Is FileZilla Client Safe?

The FileZilla project relies on sponsors to support its development and maintenance costs, and as a result, the installer may include bundled offers. These offers are presented as optional installations during the setup process, and users have the choice to accept or decline them.

Most security alerts about FileZilla are false positives. Antivirus programs often tag FileZilla as a Potentially Unwanted Application due to offers during installation. Since we take security very seriously, we have run a Bug Bounty for years, addressing only a few minor issues, always promptly.

To ensure a secure installation of FileZilla without encountering bundled offers, you can follow these steps:

  1. Download from the Official Website:
    Obtain the FileZilla installer directly from the official website (https://filezilla-project.org/). This ensures that you are getting the authentic, untampered version of the software:
  2. These versions are available on the official website, ensuring a straightforward and secure installation process.

  3. Carefully Review the Installation Process:
    During installation, pay close attention to the prompts and checkboxes. Decline any offers or additional software installations that are not necessary for the core functionality of FileZilla.
  4. Verify the Source:
    Verify the authenticity of the installer by checking the digital signature. The official FileZilla installer is signed to confirm its legitimacy.
  5. Below step-by-step guide on how to check the digital signature:

    • Download FileZilla from the official website.
    • Right-click the installer, select “Properties.”
    • Go to the “Digital Signatures” tab.
    • Check for a signature from “FileZilla Project” or a legitimate entity.
    • Click “Details” to view certificate information.
    • Confirm the certificate is valid and issued to “FileZilla Project.”
    • Verify the certificate chain in the “Certificate Path” tab.
    • No warnings or errors should be present.
      Install only if confident in the authenticity of the digital signature.

Note: if you find a false-positive, contact your AV vendor to complain about it. There is no virus in the offer-enabled installer.

FileZilla is a reliable and secure file transfer solution when obtained from the official source.

Tags: , , , , , , , , ,