Google kills downloads on Google Code 'due to misuse'

Google kills downloads on Google Code 'due to misuse'

Summary: Google is shutting down Google Code downloads and pushing devs to Drive instead.

SHARE:
TOPICS: Security, Google
19

To keep its Google Code developer community "safe and secure", Google will prevent developers publishing downloads on the service and is pushing the functionality to Google Drive instead.

Google Code offers developers a collaborative space to host open source projects that come with member controls, Subversion/Mercurial/Git repository, issue tracker, wiki pages and a downloads service.

The last feature, which allows projects to make their files available for public download, will be wound down due to misuse, Google announced this week.

"Unfortunately, downloads have become a source of abuse with a significant increase in incidents recently. Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads," Google Project Hosting said.

New projects will not be able to publish downloads, while the feature will disabled from 14 January 2014 for existing projects, Google says on its FAQ.

Google does not say exactly what that misuse seen on Google Code is and, while user reports of malware abuse on the service have picked up since December last year, there are only around 200 reports to date.

One user on 17 April reported receiving an SMS disguised as a free giveaway from Kentucky Fried Chicken which included a link to a malicious file hosted on Google Code. The malware distributor had four projects on Google Code hosting similar malware yet had no source code on the site.

ESET malware researcher Sébastien Duquette has posted 36 malware reports since December and security vendor Blue Coat warned last week that malware was once again being distributed on Google Code.

The move to Google Drive means developers will lose useful features that were available on downloads, such as project labels and download counts for downloads.

And Google did have another option, according to Chris Larson, a Blue Coat researcher who pointed out that Google could use its recently acquired VirusTotal service to scan for "obvious malware" on Google Code. "After all, these aren't exotic zero-day malware samples. What's up, Google?" he wrote.

Topics: Security, Google

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • google care about our well being

    and is blocking malware in its tracks.
    LlNUX Geek
  • Soon to be full of Anti- Google people

    Google has decided that offering a free service is no longer viable. Many will soon post that Google is taking away their toys. This was a free service and as such Google can stop it at any time for any reason. And actually they are just moving things around. It is good to Google closing some of these services to focus on important technologies (Android and Chrome).
    alex_darkness
    • GMail is a free service as well.

      So they are just going to delete it as well? Google Reader? Opps. They did that one already.
      Bruizer
      • GMail is a test bed for Google Apps

        Google Apps is a revenue generator for Google - Gmail is a test bed for that service.
        John Dwyer
  • Google kills downloads on Google Code 'due to misuse'

    So its in line with the rest of Google, use a service then shut it down after 6 months.
    Loverock-Davidson
  • The real reason..

    they weren't getting enough marketing/ad revenue.
    dtdono0
    • Bingo

      Exactly. It's sad to see it go, but google is looking out for there own best interests.
      icyrock
    • I don't know if Google Code had any ads

      AdBlock is great.

      But I think the most likely reason is that they weren't getting quality code to steal from.
      wackoae
  • Excuses

    This must be an excuse to drive up the use of Google Drive...
    ceagan
  • Or Google could just run

    virus checks on published material. You know, actually take responsibility for content they host.
    baggins_z
    • Re: You know, actually take responsibility for content they host.

      And abandon their DMCA safe harbour!?
      ldo17
  • Back to sourceforge it is

    And codeplex
    Mac_PC_FenceSitter
  • Meh

    GitHub is way better anyway. ;)
    Ajedi32
    • Re: GitHub is way better anyway. ;)

      GitHub introduced similar restrictions a while back.
      ldo17
  • SourceForge Has Allowed Downloads For Years

    Wonder why both GitHub and Google Code have so much trouble with them...
    ldo17
  • The Walled garden looks good

    After you have been stabbed on the other side of the wall. Now you know why it's there. While I agree some people will prefer open, just remember it's open to people who would do you harm. That's why we don't sleep with the doors open anymore. Sad, but true.
    hammeroftruth
  • Google takes an initiative to make the Internet safe

    Why should they be a source of malware? The project was a collaboration to allow people to improve projects and ideas, but Google haters inject malware to hurt Google, and others, hoping to get information from them. Moving the code to Google drive personalizes the code allowing accounts to be deactivated.
    Maarek
    • Explanation doesn't explain anything. Not clear how the solution solves any

      Downloads on code.google were already personalized: tied to a google account. It's not clear how the move makes any difference wrt to malware. Is Drive somehow immune? Are the svn or hg repositories safe?

      Agreed there's a problem. What does the fix ... fix?
      M Joshua Ryan
  • All you have to do is put the download files in the repo

    The reasoning for eliminating the Downloads totally escapes me. The proposed solution by Google is pretty silly and solves nothing given that you can access files in your repository through direct links to the files - EXACTLY the same way links to the Downloads files works. All that has changed is that maintaining the downloadable files and using direct links to downloadable files is now much less convenient for the project maintainers and there is not a way to get the total download count.

    If you are a "BAD" guy you simply put your files in the repo rather than using
    the "downloads" area. After that, you can get direct links to the files just like before when
    the files were uploaded using "downloads" and everything works the same
    as before. Google has not added any security or prevented the "bad" guys
    from being able to create downloadable links to malware by eliminating "Downloads".
    It just isn't quite as easy as it used to be.

    For those that have real projects and need to provide downloads for your users:
    Here is a better solution than Google's proposed solution that does not involve using Google Drive AND still keeps the download files in your project repository so they can be easily managed by all the project team.

    Simply create a "Downloads" directory in your repository. Then create a wiki page for downloading your files. You can then place any files you want to make available in your new "Downloads" directory (which is now part of the Repo). You can add whatever text you want to the wiki "Downloads" page and put in the direct link in your repo to the download file. If you don't know how to get the link, then simply browse your source tree until you get to the file, click on it, then look over on the right and copy the link location for the "View raw file" link. If you are ambitious enough you can even add the SHA1 checksum to the wiki page
    when you add the text and link for the new downloadable file.

    You now have a wiki page that allows downloading your files. You can even put links to your wiki "Downloads" wiki page on your Project Summary/Home page or add it as link to your links section on the Summary/Home page. The downside is you have update that wiki page each time you add a file to the "Downloads" directory if you want to provide a direct download link to the file.

    So there you have it. A way to continue offering downloads and direct links that keeps the download files with the project, that all project administrators can use, and no messing with Google Drive.
    bperrybap@...