topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 1:42 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: What the hell is OpenCandy?  (Read 362535 times)

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #150 on: February 26, 2011, 10:53 AM »
They're still no worse that a Google or Bing Toolbar :-\

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #151 on: February 26, 2011, 11:06 AM »
: <comment self-deleted. changed my mind.>  :)
« Last Edit: February 26, 2011, 11:27 AM by 40hz »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #152 on: February 26, 2011, 11:29 AM »
Switching from opt-in to opt-out is very very low on the scale of annoyances.  It's not that big of a deal imho, and it's certainly no where in the ballbark of spyware, etc.

I'm not saying I would use OpenCandy on my apps or that i like any of these programs offering to install other software (like so many mainstream programs do these days -- we've seen it with google apps, yahoo stuff, etc,).  I'm just saying to keep the critiques in perspective.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #153 on: February 26, 2011, 12:51 PM »
They're still no worse that a Google or Bing Toolbar :-\

Or iTunes :-\

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #154 on: February 26, 2011, 12:53 PM »
wraith, how is this not the same as installing hidden software? Many users click-thru installers. They will not pay attention and as such, this will result in an, often-times, unwanted application being installed. This is, to me, the same as hiding the installation since most users won't pay it two regards.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #155 on: February 26, 2011, 12:55 PM »
One of the problems with installers that bundle opt-out crapware is that even if someone who knows what they're doing installs good programs for their friend, Joe Blow, then when it comes time for Joe Blow to update their software (e.g. Java) to the latest version for security reasons, the upgrade installer will, by default, install some other crapware.

So it's a risk to update and it's a risk to not update.

cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,026
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #156 on: February 26, 2011, 01:06 PM »
I don't install 'Any Video Converter' because Nod32 blocks the connection when it finds opencandy in it.
I could tell Nod to 'ignore' but I agree with Nod, I don't want it either.

Also there has been references to things like 'dealto', and others, packaged with a completely different safe program, that get blocked. Not sure if those are opencandy, it's just stops at the first sign of trouble.

Along with Deozaan's post, OC is trouble period.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #157 on: February 26, 2011, 01:15 PM »
wraith, how is this not the same as installing hidden software? Many users click-thru installers. They will not pay attention and as such, this will result in an, often-times, unwanted application being installed. This is, to me, the same as hiding the installation since most users won't pay it two regards.

If you click thru installers, then you deserve what you get, truthfully.  I don't condone the practice, but you are responsible for your own safety in the end.  It's not hidden, it's clearly there.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #158 on: February 26, 2011, 01:19 PM »
Are you going to tell that to the average home user? Most expect that when you install something, that you are only installing software released by that company. End-user education has not reached the point that a class is being given in school. It needs to be so, but it is not. So, how can you blame a user who really does not know any better? That's like saying that a driver is responsible when they go to a dealer to get an oil change and they another part that is supposedly "better" without telling you and this new part causes your engine to catch fire. The driver did not know that the part was installed even thou it was listed on the invoice. They did not ask for it, and chances are they did not want it.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #159 on: February 26, 2011, 01:23 PM »
Are you going to tell that to the average home user? Most expect that when you install something, that you are only installing software released by that company. End-user education has not reached the point that a class is being given in school. It needs to be so, but it is not. So, how can you blame a user who really does not know any better? That's like saying that a driver is responsible when they go to a dealer to get an oil change and they another part that is supposedly "better" without telling you and this new part causes your engine to catch fire. The driver did not know that the part was installed even thou it was listed on the invoice. They did not ask for it, and chances are they did not want it.

1. Classes are being given in school, and have been for quite a while, but that's neither here nor there.
2. The analogy is fallacious, because in your example, the user isn't doing the installation.  In this case, the user is doing the installation, is clicking *next* each time, and *does* have the chance to read.  A better example is contracts.  Do people read before signing?  No- because they want to get to the end, and get their shiny new car, credit card, etc.  But does this make them any less liable?  No.  You don't *have* to be taught anything in order to avoid this other than to read.  So read!  If it's not clearly stated, then I'll agree.  But as long as it's clearly stated, you should read.

Note: I am not condoning the practice.  I'm just saying that it's not hidden.  And clearly it's not, IMO.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #160 on: February 26, 2011, 01:26 PM »
you are responsible for your own safety in the end.  It's not hidden, it's clearly there.


Agree on your first point. But not on your second.

I am very careful to read everything, not opt-in to anything, and always opt-out when asked, whenever I do an install.

However, I've had to remove OpenCandy from my software evaluation and test machine twice this month.

This is the first time I've ever had to do that. For OpenCandy - or anything else.

I did not see anything that asked me (since it's now opt-out) if I wanted to not install OC.

I'm the only person who loads anything on this machine.

So...it think it's safe to say something has been changed.



« Last Edit: February 26, 2011, 01:28 PM by 40hz »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #161 on: February 26, 2011, 01:29 PM »
Note: I am not condoning the practice.  I'm just saying that it's not hidden.  And clearly it's not, IMO.

When you download an install an application, you expect to only get the application you intend to install.

Then along comes this other app you have to opt out of installing...and you go ahead and do that.

Then you find out that OpenCandy itself is leaving stuff on your hard drive and in your registry and they have assigned your computer a unique ID and they are building a profile on you. Where was the check box to opt out of that? That is what is hidden, and it happens no matter if you opt in or opt out of the additional software.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #162 on: February 26, 2011, 01:35 PM »
Like App and deo pointed out, just because I click to opt-out one time, does not mean it is done the second time. What happens when the auto-update function updates my application and blindly installs whatever OC determines is "suited for me"? Is it my responsibility to ensure that, even thou I opted out, that future update installers do not put crapware on my system?

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #163 on: February 26, 2011, 01:54 PM »
you are responsible for your own safety in the end.  It's not hidden, it's clearly there.


Agree on your first point. But not on your second.

I am very careful to read everything, not opt-in to anything, and always opt-out when asked, whenever I do an install.

However, I've had to remove OpenCandy from my software evaluation and test machine twice this month.

This is the first time I've ever had to do that. For OpenCandy - or anything else.

I did not see anything that asked me (since it's now opt-out) if I wanted to not install OC.

I'm the only person who loads anything on this machine.

So...it think it's safe to say something has been changed.

As I was saying at the beginning, having an opt-out policy is not hiding it.  If it is truly hidden, then that's a different story.  But from the times I've seen OC, it's been pretty obvious.  In the case that it's hidden, then it falls into the category of malicious, IMO.

To re-state, so it's clear.  If it's an opt-out dialog during the installer (and even in subsequent updates) then it's not hidden. 

I think that during a lot of these discussions, things get blurred as posters add things into the definition by fiat after the fact.  The initial discussion was towards a non-hidden opt out process, similar to google, or bing, or itunes, where you might click past and never see it if you are not paying attention.  The other is a different subject than what I was commenting on.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #164 on: February 26, 2011, 01:56 PM »
Apparently enough people have complained that Microsoft Security Essentials is flagging OC as well.

MSE.gif



Note: this screenshot isn't from the affected machine I was speaking about earlier. I'm just putting this here to show OC has been classified as Adware by Microsoft.
--------

@Wraith808 - understand what you're saying. But again - to my point - I neither told anything to install OC, nor was I asked not to install it. And regardless of who is tacking OC onto whatever, it is obviously something OC is aware of and marketing.

So in the end, the buck has to stop right at OC's doorstep.

All the talking in circles, justifications, "yeah buts", similar things other people are allegedly doing, and "looking at things in perspective" isn't going to change that.

 It's their product. It's their responsibility. :)
« Last Edit: February 26, 2011, 02:07 PM by 40hz »

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #165 on: February 26, 2011, 02:06 PM »
When you download an install an application, you expect to only get the application you intend to install.

Only if you very very naive, and therefore shouldn't be allowed online.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #166 on: February 26, 2011, 02:07 PM »
Apparently enough people have complained that Microsoft Security Essentials is flagging OC as well.
 (see attachment in previous post)

Umm... that's where this started.

@Wraith808 - understand what you're saying. But again - to my point - I neither told anything to install OC, nor was I asked not to install it. And regardless of who is tacking OC onto whatever, it is obviously something OC is aware of and marketing.

So in the end, the buck has to stop right at OC's doorstep.

All the talking in circles, justifications, "yeah buts", similar things other people are allegedly doing, and "looking at things in perspective" isn't going to change that.

 It's their product. It's their responsibility. smiley

The thing about your point is that it was in response to mine.  So it either goes with/against my point... or shouldn't have been a response?  If that had been what the original conversation was about, I'd have had nothing to say, truthfully.  What you say is blatantly wrong... and I don't agree with at all.
« Last Edit: February 26, 2011, 02:09 PM by wraith808 »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #167 on: February 26, 2011, 02:12 PM »
As I was saying at the beginning, having an opt-out policy is not hiding it.  If it is truly hidden, then that's a different story.  But from the times I've seen OC, it's been pretty obvious.  In the case that it's hidden, then it falls into the category of malicious, IMO.

To re-state, so it's clear.  If it's an opt-out dialog during the installer (and even in subsequent updates) then it's not hidden.

When you download and run an OC powered installer, there are 3 things you could potentially install on your computer:

1. The application you intended to install (this is not hidden)
2. The recommended software (opt-in or opt-out, this is not hidden either)
3. OpenCandy itself, which you have to be a power user that knows the command line flags and knows OC is in the installer, before running it, in order to avoid being assigned a unique tracking ID and the OC junk being placed on your hard drive and in your registry. There is NO check box to opt out! Users are not well informed about this tracking garbage, despite OC "requiring" developers to inform users. They only have to mention OC somewhere on their own site. They do not mention it on download sites. So, you could download an app from Softpedia and not be informed there is OC in it, end up running it, and even when you opt out of the recommended additional software, you still get included in OC's tracking and profiling, whether you want to or not.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #168 on: February 26, 2011, 02:12 PM »
When you download an install an application, you expect to only get the application you intend to install.

Only if you very very naive, and therefore shouldn't be allowed online.

Sure. Let's put them right up there with all those young women who got assaulted because they were obviously "asking for it,' right?

Always expedient to blame the victims. Absolves everybody else quite neatly don't you think? :P

« Last Edit: February 26, 2011, 02:19 PM by 40hz »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #169 on: February 26, 2011, 02:17 PM »
the OC junk being placed on your hard drive and in your registry

@April - is there a manifest for what OC installs available anywhere? I've got some software audits coming up. Be interesting to check and see how widespread the actual deployment is. I'm sure my clients would be interested too. :)

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #170 on: February 26, 2011, 02:20 PM »
Sure. Let's put that right up there with all those young women who got assaulted because they were obviously "asking for it,' right?

Always expedient to blame the victims. Absolves everybody else quite neatly don't you think? :P

Come on, I'm not doing that. I know that all bundled software preys on peoples naiviety, but when you don't have sufficient self awareness to uncheck a box I really do believe you should not be installing software from online.

Also a thought, I would consider OpenCandy to be a lot less evil than the developers who bundle it with their software.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #171 on: February 26, 2011, 02:31 PM »
The thing about your point is that it was in response to mine.  So it either goes with/against my point... or shouldn't have been a response?  If that had been what the original conversation was about, I'd have had nothing to say, truthfully.  What you say is blatantly wrong... and I don't agree with at all.

You completely lost me. (Not hard to do the way my brain's been working lately.) Could you possibly restate that?   :)

« Last Edit: February 26, 2011, 02:34 PM by 40hz »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #172 on: February 26, 2011, 02:53 PM »
the OC junk being placed on your hard drive and in your registry

@April - is there a manifest for what OC installs available anywhere? I've got some software audits coming up. Be interesting to check and see how widespread the actual deployment is. I'm sure my clients would be interested too. :)

Each install leaves an OpenCandy folder containing a text file and OCSetupHlp.dll, usually within that application's folder. (there can be multiples of these if the user has installed more than one OC powered app and the folder may be elsewhere, separate from the app that installed it, if it was from an older installer)

Additionally, the registry entries locations vary, depending on where the developer decided to put them...somewhere within their own app's key.

Some examples from Microsoft's site:

HKLM\SOFTWARE\ADatumCorporation\OpenCandy
HKLM\SOFTWARE\ADatumCorporation\OpenCandy\Completed
HKLM\SOFTWARE\Wow6432Node\ADatumCorporation\OpenCandy
HKLM\SOFTWARE\Wow6432Node\ADatumCorporation\OpenCandy\Completed

A developer could also choose to list them under his own app's keys without any mention of OpenCandy.

The actual keys would be listed as "OCN" and "VOCV"

So, you would have to scan all files & folders on a user's machine for an "OpenCandy" folder and/or "OCSetupHlp.dll"...then scan registry for "OpenCandy", "OCN" and "VOCV".

Removal of all or any of these may cause an error if you later decide to uninstall the application that put them there.

Additionally, if you know there is OpenCandy in an installer before you run it, you can use the /nocandy flag when running it to avoid seeing the ads. I do not know for sure if this also prevents the tracking and crap on the hard drive & registry, though.
« Last Edit: February 26, 2011, 02:57 PM by app103 »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #173 on: February 26, 2011, 03:06 PM »
As I was saying at the beginning, having an opt-out policy is not hiding it.  If it is truly hidden, then that's a different story.  But from the times I've seen OC, it's been pretty obvious.  In the case that it's hidden, then it falls into the category of malicious, IMO.

To re-state, so it's clear.  If it's an opt-out dialog during the installer (and even in subsequent updates) then it's not hidden.

When you download and run an OC powered installer, there are 3 things you could potentially install on your computer:

1. The application you intended to install (this is not hidden)
2. The recommended software (opt-in or opt-out, this is not hidden either)
3. OpenCandy itself, which you have to be a power user that knows the command line flags and knows OC is in the installer, before running it, in order to avoid being assigned a unique tracking ID and the OC junk being placed on your hard drive and in your registry. There is NO check box to opt out! Users are not well informed about this tracking garbage, despite OC "requiring" developers to inform users. They only have to mention OC somewhere on their own site. They do not mention it on download sites. So, you could download an app from Softpedia and not be informed there is OC in it, end up running it, and even when you opt out of the recommended additional software, you still get included in OC's tracking and profiling, whether you want to or not.

Well, the way that you put it, I have no problem with virus scanners flagging it as malicious.  Just like the games that come with various DRM that install drivers and such without telling you.  If you install anything that is not directly related to what I'm trying to install without informing me, you're wrong.

The thing about your point is that it was in response to mine.  So it either goes with/against my point... or shouldn't have been a response?  If that had been what the original conversation was about, I'd have had nothing to say, truthfully.  What you say is blatantly wrong... and I don't agree with at all.

You completely lost me. (Not hard to do the way my brain's been working lately.) Could you possibly restate that?   :)

I was originally talking about OC apps installing with a checkbox/radio box that tells you what else is being installed, and you get to opt out.

Your point was about apps that install without letting you know anything.

Two different topics, IMO.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #174 on: February 26, 2011, 03:21 PM »
Also a thought, I would consider OpenCandy to be a lot less evil than the developers who bundle it with their software.

OC's sales pitch to developers is pretty slick, and with the aid of various media outlets calling them the "good guys" it would be very easy for a naive developer to fall for it, thinking it's much more benign than most other adware. OC is an experienced spyware company (the same guys behind the infamous DivX spyware), a predator feeding off freeware and the open source community.