|
| ▲ | n4bz0r 5 hours ago | parent | next [-] |
| There is normally a wiki page for every popular program which normally contains an official site URL. That's how I remember where to actually get PuTTY. Wiki can potentially be abused if it's a lesser known software, but, in general, it's a good indicator of legitimacy. |
| |
| ▲ | throwaway198846 5 hours ago | parent [-] | | So wikipedia is now part of the supply chain (informally) which means there is another set of people who will try to hijack Wikipedia, as if we didn't had enough, just great. | | |
| ▲ | n4bz0r 4 hours ago | parent | next [-] | | Not exactly news, wiki's been used for misinformation quite extensively from what I recall. You can't always be 100% sure with any online source of information, but at least you know there is an extensive community that'll notice if something's fishy rather sooner than later. | |
| ▲ | lyu07282 5 hours ago | parent | prev | next [-] | | I was always impressed by how fast wikipedia editors revert that kind of stuff, so I think it's great advice actually! | |
| ▲ | jamespo 5 hours ago | parent | prev [-] | | What's your solution? If you search google for 7-zip the official website is the first hit. |
|
|
|
| ▲ | harladsinsteden 4 hours ago | parent | prev | next [-] |
| How would you ensure that the "average user" actually gets to the page he expects to get to? There are risks in everything you do. If the average user doesn't know where the application he wants to download _actually_ comes from then maybe the average user shouldn't use the internet at all? |
|
| ▲ | imglorp 5 hours ago | parent | prev | next [-] |
| Open source software will have a code repo with active development happening on it. That repo will usually link to official Web page and download places. |
| |
| ▲ | lukan 4 hours ago | parent [-] | | Not universal true. Open source just means that the code is avaiable, not that developement happens in the open. (But 7zip does have a github repo) |
|
|
| ▲ | 5 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | rtcode_io 5 hours ago | parent | prev | next [-] |
| 1. Go to the wikipedia article on 7-Zip 2. Go the listed homepage |
|
| ▲ | antisthenes 6 hours ago | parent | prev | next [-] |
| > How can the average 7zip user know which one it is? I dunno, if you type "download 7zip" into Google, the top result is the official website. Also, 7zip.com is nowhere on the first page, and the most common browsers show you explicitly it's a phishing website. This is actually a pretty good case of the regular user being pretty safe from downloading malware. |
| |
| ▲ | pibaker 5 hours ago | parent | next [-] | | I feel I need to clarify my earlier comment. I was asking how can a user tell, in general, what is the legitimate website of a software, not just how to know what 7zip.com is malicious. Are the search removals and phishing warnings reactive or proactive? Because if it is the former then we don't really know how many users are already affected before security researchers got notified and took action. Also, 7zip is not the only software to be affected by similar domain squatting "attacks." If you search for PuTTY, the unofficial putty.org website will be very high on the list (top place when I googled "download putty.") While it is not serving malware, yet, the fact that the more legitimate sounding domain is not controlled by the original author does leave the door open for future attacks. | | |
| ▲ | layer8 4 hours ago | parent [-] | | One way is to consult the same source(s) where the user learned about the software in the first place. |
| |
| ▲ | sedatk 5 hours ago | parent | prev | next [-] | | > I dunno, if you type "download 7zip" into Google, the top result is the official website. Until someone puts an ad above it. | | |
| ▲ | 8organicbits 4 hours ago | parent [-] | | Sure, but the answer to "How can the average 7zip user know which one it is?" would then be "do a Google search and use uBlock Origin". | | |
| ▲ | pixl97 3 hours ago | parent [-] | | How does the user know they are using the official uBlock Origin? | | |
| ▲ | 8organicbits 2 hours ago | parent [-] | | The Mozilla extension store doesn't have ads, so it's the top item. It has clear download counts and a "recommended" icon. So the advice is to install it from the extension store. |
|
|
| |
| ▲ | TiredOfLife 3 hours ago | parent | prev [-] | | > Also, 7zip.com is nowhere on the first page In incognito window, for me, it's 3rd result |
|
|
| ▲ | Markoff 5 hours ago | parent | prev [-] |
| open About in the app? |
