We Have Moved!

This blog has been retired and will receive no new content. To read new Cranial Soup articles, please visit our new location.

Wednesday, May 13, 2009

OpenCandy: A New Kind of Adware/Spyware

They claim to be doing something noble, but the only thing sweet about OpenCandy is the sales pitch to naive developers that might just fall for it, tricking them into thinking it is somehow different than the typical common adware/spyware.

A lot of developers do seem to be biting the bait, but no matter how you slice it, it's still adware/spyware, and to me it stinks worse than the old fashioned kind.

In OpenCandy's own words, this is what they do:
Recommendations are made to users during the installation process. Utilizing the install process creates a user-friendly experience and offers optimal engagement for making a software recommendation. The user is presented with a screen that describes the recommendation, at which time they may choose to install the recommended software.
That makes it adware!
We then provide analytics back to the creators, so they can see how their software and recommendations are performing. This way they can better understand how to build and recommend great applications.
That makes it spyware!
We've also provided our technology as a platform to a handful of software creators who are utilizing an offer screen during the install process as an advertising unit. Some creators are already monetizing their distribution by offering apps like browser toolbars, so we're helping them improve their user experience and optimize the effectiveness of their offers.
That makes it your typical spyware/adware we have always known.

Actually, this is much worse, because instead of big companies like Sun & Opera making some software and offering it for free and advertising Yahoo's toolbar in the installer, we have a lazy predator company backed by venture capitalists that doesn't want to bother with or take the risk in developing a ton of software of their own to push toolbars to make their millions. They want to use the software of naive developers to accomplish it.

An ad is an ad, and to me there is no difference.

There is no difference between showing an ad for some other product by some other developer in the installer of my software, no matter how much I might even like that software myself, and popping up an ad for CocaCola or Viagra on a user's screen during the install process.

Do you remember what you parents told you about not taking candy from strangers and why? Well, these guys are not really strangers, they are known preditors. The founders of OpenCandy are the same guys responsible for the inclusion of the spyware/adware in DivX.

Now, before you call me a hypocrite for bashing adware installers while having ads on my blog, let me explain the difference:

Any visitor to my blog can turn off Javascript and not be exposed to ads. Or they can use a noscript plugin, or an ad blocker. They have that choice before they land on my site.

I even offer an ad-free RSS feed.

If I want to recommend software to my users, I put it on a separate page of my site and not in my software or installers.

When the ads are in an installer, the user can't install the software without seeing the ads. They have no real choice. That's the difference. And I seriously doubt that developers are going to offer two different installers and give users the option to see or not see ads or be exposed to spyware.

So now that I have told you what I think, what is your opinion on OpenCandy, as either a software user or developer (or both)?

 UPDATE Saturday, February 19, 2011:
The following applications have been found to install OpenCandy:

  • aMSN
  • Any Video Converter (last freeware, OpenCandy free version 1.21 available here)
  • ApexDC++
  • ATI Tray Tools
  • aTube Catcher 
  • avast! Free Antivirus 
  • AxCrypt
  • CDBurnerXP Pro
  • Cheat Engine
  • CNET TechTracker
  • Connectify
  • CrystalDiskInfo
  • CrystalDiskMark 
  • CutePDF
  • Daemon Tools
  • DarkWave Studio
  • Dexclock
  • Dexpot
  • DoubleTwist
  • Driver Sweeper
  • Duplicate Cleaner
  • DVDStyler
  • DVDVideoSoft products
  • eRightSoft products,including Super
  • ExtractNow
  • Ezvid
  • FL Studio
  • FreeFileSync
  • Free YouTube Downloader
  • Freemake Video Converter
  • Freemake Video Downloader
  • Free Music Zilla
  • Free Video Dub
  • Free Video To Flash Converter
  • Frostwire
  • GameHouse
  • HappyLand Adventures
  • IE7Pro
  • Image Tuner
  • ImgBurn
  • IZArc
  • kantaris
  • KMPlayer
  • Launchy (when not downloaded from SourceForge)
  • Media Info
  • MediaCoder
  • MediaInfo
  • MiPony
  • mIRC
  • Miro
  • MyPhoneExplorer
  • Office 2010 Trial Extender
  • Orbit Downloader
  • PDFCreator
  • PeaZip
  • Photobie
  • PhotoScape
  • Power Plan Assistant for Windows 7
  • PrimoPDF
  • PSP Video
  • RealArcade
  • RedKawa
  • SIW
  • Soldat
  • Soft32 Updater
  • SPlayer
  • Startup Manager
  • StepMania 
  • Super Mario Bros X (Level Editor)
  • Super Simple Photo Resizer
  • Sweet Home 3D
  • TechTracker
  • Trillian Astra
  • Tubetilla
  • True Burner
  • Unlocker
  • uTorrent
  • Veoh Web Player 
  • Videora
  • Vistaglazz
  • WebShot
  • Winamp
  • WinSCP
  • Xfire 
  • YouTube Downloader HD
This is not an exhaustive all inclusive list. This is just what I have found with a quick Google search. If you know of any other applications that should be added to this list, leave a comment and let me know.


Dr. Apps said...

Just wanted to clarify a few things here. (More info available at DonationCoder forum link at bottom)

-While at DivX, the team that went on to start OpenCandy saw that large software developers (like DivX) could leverage their distribution to make money while giving away their software for free.

-They felt that there was a much better way to do it (we do NOT believe in OPT-OUT) -- and that smaller developers should be able to leverage the same things so that they can make money and give their software away to their users.

-We believe in open source and free software, and we are trying to support the developers creating such software in a way that also provides something useful to their users.

-You can call our recommendation an ad if you want -- but the important distinction is that OpenCandy recommendations are specifically chosen by developers for their users. Do you choose the ads displayed on this website via Google Ads?

-Google AdWords collects non-personally identifiable information the exact same way we do -- so if you consider us spyware, then you must consider Google AdWords spyware as well.

-We are definitely not a lazy company... Our mission is truly to help software developers and their users. It is no simple task and we have been misunderstood numerous times by people like yourself, and we will continue to work hard to set the record straight.

-The developers who partner with us are not naive. They are some of the most talented and well respected developers out there, and they have been approached numerous times by various companies/entities promising them riches, etc. They have always turned those companies down because they didn't believe it was in their best interest or their users best interest. They have chosen to work with OC because they believe in our mission, our team, and our values.

-Your highlighting of the difference between your ads and our recommendations doesn't make sense. You say your ads are fine because users can disable them by turning off javascript -- but how many users actually know that and do it? The exact same can be said about our recommendations and users with software firewalls or strict Windows firewall settings. You can simply not allow internet communication during a software install and you will never see an OpenCandy recommendation. How is that different, better, or worse?

-Lastly, I encourage you to look up the definitions of both adware and spyware (Wikipedia actually has it down pretty good) to stop spreading misinformation. As for what we do at OC, we are honestly in new territory and we spend a great deal of time examining all of our guidelines and practices to ensure we are doing what is in the interest of our partner's users and therefore our partners. We are here to support software development over the long-term and the only way to do that is by doing what we believe is right.

I know you are just looking out for users and I appreciate that. That's what I've done for the last 9 years... Helped users keep Windows machines secure. Even after you read this and my DonationCoder post you may still disagree with software recommendations, but I think it's clear that they are going to continue to be done (by someone)... And at least the way we are doing it is the right way. :)

I've written a very detailed post on the DonationCoder forum further explaining what we are do and some info on what type of user/person I am. See: http://www.donationcoder.com/Forums/bb/index.php?topic=18297.msg164027#msg164027

Thanks. :)

Dr. Apps
Software Community Guru


crow said...

interesting :D

Adware Spyware Geek said...

The all too common trend that most Freeware software employ. It just seems that nothing is free without some hidden agenda - I hate that.

Wholesale Printing said...

It's all about the pitch, and if people are falling for it, then the creators of OpenCandy have succeeded in marketing something that doesn't really do anything extraordinarily different from other existing adware/spywares.

MMA Zone said...

Wow this is a great explanation of what I think also. You know all these sites that predict what site you would like to see next are such a waste of time and do nothing but collect data on surfers. Think back when you really wanted to find something on the web. I bet you found it and it wasn't through a piece of software like OpenCandy, it was more through keywords at google.
Thanks for the post!

temp said...

because it's spyware, not a virus. Now here's a question for you: Aren't you ashamed of yourself for working for a spyware company? Just a little?

Pdub said...

Your website if full of ads !!!!!  This entire website is adware. To me, this is worse then being offered to install a toolbar in an application. Think about it "Genius"

app said...

I could give manual uninstall instructions, but I feel that could be very irresponsible of me due to the fact that it would require editing the registry...something I wouldn't suggest for anyone but very experienced knowledgeable users. One wrong edit could destroy your whole OS and make it unbootable.

app said...

I don't believe for one minute that Malwarebytes is taking money from OpenCandy. They have a good product and it removes a lot of harmful things that can really screw up your computer.

OpenCandy is adware and a privacy threat, but not anything capable of completely messing up your computer or stealing your passwords.

I did find this older thread on their forum that you might be interested in: http://forums.malwarebytes.org/index.php?showtopic=18938

Seems there was some concern about silent installs without a user's permission and the OC rep wasn't getting very far in his claims to be "the good guys".

Joao said...

OpenCandy only displays a recommendation during the software installation, it doesn't install anything without user permission, a software that SHOULD BE CONSIDERED ADWARE AND SPYWARE is Windows Live Messenger, it displays unwanted ads and uses your personal information to select those ads. We are tired of blogs like this, surviving of just writing difamatory shit. Maybe you are very angry because your unuseful crap that you call "software" was rejected at OpenCandy. Hahaha.

Lexster said...

Uh, no. That's a blatant lie. Avast! just found Open Candy on my computer and I certainly did no agree to install it. I was installing FL Studio and declined all of their "recommendations", yet I still managed to somehow get Open Candy on there. Interesting, huh?

Jim said...

I did not know I would have it installed on my system, yet I found it installed on my system. That makes it shitware. It reports activity back to a third party without my consent - that makes it spyware. It consumes system resources and caused my security software to alarm, costing me time to troubleshoot and remove.. that makes it malware.

Debate it all you like... but get it's signature into the scanners as something to be detected and deleted, and spread the word that software becomes shitware when this crap is included.

OpenCandy BLOWS said...

Dr. Apps should rename himself Dr. Spin. It's good to learn about this and I will AVOID any software that does business with this company.

BeenBitB4 said...

I landed here in the course of finding out more about why my (almost) install of MediaInfo wanted to also install OpenCandy. I've read the complaints, the suspicions, and the defenses... the business model and the equivocating on just what "adware" is.On the balance, I've decided I can well continue living with without any application that installs unwanted baggage, however light that additional baggage claims to be.

Go Away OpenCandy said...

"-Google AdWords collects non-personally identifiable information the exact same way we do -- so if you consider us spyware, then you must consider Google AdWords spyware as well."

I use AdBlock Plus. No Google AdWords. How I got here: I just installed a piece of popular open source software and it included your OpenCandy junk recommending a commercial software package. Did a Google search and this blog post came up. OpenCandy may not be traditional spyware but I don't want it in the software I am installing. There are a number of better ways for open source developers to make money. OpenCandy: Go away and cease to exist. Thank you.

(Oh, and I am a software developer).

app said...

Thank you. Added to the list.

Guest said...

Freemake Video Converter according to Virus Total also has Open candy.

53.yr.old.IT.student said...

I'm not exactly sure yet why "Open Candy" does this but, twice now I've had to remove this from my nephews E-machine Laptop because it kills his display. Not sure if it's actually OC that's doing it or it or something else he down loading through it but it does appear to be malicious in some way stay away from it! going to do some further investigation and see what else may be causing the problem.

A. Nony Mous said...

Actually, it does NOT go away. I haven't installed any OC software in several months, yet when I was scanning my system this morning with Microsoft's Stand-alone System Scanner it found the OpenCandy software still on my system. Yes, Toolbars can be / are a bad thing, but that doesn't mean I want OC sitting around "living" on my hard drive AFTER I have installed the software I wanted originally. And I think I'm going to have to go give feedback to Download.com as they promise none of their stuff has viruses or spyware/adware. Guess where I got my "free" software from???

Spasticgoblin said...

Sure a lot of folderal over a simple recommendation. We think you might like this, do you want it? Nope, and move on. I don't think you can compare this with anything as pernicious as a toolbar. Its not the same thing. The candy thing is just there for the install and gone. A toolbar installs all sorts of weird things (like google updater if you go with a google toolbar). I think you should be more concernd that your comments window doesn't scrioll adn that I'm typing whtouh reading what I'm typing.

Demian Phillips said...

Opencandy has aparently been livin on my ssytem via izarc and it has started crashing Microsoft backup, Microsoft update, and is triggering Microsoft Security Essentials to give me an alert.

So I consider it a huge problem since it interfears with the running of my system AFTER the install.

Big AUssie said...

Thanks for the blog post. Nice try Open Candy rep hoping to make your product sound better than it really is. I have arrived here because Windows Defender found Open Candy on my system. Now I have to work out how to get rid of it, because I haven't installed anything new for more than 2 weeks. That is spyware/adware (as defined by the Windows Defender scanner).

I am not a developer, but I work with producers of music and video content, who give some of their hard work away, to get people to listen or watch. If people like the sample they will come looking for more. Simple process which works without adware or spyware.

James Willshee said...

Difference with Facebook is people make a conscious decision to join whereas Opencrappy installs without people knowing and doesn't have an install standard across the programs it's included in.

OC make a good case, I will given them that. Doesn't make what they are doing any less suspicious and wrong though.

Anything that needs to go through such sneaky methods to get onto my system is malware in my eyes.

Nospam said...

OpenCandy is not a Malware. the OpenCandy OCSetupHlp.dll file is not even flagged by one single AV editor

If you fear personal info theft, you better look at Facebook instead and see how much they know about you.

Last but not least, at this moment I am posting, there are 41 advertizers on the OC plan.
amongst them MicroSoft, AVG Anti-Vir, AOL and RealPlayer.

Good luck in your fight against OC. and remember the famous quote:
Winners never quit and quitters never win, idiots never win & never quit 

dxmc said...

Thank you for this article. I ended up here after ESET detected OpenCandy in TechTracker.Also, thanks to your list I subsequently discovered it in Any Video Converter and SIW.I complained about this to CNET in their AV forum and to Gabriel Topala at SIW in a personal e-mail. They all insist that its a false positive but their explanations make clear that it is, in fact, adware/spyware. I agree with you that the central issue is choice. I use adblocker plus to filter out browser ads and spam filters to keep this crap out of my inbox.
Mr. Topala says on his website that OpenCandy is no different than Google ads on the web. But those can be blocked or ignored. Not quite the same thing when its in an installer. I've taken some flak for complaining about this and I can see from this thread that it is a controversial issue, but I have an expensive high-end system which I monitor carefully and I don't anything like this getting into it. I had no way of knowing that these programs would install OpenCandy and, even if it is relatively low-risk, this is unacceptable. let me just add briefly that I support DonationCoder, use their apps, and think its a great website. Thanks again for your help and please keep up the good work.

app said...

A recent post I made on DonationCoder shows that the keys might not be as obvious as you might think:


Would you know enough to look for keys called "OCN" and "VOCV" under any application, without any mention of OpenCandy? Developers can choose to do that if they wish. Developers can basically put those 2 keys anywhere they want.

dxmc said...

Sorry my last post was a little garbled, inadvertently dropped a few lines, one of those days.Let me just say that I actually found OpenCandy to be fairly obvious in the sense that I was able to find clearly marked OpenCandy registry keys at HKLM/Software/WOW6432node.After finding one I went through the whole list and found 2 more.It seems that they really direct this stuff at the really inexperienced users and the naive idealistic developers, so it seems important to speak out about this because it really brings down the whole experience of searching for and finding new freeware, particularly for those users who are new to this and encounter these annoying ads. For what its worth OpenCandy's CEO posted a blog on their website about all of this which you might be interested in.Check out this link http://www.opencandy.com/2011/03/04/the-story-behind-the-opencandy-and-microsoft-adware-debacle/

app said...

In a way it is correct that it is like Google ads, but the cookies set by those ads are trivial to block and/or remove.

OpenCandy uses a much sneakier approach with registry entries as permanent cookies, building a profile of your software usage...which apps you are installing, what extras you accept, which you reject, etc. They assign a unique user ID to your computer. And this is the part that developers that are packing this stuff into their installers either do not fully understand, or they just gloss over it, sweeping it under the rug, and won't tell users the real truth.

All of this is not trivial to remove for the average PC user. I wouldn't suggest anyone but a seriously experienced power user to go mucking around in their registry to hunt down and manually delete these entries.

app said...

I don't know...I still don't trust them. They don't have a reputation for being trustworthy, not with DivX or OpenCandy.

dxmc said...

That's interesting, the keys I found were just marked OpenCandy although I suspected there might be others with a different label.I also think its interesting that OC now says that its program no longer creates a unique identifier and no longer does anything in the registry.Gabriel Topala sent me a lengthy e-mail which included a long letter from OC to him,apparently they are now making quite a few changes in response to all this pressure.Here is a quote from their ad ops guy, Joe Lin.
So what's new?

· We no longer store any OpenCandy information in the registry

· We no longer create or allow the communication of a unique identifier

So its good to know that all the heat has had some effect.

Transmitthis said...

Comparing it to how google monetises the entire web via adwords is misinformed at best

"How is that different, better, or worse?" OpenCandy says - Really, well I did not ask for this software to be installed on MY machine. I did not want it, and did not know it was there, until running a check.

Dr. Apps - You are one of the reasons people have issues and problems with their computers, naive users will be accidentally installing more crap because of your spyware/adware

I'm installing proper opensorce and freeware app alternatives for any programs that include this rubbish from you.

Moritz2112 said...


Has it, detected by MS Security Essentials, but not SEP 11

app said...

Since a lot of people seem to be suddenly coming here looking for information, I have updated my post and added a list of applications that install OpenCandy. Check over the list and see if anything looks familiar to you.

Data Hold said...

Additional applications identified as having OpenCandy by Malwarebytes as of today: PrimoPDF and FreeFileSync. Also, as expected, five system files also have it. This is on a system with Trillian installed, btw, and it did not appear in that application according to the scan.

app said...

Do the developers that are using OpenCandy offer an ad free version of their installers?

I do offer an ad free version of my blog...it's called my RSS feed: http://cranialsoup.blogspot.com/feeds/posts/default

Remove Spyware said...

Thanks for your sharing!

app said...

I have never actually used SIW myself, but I have friends that seem to love it.

The last free version of Everest is good enough for me. http://majorgeeks.com/download4181.html

Otter said...

I agree with your disappointment over this...

eRightSoft - Super - now contains OpenCandy. It is likely that other eRightSoft packages contain it as well.

MB said...

Where did it find it - I've only seen it flagged in the installers NOT the system post install.

app said...

Thanks...added to the list.

Digdig said...

I just wanted .jar file decompression software, not adware bundled in the installer. Thank you Windows Defender for the alert. I will look elsewhere, or just use the JDK.

Maso said...

must've been either dex2jar or jd-gui so! I don't remember either of them suggesting "recommendations" but I was fairly pissed to see a Windows Defender alert to say there's adware installed on my laptop!

app said...

If and when you know which app did it, for sure, please let me know so I can add them to the list. I don't want to accuse an innocent developer of pushing adware, so I can't add either name till it is confirmed.

Guest said...

Videora (http://www.videora.com/en-us/Converter/zune/download/) also comes up as having Open Candy according to eset (via http://virusscan.jotti.org/en). Been looking for a video converter for a portable device, but Open Candy seems to be everywhere. 

Use to use Super Converter and loved it, but then it became a resource hog and whenever a new version came out, a pop-up would state that a newer version of Super is available and the current version could crash at any time. Sure enough, next time you try to use Super it refuses to open and my system (XP) would begin hanging on other programs until I upgraded to the next version of Super. Turning off your internet connection after the initial install keeps it from checking for updates, but you forget one time and Super is now disabled and programs crash. The rough install must mess something up. Anyway, sorry for the digression and thanks for the info on Open Candy.

Ghostinthe Shell said...

You should probably include how to remove it as well.

Sophie said...

StepMania is using OpenCandy in their new installers, but the original 3.9 install is still available to download, which doesn't use OpenCandy. (3.9a *does*, however)

Sicofante said...

I don't quite get why developers do this. Once MSE or Windows Defender reports the installer as infected, the developer's reputation is so heavily tainted that the user will never trust them again. I don't know how much money this spyware scheme brings but it's easy to see the damage.

Sicofante said...

Microsoft Security Essentials and Windows Defender will let you delete it from the installer as soon as you launch it.

If you happen to ignore your antispyware alarms and get it installed, I understand you can remove it afterwards by using the very same tools that warned you in the first place or any other such antispyware tool.

Hait_blind_paranoia said...

wake up guys and stop your blind paranoia.
how come not even one single Antivir editor approve your saying. think of it, but think objectively


Disappointed said...

I installed ExtractNow last September and I don't recall a product recommendation during the install (I've installed it numerous times on numerous computers). Then 2 days ago, Microsoft Security Essentials suddenly flagged it up.

Maybe it was there in September and MSE only classed it as a threat in the most recent definitions update, or maybe ExtractNow recently auto-updated to include it.

If it was something that *just* recommended software during installation, I wouldn't mind so much, but if it wasn't an auto-update then it's sticking around after installation.

Guestfordiner said...

you are running this blog right.
Can you deny that you have access and you can record (if you want) every:
1/ IP address of each person posting here
2/ his country
3/ his Operating System
4/ his Browser type
5/ his screen resolution

JOE said...

if you really think that a developer with hundred thousand install a day, making daily $600 net (YES) with OC and backed by every and each Anti-Vir company to cover his ".a.s.s." would really care about a dozen of whining poor guys that would not even represent 1 per thousand of the actual downloaders/installers then consider this blog as your group therapy ;-)

app said...

1. Yes. I do have access to the IP addresses of everyone that comments on my blog. This wasn't always the case though. Blogger does not provide this info to their users. When I switched to using Disqus for comments, then I had access to this info, whether I wanted it or not. If I switch back to the default Blogger commenting system, I will no longer have access to to this info.

2. No. I would only have access to the commenter's country info if I submit the IP address to a 3rd party to look it up, which I do not do. So, I really do not have access to that info.

3. No. I do not know what operating system any individual that comments on my blog is using, unless they tell me.

4. No. I do not know what browser any individual that comments on my blog is using, unless they tell me.

5. No. I do not know what screen resolution any individual that comments on my blog is using, unless they tell me.

GT said...

I do have a website too and i get detailed info with graphs on all above points.
on a side note, i get Country / State /City /ISP
and details whether Java active or not
all the above with statistics, percentages and graphs.

app said...

Thank you...added to the list.