Download.com site feedback forum: CNET TechTracker - Malware Warning

If so you may want to research this a little bit more.

MEDIAINFO an open source app is using Open Candy as well.

Open Candy is not Malware.
Bob

It happened to me a just over a month ago. I downloaded amsn a clone of Windows Live Messenger but not made by the same people. I downloaded amsn messenger from this site C.Net and right away I got a warning from Windows Defender. Windows Defender is a spyware scanner and remover that is bundled with mine and all other Windows 7 and Windows Vista,and Windows XP computers. Windows Defender told me it had detected OPEN CANDY which it warned me was spyware in my system 32 folder in my amsn download and offered to remove it for me.

Of course I let it by selecting clear system and Windows Defender removed the open candy spyware.
Microsoft has classified Open Candy as being spyware and has given a public warning about it here click here http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy

But what I am angry about is despite this and the fact that I also wrote in my review on amsn from the c net download page.In which I gave readers a warning NOT TO DOWNLOAD amsn because it contains spyware see here http://download.cnet.com/amsn/3000-2150_4-11673517.html

Despite my review and the fact that I posted a new thread here on this forum about amsn containing spyware Open Candy it is still on the C .Net. And that software-amsn should be taken off of the site right away as it is not a safe download and software and is not clean. As IT DOES CONTAIN SPYWARE-which Microsoft say is harmful to your computer.

And when you scan with Windows Defender or Malicious Software Removal Tool-MRT both of these spyware scans will pick up any presence of Open Candy malware and remove it for you. And if you use Microsoft Security Essentials-MSE-Microsofts anti virus program,that too will remove the spyware.

I admit I do not use an anti-virus program and do not have any anti-virus software on my computer,except for Windows Defender and MRT. But it was Windows Defender that found the spyware and if it had not have told me I would not have known it was there. A lot of negative things are said about Windows Defender,but it did save my computer.

Now C.Net neeads to look into the software that does have Open Candy in it like amsn does and remove it from their site before some one else downloads it and gets infected with computer malware.

I want to report that download-amsn- as being unsafe to the managers of C.Net this site so that they will take it off the site or at least look into it. But there is no link to do this. So I am hoping someone here will look into it before some one else downloads it. As amsn and any other software bundled with Open Candy is deemed unsafe by Microsoft and not safe on any computer. Andrea Borman.

Thanks for your help in this matter. I tried to report it to C.Net managers but there was no link to do this. But I am glad you have done this for me. And in another thread someone said that their anti-virus product which was not a Microsoft product did not detect it. But Microsoft is what runs our Windows operating system.So they would not lie about some thing like this.

And by the way from what I read on the web it is not the actual amesn messenger that is spyware but the software Open Candy that they bundled it with that is spyware. And also a lot of other software such as media players and other chat messengers is bundled with Open Candy.Making it unsafe to use and, while Windows Defender is not a high security tool like other anti-virus products are. (That's why I use it instead of anti-virus products, as Windows Defender does not impose security settings or do anything you do not want it to,or take over your computer.)Windows Defender is honest software so it would not lie about this security threat.

And if you do get such an alert from Windows Defender or MRT, then that is warning enough that what you have just downloaded it not safe.And anyway Microsoft has condemned Open Candy as spyware. And that is enough for me and anyone else to remove the offending software-Open Candy and any other software that contains it- such as amsn and others.

You just cannot take chances with your computer.Andrea Borman.

This is from Open candy website.

Q: What happens when I run an installer that's OpenCandy-powered?


A: When you run an installer powered by OpenCandy, it asks our servers for a list of applications that the developer of the software
you're installing has chosen to recommend for your language, operating system and country. Our plug-in (OCSetupHlp.dll) then selects the first valid recommendation to show. Recommendations must pass certain criteria to be valid (such as, "Is this software already installed?", "Are the necessary files needed to install this available?", etc.). For each recommendation in the list, an anonymous "Yes" or "No" is sent back to our servers so we can collect aggregate data to improve our recommendations. Once a valid recommendation is found in the list, our plug-in downloads the graphics required to display the recommendation to you. At
this point, you can choose whether you want to install the recommended software. Non-personally identifiable statistics about the developer's software installation, the recommendation process, and the installation of recommended software, are collected.

This is how you get what they call FREE software. I think Download.com should alert their user that the software they are downloading is powered by Open Candy and that it will communicate with it's servers to make other recommendation to the installer for more FREE software.

What I see, they are searching your puter and sending info to the Open candy servers about the person who thinks they are getting something for free.

I didn't find any malicious activity in OpenCandy. Tell more.

I define malicious as hijacking web pages, deleting or hiding my files, etc.
Bob

There are no registry entries, one DLL that vanishes after the install and no other software other than what you installed.

As to the transmission, some want absolute privacy so why didn't your firewall step in here?
Bob

They work the same and you seem to want to call this one very bad when I've seen far worse with... Let's pick on Office 2010, Windows 7 and more.

If you don't let them call home, they don't run!
Bob

My Windows 7 works fine and it does not call home until I allow it to get updates. It has to phone home to activate, but I know ahead of time it is going to happen. Nothing was placed in secret and tried to phone home will out permission.

The real truth is your trying to compare apples to oranges. The programs you mentioned have no bearing on Open Candy installer. I have install thousand maybe hundred of thousand of programs using MSI and none of them search my hard drive and phoned home to compare my programs to a generated list.

The mal in this is that it does it without asking the person who owns the puter if they want this done. It is trying to do this in secret to push other programs on the poor guy or gal.

Also let me paste this from their web site.

Non-personally identifiable statistics about the developer's software installation, the recommendation process, and the installation of recommended software, are collected.

I under lined the most important part. To me that again demonstrates the mal part. They are collecting info on what goes on everything that occured during the install, the search of your, hard drive, and if any recommended software was installed. I, myself and me never believe the part about the non-personally identifiable part.

I have started a new discussion at this link to better understand what malware is.


http://forums.cnet.com/7723-6132_102-530771.html