

[edit]

See Wikipedia:Sockpuppet investigations/Max4142.

Bavarian developer ZenJu,[25][26] who is the author of FreeFileSync[27] has continued his campaign of sockpuppetry to hide the fact that FreeFileSync ships with bundled malware, but despite repeated requests refuses to cite any sources other than his own webpage or comments on other webpages that he likely wrote himself.

Please note that as I have documented at Talk:FreeFileSync#Virustotal wierdness the FreeFileSync website sends a smaller, malware-free file to online virus scanners and a larger, malware-infected file to anyone who downloads the installer. This makes it difficultly to determine exactly which malware he is currently including, but it does appear that he installs some sort of unwanted program if you don't pay.

If anyone has any sources other than the claims made by ZenJu, please post them so that I can update the page with whatever malware FreeFileSync in currently shipping with.

Related question: If, as I have documented, FreeFileSync adds closed-source malware to the installer, should we stop listing it as open source? Or perhaps something like "open source program bundled with closed source malware"?

Also related: I just downloaded the latest version (10.0), which claims "The installer is now ad-free!".[28] I ran it through Virustotal. The results are here:[29]

Again, ZenJu, this would be so much simpler if you simply told us what sort of file dropper you have in your current install program and exactly which programs it installs and what they do. Is it InstallCore? PlugX? FusionCore? OpenCandy? --Guy Macon (talk) 02:57, 22 May 2018 (UTC)[reply]

  • What's up with the Virustotal result? Can you please comment on them and offer your assessment? Actually, I have all my downloads checked by Virustotal before running them on my PC. Some holds true for FreeFileSync. Results of the analysis of my download of FreeFileSync are here: https://www.virustotal.com/en/file/e1bb810352495373225c9bf004360fee5695ec50eb0a92fa241d3d2b8ba9f10f/analysis/ . The result looks unsuspicious. Only 2 of 67 scanners complained about the installer. These two scanners are of less relevancy compared to the bigger names like Ad-Aware, CLamAV, GData, etw. which all said that the file is clean. Therefore I concluded that the installer is free of malware and edited the Wikipedia page appropriately. Now I find myself as target of your "witch-hunt", Guy, and feel like taken back into the dark ages of the inquisition. (127.0.0.1) (talk) 20:21, 22 May 2018 (UTC)[reply]

I believe that you are Zenju (FreeFileSync project lead). See Wikipedia:Sockpuppet investigations/Max4142. A simple statement such as "I am not Max4142 and I am not Zenju" or "I am Zenju and the current FreeFileSync installer only installs FreeFileSync, nothing more" would help a lot. Why do you refuse to respond to this question?

The virustotal results are interesting. Yesterday three of the antivirus engines alerted, not two. The SHA-256 is the same, so we know that the installer didn't change. I did send a message to Comodo asking them to evaluate the result they were showing, and now Comodo doesn't alert on the same file. I am perfectly willing to have a discussion about whether we should continue listing FreeFileSync as no longer bundled with malware. But you need to join that discussion. Making wild accusations about witch hunts and the inquisition is not helpful. --Guy Macon (talk) 21:02, 22 May 2018 (UTC)[reply]

Obviously you are running a personal campaign against "ZenJu". But that's not my concern. My concern is that you accused me of misbehavior without reasonable cause. This is a) unacceptable and b) not the way how adversarial disputes work. To this effect, I find the metaphor "witch hunt" very helpful. You may believe whatever you want but what is needed is proof for your accusations. In my opinion, uttering accusations based on a personal belief against innocent editors and then using Wikipedia's mechanics to force this editor into an official "investigation" is a type of libel. Are you doing this as a hobby? Above, you ask the FreeFileSync author to provide evidence - instead you should provide evicence for your claim! I see a pattern here. (127.0.0.1) (talk) 21:55, 22 May 2018 (UTC)[reply]
Got it. You won't give me a straight answer about your use of sockpuppets, You won't give me a straight answer about you being the author of FreeFileSync, and when given an invitation on a silver platter to discuss the evidence that FreeFileSync ships with malware, you decline to discuss it and instead accuse me of libel.
Why does all of this sound vaguely familiar?[30] --Guy Macon (talk) 01:56, 23 May 2018 (UTC)[reply]
The two major sockpuppet accounts are now indefinitely blocked. --Guy Macon (talk) 11:39, 23 May 2018 (UTC)[reply]
Too bad no one blocked Guy Macon, who does not have a clue about software yet keeps making dishonest claims. There is no malware or adware in FreeFileSync, I just downloaded it and used it to clean up a ton of duplicate files. Worked surprisingly well. Nope, I'm not zenju or in any way connected to the program, but that won't stop Mr Macon's hysterical slander campaign. Too bad :( 203.160.86.194 (talk) 02:23, 12 April 2023 (UTC)[reply]

Is the subject of this article even notable by Wikipedia standards?

[edit]

The only source cited which would appear to be relevant to a discussion on notability is a single CNET review. I have my doubts that this article would survive a WP:AFD discussion. 2A00:23C1:8250:6F01:130:351B:68D3:4C6D (talk) 04:39, 23 May 2018 (UTC)[reply]

To add to this, the URL for the supposed 'review' actually leads to a page from which the application can be downloaded. With none of the quoted 'review'. 2A00:23C1:8250:6F01:130:351B:68D3:4C6D (talk) 04:44, 23 May 2018 (UTC)[reply]

It is likely that it will not survive an AfD. I am already being called a witch-hunter, inquisitor, and being told that I pursuing a personal war blinded by hatred, all because I asked the author of FreeFileSync to provide a citation for his claims and to stop the obvious sockpuppetry. Does someone else want to file the AfD and share in the abuse that will surely follow? --Guy Macon (talk) 06:21, 23 May 2018 (UTC)[reply]
It's a famous sofware, but I don't know what are the criteria to list a sofware in Wikipedia: the amount of fame it needs.
I'm here to learn more. I find it highly relevant as long as the community watches the article. --80.210.65.186 (talk) 11:29, 19 January 2021 (UTC)[reply]
Added some reputable reviews. peterl (talk) 21:59, 19 January 2021 (UTC)[reply]