OpenCandy

Discussion in 'other security issues & news' started by FanJ, May 23, 2011.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Just only in case you missed this and are interested:

    A recent posting (reply # 9) from danieln in the ESET forum from which I quote part of Wikipedia :

    Let's hope that that will be sufficient....

    A more general reply from the CEO of the OpenCandy company at the OpenCandy site :
    The Story Behind the OpenCandy and Microsoft Adware Debacle
     
    Last edited: May 23, 2011
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    This post. I am also looking at adding the entry to my Hosts File, more as I hear more.
     
  3. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Besides the many methods of blocking it (hosts file, disconnect network adapter, etc), if you run an installer that contains Open Candy, after installation terminate rundll32.exe, then empty your user\Temp directory - that's where the Open Candy dll runs from. Bye bye OC.
     
  4. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  5. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    After reading the article linked in the previous post, I checked out several Installers that contain OpenCandy.
    If you have no active internet connection during installation, you'll receive no recommendations for other software.
    The OC dll (OCSetup.dll, OpenCandyHlp.dll, various other names), always runs from the user/temp directory via rundll32.exe. So terminating rundll32.exe after installation (with network adapter disabled), means no chance of OpenCandy receiving any information or recommending anything.
     
  6. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    After reading about OpenCandy, I don't have any problem lumping it in with "malware". I'd at least like to be alerted to its presence before I installed something I wanted to trial.

    To me gathering data about my computer, downloading it and anonymising it still feels like a violation of my privacy. Claiming it happens with other peoples installers also doesn't make it feel any less a violation. I realize it happens all the time, but that doesn't mean I have to embrace it.

    I understand that annoying me by adding an unwanted toolbar in an installer might help pay the developers bills, so I grit my teeth and bear it, but scanning my computer for already installed products, uploading that info, and then recommending other software products based on that analysis is more than I like.

    No matter how they try to sugarcoat it, including this extra garbage in an installer is NOT adding any value to the enduser. Maybe to the software writer, who gets revenue for it, but not the enduser.

    So if Microsoft or anyone else wants to classify it as spyware, and doesn't provide OpenCandy with quick pleasant responses to their inquiries, then too bad for OpenCandy. They know what they are doing and they have to expect some backlash.
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Analysis by Microsoft, written by Aaron Hulett (certainly well known by the oldies among us!):
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware:Win32/OpenCandy

    =====

    Thanks for the link, Mr.PC !!! :thumb:

    Long reading but well worth !!

    =====

    Thanks stackz !!!

    I have not tried installing like you did.
    If you install such a program, which installer contains OpenCandy, *and* if you do it while being off line, *and* if you reboot after installing and use a temp cleaner like for example CCleaner running at start-up, would that work? Reading your analysis does look to indicate that, if I am reading it right. Or am I wrong?
    It would leave behind the reg-entries (Aaron gave examples in that MS analysis).

    =====

    The hpHOSTS file has these two entries included:

    =====

    I have been told that Winhelp has been asked about the MVPS HOSTS file ;)

    =====

    Analysis using WireShark from a person who defends OpenCandy :
    http://cynic.me/2011/04/03/opening-up-opencandy/
     
  8. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    Is there any kind of list of installers which contain OpenCandy? It's kind irritating to find out that your favorite program has included this without user content, as happened to me with iZarc.
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    For example the list at Wikipedia at the link previously mentioned:
    http://en.wikipedia.org/wiki/OpenCandy

    (but that doesn't have to mean that the info at Wikipedia is right; well, the usual disclaimer)
     
  10. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    Thank you, this once again confirmed true the theory that I can't see what is in front of my eyes. :D
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    No worries, Spysnake ;) ;)
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I would use this:
    0.0.0.0 api.opencandy.com

    It will resolve faster, especially if you have a web server installed.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Nothing back from Winhelp as of yet, FanJ, as soon as I hear I will post back to the thread, though anyone can manually add the entry, if they wish.

     
  15. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Yes, you are correct, your install method would work and the benign registry entries would be left behind. Just run regedit and Find (Ctrl + F) OpenCandy, then delete the entries found.
     
  16. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    You are welcome! :thumb:
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    More spotted Here :ouch:
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Thread Status:
Not open for further replies.