Main Area and Open Discussion > General Software Discussion
What the hell is OpenCandy?
Eóin:
Sure. Let's put that right up there with all those young women who got assaulted because they were obviously "asking for it,' right?
Always expedient to blame the victims. Absolves everybody else quite neatly don't you think? :P-40hz (February 26, 2011, 02:12 PM)
--- End quote ---
Come on, I'm not doing that. I know that all bundled software preys on peoples naiviety, but when you don't have sufficient self awareness to uncheck a box I really do believe you should not be installing software from online.
Also a thought, I would consider OpenCandy to be a lot less evil than the developers who bundle it with their software.
40hz:
The thing about your point is that it was in response to mine. So it either goes with/against my point... or shouldn't have been a response? If that had been what the original conversation was about, I'd have had nothing to say, truthfully. What you say is blatantly wrong... and I don't agree with at all.
-wraith808 (February 26, 2011, 02:07 PM)
--- End quote ---
You completely lost me. (Not hard to do the way my brain's been working lately.) Could you possibly restate that? :)
app103:
the OC junk being placed on your hard drive and in your registry
-app103 (February 26, 2011, 02:12 PM)
--- End quote ---
@April - is there a manifest for what OC installs available anywhere? I've got some software audits coming up. Be interesting to check and see how widespread the actual deployment is. I'm sure my clients would be interested too. :)
-40hz (February 26, 2011, 02:17 PM)
--- End quote ---
Each install leaves an OpenCandy folder containing a text file and OCSetupHlp.dll, usually within that application's folder. (there can be multiples of these if the user has installed more than one OC powered app and the folder may be elsewhere, separate from the app that installed it, if it was from an older installer)
Additionally, the registry entries locations vary, depending on where the developer decided to put them...somewhere within their own app's key.
Some examples from Microsoft's site:
HKLM\SOFTWARE\ADatumCorporation\OpenCandy
HKLM\SOFTWARE\ADatumCorporation\OpenCandy\Completed
HKLM\SOFTWARE\Wow6432Node\ADatumCorporation\OpenCandy
HKLM\SOFTWARE\Wow6432Node\ADatumCorporation\OpenCandy\Completed
--- End quote ---
A developer could also choose to list them under his own app's keys without any mention of OpenCandy.
The actual keys would be listed as "OCN" and "VOCV"
So, you would have to scan all files & folders on a user's machine for an "OpenCandy" folder and/or "OCSetupHlp.dll"...then scan registry for "OpenCandy", "OCN" and "VOCV".
Removal of all or any of these may cause an error if you later decide to uninstall the application that put them there.
Additionally, if you know there is OpenCandy in an installer before you run it, you can use the /nocandy flag when running it to avoid seeing the ads. I do not know for sure if this also prevents the tracking and crap on the hard drive & registry, though.
wraith808:
As I was saying at the beginning, having an opt-out policy is not hiding it. If it is truly hidden, then that's a different story. But from the times I've seen OC, it's been pretty obvious. In the case that it's hidden, then it falls into the category of malicious, IMO.
To re-state, so it's clear. If it's an opt-out dialog during the installer (and even in subsequent updates) then it's not hidden.
-wraith808 (February 26, 2011, 01:54 PM)
--- End quote ---
When you download and run an OC powered installer, there are 3 things you could potentially install on your computer:
1. The application you intended to install (this is not hidden)
2. The recommended software (opt-in or opt-out, this is not hidden either)
3. OpenCandy itself, which you have to be a power user that knows the command line flags and knows OC is in the installer, before running it, in order to avoid being assigned a unique tracking ID and the OC junk being placed on your hard drive and in your registry. There is NO check box to opt out! Users are not well informed about this tracking garbage, despite OC "requiring" developers to inform users. They only have to mention OC somewhere on their own site. They do not mention it on download sites. So, you could download an app from Softpedia and not be informed there is OC in it, end up running it, and even when you opt out of the recommended additional software, you still get included in OC's tracking and profiling, whether you want to or not.
-app103 (February 26, 2011, 02:12 PM)
--- End quote ---
Well, the way that you put it, I have no problem with virus scanners flagging it as malicious. Just like the games that come with various DRM that install drivers and such without telling you. If you install anything that is not directly related to what I'm trying to install without informing me, you're wrong.
The thing about your point is that it was in response to mine. So it either goes with/against my point... or shouldn't have been a response? If that had been what the original conversation was about, I'd have had nothing to say, truthfully. What you say is blatantly wrong... and I don't agree with at all.
-wraith808 (February 26, 2011, 02:07 PM)
--- End quote ---
You completely lost me. (Not hard to do the way my brain's been working lately.) Could you possibly restate that? :)
-40hz (February 26, 2011, 02:31 PM)
--- End quote ---
I was originally talking about OC apps installing with a checkbox/radio box that tells you what else is being installed, and you get to opt out.
Your point was about apps that install without letting you know anything.
Two different topics, IMO.
app103:
Also a thought, I would consider OpenCandy to be a lot less evil than the developers who bundle it with their software.
-Eóin (February 26, 2011, 02:20 PM)
--- End quote ---
OC's sales pitch to developers is pretty slick, and with the aid of various media outlets calling them the "good guys" it would be very easy for a naive developer to fall for it, thinking it's much more benign than most other adware. OC is an experienced spyware company (the same guys behind the infamous DivX spyware), a predator feeding off freeware and the open source community.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version