Can sourceforge be trusted now?

[Red Squirrel]

I know at some point they were bundling spyware with downloads, is this still a thing?

I am trying to download the gcc compiler for Windows which is directing me to minGW which is directing me to Sourceforge. I can't seem to find another source for it. Is it safe to download

This is the link if curious: http://sourceforge.net/projects/mingw/files/latest/download?source=files

 

[Auric]

Even if it is, simply prescan by url with virustotal and if necessary (i.e. malware is indeed bundled and it is not available elsewhere) then extract or install in a sandbox and recover the contents.

 

[lxskllr]

No, I don't trust them, but it's the home page for some projects, so they have to be dealt with.

 

[bigboxes]

I know at some point they were bundling spyware with downloads, is this still a thing?http://sourceforge.net/projects/mingw/files/latest/download?source=files

I did not know that. Thanks for the heads up.

I stopped going to Cnet, because of all the headache they caused me and I'm a pc tech! My bundler had no warnings. I was able to get the malware off my pc, but it took me the entire evening.

 

[Elixer]

I know SF is up for sale again, and they did have a download wrapper on some projects.\, though, last I heard, they stopped doing that.

So, you can still get stuff from them, but always check the hash of the files to make sure they are originals, assuming those are posted someplace.
Usually, you need to fire off a e-mail on their ML, and they will tell you the hashes.

 

[BarkingGhostar]

I know SF is up for sale again, and they did have a download wrapper on some projects.\, though, last I heard, they stopped doing that.

So, you can still get stuff from them, but always check the hash of the files to make sure they are originals, assuming those are posted someplace.
Usually, you need to fire off a e-mail on their ML, and they will tell you the hashes.

Once a murders, always a murder.

 

[balloonshark]

Grab what you need from the files page instead. http://sourceforge.net/projects/mingw/files/

Source article here. http://www.ghacks.net/2013/07/17/sourceforges-new-installer-bundles-program-downloads-with-adware/

 

[Red Squirrel]

Grab what you need from the files page instead. http://sourceforge.net/projects/mingw/files/

Source article here. http://www.ghacks.net/2013/07/17/sourceforges-new-installer-bundles-program-downloads-with-adware/

Oh so I should be safe if I just grab the installer from there? I'll try that then. Since this is a compiler it's kinda critical it has no spyware as nothing stops them from modifying it to inject spyware in anything I compile for example. I've always just used Dev-C++ in Windows which comes with gcc but I should probably use something newer.

 

[balloonshark]

I say you would be safer than grabbing it from the main page. That seems to bypass the "sourceforge installer" they mentioned in the article. I would also upload the file to virustotal like Auric mentioned.

Edit: Here are the VT results from your download link. https://www.virustotal.com/en/file/...86e8f0032b49dd0410f232bc/analysis/1453508744/

I never heard of the two programs that show a detection. I would take them with a grain of salt.