OpenCandy explained: what you need to know about the technology

OpenCandy is a technology that software companies can add to installers to earn money from optional software offers that are based on a system scan and the user's location in the world. That's different from software installers that always include the same type of offering, the Babylon Toolbar or the Ask Toolbar for instance, regardless of the user's location in the world or whether the toolbars are already installed on the system.

According to the FAQ on the OpenCandy website, the installer queries the company server for a list of recommended apps for the user location, operating system and language and checks those against the installed applications on the system and prerequisites that those programs may depend on. The first recommendation to pass all tests is then selected and presented to the user in the installer.

OpenCandy sends anonymous statistics back to the server which is used to improve the technology and to provide software companies with analytic insights.

Installation Process

Here is a typical installer that is using Open Candy. You should see an OpenCandy EULA link on the first screen which reveals to you that OpenCandy is being used by the installer.

open candy

opencandy adware

Applications powered by OpenCandy

This is a short incomplete list of application installers that are powered by OpenCandy technology:

  • CCleaner
  • CDBurnerXP
  • CutePDF
  • Daemon Tools
  • Extract Now
  • Free Video Converter
  • IE7 Pro
  • MediaCoder
  • MiPony
  • Miro
  • Orbit Downloader
  • SPlayer
  • Super
  • Unlocker
  • uTorrent
  • Winamp
  • WinSCP

As you can see, this includes many popular applications. According to OpenCandy, hundreds of applications are powered by the technology.



What OpenCandy collects

  • operating system version and language
  • country location
  • timezone
  • language of the software installer
  • if the installer was completed or canceled
  • if a third party recommendation was made, and whether it was accepted or declined
  • if the recommendation was downloaded and the installer initiated
  • if the installation completed successfully
Read also:  CCleaner Malware second payload discovered

According to the FAQ, Open Candy does not collect personally identifiably information about the PC or user. The company notes that it does not collect or store IP addresses.

Is OpenCandy adware?

The answer depends on the definition of adware. According to Wikipedia, adware is any software package which automatically renders advertisements. The answer must be yes then, as OpenCandy displays automatic advertisement for another software product during the installation process.

While it is certainly is adware, it is not spyware or malicious in nature.  It does not install software without the user's consent nor does it place tracking software or files of its own on the user system.

Can you bypass OpenCandy?

Some programs support the /NOCANDY parameter which you can add to the run command when you start the installer to bypass OpenCandy during installation. While this works with some applications, it does not seem to work with all that you may come across.

Should you avoid software that comes bundled with OpenCandy?

This is obviously a question that only you can answer for yourself. I do not really mind the program for as long as it is not collecting personally identifiable information, adding software or files without user consent on the system, or trying to hide or sneak by in other means.

I'd still recommend to pay attention to the installation dialog and try the /nocandy parameter whenever you install software that comes bundled with OpenCandy.

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to OpenCandy explained: what you need to know about the technology

  1. rick August 6, 2012 at 10:55 am #

    On most of the programs you noted (and others not listed), you can bypass OC by unpacking the exe via uniextract and remove the OC installation files. They are pretty obvious.

    • Martin Brinkmann August 6, 2012 at 11:10 am #

      Rick interesting, thanks for mentioning this.

      • rick August 7, 2012 at 9:26 pm #

        For those who are interested in a 1 minute demo, I have put up a video on youtube to show how "Unlocker" - a Babylon installer (not OC I'm sorry to say Martin), can be unpacked and be made into a portable application.

        http://www.youtube.com/watch?v=GtEKACDBWEI

      • rick August 7, 2012 at 9:59 pm #

        And for the heck of it, I've also created a quick demo of unpacking MediaCoder (with OC).

        http://www.youtube.com/watch?v=zJpvUK_69mo

      • Martin Brinkmann August 7, 2012 at 11:12 pm #

        Thanks Rick. Any reason why you are using Uniextract and not a program like 7zip?

      • rick August 7, 2012 at 11:17 pm #

        7zip can do some unpacking. Uniextract can handle many other setup packages. I have updated my uniextract installation for the updates to many of the setup installer packages including one of the most popular - Inno.

        So I normally start with uniextract, then try 7zip, then move to sandboxie, and finally, and boy I really want the software at this point, move to a clean virtual machine and do a system compare to identify the changes and then see what I can do.

  2. ilev August 6, 2012 at 10:55 am #

    That is one of the reasons why I use only portable application as they never contain spyware...like OpenCandy...

    An application that scans you PC to collect data (excluding security apps) IS spyware.

    • Karl Gephart August 6, 2012 at 11:05 am #

      I totally agree about portable! Screw spyware with its communications slowing down my resources, not to mention fragmented registries!

  3. Mountainking August 6, 2012 at 12:02 pm #

    Portable has its limitations. Hate having to update my stuffs manually. Depends how much time you have to babysit your portable software and keep it uptodate...

  4. Ajay August 6, 2012 at 2:47 pm #

    An easier way would be to disconnect your internet connection during the installation since OpenCandy only works during install.

  5. kalmly August 6, 2012 at 2:56 pm #

    Much less intrusive and spyful than Google.

  6. KRS August 6, 2012 at 5:19 pm #

    Even if it's not adware, OC is certainly annoy-ware. For clean downloads, I go first to Major Geeks, which has everything and warns you if the source installs its own downloader or tries to trick you into installing the Babyloony Toolbar. For that f****r, refusing the download once isn't enough. You have to refuse twice.

  7. Avi August 6, 2012 at 7:21 pm #

    One of the simplest way to protect your system's information is that you shouldn't allow these applications through your firewall to access the internet. With firewall you control the way applications access internet and share your precious information.

  8. Roman ShaRP August 6, 2012 at 11:28 pm #

    I noticed OpenCandy prompts with installations number of times, and I think it did nothing bad to me and my PCs. So I don't care much about it.

    I have worse feelings about toolbar bundlers, especially when you have to choose "custom install" to avoid toolbar crap, homepage and default search engine change. And my worst impression was from SUMO regular installer, which bugged me with 6 or so adware pieces (but using it you will be pushed to custom search anyway).

    Comparing to bundled toolbars, OpenCandy looks like "nice guys" for me, really.

  9. ComicHippo August 6, 2012 at 6:33 pm #

    Do they earn per install or they get money for just including the options to install ?

  10. ComicHippo August 6, 2012 at 6:42 pm #

    BTW could you install Disqus comment system on your blog . I have to keep hitting F5 to see if I got a reply or not ( and am sure many others have to do the same thing ) . On Disqus I get a global notification for all the websites I have commented on ( and yes I did see the "Notify me of followup comments via e-mail" ) .

    • Martin Brinkmann August 6, 2012 at 6:52 pm #

      I do not like Disqus for a number of reasons, for instance that it needs to load a JavaScript file on every page load.

      • ComicHippo August 6, 2012 at 7:03 pm #

        But this site runs on dedicated servers right ?

      • Martin Brinkmann August 6, 2012 at 7:06 pm #

        Yes it does, but every single second counts.

  11. ComicHippo August 6, 2012 at 7:10 pm #

    Hmmm OK . BTW I can't find the list of softwares using open candy . I visited this link http://www.opencandy.com/kick-apps/ . But cannot find CCleaner , utorrent , and other softwares listed above . Where did you get this list ?

    • Martin Brinkmann August 6, 2012 at 7:20 pm #

      It is available on several places, Wikipedia has a short list for instance. You also find applications that use it by searching for open candy as many seem to have pages up that explain their decision to use the technology.

      • ComicHippo August 6, 2012 at 7:28 pm #

        Thanks .

    • SFdude August 6, 2012 at 11:13 pm #

      In the link:
      http://www.opencandy.com/kick-apps/
      provided by ComicHippo (above),

      Unfortunately,
      I see 3 progs which are "bread & butter" for me:
      - Notepad++
      - Dropbox :-(
      - 7zip

      Oh no!
      How do I know when to use
      the "/NOCANDY" parameter when I run the installers.

      What if I upgrade an already installed Dropbox or Notepad++
      ?
      Is there a "/NOCANDY" parameter for Dropbox or Notepad++,
      to upgrade ?
      (PS - sorry f/ the double post).

      • Martin Brinkmann August 6, 2012 at 11:14 pm #

        Not all programs in that list use OpenCandy, I think.

Leave a Reply