Developer(s) Tim Kosse | ||
![]() | ||
Initial release 22 June 2001; 15 years ago (2001-06-22) Stable release 3.24.1 (21 February 2017; 16 days ago (2017-02-21)) [±] Preview release 3.25.0-rc1 (4 March 2017; 5 days ago (2017-03-04)) [±] Repository svn.filezilla-project.org/filezilla/FileZilla3/ |
FileZilla is a free software, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Client binaries are available for Windows, Linux, and macOS, server binaries are available for Windows only. The client supports FTP, SFTP and FTPS (FTP over SSL/TLS).
Contents
- History
- Features
- Reception
- Bundled adware issues
- Missing password encryption
- FileZilla Server
- Issues
- References
FileZilla's source code is hosted on SourceForge and the project was featured as Project of the Month in November 2003. However, there have been criticisms that SourceForge bundles malicious software with the application; and that FileZilla stores users' FTP passwords insecurely.
History
FileZilla was started as a computer science class project in the second week of January 2001 by Tim Kosse and two classmates. Before they started to write the code, they discussed under which license they should release the code. They decided to make FileZilla an open-source project because many FTP clients were already available, and they didn't think that they would sell a single copy if they made FileZilla commercial.
Features
These are some features of FileZilla.
Reception
In May 2008 Chris Foresman assessed FTP clients for Ars Technica, saying of FileZilla: "Some friends in the tech support world often recommend the free and open-source FileZilla, which offers a Mac OS X version in addition to Windows and Linux. But I've never been thrilled about its busy interface, which can be daunting for novice users."
Writing for Ars Technica in August 2008 Emil Protalinski said: "this week's free, third-party application recommendation is FileZilla.... This FTP client is very quick and is regularly updated. It may not have a beautiful GUI, but it certainly is fast and has never let me down."
Go Daddy, Clarion University of Pennsylvania and National Capital FreeNet recommend FileZilla for uploading files to their web hosting services.
FileZilla is available in the repositories of many Linux distributions, including Debian, Ubuntu, Trisquel and Parabola GNU/Linux-libre.
In January 2012 cNet.com gave FileZilla their highest rating of "spectacular"—five out of five stars.
Since the project's participation in SourceForge's program to create revenue by adware, several reviewers started warning about downloading FileZilla and discouraged users from using it.
Bundled adware issues
In 2013 the project's hosting site, SourceForge.net, provided the main download of FileZilla with a download wrapper, "offering" additional software for the user to install. Numerous users reported that some of the adware installed without consent, despite declining all install requests, or used deception to obtain the user's "acceptance" to install. Among the reported effects are: web browser being hijacked, with content, start page and search engines being forcibly changed, popup windows, privacy or spying issues, sudden shutdown and restart events possibly leading to loss of current work. Some of the adware was reported to resist removal or restoration of previous settings, or were said to reinstall after a supposed removal. Also, users reported adware programs to download and install more unwanted software, some causing alerts by security suites, for being malware.
The FileZilla webpage offers additional download options without adware installs, but the link to the adware download appears as the primary link, highlighted and marked as "recommended".
As of 2016, FileZilla displays ads (called sponsored updates) when starting the application. These ads appear as part of the "Check for updates" dialog.
Missing password encryption
From version 3 onwards, FileZilla stores all saved usernames and passwords as plain text files. This allows any malware that has gained even limited access to the user's system to simply read the data stored in these files and to remotely transfer this data to the attacker, potentially handing over control of websites and servers used for further spreading malware and creating powerful botnets. A fork of the main project named FileZilla Secure seeks to remedy this particular shortcoming.
Storing encrypted private key files is still not supported in current versions, as well as using ssh-agent, in the same way as previous versions of FileZilla. Private key authentication is usually recommended over password-based authentication.
FileZilla Server
FileZilla Server is a sister product to FileZilla Client. It is an FTP server supported by the same project and features support for FTP and FTP over SSL/TLS. FileZilla Server is currently available only on the Windows platform.
FileZilla Server is a free, open source FTP server. Its source code is hosted on SourceForge.net.
Features
FileZilla Server supports FTP and FTPS (FTP over SSL/TLS). Other features include:
Issues
Unlike some other FTP clients, FileZilla does not implement a workaround for an error in the IIS server which causes file corruption when resuming large file downloads.