security

[Lex Abels <le...@wxs.nl>]

L.S.
Today I got a message-screen that invited me to update my Apache_OpenOffice software.
I was directed to a site where I could download the new version, either OpenOffice 4.0.1 or OpenOffice 4.1.0 Beta. I did not check the site's name and address where I have been directed to.
I chose for the 4.0.1 version. The result was a downloaded file named Apache_OpenOffice_4.0.1_Win_x86_install_nl (source: sourceforge.net, size 136.460 kB) which I have run.

Just below the button for starting the download process there was a message to invite me to download and use RegClean, in order to improve my computer's performance. I did that, resulting in a download of a file named rcpsetupmarm_marm454012189nl from systweak.com, which I executed.
I am afraid that was not such a good idea, in fact I thought I could trust that tool because it seemed to be promoted by your project.
After installing and running that RegClean, I got a message that hundreds of errors where detected, and I decided to not let that program fix these, and removed the RegClean program. But after that now I get several alerts from my Security Suit (from Norman), that Trojan horses are detected. As far as possible I asked Norman to remove them, but some could only be quarantained.

Now, checking my Apache OpenOffice software for version, I see that it says the version is 4.0.0 (so not 4.0.1, which I would have expected to be installed). Going to your site https://www.openoffice.org/download/index.html, if I choose for "Download Apache OpenOffice 4.0.1" I see I redirected to http://sourceforge.net/projects/openofficeorg.mirror/files/4.0.1/binaries/nl/Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe/download,
downloading and saving seems to give the same file Apache_OpenOffice_4.0.1_Win_x86_install_nl (source: sourceforge.net, size 136.460 kB).
After running this setup again, the button I previously had attached to the Windows toolbar has disappeared, and starting OpenOffice again I now see that it is version 4.0.1.

I don't know what, of the thing I reported here, seems to be OK and what not. But, if it seems to be OK, I am still not happy with the advertisment for RegClean. And also the redirection from your site to a site called "sourceforge.net" to getting downloads is a move I don't like very much.

I would like to know what you think of all this, and if I should restart my PC from the factory settings, thus removing everything, an action I would not like very much.

Regards,
Lex Abels

Re: security

[Andrea Pescetti <pe...@apache.org>]

Lex Abels wrote:
> the redirection from your site to a site called "sourceforge.net"

This is normal. All official downloads happen through the SourceForge 
mirrors, for bandwidth reasons. Checksums, though, are hosted on the 
Apache/OpenOffice servers, so you can verify that you received a genuine 
copy following the instructions at http://www.openoffice.org/download/

> I am still not happy with the advertisment for RegClean.

This is entirely managed by SourceForge. OpenOffice is not involved in 
the advertisements at all. SourceForge offers a service where you can 
report misleading ads: 
http://sourceforge.net/blog/sourceforge-blockthis-initiative-update/

Regards,
   Andrea.

-------------------------------------------
List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org