Controversial Advertising Program Now Being Embedded in More Software


OpenCandy (OC) is an advertising product that some software developers are bundling with their programs. It can now be found in the installers of dozens of popular programs.

OpenCandy employs some controversial techniques in its operation and this has created some heated discussions in Internet forums and blogs. Some say it is adware or spyware while others say it is just another legitimate form of advertising. Whatever, you need to be aware of this product and its potential pitfalls.

How OpenCandy Works

OC makes software recommendations to users during the program installation process. That is, while you are installing one product you get an invitation to install others. Users can accept or reject these download recommendations from OC; it is their call. Here's an example of how it works when you install a program.

At the start of an installation process you are presented with the licensing agreement which clearly flags OpenCandy as a separate agreement.



And here's what the agreement says:


If you agree to this you get offered other products to install before installing the program you need. The products offered depend on what you already have installed on your PC - OpenCandy scans your PC to find that out.

Not all implementations of OC work the same way. Sometimes the "install" or "yes" option is preselected. That means that users who just mindlessly click through the installation of the product they want to install will also end up downloading and installing additional products. How OC is configured depends on the software vendor.

Harmless Advertising or a New Form of Spyware

Now to some readers all this may sound harmless enough but there is more to it:

  • The recommendations made by OC are partly based on the products you already have installed on your PC. OpenCandy determines this by secretly scanning your PC without ever asking your permission.
  • While you can elect not to download any of the programs suggested by OC you cannot opt out from installing OC itself; it is fully embedded in the installation process. The situation is made worse by the fact that some software vendors don’t even mention in their End User Licensing Agreement (EULA) that OC is included as part of the installation process for their product.
  • If you accept any of the software recommendations made by OC then not only will that software be downloaded and installed but OC will also permanently install itself on your PC as well.
  • Regardless of whether you accept or reject OC’s software recommendations OC will transmit information about your PC back to the OpenCandy Corporation.
  • Some anti-malware programs including Microsoft Security Essentials and the excellent freeware Avira flag some products containing OpenCandy as adware.

The makers of OpenCandy have published some credible counter-arguments. They claim:

  • Many installers from reputable companies scan your PC during the installation process to check for old versions, the existence of essential components and more.
  • They also claim that OC installs nothing permanently on your computer should you choose not to accept any OC download recommendations.
  • They state that any data about your PC sent back to OC is the kind of general information collected when you visit a website and contains no personally identifiable information.

They also put forward an argument that OC is not adware as it does not conform with the Wikipedia definition of adware as programs that display ads during program operation or usage. Using definitions to deflect the argument is ridiculous. OpenCandy is without doubt adware. Yes, it displays ads during product installation rather than product operation but the effect is the same. To claim otherwise is fatuous.

But there is nothing particularly wrong with adware. Many reputable products like the free version of Avira AntiVir and AVG Antivirus are adware. The product ads are the price that many users are prepared to accept in order to get the product for free.

Is OC spyware? There is little evidence to suggest this rather it seems to be just another form of adware. However it does worry us that the distribution model OC uses could potentially be used to turn the product into spyware.

In fact that’s the aspect of OpenCandy we find most disturbing. With the product now installed on a huge number of computers the current or future owners of the product could be tempted at some time in the future to more aggressively utilize the huge installed base. Can the OpenCandy Corporation or its successor be trusted not to exploit this opportunity? Will a hacker break into their system and create a huge botnet? Who knows; nobody can know but the possibility itself is disquieting.

The Gizmo’s Freeware Policy on OpenCandy

We thought seriously about banning any product containing OpenCandy from our website but have decided against that on two grounds:

First, we have no evidence that OpenCandy is a malicious product or spyware. It is simply an adware program. Yes it is a product that makes us feel uncomfortable in the way it pushes privacy limits and even more uncomfortable with the potential for the model to be exploited but these are ultimately soft objections.

Second, to ban products containing OC would deprive our users of the right to make their own choices as to the products they wish to use. Some of the programs that contain OC are of outstanding quality. If users wish to use these products knowing that they contain OC then we need respect that choice.

We have however decided to attach some strong conditions to products that contain OpenCandy:

  • Gizmos’ Freeware will not list any program that contains OpenCandy in its installer and does not clearly state this fact in its End User Licensing Agreement (EULA).
  • Gizmo’s Freeware will not list any program that contains OpenCandy that does not provide users with the ability to opt out of all recommended downloads.
  • The presence of OpenCandy will be treated by our editors as a negative when preparing our lists of recommended programs. It will be left to individual editors whether a program’s features and other strengths are sufficient to offset the inclusion of OpenCandy.
  • Where we do list programs which we know contain OpenCandy, we will clearly alert our readers to this fact.

This policy is now in place but it will take some time** for us to check every product and decide whether we will continue to recommend it. If you are aware that any product we recommend that contains OpenCandy then please leave a comment at bottom of the program review.

Now I know some people will consider these initiatives to be an over-reaction while others feel we have not gone far enough. What we have tried to do is balance the right of our readers to make their own informed choices about the products they use against the concerns we have about the OpenCandy marketing model.

What I can say is that we will keep the situation under ongoing review. Should the OpenCandy company show any indications they are moving their product in a direction that is not in the interest of our users then we will immediately ban all products containing OpenCandy from this site.

** To the best of our knowledge, all products listed here which contain OpenCandy have now been identified and an appropriate advisory added to the text. The situation is fluid though as some authors will no doubt remove it and others will begin bundling it with new software. If you discover an incidence of OpenCandy within a product listed here which is not marked as such, please inform us by leaving a comment on the appropriate page, or by contacting one of the mod team directly.




Please rate this article: 

Your rating: None
Average: 4.8 (1431 votes)


Thank you for the Unchecky post. I've recently been running across OpenCandy with a few things and have wondered about it. Fortunately, something (Malwarebytes?, I forget) has been blocking it while allowing the rest of the installation to continue. Or at least, that's what I'm hoping is happening. Regardless, will be downloading Unchecky to check out.

The actual file name is: HOSTS

That's host with an 's'.

This is an old trick that works on Windows machines. YMMV on Apple/Unix/Linux.

What it does is re-direct any name listed on the right hand side to whatever URL is listed on the left hand side. effectively does not exist.

Add the above list to your HOSTS file and what windows does is redirect any attempt to communicate to the name (ex: to the URL This will result in a 'cannot connect' type message.

I already had in my HOSTS file:

So I've added in the new ones. Thanks!

To see what's going on, try pasting/keying into your browser address bar and see what you get. I got this in Firefox:

"Firefox can't establish a connection to the server at"

It's a nice trick, although a bit 'under the hood' geeky. But then if you are not a least a little geeky, whatcha doing here at Gizmo? (grin)

Wiki has more to say here:


I have used PeaZip for some time, and found it fulfills all file needs, and does it well too.
OpenCandy has always accompanied PeaZip, but separately, and I have always uninstalled it.
OpenCandy is now integrated with PeaZip to prevent uninstallation, I assume. The latest versions of PeaZip therefore cannot be used without OpenCandy.

Open Candy's EULA, now accompanies PeaZip (see below), and appears quite innocuous to me, and perfectly lawful.

The fact remains, however, that this is MY Computer and OpenCandy is passing information relevant to the type of software I use, along with my email address, of course. This, PeaZip claims is lawful.
On the whole, I get such good results from PeaZip, that I am not in the least concerned, now that I have read Open Candy's EULA, that my privacy is not in any way DETRIMENTALLY compromised.

It is therefore my own choice to install or reject any software recommended to me by third parties.
No unwanted software is therefore forced upon me, neither is such software surreptitiously installed on my PC.

Until a law forbidding this sort of practice is passed, PeaZip may continue, lawfully, to include OpenCandy. I have the choice either to continue to use and update PeaZip, or refrain from its further use. I choose to continue to use it, along with OpnCandy, as PeaZip is useful to me.

PeaZip openly states before one installs it, that OpenCandy forms part of PeaZip. I appreciate that sort of openness. What I HATE is purchasing a program which contains Adware.(like RegClean Pro from Systweak only to find that a large portion of the interface is devoted to Adware, advertising Advanced System Optimizer v.3 - all my attempts to obtain a refund from Systweak have failed . It was purhased through Cleverbridge.)

[Moderator's note: Unnecessary posting of Peazip license removed.]

I've posted months ago about the OpenCandy bundling, now I checked back new version (32 and 64 bit) of PeaZip and it seems no longer bundling it, as for the eula and for Virustotal scan result.
Also, Techsupportalert page no longer reports it being ad-supported, so I can safely assume OpenCandy is no more being bundled.

BallyIrish - I appreciate the time you took to do the research for your input on Open Candy (OC) and thanks sharing that info because now I'm aware of their integrity or lack thereof.

I respect your decision if its right for you but I disagree that your "privacy is not in any way DETRIMENTALLY compromised" or their terms of usage are innocuous. If it was then why do they need to force it on PeaZip users? Once they have your info - its theirs for as long as they want it and You have no way of predicting what they'll do with it in the future. they claim they don't collect or share your "personal" info. Really? Then why obtain the email at all? Plus keeping track of the software you use as well as having your email address is VERY personal and THEY decide what to do with it - not you.

Its easy for them to say "we don't collect or share your personal information" its an incredibly vague statement. In what world is collecting your email address NOT collecting it? It just gives them range to be "creative" with your information. There are ways of getting around that claim and justify that it falls under the archaic laws already in place - which were written without consideration of the internet. Most new laws are poorly written too.

The practices employed by these companies are out of touch with the right way to market/advertise. First, they don't consider whether you're a logical consumer candidate, they don't put enough effort into targeting the audience. Instead they mass market or mass advertise thinking this works even though analytical data shows its not cost effective. They under estimate the intelligence of consumers such as using the kind of tactics used by OC - forcing THEIR marketing policy on ALL the PeaZip users instead having the option to opt out. This tactic will never promote trust or loyalty. They think overkill is consistency when its really obnoxious.

As a consumer with many years of marketing experience as well as education in color marketing both online and off I can say without hesitation that these kinds of practices alienate consumers more than attracting them.

Equally as valuable as the great reviews we get here is the personal support of the Editors themselves in clarifying any misunderstood points.

All of which is topped off by the intelligent friendly commenters to found here as well.

@Ballyirish I agree with your post completely. The only other addition I would add is that we should all make it clear to the initial program suppliers how we feel.

I now actively support and DO take the time to communicate with program suppliers for the good AND the bad.
It is surprising how few people ever do say thanks for a freebie, sadly.

I've used recent versions, including current one, and for what I know ads were always not mandatory. page says anything preventing unistallation or otherwise tricking the end user should be reported to be banned.
PeaZip homepage anyway still links a package without OpenCandy in the same paragraph talking of the bundle, and of course there is the Portable version that is just a zip file.

There is more information about this here: I think it is important to understand that things are "promoted" simply because no one would buy them otherwise. If for instance the true benefits of tweak tools and registry cleaners were ever researched and the results published by an impartial source, then no one would buy one ever, or even use a free one come to that. Everyone is open to this type of influence though and I am evidence of same having once been the proud owner of a Bullworker. :D Folks are free to classify OpenCandy as they see fit but it still remains a back door money making exercise that is hard sold to developers for them to include in their software. This is then forced on consumers in a way that most find detestable as illustrated by this being the largest number of complaints we receive on any subject. MC - Site Manager.

I come from the "Old School" where we tried in marketing to create good relationships with prospective clients and the prevalence of the unethical assaults on our computers should be made illegal.

This comment of yours should be a sub-header all over your Site - as a warning to programmers!

This is then forced on consumers in a way that most find detestable as illustrated by this being the largest number of complaints we receive on any subject. MC - Site Manager.


The unnecessary posting of the license has been removed. It's long, and not suitable for posting here... and if anyone did want to see the license, they can do so by downloading PeaZip. Yes, it's a personal choice whether or not a person likes the adware that are being bundled with the software or not. Some people are OK with it, some are not. But, fact remains that this is adware. There is an option to decline the software recommendation shown by OpenCandy, but, if you decline that, OpenCandy files should not be stored on the system. But, OpenCandy files and registry entries do get on the system, and this can be considered to be a kind of spyware activity by some. You wrote about purchasing the program shown by OpenCandy as a recommendation. You did not had to purchase it, unless you wanted to. That is just a recommendation, and the users are not bound to buy that software, to use PeaZip. That is what adware is, it shows ads, and wants you to purchase the software it recommends, which is what you did, and this is how these adware succeed. You can already see the kind of crap programs they recommend. I think it was a mistake on your part to decide to buy the software that was recommended. It was a recommendation, and you could have declined it. If you want to avoid OpenCandy, you can download the portable version of PeaZip, which should be free from OpenCandy.

awesome article. well written, great intent.

thank you.