Search My Blog

Wednesday, August 29, 2012

OpenCandy - Given that any Software App that Scans your Computer, so deeply. Could be used in many different Maniacle Ways. I really see Why People are Concerned.

Controversial Advertising Program Now Being Embedded in More Software

OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more.

OpenCandy employs some controversial techniques in its operation and this has created some heated discussions in internet forums and blogs. Some say it is adware or spyware while others say it is just another legitimate form of advertising. Whatever, you need to be aware of this product and its potential pitfalls.

How OpenCandy Works

OC makes software recommendations to users during the program installation process. That is, while you are installing one product you get an invitation to install others. Users can accept or reject these download recommendations from OC; it is their call. Here's an example of how it works when you install the excellent free archiving program IZArc.

At the start of the IZArc installation process you are presented with the licensing agreement which clearly flags OpenCandy as a separate agreement.












And here's what the agreement says:


If you agree to this you get offered other products to install before installing IZArc.  The products offered depend on what you already have installed on your PC - OpenCandy scans your PC to find that out.  Here's what I was offered:

















Notice that neither option is preselected; you have to make a choice one way or another.  Not all implementations of OC work like that. Sometimes the "install" option is preselected. That means that users who just mindlessly click through the installation of the product they want to install will also end up downloading and installing additional products.  How OC is configured depends on the software vendor; the developer of IZArc in this case.

Harmless Advertising or a New Form of Spyware

Now to some readers all this may sound harmless enough but there is more to it:

Skipping on down to the Comments Section. Here's some interesting info...

by Geekster (not verified) on 25. August 2011 - 18:20  (78348)

If you want to do away with OpenCandy, you have to add a switch, IZArc (File Compression Utility) has OpenCandy bundled with it so to install "C:\IZArc4.1.6.exe /NOCANDY". Do this by placing the downloaded program on C: then copy and paste the command into Run Command. This should work with most programs with OpenCandy bundled to it.

"C:\program name.exe /NOCANDY"

by rihu (not verified) on 24. May 2011 - 16:02  (72604)

So why don't you offer a disclaimer page allowing your users to turn off AdSense and other ads on your site before loading your pages, so they don't get scanned by the ads platform funding you?

Until I don't see an opt in or opt out page on your site allowing users to avoid being scanned by your ads, I cannot believe you are seriously concerned by your user's privacy (but just concerned to exploit fear mongering as you can to get some more visits and impressions).

I neither had found a single user happy of being scanned by online ads platforms like adsense and similar ones, nor to get tracking cookies.
But I see a lot of webmasters and bloggers very concerned to NOT correctly inform users about privacy risks of online ads, and not talk of ad-blockers.

I recommend all your readers to get AdBlock - or use Opera that has built in ad-blocker.

by garth on 26. April 2011 - 21:08  (70975)

"Why not have a simple screen asking if I want them to check for anything useful or not? Give me the option of letting the dll run or not. Don't just run and hit me with ads."

That question was raised repeatedly in the forum here and the answer was, at best, vague.


OpenCandy explained: what you need to know about the technology

OpenCandy is a technology that software companies can add to installers to earn money from optional software offers that are based on a system scan and the user’s location in the world. That’s different from software installers that always include the same type of offering, the Babyloon Toolbar or the Ask Toolbar for instance, regardless of the user’s location in the world or whether the toolbars are already installed on the system.

According to the FAQ on the OpenCandy website, the installer queries the company server for a list of recommended apps for the user location, operating system and language and checks those against the installed applications on the system and prerequisites that those programs may depend on. The first recommendation to pass all tests is then selected and presented to the user in the installer.

OpenCandy sends anonymous statistics back to the server which is used to improve the technology and to provide software companies with analytic insights.

Skipping on down...

This is a short incomplete list of application installers that are powered by OpenCandy technology:

  • CCleaner
  • CDBurnerXP
  • CutePDF
  • Daemon Tools
  • Extract Now
  • Free Video Converter
  • IE7 Pro
  • MediaCoder
  • MiPony
  • Miro
  • Orbit Downloader
  • SPlayer
  • Super
  • Unlocker
  • uTorrent
  • Winamp
  • WinSCP

As you can see, this includes many popular applications. According to OpenCandy, hundreds of applications are powered by the technology.

What OpenCandy collects

  • operating system version and language
  • country location
  • timezone
  • language of the software installer
  • if the installer was completed or canceled
  • if a third party recommendation was made, and whether it was accepted or declined
  • if the recommendation was downloaded and the installer initiated
  • if the installation completed successfully

According to the FAQ, Open Candy does not collect personally identifiably information about the PC or user. The company notes that it does not collect or store IP addresses.

Is OpenCandy adware?


Contents » Setting up WinSCP » Installation »


WinSCP uses OpenCandy advertising module in its sponsored installation package. By using this version of the installer you support WinSCP development. Thanks you! If you do not want to support WinSCP development in this way, you can always use the other ad-free installation package.

The OpenCandy module shows at maximum one ad and only during the installation. WinSCP application itself does not contain OpenCandy and does not show any ads.

OpenCandy is advertising application. It is similar to Google AdSense, except it displays advertisements in installation program instead on a website. These advertisements promote another software packages. The advertisements are selected by providers of software being installed (in case of WinSCP it means WinSCP developers). When user installing a software (WinSCP) chooses to install promoted package, revenue is generated and shared between OpenCandy and software providers (WinSCP developers).

Is it Adware?

Some may consider OpenCandy an adware. In a good sense of the term, it is. It is a way to recover software development costs using advertisement.

On the other hand, OpenCandy does not demonstrate the negative characteristics commonly associated with adware, but:

  • Advertisement is shown only during software installation. Once software (WinSCP) is installed, you do not receive any more advertisements.
  • No unwanted software is installed. (WinSCP) user has absolute control over what will be installed and a software recommendation presented during the installation has to be explicitly decided upon. On the OpenCandy Software Network developers (WinSCP team) can choose concerning how they wish to recommend software, ‘opt-in’ or ‘opt-out’. For software recommendations, ‘opt-in’ refers to recommendations where nothing is preselected or where the box next to Do not install is selected by default, while ‘opt-out’ refers to recommendations where Install is the default option. (Currently all software recommendations in WinSCP installers are ‘opt-in’.)
  • No private information is collected. Installation program collects only information necessary to choose relevant advertisement, such as geo-location, operating system and language. Note that this is about the same amount of information, any web page you visit receives from your web browser. Collected data is sent to It also downloads advertisement image from (though it does not send any information there). See more details about information being collected.

For details see OpenCandy privacy policy.

Can I avoid OpenCandy?

Yes you can. Use /NOCANDY parameter when starting installation program or download version of installation program without OpenCandy. And if you use portable executable you will avoid installation program with OpenCandy as well.

What does an OpenCandy recommendation look like?

Read More on the OpenCandy Web Site...

OpenCandy FAQ Page...

Yes, well... this type of Extra Software Installation. If it leave behind an Executable file and Registry Entries, as I have read that OpenCandy does indeed do. Then it's installed! One Executable file is all it takes to make a Program or an App... If this is Built into a GUI Software Installation App and gets installed allong with which ever Software - App that you Chose to Inttall. Then that is not Ok with me! But, this kind of Software. Has been around, as long as I have been Downloading "Free" and "Shareware" for Windows. And that goes back to 1996, for me. I discovered "Freeware" and "Shareware". Back when I was running a 486 Win3.1 PC in 1996. And it really got bad during the Win98 Days. I got a Win98 1st Addition System in 1998. And also Discovered the Need for Running Anti Virus Software during that time. There are all kinds of Tricks that these Types of "Freeware" and "Shareware" App Writers use. User Tracking, Seceret Auto Installations of other Software Apps. Tricky Addon Apps, that you have to Un-Check the Box in order to Not Install (Yahoo Tool Bar etc). Advertisements of Course and Tracking of your Clicks on these Adds. Remember Bonzi Buddy? It was a cute little Green Bird Animation, that would fly your Desktop and Talk to you. And Bonzi Buddy, would track the Weather and Your Surfing Habits for you. All, for Free, of course!:O How about, Weather Bug? It's Still Around and I Still Don't Trust it! And the Toal that this kind of Software Takes on your Bandwidth was Terrible. Back in the Days of Dial-Up Internet Connections, a few of these Apps could slow your Surfing down to a point that a small HTML Web Page with a couple of Pics could take 30 Seconds or more to Load. Now a days, with High Speed Internet. But, with the Advent of more and more JAVA, Flash and other Web Apps, on so many Web Sites. This is still an issue. These types of Software - Apps. Connects to the Internet (usually withouht asking or notifying you at all, even during installation). This can Noticablly Slow down an 18mbps Internet Connection (this is what I have now). Many of them are very hard to Un-install too. Some could be Cleand out with Tools Like Norton System Works or some other Windows Cleaning App (Revo Uninstaller etc). Norton System Works and Antivirus, used allot of Band Width and really Slows down your System itself. So, I don't ever install it any more either. But, I do use the Norton CD sometimes to Fix a Broken Windows 98 or XP System. Or just Clean up the Registry and such (like CCleaner, but a little more in depth cleaning). There are and were So Many Apps like that out there. And more that I can't remember the names of right now... The frustration with all of this "Crap Ware". Is and was the main reason that I sought out a better way. A better Operations System. And in about 2005, I discovered Linux. My first Linux OS was Blag Linux. It was - is based on Fedora Linux and comes with a nice mix of Apps. Good for every day Computing. After a couple of years I moved on to setting up my own Mix of Fedora and Debian Linux Distros. I have tried out, over a hundred different Distros over the years and Fedora is my Favorite. I still play around with Windows Systems sometimes. I have every OS from Win3.1 to WinXP on older Computers that I have around. And when I come acorss some Software that has no Linux Version that I want to use or try out. I do it on my WinXP System. This is not very often though. Because most any type of Softeare - App that you could want has been Developed by an Open Source Software Developer and is Freely Available in most Linux Software Magement Systems (Repositories or Repos for short). That reminds me of one other thing abou this, "OpenCandy". The name emplies to me, that it is Open Source Software. Is it? Lets see... Well, after Several Google Searches. I found no evidence that OpenCandy is Open Source Software. I did find some discussion on a coupel of Form Pages mentioning that is should be Open Source. So that it's Code and the Ententions of the Authors would be Transparent, though (see the links below). But, during my Searches. I did find something that is a bit Troubling. I found out that there is at least one Open Source Project that is using OpenCandy in their Software - Apps. Tux Paint - is "Open Source" and "is a free, award-winning drawing program for children ages 3 to 12 (for example, preschool and K-6). Tux Paint is used in schools around the world as a computer literacy drawing activity. It combines an easy-to-use interface, fun sound effects, and an encouraging cartoon mascot who guides children as they use the program. Kids are presented with a blank canvas and a variety of drawing tools to help them be creative. (See the full list of features.)". I have never used this App. And frankly I am disapointed to see an Open Source Project using an Application that Scanns Your Entire Computer for all of the Software - Applications that are installed on Your Computer. And Sending this info back to Some Server, Some Where. To People that I don't know enough about to Trust!:( And this is an App for Kids! Do you really want Strangers Scanning and Watching any Computer Used by Yoru Child?!:O I don't!!! And Tux Paint is "Multi-Platform" and it "Works on Mac OS X (Intel and PPC), Windows (Windows95 through Vista), Linux and other systems." That's great. But, I still don't like that it's using OpenCandy. They are up front about it and they provide the best info on how OpenCandy is being used (by Tux Paint). That I have seen so far. Allong with "A number of other open source and shareware projects have started using OpenCandy to help offset their development costs"... 

OpenCandy and Tux Paint

Starting in June 2011, the Windows installer for Tux Paint utilizes OpenCandy to provide a recommendation for other software you might be interested in. This recommendation occurs during the Tux Paint installation process, and does not affect Tux Paint itself. (That is, no recommendations will appear within Tux Paint.)

If you install a recommended program, this earns the Tux Paint project some income, which helps support the development, maintenance and advertising of the project, and encourages the developers to continue working on it. (As of June 2011, earnings go directly to the lead developer of the project, Bill Kendrick).

How OpenCandy Works

After you agree to the End User License Agreement (EULA) during the installation of Tux Paint, the installer will contact OpenCandy's servers and, using the following information about your system, choose a software package to recommend to you (from a set that the Tux Paint project has approved):

  • geo-location
  • operating system)
  • language setting)
  • aggregated statistics about your system)
    (used to determine whether or not you already have a product installed, to avoid recommending something you already have)

It will also send information to the server regarding whether the recommendation had been accepted, downloaded, and installed.

Note: The OpenCandy system is designed to never collect information that can be used to uniquely identify, contact or locate an individual user.

More information from OpenCandy:

Can I Avoid OpenCandy?

Yes! We will continue to provide a completely free Windows installer version of Tux Paint, without OpenCandy integrated into it, along with the OpenCandy version.

Additionally, you can run the OpenCandy-enabled Tux Paint installer with a command-line option: "/NOCANDY" to disable OpenCandy.

Finally, the portable, self-contained ZIPped version of Tux Paint does not use an installer, and therefore does not include OpenCandy.

Who Else Uses OpenCandy?

A number of other open source and shareware projects have started using OpenCandy to help offset their development costs:

At the time of writing, a few of OpenCandy partners include:

Go there...

Given that any Software - App that Scans your Computer, so deeply. Could be used in many different Maniacle Ways. I really see Why People are Concerned. And Tux Paint is abailable in my Software Repositories for Fedora 14, which I am running on this System. Untile now, I have never worried about the Saftey or the Prospect of being Monitored by the Software that I install from the Fedora Repositories. I'm willing to bet, that the version of Tux Paint in the Fedora Repo, is the one that does not have OpenCandy in it. But, right off the Bat. I'm not sure how to tell. Other than Downloading and Searching through the Source Code. Or installilng it and then searching the App folders for OpenCandy in the files. I have no interest in Tux Paint. I have better Apps for Graphics on my System (Gwenview and Gimp to nme just two). So, I wont be doing that...

I did a complete Search for "candy" on my WinXP System and found nothing. I didn't find it in Revo Un-installer (the free version) either. But, then again, the file name could be pretty much anything. Since the Developers of these "Freeware" or "Shareware" Software - Apps. Can Name the OpenCandy Executable file, any thing that they wish. So, finding OpenCandy or any other Secretive Executable in your System could take a fair amount of work. I know I spent Countless Hours, Searching and Manually Deleting Unwanted Windows Executable Files from my Windows Systems over the Years. Norton - Symantec Products, being one of the most enjoyable to get fully rid of. Just to name one. I'm so Glad that I don't have to do that with Linux!:)

I used Ninite, a Multi Software Installer to build up my Re-Newed WinXP System. So, I didn't even know that Revo is a Limited Use "Freeware" App and so is Ninite. But, they do pretty well for my purposes. It's very True, that we all need a way to Make a Living and we Deserve to be paid for our Work. But, I'm still going to be Cautious about which "Free" offerings that I Partake of. We all know that there are many, many reasons that People Offer things for... "Free"...

Like I said... I Seldom use my Windows System. But, when I do... I try my to Stay Safe. So, Stay Thirsty for "Free Software"! My Friends. But, be Careful when Downloading and Running "FreeWare" for Windoze...


OpenCandy (OC) Addware Installer in Free Software

Controversial Advertising Program Now Being Embedded in More Software
OpenCandy (OC) - Google Search
Connecting Software Developers and Advertisers | OpenCandy
What Is OpenCandy? Explore the FAQ | OpenCandy
Open Candy virus - audacity and media coder from - Wilders Security Forums
OpenCandy now installed? (Page 1) / Support / Forums
OpenCandy explained: what you need to know about the technology
OpenCandy – No So Sweet! « SCB Enterprises Blog
OpenCandy Detected?? - Wilders Security Forums
OpenCandy (OC) Open Source - Google Search
OpenCandy safe and doesn't get installed? - Gizmo's Freeware Forum
Open Candy no "opt-out" on install. - MajorGeeks Support Forums
OpenCandy -
Is OpenCandy (OC) Open Source Software? - Google Search
OpenCandy safe and doesn't get installed? - Page 2 - Gizmo's Freeware Forum
Axantum Software AB | Welcome
CNET TechTracker-Adware:Win32/opencandy - CNET Spyware, viruses, & security Forums
Open Candy is now in MEDIAINFO (open source!) - CNET Spyware, viruses, & security Forums
Open Candy Advertising Software - Would You Want This On Your Computer? - LockerGnome
Is OpenCandy Open Source Software? - Google Search
Tux Paint - OpenCandy
OpenCandy -
Tux Paint - About - Uses OpenCandy
Tux Paint - Features
WinSCP (Uses OpenCandy, but can get without) - Wikipedia, the free encyclopedia
Freeware Game of the Week (Best Free Mario Fan Game)
OpenCandy :: WinSCP

What's Popular Now on

Updated Articles on

No comments: