Sign in to follow this  
Followers 0

Adware alert in Microsoft Security Essentials

17 posts in this topic

Posted

Hi all,

I am aware of the fact that CDBurnerXP setup files are currently flagged as adware by Microsoft Security Essentials, more specifically it alerts about "Adware:Win32/OpenCandy".

This issue is being worked on. Actually, it is an error of Microsoft Security Essentials, and OpenCandy is working together with Microsoft in order to fix the problem. Still, CDBurnerXP nor OpenCandy will install any malicious software on your computer, nor will it install anything without your consent. If you'd like to avoid the OpenCandy setup file anyway for now, you can download the portable version from the website or preferably wait a while until the OpenCandy free installers are (as always) also available on the download page.

Sorry for the worries this isue might have caused.

Update: Microsoft has explained what exactly they don't like of OpenCandy, and a new version which complies to the requirements of Microsoft Security Essentials will be released soon.

Best regards,

Florian

Share this post


Link to post
Share on other sites

Posted

i understand that it is false positive but to say the truth Microsoft SE is right in some extance because payed malware is the malware. thats all.

Share this post


Link to post
Share on other sites

Posted

Hi all,

Setup files are flagged as adware also by Emsisoft Anti-Malware

Share this post


Link to post
Share on other sites

Posted

Actually from what I can tell the problem is all on OpenCandy's end. When I updated to the latest version of CDBurnerXP the OpenCandy portion prompted me to install Internet Explorer 9 which is technically not out yet, so Microsoft has every right to block this.

Share this post


Link to post
Share on other sites

Posted

Actually from what I can tell the problem is all on OpenCandy's end. When I updated to the latest version of CDBurnerXP the OpenCandy portion prompted me to install Internet Explorer 9 which is technically not out yet, so Microsoft has every right to block this.

Nope, Microsoft itself (as crazy as it may seem) put that offer into OpenCandy (they, Microsoft, pay for it!!).

Share this post


Link to post
Share on other sites

Posted

Heh, that's funny, microsoft is an advertising partner of opencandy, yet they block the thing they are paying for ! :lol:

Share this post


Link to post
Share on other sites

Posted

ESET Smart security also displays a warning about adware...

Share this post


Link to post
Share on other sites

Posted

Security Essentials team rocks! Glad to see they don't comply with other parts of Microsoft that promotes adds and spams.

Share this post


Link to post
Share on other sites

Posted

... CDBurnerXP nor OpenCandy will install any malicious software on your computer, nor will it install anything without your consent...

You may be right, Florian, however OpenCandy bundled with your CDBurnerXP is a malicious software that sends user-specific information to a remote server without obtaining adequate user consent. No doubt about that.

Hope you get back your reputation,

Milan

Share this post


Link to post
Share on other sites

Posted

You may be right, Florian, however OpenCandy bundled with your CDBurnerXP is a malicious software that sends user-specific information to a remote server without obtaining adequate user consent. No doubt about that.

It's not malicious. And it doesn't send any data you'd have to object to. Please check which data is actually submitted on their website before calling OpenCandy malicious.

Share this post


Link to post
Share on other sites

Posted

It's not malicious. And it doesn't send any data you'd have to object to. Please check which data is actually submitted on their website before calling OpenCandy malicious.

Hi. My name is Adrian, and I'm one of the founders at OpenCandy and was involved in the original design of the OpenCandy software, system, and policies. I've joined this forum to help answer any questions you may have about OpenCandy and the recent "Adware:Win32/OpenCandy" threat by Microsoft.

Firstly I'd like to address the statement above about 'user-specific information' sent to the OpenCandy servers. OpenCandy does not collect user specific information. We never have and never will. It’s important to note that many of the world’s largest anti-virus companies that fight malware, including adware, are partners with OpenCandy. This includes Kaspersky and Symantec. These companies perform intensive analysis of their partners before working with them - it's critical to their reputations.

OpenCandy does collect anonymous statistics at significant events in an installer’s execution, including when it starts and completes, when the OpenCandy recommendation screen is presented, and the download and installation of any accepted recommendation. This information is collected to:

  • [*:2lx9ugie]Improve the quality of future recommendations (eg. rank recommendations by the statistical likelihood that a user will accept the recommendation)
    [*:2lx9ugie]Measure the performance of the recommendation download and installation process (eg. are downloads or installs failing? is there a problem with a specific operating system or language?)
    [*:2lx9ugie]Securely count successful recommendation installations (eg. ensure partners receive the precise financial benefit they deserve)

We are completely open to the information we collect. You can view a comprehensive look at all the anonymous statistics we collect here: http://www.opencandy.com/what-informati ... y-collect/. If you want to see for yourself, we don't encrypt our transmissions to our servers. You can put a network packet sniffer (such as Wireshark) on any installer that uses OpenCandy and look for yourself - all the values are clearly labelled and in plain text.

We believe Microsoft is completely wrong and incorrect with their threat definition for OpenCandy, and the millions of alerts they are presenting to users. They are unwilling to fix their mistake. We are shocked and disappointed.

Please feel free to ask any questions you like, I'm here to answer them all.

Share this post


Link to post
Share on other sites

Posted

Adrian: Thanks for your post, as far as we are concerned you are preaching to choir :lol: because we clearly understand how opencandy works, and really how the internet works.

Even this very forum you are using now collects more information than opencandy itself by default, including user specific information, though we have modified it in order to actually reduce the stored information.

We neither have the resources nor the time, nor the intention to do any sort of data mining here, in fact, we dont want to have it at all. 8)

Finally, if it counts, I would never ever work in any project that involves pushing invasive adware to users, you can take my word on it :firefox:

Share this post


Link to post
Share on other sites

Posted

It's not malicious. And it doesn't send any data you'd have to object to. Please check which data is actually submitted on their website before calling OpenCandy malicious.

I shouldn't have to check what data is being submitted. As a developer, you should behave ethically and not collect any data from a PC which is not your own without the clear and prior consent of the end user. I don't care how wonderful the reason for collecting the data is, you are benefiting from your customer in a way that is not 100% over the table.

Now, don't get me wrong, I fully support your right to be up front about the matter with your customers and if they wish to utilize your program then that is great. 100% ethical and you get paid for your work. I'd have probably downloaded your program this evening if you behaved in this manner.

But don't say there isn't any ad-ware when you are collecting data without the user's knowledge and consent. PERIOD.

Share this post


Link to post
Share on other sites

Posted

collecting data without the user's knowledge and consent. PERIOD.

We don't do so. Period. (When installing CDBurnerXP, you actually accept the terms of use, which also includes a clearly visible notice in regard to OpenCandy at the top and more details if you bother to scroll down. We can't do much more than that.)

I shouldn't have to check what data is being submitted. As a developer, you should behave ethically and not collect any data from a PC which is not your own without the clear and prior consent of the end user.

You don't have to check. I have checked and believe the data being collected is not in conflict with "ethics".

I'd have probably downloaded your program this evening if you behaved in this manner.

Behave in which manner exactly? I really don't see what I could better other than not earning anything from spending my free time with software development.

Share this post


Link to post
Share on other sites

Posted

I shouldn't have to check what data is being submitted. As a developer, you should behave ethically and not collect any data from a PC which is not your own without the clear and prior consent of the end user. I don't care how wonderful the reason for collecting the data is, you are benefiting from your customer in a way that is not 100% over the table.

.

We don't collect data, period. yeah, that's right, even in the case of this forum, we don't know who or where you are, not even your IP address is currently collected. (actually it is collected but discarded by the webserver) We are not in that business.

Now, don't get me wrong, I fully support your right to be up front about the matter with your customers and if they wish to utilize your program then that is great. 100% ethical and you get paid for your work. I'd have probably downloaded your program this evening if you behaved in this manner.

Last time I checked we don't have customers, but a growing userbase and we are _very_ ethical, sometimes too much for our own good ;-) if we werent, at this moment I would be writting this post from Cancun with a beer in a 5 start hotel :lol:

We are upfront, everything is described in the licenses or privacy policy.. btw.. Personally I do not accept that you question our professional integrity neither how or what we should do in our free time. :(

Share this post


Link to post
Share on other sites

Posted

Last time I checked we don't have customers

Ah, right. Almost forgot. In fact, I actively avoid "customers" whenever possible.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0