Jump to content


Photo

Adware alert in Microsoft Security Essentials


  • Please log in to reply
16 replies to this topic

#1 floele

floele

    Administrator

  • Administrators
  • 10,245 posts

Posted 24 February 2011 - 06:24 AM

Hi all,

I am aware of the fact that CDBurnerXP setup files are currently flagged as adware by Microsoft Security Essentials, more specifically it alerts about "Adware:Win32/OpenCandy".
This issue is being worked on. Actually, it is an error of Microsoft Security Essentials, and OpenCandy is working together with Microsoft in order to fix the problem. Still, CDBurnerXP nor OpenCandy will install any malicious software on your computer, nor will it install anything without your consent. If you'd like to avoid the OpenCandy setup file anyway for now, you can download the portable version from the website or preferably wait a while until the OpenCandy free installers are (as always) also available on the download page.
Sorry for the worries this isue might have caused.

Update: Microsoft has explained what exactly they don't like of OpenCandy, and a new version which complies to the requirements of Microsoft Security Essentials will be released soon.

Best regards,
Florian

#2 Guest_alexsupra_*

Guest_alexsupra_*
  • Guests

Posted 24 February 2011 - 12:42 PM

i understand that it is false positive but to say the truth Microsoft SE is right in some extance because payed malware is the malware. thats all.

#3 Guest_qwerty99_*

Guest_qwerty99_*
  • Guests

Posted 24 February 2011 - 12:56 PM

Hi all,

Setup files are flagged as adware also by Emsisoft Anti-Malware

#4 gundamboyzack

gundamboyzack

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 24 February 2011 - 01:00 PM

Actually from what I can tell the problem is all on OpenCandy's end. When I updated to the latest version of CDBurnerXP the OpenCandy portion prompted me to install Internet Explorer 9 which is technically not out yet, so Microsoft has every right to block this.

#5 Guest_thx120_*

Guest_thx120_*
  • Guests

Posted 24 February 2011 - 01:51 PM

Flagging adware as adware is neither a false positive nor a bug. Microsoft SE is not just anti-virus, it is also anti-spyware/adware. It's job is correctly done by identifying and warning/blocking access to adware. Good on Microsoft. Sorry on your lost revenue.

http://www.microsoft... ... /OpenCandy
http://cranialsoup.b... ... yware.html

#6 floele

floele

    Administrator

  • Administrators
  • 10,245 posts

Posted 24 February 2011 - 03:44 PM

Actually from what I can tell the problem is all on OpenCandy's end. When I updated to the latest version of CDBurnerXP the OpenCandy portion prompted me to install Internet Explorer 9 which is technically not out yet, so Microsoft has every right to block this.


Nope, Microsoft itself (as crazy as it may seem) put that offer into OpenCandy (they, Microsoft, pay for it!!).

#7 judas_iscariote

judas_iscariote

    Developer

  • Administrators
  • 137 posts

Posted 24 February 2011 - 09:09 PM

Heh, that's funny, microsoft is an advertising partner of opencandy, yet they block the thing they are paying for ! :lol:

#8 Guest_user_*

Guest_user_*
  • Guests

Posted 26 February 2011 - 01:08 PM

ESET Smart security also displays a warning about adware...

#9 Guest_Ricardo_*

Guest_Ricardo_*
  • Guests

Posted 04 March 2011 - 09:46 PM

Security Essentials team rocks! Glad to see they don't comply with other parts of Microsoft that promotes adds and spams.

#10 Guest_Milan_*

Guest_Milan_*
  • Guests

Posted 07 March 2011 - 03:45 PM

... CDBurnerXP nor OpenCandy will install any malicious software on your computer, nor will it install anything without your consent...


You may be right, Florian, however OpenCandy bundled with your CDBurnerXP is a malicious software that sends user-specific information to a remote server without obtaining adequate user consent. No doubt about that.

Hope you get back your reputation,

Milan

#11 floele

floele

    Administrator

  • Administrators
  • 10,245 posts

Posted 07 March 2011 - 07:30 PM

You may be right, Florian, however OpenCandy bundled with your CDBurnerXP is a malicious software that sends user-specific information to a remote server without obtaining adequate user consent. No doubt about that.


It's not malicious. And it doesn't send any data you'd have to object to. Please check which data is actually submitted on their website before calling OpenCandy malicious.

#12 adrianbourke

adrianbourke

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 08 March 2011 - 02:41 AM

You may be right, Florian, however OpenCandy bundled with your CDBurnerXP is a malicious software that sends user-specific information to a remote server without obtaining adequate user consent. No doubt about that.


It's not malicious. And it doesn't send any data you'd have to object to. Please check which data is actually submitted on their website before calling OpenCandy malicious.


Hi. My name is Adrian, and I'm one of the founders at OpenCandy and was involved in the original design of the OpenCandy software, system, and policies. I've joined this forum to help answer any questions you may have about OpenCandy and the recent "Adware:Win32/OpenCandy" threat by Microsoft.

Firstly I'd like to address the statement above about 'user-specific information' sent to the OpenCandy servers. OpenCandy does not collect user specific information. We never have and never will. It’s important to note that many of the world’s largest anti-virus companies that fight malware, including adware, are partners with OpenCandy. This includes Kaspersky and Symantec. These companies perform intensive analysis of their partners before working with them - it's critical to their reputations.

OpenCandy does collect anonymous statistics at significant events in an installer’s execution, including when it starts and completes, when the OpenCandy recommendation screen is presented, and the download and installation of any accepted recommendation. This information is collected to:

[*:2lx9ugie]Improve the quality of future recommendations (eg. rank recommendations by the statistical likelihood that a user will accept the recommendation)
[*:2lx9ugie]Measure the performance of the recommendation download and installation process (eg. are downloads or installs failing? is there a problem with a specific operating system or language?)
[*:2lx9ugie]Securely count successful recommendation installations (eg. ensure partners receive the precise financial benefit they deserve)
We are completely open to the information we collect. You can view a comprehensive look at all the anonymous statistics we collect here: http://www.opencandy... ... y-collect/. If you want to see for yourself, we don't encrypt our transmissions to our servers. You can put a network packet sniffer (such as Wireshark) on any installer that uses OpenCandy and look for yourself - all the values are clearly labelled and in plain text.

We believe Microsoft is completely wrong and incorrect with their threat definition for OpenCandy, and the millions of alerts they are presenting to users. They are unwilling to fix their mistake. We are shocked and disappointed.

Please feel free to ask any questions you like, I'm here to answer them all.

#13 judas_iscariote

judas_iscariote

    Developer

  • Administrators
  • 137 posts

Posted 08 March 2011 - 03:46 AM

Adrian: Thanks for your post, as far as we are concerned you are preaching to choir :lol: because we clearly understand how opencandy works, and really how the internet works.

Even this very forum you are using now collects more information than opencandy itself by default, including user specific information, though we have modified it in order to actually reduce the stored information.
We neither have the resources nor the time, nor the intention to do any sort of data mining here, in fact, we dont want to have it at all. 8)

Finally, if it counts, I would never ever work in any project that involves pushing invasive adware to users, you can take my word on it :firefox:

#14 Guest_rgade_*

Guest_rgade_*
  • Guests

Posted 01 August 2011 - 10:49 PM

You may be right, Florian, however OpenCandy bundled with your CDBurnerXP is a malicious software that sends user-specific information to a remote server without obtaining adequate user consent. No doubt about that.


It's not malicious. And it doesn't send any data you'd have to object to. Please check which data is actually submitted on their website before calling OpenCandy malicious.


I shouldn't have to check what data is being submitted. As a developer, you should behave ethically and not collect any data from a PC which is not your own without the clear and prior consent of the end user. I don't care how wonderful the reason for collecting the data is, you are benefiting from your customer in a way that is not 100% over the table.

Now, don't get me wrong, I fully support your right to be up front about the matter with your customers and if they wish to utilize your program then that is great. 100% ethical and you get paid for your work. I'd have probably downloaded your program this evening if you behaved in this manner.

But don't say there isn't any ad-ware when you are collecting data without the user's knowledge and consent. PERIOD.

#15 floele

floele

    Administrator

  • Administrators
  • 10,245 posts

Posted 02 August 2011 - 04:58 PM

collecting data without the user's knowledge and consent. PERIOD.


We don't do so. Period. (When installing CDBurnerXP, you actually accept the terms of use, which also includes a clearly visible notice in regard to OpenCandy at the top and more details if you bother to scroll down. We can't do much more than that.)

I shouldn't have to check what data is being submitted. As a developer, you should behave ethically and not collect any data from a PC which is not your own without the clear and prior consent of the end user.


You don't have to check. I have checked and believe the data being collected is not in conflict with "ethics".

I'd have probably downloaded your program this evening if you behaved in this manner.


Behave in which manner exactly? I really don't see what I could better other than not earning anything from spending my free time with software development.

#16 judas_iscariote

judas_iscariote

    Developer

  • Administrators
  • 137 posts

Posted 03 August 2011 - 02:51 AM

I shouldn't have to check what data is being submitted. As a developer, you should behave ethically and not collect any data from a PC which is not your own without the clear and prior consent of the end user. I don't care how wonderful the reason for collecting the data is, you are benefiting from your customer in a way that is not 100% over the table.
.


We don't collect data, period. yeah, that's right, even in the case of this forum, we don't know who or where you are, not even your IP address is currently collected. (actually it is collected but discarded by the webserver) We are not in that business.

Now, don't get me wrong, I fully support your right to be up front about the matter with your customers and if they wish to utilize your program then that is great. 100% ethical and you get paid for your work. I'd have probably downloaded your program this evening if you behaved in this manner.


Last time I checked we don't have customers, but a growing userbase and we are _very_ ethical, sometimes too much for our own good ;-) if we werent, at this moment I would be writting this post from Cancun with a beer in a 5 start hotel :lol:

We are upfront, everything is described in the licenses or privacy policy.. btw.. Personally I do not accept that you question our professional integrity neither how or what we should do in our free time. :(

#17 floele

floele

    Administrator

  • Administrators
  • 10,245 posts

Posted 06 August 2011 - 02:18 PM

Last time I checked we don't have customers


Ah, right. Almost forgot. In fact, I actively avoid "customers" whenever possible.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users