Hi. My name is Adrian, and I'm one of the founders at OpenCandy and was involved in the original design of the OpenCandy software, system, and policies. I've joined this forum to help answer any questions you may have about OpenCandy and the recent "Adware:Win32/OpenCandy" threat by Microsoft.
Firstly I'd like to address the statement above about 'user-specific information' sent to the OpenCandy servers. OpenCandy does not collect user specific information. We never have and never will. It’s important to note that many of the world’s largest anti-virus companies that fight malware, including adware, are partners with OpenCandy. This includes Kaspersky and Symantec. These companies perform intensive analysis of their partners before working with them - it's critical to their reputations.
OpenCandy does collect anonymous statistics at significant events in an installer’s execution, including when it starts and completes, when the OpenCandy recommendation screen is presented, and the download and installation of any accepted recommendation. This information is collected to:
[*:2lx9ugie]Improve the quality of future recommendations (eg. rank recommendations by the statistical likelihood that a user will accept the recommendation)
[*:2lx9ugie]Measure the performance of the recommendation download and installation process (eg. are downloads or installs failing? is there a problem with a specific operating system or language?)
[*:2lx9ugie]Securely count successful recommendation installations (eg. ensure partners receive the precise financial benefit they deserve)
We are completely open to the information we collect. You can view a comprehensive look at all the anonymous statistics we collect here: http://www.opencandy.com/what-informati ... y-collect/. If you want to see for yourself, we don't encrypt our transmissions to our servers. You can put a network packet sniffer (such as Wireshark) on any installer that uses OpenCandy and look for yourself - all the values are clearly labelled and in plain text.
We believe Microsoft is completely wrong and incorrect with their threat definition for OpenCandy, and the millions of alerts they are presenting to users. They are unwilling to fix their mistake. We are shocked and disappointed.
Please feel free to ask any questions you like, I'm here to answer them all.