Jump to content

The Safe Free Download Site

Why not become a full member?, it's fast, free and allows you to participate in our forums and add or comment on our free software, leave reviews, access unlimited free downloads and more! - we NEVER share your details with anyone else, that's a promise! ... REGISTER FREE TODAY


OpenCandy - Bad or Good??

15 replies to this topic

#1 James (Jim) Hillier

    Platinum Poster!

  • Super Mod
  • 833 posts

    Posted 07 April 2011 - 10:51 PM

    I must admit to only having come across the term 'OpenCandy' quite recently, after a comment from member Bala7 letting us know this relatively new advertising medium was bundled with one of the freeware products listed here on FreewareBB.

    It seems OpenCandy is proliferating quite rapidly with more and more software developers bundling it with their products. So, I have been spending some time researching this issue. The OpenCandy platform utilises controversial techniques which have been the cause of heated debate across forums and blogs. Many are saying OpenCandy is adware or spyware while others say it is merely a legitimate instrument for advertising.

    When you install a program that comes bundled with OpenCandy; during the installation process OpenCandy will surreptitiously scan the host computer and then make software recommendations based on the findings. The user will then be given the choice of installing the additional software [or not] via an opt-in/opt-out system. Hopefully most [distributors] will stick with the preferred opt-in selection process rather than the very much sneakier opt-out option.

    Here are a few points to bear in mind:

    *The recommendations OpenCandy makes are largely based on the products already installed on your computer. OpenCandy gathers this information by covertly scanning the computer without asking for nor gaining your permission.

    *If you agree to install any of the software recommended by OpenCandy: not only will that software then be downloaded and installed but OpenCandy itself will also be permanently installed on the computer.

    *Even if you choose not to install any of the additional software recommended by OpenCandy, your computer will still be secretly scanned and that information sent to the OpenCandy people.

    The defenders of this system, including the makers of OpenCandy, make the following observations [claims]:

    *Many programs from known reputable companies scan the computer during the installation process to check for older versions and to confirm the existence of mandatory components, etc.

    *If you choose not to accept any of OpenCandy's recommendations, then no 'extras' are permanently installed on the computer.

    *OpenCandy states that any data sent back to them is simply general information of the type normally collected by a website whenever you visit, and contains no personal details.

    There are indeed 'two sides to the story'. On the face of it, OpenCandy seems harmless enough but there are certainly some serious reservations:

    *Will all software distributors who utilise OpenCandy make full disclosure; on their home page, as part of the download details, in the EULA.

    *If an opt-out system is employed for the OpenCandy software recommendations; how many people are going to inadvertently install unwanted extras on their machines.

    *There is currently little or no evidence that suggests OpenCandy is spyware BUT the potential is certainly there.

    Consider this; As the use of OpenCandy expands and it is installed on more and more computers, how tempting would it be for the owners to utilise that massive data base more aggressively.

    What do I think: I believe OpenCandy, as it now stands, is relatively harmless adware; on the proviso that the software distributors who bundle it with their products stick to a regimen of full disclosure and employ an opt-out system. However, the potential for abuse is somewhat disturbing and I would like to see some more concrete assurances/guarantees in place.

    What do you think?

    Jim Hillier - Managing editor Daves Computer Tips.com

    #2 marko

      Platinum Poster!

    • Root Admin
    • 12,938 posts

      Posted 08 April 2011 - 02:58 PM

      Problem as I see it Jim is this, even if it's 100% harmless, there is always an air of doubt about it, simply because someone else before them has done something similar and hammered the users. People's perception of this kind of stuff is usually negative, that's because they install toolbars by the dozen, annoying popups, other bits and pieces that nobody even wants, and other garbage. Now that's obviously not to say OpenCandy is anything like that, and from my own experiences and your description is would certainly appear not to be the case, however anything that can be installed on the sly (even with a disclaimer but without an opt out) is, in my opinion, not on.

      In an ideal world, addon software would be opt-in, that is we would be asked if we wanted to install it with the default option being NOT to install meaning it wouldn't be installed if we missed that option and just pressed 'next', 'next', 'next'. We know this will never happen because simply put there is too much money involved. Everytime someone installs something like OpenCandy there is money to be made from recommendations, referrals and other options - when this happens the person who agreed to bundle OpenCandy will no doubt receive some commission from this and so on and so on. Money talks and makes people do things they wouldn't normally do like agree to bundle stuff with their otherwise fine product. Trouble is, if this third party (the "adware") decides to go nuts and sell everything down the river, the developers reputation goes with it!.

      Personally speaking, and as the owner of FreewareBB, users have to put up with enough surprises these days, without software developers including all manner of useless addon software in their installers which is nothing at all to do with the software itself, but more to do with making money.

      Of course no-one objects to anyone making a little extra cash, but I really do think it does nothing for the developers reputation when they include certain third party addons.

      Talking specifically now about OpenCandy, checking WOT the first thing I see is the reputable "hpHosts" noting that OpenCandy is "Engaged in the distribution of malware". Now this is most certainly not something I would want my software to be associated with, no matter what the interpretation is of "adware" or anything close to it, people see this and run a mile and therefore it's no surprise that FreewareBB have removed software containing things like this. Reading on in WOT there appears to be more than one complaint about OpenCandy although I would be inclined to trust the comments of hpHosts as do WOT. At the end of the day, it really is about individual choices, do you take the chance or not? Is the software really of that much importance to you that you would take a risk? Isn't there an alternative that doesn't include a third party addon?.

      I have no stats or information available to determine whether OpenCandy recommends and installs freeware, shareware, trialware or whatever so I'm further limited to guessing it's possibly a combination of them all which, as a freeware enthusiast, makes that particular add-on even more irrelevant to us all here.

      #3 James (Jim) Hillier

        Platinum Poster!

      • Super Mod
      • 833 posts

        Posted 08 April 2011 - 09:21 PM

        Hey Marko - I do agree with you in principle mate. However, I am inclined to cut a little more slack than your good self.

        In many cases keeping Freeware free is of some import, particularly the good [popular] Freeware. If something like OpenCandy helps developers maintain that free status then I believe it is, overall, doing more good than harm for end users.

        As I said in my original post: providing those developers who utilize OpenCandy are completely up front about it and employ an opt-out system I can't really see any harm. The essential element, I believe, is 'full disclosure'.

        I would tend to discount the negative comments via WOT; there is no evidence at all to suggest OpenCandy is [or contains] spyware/malware. In my opinion, any negative comments would be derived from ignorance or inexperience. I believe those who argue that OpenCandy is spyware are predicating their claims on what could possibly happen rather than what is actually happening.

        When I asked my friend and renowned security expert Ken (The Geek) Harthun about OpenCandy, he agreed that in its current form OC was totally benign [his word]. And that seems to be the general consensus among the security fraternity.

        That said; all of that is fine provided OpenCandy continues to maintain a strict privacy policy, and therein lies the rub - there is no doubt the OpenCandy medium has the 'potential' to become a platform for more sinister purposes.

        Definitely one to keep tabs on!!

        Cheers mate....Jim


        Marko - Co-incidentally I just visited the PeaZip download page to check out the latest version and there is a fine example of how developers can utilize OpenCandy in a sensible and responsible way. Downloads are clearly labeled, from top to bottom: installer - with OpenCandy bundled, installer - without any 3rd party bundle, portable - without any 3rd party bundle.
        Jim Hillier - Managing editor Daves Computer Tips.com

        #4 marko

          Platinum Poster!

        • Root Admin
        • 12,938 posts

          Posted 09 April 2011 - 07:47 AM

          I think the negative comments may not be coming directly about OpenCandy Jim, but may be as a result of their recommendations. I wonder if OpenCandy actually check every download they recommend?, their ratings in WOT would suggest to me they obviously don't, or at least didn't at one point. If that is/was the case, they are potentially pushing recommendations out to thousands or even millions of people who will swallow what they "recommend".

          To me OpenCandy is like those "recommendation" sites which are set up just to take the highest bidder and write favourable reviews about them, OpenCandy will only recommend those programs which make them money, there could be another 10 programs out there which will do something a great deal better although they will never be recommended by OpenCandy because the developers haven't signed up to their advertising network and so we get a biased and income generating based review from OpenCandy - sure, I could do that on FreewareBB and nobody would probably know any different, would help pay the hosting costs as well but at the end of the day if someone exposed me for doing something like that our rep would be in tatters, yet OpenCandy make a living from it :rolleyes: :(

          #5 Richard C Normuss

            New Poster!

          • Members
          • 1 posts

            Posted 03 May 2011 - 05:36 PM

            James /marko

            Recently on checking a couple of free apps registry keys "current user & local machine" I came upon a couple of keys in reference to "OpenCandy".

            Now usually with any freeware install I will check the EULA under the microscope, but these two items in question got passed me.

            The question I have for you is this, do you intend on flagging any new apps or existing app updates that contain "OpenCandy" because I'm sure others will be concerned about any software that has no opt-out on the install?



            #6 marko

              Platinum Poster!

            • Root Admin
            • 12,938 posts

              Posted 03 May 2011 - 06:16 PM

              Hi Richy, any application which installs something (not considered the 'norm') without first giving the end-user the option to decline is, in my personal opinion, suspect and should be flagged. Further still, if there is no mention of the third party installer in their terms then this suggest's they know the third party application isn't very well accepted but nevertheless are trying to bundle it with their software - basically, the end-user's experience isn't on their list of priorities as far as I'm concerned and to answer your question, yes, if we know OpenCandy or any other add-on is bundled in a piece of software which doesn't first give the end-user the option to decline installing it we would, in most cases, simply withdraw our support for that download in question which means it is no longer downloadable from our site. A message is also usually left on the download informing users why the download is no longer available.

              You can see a list of downloads already removed from our site by searching for "(REMOVED)" (without the "" quotes).

              As for your own experience, can you share the details of your findings (namely the titles of the freeware) and we will take a peek ourselves and take the necessary action if we list them :rolleyes:

              #7 James (Jim) Hillier

                Platinum Poster!

              • Super Mod
              • 833 posts

                Posted 03 May 2011 - 11:57 PM

                Hey Richy - Agree 100% with Marko. [not that my acquiescence is required or carries a lot of weight - Marko is the Chief :rolleyes:]

                As I have stated previously, full disclosure is key. I would definitely not recommend any product which did not practice same, and agree any such products should indeed be blackballed.

                I too would like to know the titles of the freeware you mentioned?

                Jim Hillier - Managing editor Daves Computer Tips.com

                #8 Fabrice Meuwissen

                  New Poster!

                • Members
                • 1 posts

                  Posted 04 May 2011 - 10:55 PM

                  hi guys

                  I have a freeware where the "donation" are not enought, unfortunately I m considering Opencandy as a sponsor, and looking on internet I found your thread, it's interesting to get your point of view, and I would follow your recommandation.
                  So in short, Peazip is the model of what to do to notify users about opencandy bundle ? that's right ?

                  #9 marko

                    Platinum Poster!

                  • Root Admin
                  • 12,938 posts

                    Posted 05 May 2011 - 07:57 AM

                    Fabrice, as with any third-party addon I would be extremely careful, there is sometimes a fine line between generating some income for your work and putting yourself and your software's reputation in the hand's of someone else, if any third-party app gains a bad reputation, then it goes without saying anyone condoning it will be tarred with the same stick. We all understand (probably us moreso) the need to generate at least some income to pay for cost's, but in doing so this could mean your putting you're work in the line of fire - all I'm saying is be careful what you recommend, think hard and once you've weighed up the situation try to make the best decision for your users - after all, it's them that will determine success or failure.

                    #10 James (Jim) Hillier

                      Platinum Poster!

                    • Super Mod
                    • 833 posts

                      Posted 05 May 2011 - 05:26 PM

                      Hey Fabrice - I agree entirely with what Marko has said. Once you go with OpenCandy, your own reputation will be intrinsically linked with theirs.

                      However, if you are in a position where you must go with OpenCandy in order to continue your work then yes, PeaZip would be a very good model.

                      It's all about full disclosure; i.e. making sure your prospective users are fully aware.
                      Jim Hillier - Managing editor Daves Computer Tips.com

                      1 user(s) are reading this topic

                      0 members, 1 guests, 0 anonymous users

                      • Alexa