Dec 16 2005

How trustable is Softpedia’s malware certification?

Tags: , , , , , , Filed under: Written in Englishhugo @ 9:05

I see an increasing number of programs claiming to be clean (no spyware, no adware, no viruses) as tested by Softpedia (see YamiPod’s report for example).

Being used to Debian, where everything is open-source and peer-reviewed, adware, spyware and viruses is a concern I never had. I guess that now that I’m using a Mac where quite a few programs are not open-source, this is something I need to watch for.

So I am wondering who Softpedia is. They have a nice and frequently updated Web site, 2.5M+ search results in Google, and a ton of programs in their repository, so they look like an entity that may be trustable. But I haven’t found a traditional “About this site” link. Wikipedia has some information about it but not that much.

It’s not clear how they test the programs either. I am no expert in malware being a Linux user and very new to the Mac (I’m not even sure about the amount of malware existing for the Mac), but it seems it me that without the source code — well, sometimes even with the source code it has to be tricky when you have a big program: I doubt that the complete source code of OpenOffice.org was reviewed but its Debian package maintainer — it is easy to figure out how clean a program is.

So I for one cannot tell how much I should really trust this certification, so I would assume that other users would have the same problem.

I think that the initiative is laudable, but they should be very explicit about exposing the factors in order for people to decide how much to trust such certification.