FileZilla

From Wikipedia, the free encyclopedia - View original article

FileZilla
FileZilla Icon
FileZilla 3.3.1.png
FileZilla 3.3.1 on Ubuntu 10.04
Developer(s)Tim Kosse
Initial release22 June 2001 (2001-06-22)
Stable release3.9.0.6 (October 20, 2014; 52 days ago (2014-10-20) [1]) [±]
Preview releasenone ([2]) [±]
Written inC++, wxWidgets
Operating systemCross-platform
Size5.78 MB
Available inMultilingual
TypeFTP client
LicenseGNU General Public License Version 2
Websitefilezilla-project.org
 
Jump to: navigation, search
FileZilla
FileZilla Icon
FileZilla 3.3.1.png
FileZilla 3.3.1 on Ubuntu 10.04
Developer(s)Tim Kosse
Initial release22 June 2001 (2001-06-22)
Stable release3.9.0.6 (October 20, 2014; 52 days ago (2014-10-20) [1]) [±]
Preview releasenone ([2]) [±]
Written inC++, wxWidgets
Operating systemCross-platform
Size5.78 MB
Available inMultilingual
TypeFTP client
LicenseGNU General Public License Version 2
Websitefilezilla-project.org

FileZilla is free, cross-platform FTP application software, consisting of FileZilla Client and FileZilla Server. Binaries are available for Windows, Linux, and Mac OS X. It supports FTP, SFTP, and FTPS (FTP over SSL/TLS). Support for SFTP (SSH File Transfer Protocol) is not implemented in FileZilla Server.[3]

FileZilla's source code is hosted on SourceForge and the project was featured as Project of the Month in November 2003.[4]

History[edit]

FileZilla was started as a computer science class project in the second week of January 2001 by Tim Kosse and two classmates[who?]. Before they started to write the code, they discussed under which licence they should release the code. They decided to make FileZilla an open-source project, because there were already many FTP clients available and they didn't think that they would sell a single copy if they made FileZilla commercial.[5]

Features[edit]

These are some features of FileZilla.[6]

Reception[edit]

In May 2008 Chris Foresman assessed FTP clients for Ars Technica, saying of FileZilla: "Some friends in the tech support world often recommend the free and open-source FileZilla, which offers a Mac OS X version in addition to Windows and Linux. But I've never been thrilled about its busy interface, which can be daunting for novice users."[7]

Writing for Ars Technica in August 2008 Emil Protalinski said: "this week's free, third-party application recommendation is FileZilla.... This FTP client is very quick and is regularly updated. It may not have a beautiful GUI, but it certainly is fast and has never let me down."[8]

Go Daddy, Clarion University of Pennsylvania and National Capital Freenet recommend FileZilla for uploading files to their web hosting services.[9][10][11]

FileZilla is available in the repositories of many Linux distributions, including Debian, Ubuntu, Trisquel and Parabola GNU/Linux.[12][13][14][15]

In January 2012 cNet.com gave FileZilla their highest rating of spectacular, 5 out of 5 stars.[16]

Since the project's participation in SourceForge's program to create revenue by adware, which is frequently perceived as deceptive and malware,[17] several reviewers started warning about downloading FileZilla and discouraged users from using it.[18][19]

Criticism[edit]

Bundled Adware Issues[edit]

Since middle of 2013, the project's hosting site, SourceForge.net, provides the main download of FileZilla with a download wrapper, "offering" additional software for the user to install. Numerous reports[20][21] of users say that some of the adware installs without consent, despite declining on all install requests[22] or uses deception to obtain the user's "acceptance" to install. Among the reported effects are: web browser being hijacked, with content, start page and search engines being forcibly changed, disturbing popup windows, privacy/spying issues, sudden shutdown and restart events possibly leading to loss of current work. Some of the adware is reported to resist removal or restoring of previous settings, or to re-install after a supposed removal.[23][24] Also, users reported adware programs to download and install more unwanted software, some causing alerts by security suites, for being genuine malware.[25]

The FileZilla web page currently still offers additional download options without adware installs, but the link to the adware download appears as the primary link, highlighted and marked as "recommended". The program author keeps saying in the project's forum that all additional downloads were optional, could "easily be declined" and that "nothing will be installed without consent". On the question, if he was urged by the project's host to accept the bundling of downloads with adware, he negated and explained: "I do this for a living".[26]

Missing Password Encryption[edit]

From version 3 onwards, FileZilla stores all saved usernames and passwords as plain text files. This allows any malware that has gained even limited access to the user's system to simply read the data stored in these files and to remotely transfer this data to the attacker. Potentially handing over control of websites and servers used for further spreading malware[27] and creating powerful botnets.[28] FileZilla's author responded to such criticism saying "If your system is secure, you can use nuclear missile launch codes as desktop background."[29]

However, the proposed Master Password encryption would be the only solution in certain use cases. On Windows 7 and 8, users would need a Professional or higher license for NTFS Encrypting File System, or Enterprise for Bitlocker drive encryption in order to make your system secure enough for plaintext passwords, effectively making the other Windows editions insecure for using with FileZilla.[30] Furthermore, FileZilla does not communicate to the user the fact that passwords are stored in plain text.[31]

FZCrypt is a FileZilla modification that automatically encrypts sensitive FTP-Accounts and configuration files.[32]

Storing encrypted private key files is still not supported in current versions, as well as using ssh-agent, in the same way as previous versions of FileZilla. Private key authentication is usually recommended over password-based authentication.[33]

Release History[edit]

ColorMeaning
PinkFormer test release
RedFormer official release
GreenCurrent official release
BlueCurrent test release

The Release Notes shown are for the current series build.

Release history
VersionRelease Date[34]Change Log
3.7.1-rc110 June 2013New Features:
  • Add command-line option to specify initial local directory

Bugfixes and minor changes:

  • Fix crash on OS X if connecting using FTP over TLS
  • Prevent file lists from jumping when they are not supposed to
3.7.118 June 2013Bugfixes and minor changes:
  • Updated translations
3.7.1.12 July 2013Bugfixes and minor changes:
  • Minor bump for installer changes
3.7.26 August 2013Fixed vulnerabilities:
  • Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP.
3.7.37 August 2013Fixed vulnerabilities:
  • Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4206, CVE-2013-4207, and CVE-2013-4208 for reference
3.8.1-rc225 May 2014Bugfixes and minor changes:
  • Rebuilt to address a problem with the filenames of the rc1 binaries.
3.8.1-rc325 May 2014Bugfixes and minor changes:
  • Fixed bundling of .xrc resources in non-Windows binaries
3.8.11 June 2014Fixed vulnerabilities:
  • Updated official binaries to use GnuTLS 3.2.15, addressing CVE-2014-3466

New Features:

  • OS X: Partial support for retina displays

Bugfixes and minor changes:

  • Fixed several small memory leaks
3.9.027 July 2014New Features:
  • Added Lao translation
  • Added an additional icon set
  • OS X: Holding modifier key while clicking Site Manager toolbar icon now shows the site dropdown menu

Bugfixes and minor changes:

  • MSW: Fix assertion when entering UNC paths
  • Fix button layout of editing dialogs
  • nix, OS X: Small performance improvement recursing through local directories

FileZilla Server[edit]

FileZilla Server
FileZilla Icon
FileZilla server.png
FileZilla Server main interface
Developer(s)Tim Kosse, et al.
Stable release0.9.47 (September 19, 2014; 2 months ago (2014-09-19) [35]) [±]
Preview releasenone (n/a) [±]
Written inC++
Operating systemWindows
TypeFTP server
LicenseGPL
Websitefilezilla-project.org
MODE Z compression as implemented in FileZilla FTP Server

FileZilla Server is a sister product to FileZilla Client. It is an FTP server supported by the same project and features support for FTP and FTP over SSL/TLS.[36] FileZilla Server is currently available only on the Windows platform.

FileZilla Server is a free, open source FTP server. Its source code is hosted on SourceForge.net.

Features[edit]

FileZilla Server supports FTP and FTPS (FTP over SSL/TLS).[37] It includes numerous functionalities, including:

Issues[edit]

Unlike some other FTP clients, FileZilla does not implement a workaround for an error in the IIS server which causes file corruption when resuming large file downloads.[38]

See also[edit]

References[edit]

  1. ^ "FileZilla - The free FTP solution". Retrieved 2014-10-20. 
  2. ^ "FileZilla - The free FTP solution". Retrieved 2014-06-24. 
  3. ^ "FileZilla FTP Server". FileZilla project wiki. FileZilla. Retrieved 2014-02-17. 
  4. ^ "Project of the Month, November 2003: FileZilla". Project of the Month. SourceForge. Retrieved 2014-02-17. 
  5. ^ FileZilla history
  6. ^ "FileZilla features". FileZilla project website. FileZilla. Retrieved 2014-05-16. 
  7. ^ Foresman, Chris (15 May 2008). "First Look: Cyberduck 3 is a great, free FTP client for Mac". Ars Technica. Retrieved 7 January 2012. 
  8. ^ Protalinski, Emil (1 August 2008). "Friday evening Microsoft links, FileZilla edition". Ars Technica. Retrieved 7 January 2012. 
  9. ^ Go Daddy (2012). "Connecting to Your Hosting Account with FileZilla (FTP)". Retrieved 7 January 2012. 
  10. ^ Clarion University of Pennsylvania (2008). "Share and Retrieve Files on the Clarion Network ("Jupiter" space)". Retrieved 7 January 2012. 
  11. ^ National Capital Freenet (January 2012). "Publishing Web Pages". Retrieved 7 January 2012. 
  12. ^ Debian (2012). "Package: filezilla (3.3.3-1)". Retrieved 7 January 2012. 
  13. ^ Canonical Ltd (December 2011). ""filezilla" package in Ubuntu". Retrieved 7 January 2012. 
  14. ^ Trisquel (2012). "Trisquel -- Package Search Results -- filezilla". Retrieved 4 June 2012. 
  15. ^ Parabola GNU/Linux (April 2012). "Parabola - Package Database". Retrieved 4 June 2012. 
  16. ^ "FileZilla - CNET Download.com". Download.cnet.com. Retrieved 2012-10-04. 
  17. ^ "Filezilla's installer now includes malware... suggest boycott". Retrieved 16 September 2014. 
  18. ^ "Sourceforge Drives off Downloads, ask why". Retrieved 16 September 2014. 
  19. ^ "SourceForge’s new Installer bundles program downloads with adware". Retrieved 16 September 2014. 
  20. ^ "Discussion: Malware downloads on third-party websites". Retrieved 14 September 2014. 
  21. ^ "Discussion: Malware downloads on third-party websites, Page 8". Retrieved 14 September 2014. 
  22. ^ "Reviews for FileZilla at SourceForge.net". Retrieved 14 September 2014. 
  23. ^ "Hosting through SourceForge.. Speed Dial revenue?". Retrieved 14 September 2014. 
  24. ^ "Highly disappointed with bundled malware". Retrieved 14 September 2014. 
  25. ^ "Discussion: Malware downloads on third-party websites, 3rd party software downloads". Retrieved 14 September 2014. 
  26. ^ "Discussion: Malware downloads on... "I do it for a living"". Retrieved 14 September 2014. 
  27. ^ "malware spreads through compromised legitimate Web sites". 2013-01-22. Retrieved 2012-08-27. 
  28. ^ "Server-Based Botnets". 2013-01-23. Retrieved 2012-08-27. 
  29. ^ Kosse, Tim (3 March 2012). "Hide password File?". Retrieved 17 August 2012. 
  30. ^ "#2935 (Support for optional Master Password for sitemanager.xml) – FileZilla". Trac.filezilla-project.org. 2008-12-31. Retrieved 2014-07-18. 
  31. ^ "Warning: FileZilla FTP Passwords now Stored in Plaintext". 2008-05-20. Retrieved 2012-08-27. 
  32. ^ "FZCrypt". Retrieved 17 March 2014. 
  33. ^ "SSH/OpenSSH/Keys - Community Ubuntu Documentation". Help.ubuntu.com. 2011-03-20. Retrieved 2012-08-27. 
  34. ^ "FileZilla - The free FTP solution". Filezilla-project.org. Retrieved 2013-07-04. 
  35. ^ "FileZilla - The free FTP solution". Retrieved 2014-09-22. 
  36. ^ Trapani, Gina (January 2008). "Build a Home FTP Server with FileZilla". Retrieved 14 January 2012. 
  37. ^ a b c FileZilla Project, FileZilla FTP Server, accessed: 8 April 2012
  38. ^ Ticket #4672 (assigned Bug report) - Download continues past 100% corrupting downloaded zip file

External links[edit]