About the distributed downloading of the LimeWire installer of course a number of things would need to be worked out but the idea of using the network to download the app is very cool and thinking of this some time ago I did a search for LimeWire on LimeWire and I did get some results for what looked like the installer or the .exe file.

Considering what applications do for somewhat related things, AOL for a period of time, maybe currently, placed a duplicate copy of the installer in the Mac System Folder to allow a reinstall in case the user deleted the original installer. The Lime installer could place a copy of the installer in the shared directory or better yet in some less user-prominent location to discourage tampering and be used for the distributed download. I give this extra step even with the extra disk space needed as some people delete or move the installer they downloaded soon after installation.

Hashes or keys or something along those lines would be very important to avoid bad copies.

On upgrades, I started using LimeWire at version 1.3 and when version 1.4 came out I was eventually going to upgrade but one time when I opened the app it asked to upgrade automatically. I let it do so and the upgrade was problem free. I was very impressed. For some reason or maybe the later versions I used were too old from the current version I never got one of those helpful dialogs about upgrading since then. Unless if there are very major changes with the software, upgrades are smaller than full applications so future full installers should also share the download page with upgrade installers. Sometimes upgrades can get messed up but at least provide the option and make smaller (upgrade) files available.

For the compact downloader prog, the QuickTime installer/updater for the Mac at least is a small piece less than 100 K that figures out what is needed for the particular system and then downloads the data to a download cache of sorts and then does the installation.

But for now if more copies of the LimeWire installer were available on Gnutella or just by adding regular mirrors that may reduce load on limewire.com slightly. Most of the challenge is trusting a binary download from a host that is not the original source of the software.

hi tru!
sure, it is possible, but technically, using strong encryption, i think one would need a decade (using at least a cray) to reproduce the private key from the public key. and if the user wants to update limewire, we should assume that he trusts limewire.com. therefore, this mechanism should be pretty safe, it very much resembles the security concept for signed java applets.

however, there will always be the chance that users download viral versions using standard gnutella or web search, there is nothing you can do about that...

as for the DLDER trojan: (Quotation from Symantec AntiVirus Center)

>> This Trojan is known to be installed (as part of the normal
>> installation) by two "freeware" file-sharing programs:

>> Grokster, which is a file sharing system.
>> Limeware, which is the LimeWire Gnutella Client.

>> During the installation process of these programs, you are
>> asked if you want to install the (spyware)
>> program "Clicktilluwin." Regardless of whether you click Yes or
>> No, the Trojan code is installed.

this behaviour can hardly be called legal. it is nothing but a viral invasion of your system supported by deception of an installer. if limewire was not aware of this, they should consider legal reactions regarding the clicktilluwin developers.