Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

CNET TechTracker - Malware Warning

May 23, 2011 11:24AM PDT

After being offered this free application from CNET, I tried to install it and was denied doing so because my antivirus program AVG, found it contained Malware. Thank God for AVG!

Discussion is locked

- Collapse -
Did you find Open Candy?
May 24, 2011 12:06AM PDT

If so you may want to research this a little bit more.

MEDIAINFO an open source app is using Open Candy as well.

Open Candy is not Malware.
Bob

- Collapse -
Win32/OpenCandy
May 24, 2011 11:34AM PDT

Thanks Bob, I found two instances of Win32/OpenCandy relating to TechTracker. I will see what I can find using the information you have given me.

Regards Ricochet

- Collapse -
Re-Open Candy/win 32-amsn has Open Candy spyware warning-
Jun 19, 2011 10:56PM PDT

It happened to me a just over a month ago. I downloaded amsn a clone of Windows Live Messenger but not made by the same people. I downloaded amsn messenger from this site C.Net and right away I got a warning from Windows Defender. Windows Defender is a spyware scanner and remover that is bundled with mine and all other Windows 7 and Windows Vista,and Windows XP computers. Windows Defender told me it had detected OPEN CANDY which it warned me was spyware in my system 32 folder in my amsn download and offered to remove it for me.

- Collapse -
Possibly a false postive
Jun 19, 2011 11:21PM PDT
- Collapse -
Thank you for your help Mark-
Jun 20, 2011 12:06AM PDT

Thanks for your help in this matter. I tried to report it to C.Net managers but there was no link to do this. But I am glad you have done this for me. And in another thread someone said that their anti-virus product which was not a Microsoft product did not detect it. But Microsoft is what runs our Windows operating system.So they would not lie about some thing like this.

- Collapse -
A few notes...
Jun 20, 2011 1:04PM PDT

1.) Open Candy is actually adware, not spyware. Neither is desired, though adware displays ads while spyware collects information about you, your computer, usage, et cetera. The takeaway is that adware is annoying while spyware is dangerous.

2.) Windows Defender has been replaced by Microsoft Security Essentials, a newer and more complete free security application from Microsoft. Both have had their share of low ratings from independent security analysts, though, and are best when paired with additional security software.

3.) There is a "Help Center" link at the bottom of every CNET page. From there, you can send an email (open a help desk ticket) to CNET customer support to ask questions, raise potential issues, et cetera.

Hope this helps,
John

- Collapse -
What I found
Jun 20, 2011 1:50AM PDT

This is from Open candy website.

Q: What happens when I run an installer that's OpenCandy-powered?


A: When you run an installer powered by OpenCandy, it asks our servers for a list of applications that the developer of the software
you're installing has chosen to recommend for your language, operating system and country. Our plug-in (OCSetupHlp.dll) then selects the first valid recommendation to show. Recommendations must pass certain criteria to be valid (such as, "Is this software already installed?", "Are the necessary files needed to install this available?", etc.). For each recommendation in the list, an anonymous "Yes" or "No" is sent back to our servers so we can collect aggregate data to improve our recommendations. Once a valid recommendation is found in the list, our plug-in downloads the graphics required to display the recommendation to you. At
this point, you can choose whether you want to install the recommended software. Non-personally identifiable statistics about the developer's software installation, the recommendation process, and the installation of recommended software, are collected.

This is how you get what they call FREE software. I think Download.com should alert their user that the software they are downloading is powered by Open Candy and that it will communicate with it's servers to make other recommendation to the installer for more FREE software.

What I see, they are searching your puter and sending info to the Open candy servers about the person who thinks they are getting something for free.

- Collapse -
Re-what I found-
Jun 20, 2011 3:31AM PDT

Here is some of the page from the Microsoft website about Open Candy-

- Collapse -
Where's the mal in this ware?
Jun 20, 2011 3:46AM PDT

I didn't find any malicious activity in OpenCandy. Tell more.

I define malicious as hijacking web pages, deleting or hiding my files, etc.
Bob

- Collapse -
Depends on how you define it
Jun 20, 2011 4:06AM PDT

I define malicious as anything that gets installed on my hard drive without my knowledge or permission and does what ever it chooses. Now, what this program searches for is what programs you have installed and then compares this to a list it has generated and then transmits information back to its servers. When it does this, does it ask you first if you want this to happen. My only encounter with this program was it did not inform me that it was going to be installed. It was my firewall that told me it had been installed and was trying to phone home. It does boil down to how you define what is malicious.

If someone gave you a new couch, would you allow them to come over to your house while you where not home and without your permission and go thru it to see what other pieces of furniture you had. I bet not.

- Collapse -
Then this does not qualify?
Jun 20, 2011 4:11AM PDT

There are no registry entries, one DLL that vanishes after the install and no other software other than what you installed.

As to the transmission, some want absolute privacy so why didn't your firewall step in here?
Bob

- Collapse -
My Firewall did step in
Jun 20, 2011 7:21AM PDT

Let me paste what i said.

It was my firewall that told me it had been installed and was trying to phone home. It does boil down to how
you define what is malicious.


The DLL was placed on my hard drive and then ran without my knowledge or permission. I call that installed even if they intend on deleting it later. Their own website even states this. Please refer to my reply titled what I found. If my memory serves me correctly it was in a temp folder. This I will not swear to because it has been about a month and at the time I just wrote it off as just another attempt to use what I call approved spyware to gather information on what programs people are using. I know that people who profit from this kind of spyware will defend it and it will not be flagged by to many malware programs. Some companies call it customer experience improvement. That is a great piece of marketing.

This is why people should have their firewall set to flag things and not depend on auto set white and black list. The funny thing about this discussion is I can now use this as an example when teaching people the importance about not letting firewalls use auto learn or auto approve when it comes to what goes in or out of your puter.

- Collapse -
Good but why are not upset with MSI installs?
Jun 20, 2011 7:27AM PDT

They work the same and you seem to want to call this one very bad when I've seen far worse with... Let's pick on Office 2010, Windows 7 and more.

If you don't let them call home, they don't run!
Bob

- Collapse -
Just for clarity. ANY other installer has to do this.
Jun 20, 2011 7:29AM PDT

Let's hear your answer to what to do about installing software today.

I'm referring to running some exe, dll, msi to do the install.

You have not made a case about the "mal" in what you are calling malware.
Bob

- Collapse -
WOW your fast
Jun 20, 2011 7:49AM PDT

My Windows 7 works fine and it does not call home until I allow it to get updates. It has to phone home to activate, but I know ahead of time it is going to happen. Nothing was placed in secret and tried to phone home will out permission.

The real truth is your trying to compare apples to oranges. The programs you mentioned have no bearing on Open Candy installer. I have install thousand maybe hundred of thousand of programs using MSI and none of them search my hard drive and phoned home to compare my programs to a generated list.

The mal in this is that it does it without asking the person who owns the puter if they want this done. It is trying to do this in secret to push other programs on the poor guy or gal.

Also let me paste this from their web site.

Non-personally identifiable statistics about the developer's software installation, the recommendation process, and the installation of recommended software, are collected.

I under lined the most important part. To me that again demonstrates the mal part. They are collecting info on what goes on everything that occured during the install, the search of your, hard drive, and if any recommended software was installed. I, myself and me never believe the part about the non-personally identifiable part.

- Collapse -
So it's not malware? And it does not "install" OpenCandy.
Jun 21, 2011 1:47AM PDT

You've come a long way to understanding what it is.

At least you won't lose time in your next discussion over what it is not.
Bob

- Collapse -
Lets take this discussion to a better forum
Jun 21, 2011 2:13AM PDT