Security Corner

Apr 8 2011   12:06AM GMT

OpenCandy – Benign Adware or Malicious Spyware?



Posted by: Ken Harthun
Tags:
adware
Malware
OpenCandy
spyware

OpenCandy (OC), a relatively new advertising product is currently being bundled with software installers for popular programs including IZArc, mirC, PrimoPDF, Trillian Astra and more. As always happens with “new” methods of advertising via bundling agreements, OC is generating quite a bit of controversy in various forums and blogs. Some say it is benign adware under control of the person running the installer, others say it has the potential to be malicious spyware. I have no personal experience with OC, so I did some investigation by seeing what the OpenCandy folks had to say:

OpenCandy provides a plug-in that developers include in their software to earn money by showing recommendations for other software in their installers. Developers use this money to keep their software free and invest in further software development.

The installer uses the OpenCandy plug-in to present a software recommendation (such as the one below) during installation. You have complete control to accept the software recommendation by selecting either the “Install” or “Do not install” options on the software recommendation screen.

OpenCandy isn’t installed onto your computer, doesn’t collect personally identifiable information about you, and doesn’t collect information about your web browsing habits. It is safe, secure, and used by hundreds of software developers, including many of the world’s largest anti-virus companies. Several of our partners are listed here: http://opencandy.com/discover/.

IF this is true, then it looks like OC is benign. Check out the partners at the URL above, then you decide.  Other forum members at Dave’s Computer Tips seem to agree with me:

ozbloke: I believe OpenCandy, as it now stands, is relatively harmless adware; on the proviso that the software distributors who bundle it with their products stick to a regimen of full disclosure and and employ an opt-out system. However, the potential for abuse is somewhat disturbing and I would like to see some more concrete assurances/guarantees in place.

As always, caveat emptor.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: