FileZilla

FileZilla

FileZilla 3.7.3 running under Ubuntu MATE
Developer(s) Tim Kosse
Initial release 22 June 2001 (2001-06-22)
Stable release 3.16.1 (16 March 2016 (2016-03-16)) [±][1]
Preview release 3.14.0-rc2 (9 September 2015 (2015-09-09)) [±][2]
Written in C++, wxWidgets
Operating system Cross-platform
Size 5.8 MB
Available in Multilingual
Type FTP client
License GNU General Public License Version 2
Website filezilla-project.org

FileZilla is a free software, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Client binaries are available for Windows, Linux, and Mac OS X, server binaries are available for Windows only. The client supports FTP, SFTP and FTPS (FTP over SSL/TLS). Support for SFTP (SSH File Transfer Protocol), which can be used to share folders over a network, is not implemented in FileZilla Server.

FileZilla's source code is hosted on SourceForge and the project was featured as Project of the Month in November 2003.[3] However, there have been criticisms that SourceForge bundles malicious software with the application; and that FileZilla stores users' FTP passwords insecurely.

History

FileZilla was started as a computer science class project in the second week of January 2001 by Tim Kosse and two classmates.[4] Before they started to write the code, they discussed under which licence they should release the code.[4] They decided to make FileZilla an open-source project because many FTP clients were already available, and they didn't think that they would sell a single copy if they made FileZilla commercial.[4]

Features

These are some features of FileZilla.[5]

Reception

In May 2008 Chris Foresman assessed FTP clients for Ars Technica, saying of FileZilla: "Some friends in the tech support world often recommend the free and open-source FileZilla, which offers a Mac OS X version in addition to Windows and Linux. But I've never been thrilled about its busy interface, which can be daunting for novice users."[6]

Writing for Ars Technica in August 2008 Emil Protalinski said: "this week's free, third-party application recommendation is FileZilla.... This FTP client is very quick and is regularly updated. It may not have a beautiful GUI, but it certainly is fast and has never let me down."[7]

Go Daddy, Clarion University of Pennsylvania and National Capital FreeNet recommend FileZilla for uploading files to their web hosting services.[8][9][10]

FileZilla is available in the repositories of many Linux distributions, including Debian, Ubuntu, Trisquel and Parabola GNU/Linux-libre.[11][12][13][14]

In January 2012 cNet.com gave FileZilla their highest rating of "spectacular"—five out of five stars.[15]

Since the project's participation in SourceForge's program to create revenue by adware, several reviewers started warning about downloading FileZilla and discouraged users from using it.[16][17]

Criticism

Bundled adware issues

In 2013 the project's hosting site, SourceForge.net, provided the main download of FileZilla with a download wrapper, "offering" additional software for the user to install. Numerous users reported that some of the adware installed without consent, despite declining all install requests, or used deception to obtain the user's "acceptance" to install. Among the reported effects are: web browser being hijacked, with content, start page and search engines being forcibly changed, popup windows, privacy or spying issues, sudden shutdown and restart events possibly leading to loss of current work. Some of the adware was reported to resist removal or restoration of previous settings, or were said to reinstall after a supposed removal. Also, users reported adware programs to download and install more unwanted software, some causing alerts by security suites, for being malware.[17]

The FileZilla webpage offers additional download options without adware installs, but the link to the adware download appears as the primary link, highlighted and marked as "recommended".[17]

Missing password encryption

From version 3 onwards, FileZilla stores all saved usernames and passwords as plain text files. This allows any malware that has gained even limited access to the user's system to simply read the data stored in these files and to remotely transfer this data to the attacker, potentially handing over control of websites and servers used for further spreading malware[18] and creating powerful botnets.[19]

However, the proposed Master Password encryption would be the only solution in certain use cases. On Windows 7 and 8, users would need a Professional or higher license for NTFS Encrypting File System, or Enterprise for Bitlocker drive encryption in order to make your system secure enough for plaintext passwords, effectively making the other Windows editions insecure for using with FileZilla.[20] Furthermore, FileZilla does not communicate to the user the fact that passwords are stored in plain text.[21]

Storing encrypted private key files is still not supported in current versions, as well as using ssh-agent, in the same way as previous versions of FileZilla. Private key authentication is usually recommended over password-based authentication.[22]

Release history

Color Meaning
Pink Former test release
Red Former official release
Green Current official release
Blue Current test release

The release notes shown are for the current series build.

Release history
Version Release date[23] Changes
3.7.1-rc1 10 June 2013 New features:
  • Add command-line option to specify initial local directory

Bugfixes and minor changes:

  • Fix crash on OS X if connecting using FTP over TLS
  • Prevent file lists from jumping when they are not supposed to
3.7.1 18 June 2013 Bugfixes and minor changes:
  • Updated translations
3.7.1.1 2 July 2013 Bugfixes and minor changes:
  • Minor bump for installer changes
3.7.2 6 August 2013 Fixed vulnerabilities:
  • Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP.
3.7.3 7 August 2013 Fixed vulnerabilities:
  • Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4206, CVE-2013-4207, and CVE-2013-4208 for reference
3.8.1-rc2 25 May 2014 Bugfixes and minor changes:
  • Rebuilt to address a problem with the filenames of the rc1 binaries.
3.8.1-rc3 25 May 2014 Bugfixes and minor changes:
  • Fixed bundling of .xrc resources in non-Windows binaries
3.8.1 1 June 2014 Fixed vulnerabilities:
  • Updated official binaries to use GnuTLS 3.2.15, addressing CVE-2014-3466

New features:

  • OS X: Partial support for retina displays

Bugfixes and minor changes:

  • Fixed several small memory leaks
3.9.0 27 July 2014 New features:
  • Added Lao translation
  • Added an additional icon set
  • OS X: Holding modifier key while clicking Site Manager toolbar icon now shows the site dropdown menu

Bugfixes and minor changes:

  • MSW: Fix assertion when entering UNC paths
  • Fix button layout of editing dialogs
  • nix, OS X: Small performance improvement recursing through local directories
3.10.1.1 1 February 2015 Bugfixes and minor changes:
  • Fix editing of files with the same name in different directories

FileZilla Server

FileZilla Server

FileZilla Server main interface
Developer(s) Tim Kosse, et al.
Stable release 0.9.53 (12 June 2015 (2015-06-12)) [±][24]
Preview release none (n/a) [±]
Written in C++
Operating system Windows
Type FTP server
License GPL
Website filezilla-project.org

FileZilla Server is a sister product to FileZilla Client. It is an FTP server supported by the same project and features support for FTP and FTP over SSL/TLS.[25] FileZilla Server is currently available only on the Windows platform.

FileZilla Server is a free, open source FTP server. Its source code is hosted on SourceForge.net.

Features

FileZilla Server supports FTP and FTPS (FTP over SSL/TLS). Other features include:

Issues

Unlike some other FTP clients, FileZilla does not implement a workaround for an error in the IIS server which causes file corruption when resuming large file downloads.[26]

See also

References

  1. "Version history". FileZilla. 16 March 2016. Retrieved 19 March 2016.
  2. codesquid (9 September 2015). "Bump to 3.14.0-rc2". FileZilla SVN. FileZilla. Retrieved 13 September 2015.
  3. "Project of the Month, November 2003: FileZilla". SourceForge. VA Software. 31 October 2003. Retrieved 17 February 2014.
  4. 1 2 3 Kosse, Tim. "FileZilla History". SourceForge. DHI Group. Archived from the original on 2008-04-23. Retrieved 2015-11-04.
  5. "FileZilla features". FileZilla project website. FileZilla. Retrieved 16 May 2014.
  6. Foresman, Chris (15 May 2008). "First Look: Cyberduck 3 is a great, free FTP client for Mac". Ars Technica. Retrieved 7 January 2012.
  7. Protalinski, Emil (1 August 2008). "Friday evening Microsoft links, FileZilla edition". Ars Technica. Retrieved 7 January 2012.
  8. "Connecting to Your Hosting Account with FileZilla (FTP)". Go Daddy. 2012. Retrieved 7 January 2012.
  9. "Share and Retrieve Files on the Clarion Network ("Jupiter" space)". Clarion University of Pennsylvania. Retrieved 7 January 2012.
  10. "Publishing Web Pages". National Capital Freenet. Retrieved 7 January 2012.
  11. "Package: filezilla (3.9.0.5-1)". Debian. Retrieved 17 October 2015.
  12. "filezilla package in Ubuntu". Ubuntu. Canonical Ltd. Retrieved 7 January 2012.
  13. "Package: filezilla (3.7.3-1ubuntu1)". Trisquel. Retrieved 17 October 2015.
  14. "Parabola/Linux-libre - Package Database". Parabola GNU/Linux-libre. Retrieved 17 October 2015.
  15. "FileZilla". Download.com. CBS Interactive. 16 April 2014. Retrieved 17 October 2015.
  16. Taggart, Jean (8 November 2013). "Sourceforge Drives off Downloads, ask why". Blog.Malwarebytes.org. Malwarebytes. Retrieved 16 September 2014.
  17. 1 2 3 Brinkmann, Martin (17 July 2013). "SourceForge’s New Installer Bundles Program Downloads with Adware". Ghacks. Retrieved 16 September 2014.
  18. "Malware Spreads Through Compromised Legitimate Web Sites". Blog.WebRoot.com. 2013-01-22. Retrieved 2015-11-05.
  19. "Server-Based Botnets". 2013-01-23. Retrieved 2012-08-27.
  20. "#2935 (Support for optional Master Password for sitemanager.xml) – FileZilla". Trac.filezilla-project.org. 2008-12-31. Retrieved 2014-07-18.
  21. "Warning: FileZilla FTP Passwords now Stored in Plaintext". 2008-05-20. Retrieved 2012-08-27.
  22. "SSH/OpenSSH/Keys - Community Ubuntu Documentation". Help.ubuntu.com. 2011-03-20. Retrieved 2012-08-27.
  23. "FileZilla - The free FTP solution". Filezilla-project.org. Retrieved 2013-07-04.
  24. codesquid (12 June 2015). "Bump to 0.9.53". FileZilla SVN. FileZilla. Retrieved 17 October 2015.
  25. Trapani, Gina (January 2008). "Build a Home FTP Server with FileZilla". Retrieved 14 January 2012.
  26. Ticket #4672 (assigned Bug report) - Download continues past 100% corrupting downloaded zip file

External links

Wikimedia Commons has media related to FileZilla.
This article is issued from Wikipedia - version of the Wednesday, April 20, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.