Controversial Advertising Program Now Being Embedded in More Software

OpenCandy (OC) is a relatively new advertising product that more and more software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more.

OpenCandy employs some controversial techniques in its operation and this has created some heated discussions in internet forums and blogs. Some say it is adware or spyware while others say it is just another legitimate form of advertising. Whatever, you need to be aware of this product and its potential pitfalls.

How OpenCandy Works

OC makes software recommendations to users during the program installation process. That is, while you are installing one product you get an invitation to install others. Users can accept or reject these download recommendations from OC; it is their call. Here's an example of how it works when you install the excellent free archiving program IZArc.

At the start of the IZArc installation process you are presented with the licensing agreement which clearly flags OpenCandy as a separate agreement.

 

And here's what the agreement says:

 

If you agree to this you get offered other products to install before installing IZArc. The products offered depend on what you already have installed on your PC - OpenCandy scans your PC to find that out. Here's what I was offered:

 

Notice that neither option is preselected; you have to make a choice one way or another. Not all implementations of OC work like that. Sometimes the "install" option is preselected. That means that users who just mindlessly click through the installation of the product they want to install will also end up downloading and installing additional products. How OC is configured depends on the software vendor; the developer of IZArc in this case.

Harmless Advertising or a New Form of Spyware

Now to some readers all this may sound harmless enough but there is more to it:

  • The recommendations made by OC are partly based on the products you already have installed on your PC. OpenCandy determines this by secretly scanning your PC without ever asking your permission.
  • While you can elect not to download any of the programs suggested by OC you cannot opt out from installing OC itself; it is fully embedded in the installation process. The situation is made worse by the fact that some software vendors don’t even mention in their End User Licensing Agreement (EULA) that OC is included as part of the installation process for their product.
  • If you accept any of the software recommendations made by OC then not only will that software be downloaded and installed but OC will also permanently install itself on your PC as well.
  • Regardless of whether you accept or reject OC’s software recommendations OC will transmit information about your PC back to the OpenCandy Corporation.
  • Some anti-malware programs including Microsoft Security Essentials flag some products containing OpenCandy as adware.

The makers of OpenCandy have published some credible counter-arguments. They claim:

  • Many installers from reputable companies scan your PC during the installation process to check for old versions, the existence of essential components and more.
  • They also claim that OC installs nothing permanently on your computer should you choose not to accept any OC download recommendations.
  • They state that any data about your PC sent back to OC is the kind of general information collected when you visit a website and contains no personally identifiable information.

They also put forward an argument that OC is not adware as it does not conform with the Wikipedia definition of adware as programs that display ads during program operation or usage. Using definitions to deflect the argument is ridiculous. OpenCandy is without doubt adware. Yes, it displays ads during product installation rather than product operation but the effect is the same. To claim otherwise is fatuous.

But there is nothing particularly wrong with adware. Many reputable products like the free version of Avira AntiVir and AVG Antivirus are adware. The product ads are the price that many users are prepared to accept in order to get the product for free.

Is OC spyware? There is little evidence to suggest this rather it seems to be just another form of adware. However it does worry us that the distribution model OC uses could potentially be used to turn the product into spyware.

In fact that’s the aspect of OpenCandy we find most disturbing. With the product now installed on a huge number of computers the current or future owners of the product could be tempted at some time in the future to more aggressively utilize the huge installed base. Can the OpenCandy Corporation or its successor be trusted not to exploit this opportunity? Will a hacker break into their system and create a huge botnet? Who knows; nobody can know but the possibility itself is disquieting.

The Gizmo’s Freeware Policy on OpenCandy

We thought seriously about banning any product containing OpenCandy from our website but have decided against that on two grounds:

First we have no evidence that OpenCandy is a malicious product or spyware. It is simply an adware program. Yes it is a product that makes us feel uncomfortable in the way it pushes privacy limits and even more uncomfortable with the potential for the model to be exploited but these are ultimately soft objections.

Second to ban products containing OC would deprive our users of the right to make their own choices as to the products they wish to use. Some of the programs that contain OC are of outstanding quality. If users wish to use these products knowing that they contain OC then we need respect that choice.

We have however decided to attach some strong conditions to products that contain OpenCandy:

  • Gizmos’ Freeware will not list any program that contains OpenCandy in its installer and does not clearly state this fact in its End User Licensing Agreement (EULA).
  • Gizmo’s Freeware will not list any program that contains OpenCandy that does not provide users with the ability to opt out of all recommended downloads.
  • The presence of OpenCandy will be treated by our editors as a negative when preparing our lists of recommended programs. It will be left to individual editors whether a program’s features and other strengths are sufficient to offset the inclusion of OpenCandy.
  • Where we do list programs which we know contain OpenCandy, we will clearly alert our readers to this fact.

This policy is now in place but it will take some time** for us to check every product and decide whether we will continue to recommend it. If you are aware that any product we recommend that contains OpenCandy then please leave a comment at bottom of the program review.

Now I know some people will consider these initiatives to be an over-reaction while others feel we have not gone far enough. What we have tried to do is balance the right of our readers to make their own informed choices about the products they use against the concerns we have about the OpenCandy marketing model.

What I can say is that we will keep the situation under ongoing review. Should the OpenCandy company show any indications they are moving their product in a direction that is not in the interest of our users then we will immediately ban all products containing OpenCandy from this site.

** To the best of our knowledge, all products listed here which contain OpenCandy have now been identified and an appropriate advisory added to the text. The situation is fluid though as some authors will no doubt remove it and others will begin bundling it with new software. If you discover an incidence of OpenCandy within a product listed here which is not marked as such, please inform us by leaving a comment on the appropriate page, or by contacting one of the mod team directly.

 

Gizmo

 

Share this
4.755655
Average: 4.8 (663 votes)
Your rating: None

Comments

by Lassar on 7. April 2014 - 13:41  (115549)

There are 2 things one should do to install a OpenCandy program.

1. Block OpenCandy servers in the windows host file.

You do not want OpenCandy to spy on you.

Click on your start button, go to programs, accessories, right click on notepad and run as administrator.

Click on file, open.
Go to C:\Windows\System32\drivers\etc
type *.* and click on host

Add this to the host file

127.0.0.1 tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 media.opencandy.com
127.0.0.1 cdn.opencandy.com
127.0.0.1 tracking.opencandy.com
127.0.0.1 api.opencandy.com

And click save.

2. Now go to the command line and enter:

"ProgamName /NOCANDY"

The program will now install with no chance of installing third party software & no chance of spying on you by communicating with the OpenCandy servers.

by BallyIrish on 27. July 2013 - 7:12  (109657)

I have used PeaZip for some time, and found it fulfills all my.zip file needs, and does it well too.
OpenCandy has always accompanied PeaZip, but separately, and I have always uninstalled it.
OpenCandy is now integrated with PeaZip to prevent uninstallation, I assume. The latest versions of PeaZip therefore cannot be used without OpenCandy.

Open Candy's EULA, now accompanies PeaZip (see below), and appears quite innocuous to me, and perfectly lawful.

The fact remains, however, that this is MY Computer and OpenCandy is passing information relevant to the type of software I use, along with my email address, of course. This, PeaZip claims is lawful.
On the whole, I get such good results from PeaZip, that I am not in the least concerned, now that I have read Open Candy's EULA, that my privacy is not in any way DETRIMENTALLY compromised.

It is therefore my own choice to install or reject any software recommended to me by third parties.
No unwanted software is therefore forced upon me, neither is such software surreptitiously installed on my PC.

Until a law forbidding this sort of practice is passed, PeaZip may continue, lawfully, to include OpenCandy. I have the choice either to continue to use and update PeaZip, or refrain from its further use. I choose to continue to use it, along with OpnCandy, as PeaZip is useful to me.

PeaZip openly states before one installs it, that OpenCandy forms part of PeaZip. I appreciate that sort of openness. What I HATE is purchasing a program which contains Adware.(like RegClean Pro from Systweak only to find that a large portion of the interface is devoted to Adware, advertising Advanced System Optimizer v.3 - all my attempts to obtain a refund from Systweak have failed . It was purhased through Cleverbridge.)

[Moderator's note: Unnecessary posting of Peazip license removed.]

by Pippin on 8. February 2014 - 6:30  (114314)

BallyIrish - I appreciate the time you took to do the research for your input on Open Candy (OC) and thanks sharing that info because now I'm aware of their integrity or lack thereof.

I respect your decision if its right for you but I disagree that your "privacy is not in any way DETRIMENTALLY compromised" or their terms of usage are innocuous. If it was then why do they need to force it on PeaZip users? Once they have your info - its theirs for as long as they want it and You have no way of predicting what they'll do with it in the future. they claim they don't collect or share your "personal" info. Really? Then why obtain the email at all? Plus keeping track of the software you use as well as having your email address is VERY personal and THEY decide what to do with it - not you.

Its easy for them to say "we don't collect or share your personal information" its an incredibly vague statement. In what world is collecting your email address NOT collecting it? It just gives them range to be "creative" with your information. There are ways of getting around that claim and justify that it falls under the archaic laws already in place - which were written without consideration of the internet. Most new laws are poorly written too.

The practices employed by these companies are out of touch with the right way to market/advertise. First, they don't consider whether you're a logical consumer candidate, they don't put enough effort into targeting the audience. Instead they mass market or mass advertise thinking this works even though analytical data shows its not cost effective. They under estimate the intelligence of consumers such as using the kind of tactics used by OC - forcing THEIR marketing policy on ALL the PeaZip users instead having the option to opt out. This tactic will never promote trust or loyalty. They think overkill is consistency when its really obnoxious.

As a consumer with many years of marketing experience as well as education in color marketing both online and off I can say without hesitation that these kinds of practices alienate consumers more than attracting them.

by Himagain on 4. November 2013 - 4:18  (111995)

Equally as valuable as the great reviews we get here is the personal support of the Editors themselves in clarifying any misunderstood points.

All of which is topped off by the intelligent friendly commenters to found here as well.
---------------

@Ballyirish I agree with your post completely. The only other addition I would add is that we should all make it clear to the initial program suppliers how we feel.

I now actively support Wot.com and DO take the time to communicate with program suppliers for the good AND the bad.
It is surprising how few people ever do say thanks for a freebie, sadly.

by Ellam88 on 26. September 2013 - 14:51  (111033)

I've used recent versions, including current one, and for what I know ads were always not mandatory.
http://peazip.sourceforge.net/peazip-partnership.html page says anything preventing unistallation or otherwise tricking the end user should be reported to be banned.
PeaZip homepage anyway still links a package without OpenCandy in the same paragraph talking of the bundle, and of course there is the Portable version that is just a zip file.

by MidnightCowboy on 27. July 2013 - 9:32  (109660)

There is more information about this here:

http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_prog...

I think it is important to understand that things are "promoted" simply because no one would buy them otherwise. If for instance the true benefits of tweak tools and registry cleaners were ever researched and the results published by an impartial source, then no one would buy one ever, or even use a free one come to that. Everyone is open to this type of influence though and I am evidence of same having once been the proud owner of a Bullworker. :D

Folks are free to classify OpenCandy as they see fit but it still remains a back door money making exercise that is hard sold to developers for them to include in their software. This is then forced on consumers in a way that most find detestable as illustrated by this being the largest number of complaints we receive on any subject. MC - Site Manager.

by Himagain on 4. November 2013 - 4:25  (111996)

I come from the "Old School" where we tried in marketing to create good relationships with prospective clients and the prevalence of the unethical assaults on our computers should be made illegal.

This comment of yours should be a sub-header all over your Site - as a warning to programmers!

YOUR QUOTE:
This is then forced on consumers in a way that most find detestable as illustrated by this being the largest number of complaints we receive on any subject. MC - Site Manager.
ENDQUOTE

Himagain

by Anupam on 27. July 2013 - 9:02  (109659)

The unnecessary posting of the license has been removed. It's long, and not suitable for posting here... and if anyone did want to see the license, they can do so by downloading PeaZip.

Yes, it's a personal choice whether or not a person likes the adware that are being bundled with the software or not. Some people are OK with it, some are not.

But, fact remains that this is adware. There is an option to decline the software recommendation shown by OpenCandy, but, if you decline that, OpenCandy files should not be stored on the system. But, OpenCandy files and registry entries do get on the system, and this can be considered to be a kind of spyware activity by some.

You wrote about purchasing the program shown by OpenCandy as a recommendation. You did not had to purchase it, unless you wanted to. That is just a recommendation, and the users are not bound to buy that software, to use PeaZip.

That is what adware is, it shows ads, and wants you to purchase the software it recommends, which is what you did, and this is how these adware succeed. You can already see the kind of crap programs they recommend. I think it was a mistake on your part to decide to buy the software that was recommended. It was a recommendation, and you could have declined it.

If you want to avoid OpenCandy, you can download the portable version of PeaZip, which should be free from OpenCandy.

http://peazip.sourceforge.net/peazip-portable.html

by zacharia on 28. March 2013 - 17:07  (106614)

awesome article. well written, great intent.

thank you.

by Mark Brown (not verified) on 10. February 2012 - 19:24  (88640)

found this on the web:
you can use a command-line argument to install "/NOCANDY" from CMD.EXE .
----------------------------------------
Can I avoid OpenCandy?
Yes you can. Use /NOCANDY parameter when starting installation program.

by Captain Moondust (not verified) on 9. February 2012 - 18:28  (88595)

If "OpenCandy" is only active during installation of its host program (sort of like a host cell carrying a virus?) then why, pray tell, does it feel the need to inject elaborate, free-standing registry keys? Obviously, to lay a framework for future misuse, I'd conclude. "OpenCandy" is a malignant infection, and I cannot reconcile its nature with any benign rationale that permits Gizmo to endorse freeware so infected, warning or no. Fortunately, MS Security Essentials, as was pointed out, detects the virus for what it is, malware; and has done so for me on several occasions. Let us hope that MS does not bow to OC's potential blandishments (and payola?) and disable this very useful attribute.

by Parker (not verified) on 3. January 2012 - 5:48  (86454)

have Zonealarm free firewall installed, then just give a brief read through before clicking next/agree while installation should be fine.

by Anonymous Mask (not verified) on 22. September 2011 - 0:57  (80072)

open candy,what about a removal tool or exemption limitation with permissions or license?

by Geekster (not verified) on 25. August 2011 - 18:20  (78348)

If you want to do away with OpenCandy, you have to add a switch, IZArc (File Compression Utility) has OpenCandy bundled with it so to install "C:\IZArc4.1.6.exe /NOCANDY". Do this by placing the downloaded program on C: then copy and paste the command into Run Command. This should work with most programs with OpenCandy bundled to it.

"C:\program name.exe /NOCANDY"

by cabelu (not verified) on 27. August 2011 - 3:14  (78413)

Geekster: I want to apply what you are saying to my computer (windows 7, 64 bit), but I am far from expert and don't know how to do what you're suggesting. Can you please provide instructions to those of us who are "computer challenged"? Many thanks.

by mehman on 13. June 2011 - 12:03  (73728)

Thanks for the info Gizmo. In future I will avoid all software which bundle OC.

by rihu (not verified) on 24. May 2011 - 12:17  (72581)

I don't understand why it seems so surprising: OpenCandy displays ads, what it does is very similar to AdSense (that techsupportalert.com uses to get cash and stay in business...) and any other ad platform.
It displays ads in an installer, offering to install an advertised software, like many web ads on AdSense offers to go on a third party website (do you test if they have malicious scripts?) and install a third party software (do you test if it is good?).

The company is part of Google Ventures, it is not an unknown subject sneaking in the market from God-only-knows:
http://en.wikipedia.org/wiki/Google_Ventures
http://www.googleventures.com/portfolio.html

I come on your page and I'm tracked by AdSense to provide me a good contextual ad.
If I click on the ads on your page I go on a third party website offering me to install a third party software.
What is the difference?

More: do you do your really maintain a list of unwanted ads, testing advertiser offers and websites for potentially malicious content?
It is very simple to do with OpenCandy, and very difficult to do with AdSense, so in my experience the second is less ethic and potentially more dangerous.

Ok Gizmo's Freeware, if you really don't trust ads sold by Google to the point to stigmatize developers using them, be coherent and remove Google ads from your pages and stay in business with donations.

by Radelen (not verified) on 30. August 2011 - 21:34  (78682)

Excelent comment! :-) Just 5+

by rihu (not verified) on 24. May 2011 - 14:50  (72593)

Little experiment: visiting this very same page two times I got two graphic skyscrapers offering software downloads (no surprise, Google Ads user tracking and profiling works well and offering software to users visiting a download related website is a quite good bet), both domains were deep-red marked on MyWot - that means, not even trust visit them, let alone installing the advertised software.
Third time I got a link group, it offered various services and two software downloads, I guess was more lucky here as one was deep-red marked ond one green (wow!).
The one red marked was a well known fake anti-malware, and it could have really eneded bad if I had followed the link.

My two cent: never trust the ads, neither in an installer, a website, a phone app, or plain old TV.
The best you can do for yourself is turning ads off with AdBlock: this is a nice piece of software I would really like to recommend... let see what bloggers and webmasters bashing OpenCandy say about it and about sustainability of their work.

by rihu (not verified) on 24. May 2011 - 15:00  (72594)

Or, if you are going to accept the fact ads are one of the biggest market and today allows many developers, bloggers and webmasters (including Gizmo's ones) to buy the bread and provide good products and services, let bash ads platforms that really needs to be bashed as they accepts bad advertisers and does not give (willingly or by technical limitations, like AdSense) the publishers enough tool to make a good selection of advertisers.
In my little example in the previous post I could have been served 4 good software instead of one good and 3 scams, and I could consequently have had 4 better times odds to find a good product or service to try or buy (that is good for the advertisers and publishers) and have 0 chances instead of 3 (that is VERY good for end users) to have my PC infected by the 3 scam software advertised here via AdSense - let alone possibilities of malicious scripts, tracking cookies and so on just for visiting the 3 "bad" advertisers' servers.

by MidnightCowboy on 24. May 2011 - 15:19  (72597)

You can make comparisons and try as hard as you like to justify this type of added code but certainly everyone I speak to does not want it included with the programs they download. This is a completely different issue to how developers may or may not choose to fund their breakfast. This is why we as a site, and other sites too, are now warning about such inclusions so that potential users of these products can choose if they want to be scanned and "presented" with a bunch of other stuff, or if they'd rather look for something else instead.

by Joe A.TT (not verified) on 30. September 2011 - 21:40  (80659)

MC,

You are quite right in refusing to continue to be dragged into any debate by this rihu. I'm sure any half-witted person can read his/her posts and come to their own conclusion about just where rihu and OC stand in relation to each other (although rihu never indicates one way or the other). Isn't that sort of behavior reminiscent, hmmm?

I have come across such persons before who refuse to "see" the difference in the arguments they put forward. Fortunately, most people with any bit of common sense should arrive at a sound judgement once presented with the facts.

If I may spell out the difference:

- Disclosure that is UPFRONT - not sneaky or totally absent.

- Placing the power of choice where it belongs - in the end-user's hands.

And THAT is what makes the ENTIRE difference!

"No further arguments Your Honor, I rest my case."

by MidnightCowboy on 1. October 2011 - 5:13  (80673)

Thanks for supporting our position :)

Now we have the CNet wrapped installer to contend with as well.

http://www.techsupportalert.com/content/cnet-downloadcom-wrapped-install...

What a life! :D... have a great weekend.

by rihu (not verified) on 24. May 2011 - 16:02  (72604)

So why don't you offer a disclaimer page allowing your users to turn off AdSense and other ads on your site before loading your pages, so they don't get scanned by the ads platform funding you?

Until I don't see an opt in or opt out page on your site allowing users to avoid being scanned by your ads, I cannot believe you are seriously concerned by your user's privacy (but just concerned to exploit fear mongering as you can to get some more visits and impressions).

I neither had found a single user happy of being scanned by online ads platforms like adsense and similar ones, nor to get tracking cookies.
But I see a lot of webmasters and bloggers very concerned to NOT correctly inform users about privacy risks of online ads, and not talk of ad-blockers.

I recommend all your readers to get AdBlock - or use Opera that has built in ad-blocker.

by Radelen (not verified) on 30. August 2011 - 21:46  (78683)

:-D
Strictly speaking...

by grimbles on 11. May 2011 - 23:54  (71799)

UPDATE:

I have previously defended the practice of bundling OpenCandy; largely based on the premise it would [mostly] be utilised in a completely overt manner and include an opt-in system.

Seems that assumption was way off the mark. More and more freeware is being surreptitiously bundled with OpenCandy. Surprisingly, the practice is not limited to minor titles either, some popular and [previously] reputable developers are included.

We can only trust that this sneaky, underhanded practice will result in a severely negative impact for those involved and will subsequently fall out of favour.

Gizmo, you were spot on mate, I was mistaken...what more can I say. :)

Cheers.

by Alex B (not verified) on 3. May 2011 - 4:35  (71321)

as of 5/2/11 OC is not included in the program. However Bing toolbar is trying to get snuck in to the installation, so be sure to uncheck (deselect) if you do want the add-on

by Anupam on 3. May 2011 - 6:53  (71328)

Which software are you talking about?

by MidnightCowboy on 3. May 2011 - 6:58  (71329)

I'm guessing it's IZarc although the request above clearly asks to post such comments "on the appropriate page".

by Anupam on 3. May 2011 - 7:09  (71330)

Should be deleted then. Does not tell what software its about, and also is not in accordance with the request.

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here