OpenCandy explained: what you need to know about the technology
OpenCandy is a technology that software companies can add to installers to earn money from optional software offers that are based on a system scan and the user's location in the world. That's different from software installers that always include the same type of offering, the Babylon Toolbar or the Ask Toolbar for instance, regardless of the user's location in the world or whether the toolbars are already installed on the system.
According to the FAQ on the OpenCandy website, the installer queries the company server for a list of recommended apps for the user location, operating system and language and checks those against the installed applications on the system and prerequisites that those programs may depend on. The first recommendation to pass all tests is then selected and presented to the user in the installer.
OpenCandy sends anonymous statistics back to the server which is used to improve the technology and to provide software companies with analytic insights.
Installation Process
Here is a typical installer that is using Open Candy. You should see an OpenCandy EULA link on the first screen which reveals to you that OpenCandy is being used by the installer.
Applications powered by OpenCandy
This is a short incomplete list of application installers that are powered by OpenCandy technology:
- CCleaner
- CDBurnerXP
- CutePDF
- Daemon Tools
- Extract Now
- Free Video Converter
- IE7 Pro
- MediaCoder
- MiPony
- Miro
- Orbit Downloader
- SPlayer
- Super
- Unlocker
- uTorrent
- Winamp
- WinSCP
As you can see, this includes many popular applications. According to OpenCandy, hundreds of applications are powered by the technology.
What OpenCandy collects
- operating system version and language
- country location
- timezone
- language of the software installer
- if the installer was completed or canceled
- if a third party recommendation was made, and whether it was accepted or declined
- if the recommendation was downloaded and the installer initiated
- if the installation completed successfully
According to the FAQ, Open Candy does not collect personally identifiably information about the PC or user. The company notes that it does not collect or store IP addresses.
Is OpenCandy adware?
The answer depends on the definition of adware. According to Wikipedia, adware is any software package which automatically renders advertisements. The answer must be yes then, as OpenCandy displays automatic advertisement for another software product during the installation process.
While it is certainly is adware, it is not spyware or malicious in nature. It does not install software without the user's consent nor does it place tracking software or files of its own on the user system.
Can you bypass OpenCandy?
Some programs support the /NOCANDY parameter which you can add to the run command when you start the installer to bypass OpenCandy during installation. While this works with some applications, it does not seem to work with all that you may come across.
Should you avoid software that comes bundled with OpenCandy?
This is obviously a question that only you can answer for yourself. I do not really mind the program for as long as it is not collecting personally identifiable information, adding software or files without user consent on the system, or trying to hide or sneak by in other means.
I'd still recommend to pay attention to the installation dialog and try the /nocandy parameter whenever you install software that comes bundled with OpenCandy.
Advertisement
Hmmm OK . BTW I can’t find the list of softwares using open candy . I visited this link http://www.opencandy.com/kick-apps/ . But cannot find CCleaner , utorrent , and other softwares listed above . Where did you get this list ?
In the link:
http://www.opencandy.com/kick-apps/
provided by ComicHippo (above),
Unfortunately,
I see 3 progs which are “bread & butter” for me:
– Notepad++
– Dropbox :-(
– 7zip
Oh no!
How do I know when to use
the “/NOCANDY” parameter when I run the installers.
What if I upgrade an already installed Dropbox or Notepad++
?
Is there a “/NOCANDY” parameter for Dropbox or Notepad++,
to upgrade ?
(PS – sorry f/ the double post).
Not all programs in that list use OpenCandy, I think.
It is available on several places, Wikipedia has a short list for instance. You also find applications that use it by searching for open candy as many seem to have pages up that explain their decision to use the technology.
Thanks .
BTW could you install Disqus comment system on your blog . I have to keep hitting F5 to see if I got a reply or not ( and am sure many others have to do the same thing ) . On Disqus I get a global notification for all the websites I have commented on ( and yes I did see the “Notify me of followup comments via e-mail” ) .
I do not like Disqus for a number of reasons, for instance that it needs to load a JavaScript file on every page load.
But this site runs on dedicated servers right ?
Yes it does, but every single second counts.
Do they earn per install or they get money for just including the options to install ?
It is very likely that they earn per install.
I noticed OpenCandy prompts with installations number of times, and I think it did nothing bad to me and my PCs. So I don’t care much about it.
I have worse feelings about toolbar bundlers, especially when you have to choose “custom install” to avoid toolbar crap, homepage and default search engine change. And my worst impression was from SUMO regular installer, which bugged me with 6 or so adware pieces (but using it you will be pushed to custom search anyway).
Comparing to bundled toolbars, OpenCandy looks like “nice guys” for me, really.
One of the simplest way to protect your system’s information is that you shouldn’t allow these applications through your firewall to access the internet. With firewall you control the way applications access internet and share your precious information.
Even if it’s not adware, OC is certainly annoy-ware. For clean downloads, I go first to Major Geeks, which has everything and warns you if the source installs its own downloader or tries to trick you into installing the Babyloony Toolbar. For that f****r, refusing the download once isn’t enough. You have to refuse twice.
Much less intrusive and spyful than Google.
An easier way would be to disconnect your internet connection during the installation since OpenCandy only works during install.
Portable has its limitations. Hate having to update my stuffs manually. Depends how much time you have to babysit your portable software and keep it uptodate…
That is one of the reasons why I use only portable application as they never contain spyware…like OpenCandy…
An application that scans you PC to collect data (excluding security apps) IS spyware.
I totally agree about portable! Screw spyware with its communications slowing down my resources, not to mention fragmented registries!
On most of the programs you noted (and others not listed), you can bypass OC by unpacking the exe via uniextract and remove the OC installation files. They are pretty obvious.
Rick interesting, thanks for mentioning this.
7zip can do some unpacking. Uniextract can handle many other setup packages. I have updated my uniextract installation for the updates to many of the setup installer packages including one of the most popular – Inno.
So I normally start with uniextract, then try 7zip, then move to sandboxie, and finally, and boy I really want the software at this point, move to a clean virtual machine and do a system compare to identify the changes and then see what I can do.
And for the heck of it, I’ve also created a quick demo of unpacking MediaCoder (with OC).
http://www.youtube.com/watch?v=zJpvUK_69mo
Thanks Rick. Any reason why you are using Uniextract and not a program like 7zip?
For those who are interested in a 1 minute demo, I have put up a video on youtube to show how “Unlocker” – a Babylon installer (not OC I’m sorry to say Martin), can be unpacked and be made into a portable application.
http://www.youtube.com/watch?v=GtEKACDBWEI