Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: pcguy on March 03, 2011, 07:56:16 PM

Title: NOD32 finds OpenCandy in free Avast
Post by: pcguy on March 03, 2011, 07:56:16 PM
I downloaded the free version of Avast via Download.com and NOD32 on another machine here warned me that the download contained OpenCandy.  ???
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: doktornotor on March 03, 2011, 07:57:43 PM
Official ESET Support Forum (http://www.wilderssecurity.com/forumdisplay.php?f=15)
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: lastsamurai on March 03, 2011, 08:04:49 PM
I downloaded the free version of Avast via Download.com and NOD32 on another machine here warned me that the download contained OpenCandy.  ???


http://kb.eset.com/esetkb/index?page=content&id=SOLN2677&
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: pcguy on March 03, 2011, 08:09:51 PM
Yes I already know about OpenCandy and on how to bypass NOD32 from deleting the file. My question is why does the free version of Avast contain this adware.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: doktornotor on March 03, 2011, 08:14:09 PM
It doesn't contain any OpenCandy (never heard about it anyway). All it contains is an optional Google Chrome install.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Gargamel360 on March 03, 2011, 08:16:10 PM
Avast! installer does not contain malware......and if you look at the Open Candy description, it falls under "potentially unwanted", not outright malicious.

Avast! installer should come with candy, though......yes...hard butterscotch or caramel, preferably.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Pondus on March 03, 2011, 08:16:41 PM
OpenCandy is not malware but a PUP

A PUP (potentially unwanted program)   http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html

why ESET would consider avast as a PUP?....probably bc you should not install more than one AV on a computer
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: pcguy on March 03, 2011, 08:19:11 PM

why ESET would consider avast as a PUP?....probably be bc you should not install more than AV on a computer

I never got to install Avast. I got the alert simply by trying to save the downloaded file so that I could install it on another computer.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: doktornotor on March 03, 2011, 08:21:01 PM
I never got to install Avast. I got the alert simply by trying to save the downloaded file so that I could install it on another computer.

As said, you are getting a false positive from NOD32. Hence why I posted a link to their official support forum. Avast can't solve your issue.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Rednose on March 03, 2011, 08:25:05 PM
Indeed, you are on the wrong forum.

Greetz, Red.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: YLAP on March 03, 2011, 08:26:38 PM
I never got to install Avast. I got the alert simply by trying to save the downloaded file so that I could install it on another computer.

Disable NOD32 resident shield for a while, when download avast, and enable NOD32 again. As it was said, it's not avast's problem. Different antiviruses can give false positives on each others because installers contains virus databases. In some cases as this one, it can give FP. This time it's NOD's fault.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Pondus on March 03, 2011, 08:27:03 PM
Quote
I never got to install Avast. I got the alert simply by trying to save the downloaded file so that I could install it on another computer.
Well ESET is seeing what you are downloading, and the program does not know that you are not going to install it on this comp
so this may be ESET way of warning you not to install   ???

anyway it is a ESET problem...so you should ask in ESET forum
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: doktornotor on March 03, 2011, 08:30:14 PM
Well ESET is seeing what you are downloading, and the program does not know that you are not going to install it on this comp
so this may be ESET way of warning you not to install   ???

No. It's simply a problem with their virus definitions when having potentially unwanted/unsafe applications detection enabled in ThreatSense engine. (Disabled by defaults BTW.)

anyway it is a ESET problem...so you should ask in ESET forum

Indeed.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: doktornotor on March 03, 2011, 09:31:32 PM
Relevant thread on ESET support forum (http://www.wilderssecurity.com/showthread.php?t=294264).
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: yongsua on March 04, 2011, 08:17:42 AM
http://www.wilderssecurity.com/showthread.php?p=1837409#post1837409 (http://www.wilderssecurity.com/showthread.php?p=1837409#post1837409)It is not a FP.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Vlk on March 04, 2011, 10:11:59 AM
As a matter of fact, even though the OpenCandy DLL is still part of the avast installer (was originally used to make the partner offer) it is not being executed at all. The Chrome offer is now done using a diffent technique.

We will remove the OpenCandy DLL from the avast installer in the next program update.

However, let me just say that I still think that the detection is illegitimate. OpenCandy is nothing else that a platform for doing partner software offers (bundles). There's a bunch of trusted companies doing business with OpenCandy, such as LogMeIn, NetNanny and Roboform.

It somehow reminds me of detecting all files packed by packers like Armadillo or VMProtect as viruses. True, there are some viruses that are packed by these packers. On the other hand, there's a bunch of legitimate (commercial) apps that are also packed by them. Having a detection that calls all files packed by these packers right away as viruses is just not right (easy for the virus analysts, but not helpful for the users).

Thanks
Vlk
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: doktornotor on March 04, 2011, 11:40:02 AM
However, let me just say that I still think that the detection is illegitimate. OpenCandy is nothing else that a platform for doing partner software offers (bundles). There's a bunch of trusted companies doing business with OpenCandy, such as LogMeIn, NetNanny and Roboform.

It somehow reminds me of detecting all files packed by packers like Armadillo or VMProtect as viruses. True, there are some viruses that are packed by these packers. On the other hand, there's a bunch of legitimate (commercial) apps that are also packed by them. Having a detection that calls all files packed by these packers right away as viruses is just not right (easy for the virus analysts, but not helpful for the users).

This kind of debate has never been productive with ESET folks (as the thread linked here with complete lack of any useful response from ESET staff documents, BTW).

The same goes for packers with many vendors, not just ESET. It's often used by malware authors (where "malware" often means harmless keygens) to obfuscate stuff, so - you'll get detected, end of debate. Way easier than doing the code emulation properly. (ESET at least makes it possible to disable runtime packers detection.)

What it also reminds me of is
- Avira detecting a totally harmless utility called NoNotify (that gets rid of the splash screen and that infamous obnoxious advertising popup spam on every update) as virus
- NOD32 detecting pages that publish pirated usernames/passwords for their update servers as infected.
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Lisandro on March 04, 2011, 01:22:45 PM
Non productive dialog with some program team is one of the most tedious tasks in internet.
I usually give up using such products...
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: Mele20 on March 06, 2011, 09:20:36 AM
As a matter of fact, even though the OpenCandy DLL is still part of the avast installer (was originally used to make the partner offer) it is not being executed at all. The Chrome offer is now done using a diffent technique.

We will remove the OpenCandy DLL from the avast installer in the next program update.

However, let me just say that I still think that the detection is illegitimate. OpenCandy is nothing else that a platform for doing partner software offers (bundles). There's a bunch of trusted companies doing business with OpenCandy, such as LogMeIn, NetNanny and Roboform.

It somehow reminds me of detecting all files packed by packers like Armadillo or VMProtect as viruses. True, there are some viruses that are packed by these packers. On the other hand, there's a bunch of legitimate (commercial) apps that are also packed by them. Having a detection that calls all files packed by these packers right away as viruses is just not right (easy for the virus analysts, but not helpful for the users).

Thanks
Vlk

I think the reason for Eset detecting OpenCandy is more along the lines of why Microsoft detects it and has an article about it. I will not install any application using OpenCandy installer for the reasons set out in the Microsoft article. We have a discussion on OpenCandy in the Software forum at dslreports. I am not upgrading Unlocker because it now uses OpenCandy installer.

I am glad you are no longer using it and will remove it. I think Avast should detect it. I think all AV should and I think everyone should boycott any programs using that installer. The thread at dslr has found two other file unlocking programs that have CLEAN installers. I will be using one of them when I get a Windows 7 computer as the last version of Unlocker not using Adware installer doesn't work on Windows 64 bit.

Some versions of OpenCandy installer violate their own privacy policy. I am not interested in having OpenCandy put stuff in my registry that it deliberately does not remove when cleaning up the installation of whatever software you got using its installer.  I am not interested in having OpenCandy look in my registry the next time I get a program using OpenCandy installer so that it can see the history it left behind in the registry and offer me a different toolbar if it sees I declined the one it offered earlier. That is a clear violation of my privacy.

I also am not interested in having it hook my computer with a unique ID that calls home to mommy or any of the other things SOME OpenCandy installers do. The real question here is whether or not it is possible for your antivirus program to detect if the OpenCandy installer is one of the bad ones or a benign one. I don't see how an AV could tell before the fact if the OpenCandy installer is a bad one or not. (How could your AV know whether or not the OpenCandy installer is going to leave privacy invading files in your registry or clean any files there out before finishing the installation)? Thus, I think all AV should alert on any software installation using OpenCandy installer.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy
Title: Re: NOD32 finds OpenCandy in free Avast
Post by: sooners2win on March 06, 2011, 04:10:17 PM
Using search everything, I found no traces of OpenCandy on my computer, so as VLK said,
it is not being executed.