If I had restricted the question to just the CNET secure download wrapper you would be correct. This question also involves CNET download.com allowing the use of OpneCandy installer in programs downloaded from their site. After reading the second link I am going to go back and check a few more programs to see if they also violate their policies. OpenCandy clearly violates 2 of the policies and I will paste them below.
Software that serves intrusive advertisements through a Web browser, a
pop-up window, or Web sites outside the software's primary interface.
Software that includes or uses surreptitious data collection.
Software that collects and transmits information about end users or end
users' computer usage without adequate prior notification.
The first one we can debate all day long by the use of the words outside the software primary interface, but both installers clearly uses a pop up window to advertise by making a recommendation of another program.
OpenCandy clearly states in its FAQ that they collect data anonymously making it in violation of the next 2 lines in the policy.
How many people know that using either of these installers that they are opting into data collection. Do they open a window asking the person if they want a program recommendation and if they do that data will be sent and collected? I know they can opt out of toolbar, home page change, and search engine change. Are they given a opt out on anything else?