Use Caution with OpenCandy
The other day I was looking at some open source software available on sourceforge, a place for the development of software. I have normally found sourceforge to be an excellent source of totally ad-free, safe, and free software.
Once I found something that looked interesting, I decided to have a look at the reviews before downloading. Recently I have found more and more software that attempts to install garbage on my system. Fortunately most of these have places to uncheck (deselect) the toolbars, etc. that are offered and unwanted. Watch closely for these, and don’t automatically click install. A friend of mine had to have her computer completely re-imaged because she did not see a checkbox and got some sort of malware she could not figure a way around.
Looking at the reviews, I was quite surprised to find someone commenting on a thing called “OpenCandy” that came with the installer that could NOT be turned off during the installation process.
I decided to investigate to get a general picture at least. According to their website:
“OpenCandy is a service that helps app developers earn money and keep their apps free-of-charge for you, the user. Developers earn money by recommending other select, free apps during the download and install process of their free app. We guarantee that all app recommendations are optional and you may choose to accept, decline, or uninstall any app at any time. As it takes an enormous amount of time, effort and investment to create apps, we are focused on helping these developers keep their apps free (and their lights on) while maintaining the highest quality user experience.”
This in itself is admirable. People should be compensated for their work. It’s encouraging.
From what I was able to determine OpenCandy only runs only during the installation of the software, but having not actually installed a program that uses it, I am not sure. The website states that it never installs permanently on your computer and self-deletes at the end of the installation process. They compare it to Google adsense.
On the con side, OpenCandy does connect to outside servers and there is a data exchange. Since OpenCandy is not open source, we do not know what data is exchanged.
Their servers could also be compromised. This, of course, is possible anywhere. Even governments and banks have been hacked. But it could allow some sort of a malicious payload to land in your computer.
I found that if the installer comes as a zip file, OpenCandy comes in a plugin file. Just look for a file with “plugin” in it. Remove the file, but don’t delete it in case you pick the wrong file and the software won’t install without it.
Ultimately, you will need to decide for yourself how important the download is to you, but at least for now, you know the facts of both sides of OpenCandy.
Keeping your system backed up, and a Windows image file on disk can help allay worries, but restorations take lots of time, so please use caution.
For more tips please go the official ZookaWare Google+ page.