Stay Way From SourceForge, How The Trusted Has Fallen
2 min read
If you have written any amount of code or worked in a diverse server administration environment over the past five years then you are probably familiar with SourceForge. SourceForge was a site of trusted, community driven open source projects providing tools, utilities and code for easy and free download. It was safe, easy to use, and developed a trusted relationship with its users. That has since changed since SourceForge was purchased and all trust has been lost.
Unfortunately today SourceForge is now at the same category and low-level as Download.com. A site filled with junkware, malware, and unwanted additions installed on your computers without your approval and sometimes without your knowledge. Instead of downloading the binaries you want you are forced, if the developer/project owner “opts-in” to an extra revenue feature, to have SourceForge wrap their crap-filled installer around it. No choice. Much like Download.com, SourceForge is now a haven of headaches you as a user should not deal with any more.
In fact because of the rampant malware and adware now embedded in the downloads I have placed SourceForge in my corporate blocked list at the egress filter along side Download.com. First, my administrators don’t need to be downloading new tools that frequently and freely without proper review and secondly the source can no longer be trusted. How the mighty have fallen to chase the almighty ad dollar.
As the Internet churns through things like this where there is something at the top there are hundreds more trying to take its place. In this case the best and leading, trusted replacement for SourceForge would be GitHub. Like SourceForge of old GitHub is community driven, trusted and regulates itself through the community by keeping the files as clean as they can. No site is 100% malware free when you have users proving the files. However there’s a big difference from a small number of rogue users uploading malicious and annoying packages and the site pushing it as a revenue model.
Be aware and if you do download from SourceForge… do it on a virtual machine that you don’t care about and can easily toss away.
End of Line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com
Unbelievable! Does anyone know of good alternative sites to find the open source tools we all love? Do you think developers will begin hosting their own downloads instead of linking to SourceForge? I know for many, SourceForge was used to reduce bandwidth requirements for free software as a lot of downloads can start costing some serious money. Personally, I’ve always avoided SF if a direct download link was available but would use SF if that was the only option. My guess is that if developers are earning some change for each download – they may not offer a direct-download link anymore. What are some of the great tools you’ve used from SourceForge and will you continue to use them?