I dispute "The hash doesn't match because the filename doesn't match." He did backpedal and say he really meant they don't match because the files are different. (Well, duh.)
I also dispute "It's a tautological false-positive, by the very definition of the term, _everything_ is potentially unwanted."
That's not the definition. Here is a definition in line with what just about everyone means by the term:
"A potentially unwanted program (PUP) is a piece of software that is also downloaded when a user downloads a specific program or application. PUP is similar to malware in that it will cause problems when it is downloaded and installed."[0]
Or my own shorter definition: "Software that nobody would want on their computer if they knew what it is and does."
It sounds like that's exactly what was detected.
I don't dispute, but I'm curious about his claim that AV vendors maliciously flag their competitors' legitimate software. I wouldn't be the least bit surprised if that's true, but it's the first time I've heard of it.
Well, the central question in my mind anyway, is whether FileZilla distributes malware. I don't see any data on that yet.. maybe it will come. Meanwhile I'm not going to join other HN members in calling people I don't know "scum".
Back then, they were doing it as part of the (previous incarnation of) SourceForge's "DevShare" offering. eg malware authors got SourceForge to bundle crapware with popular Win installers, and gave the developers a cut of the take.
It seems like the FileZilla people didn't like that revenue stream being cut off, and went to the source directly afterwards. :(
I also dispute "It's a tautological false-positive, by the very definition of the term, _everything_ is potentially unwanted."
That's not the definition. Here is a definition in line with what just about everyone means by the term:
"A potentially unwanted program (PUP) is a piece of software that is also downloaded when a user downloads a specific program or application. PUP is similar to malware in that it will cause problems when it is downloaded and installed."[0]
Or my own shorter definition: "Software that nobody would want on their computer if they knew what it is and does."
It sounds like that's exactly what was detected.
I don't dispute, but I'm curious about his claim that AV vendors maliciously flag their competitors' legitimate software. I wouldn't be the least bit surprised if that's true, but it's the first time I've heard of it.
[0] https://www.techopedia.com/definition/4061/potentially-unwan...