Author Topic: NOD32 finds OpenCandy in free Avast  (Read 18179 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: NOD32 finds OpenCandy in free Avast
« Reply #15 on: March 04, 2011, 10:11:59 AM »
As a matter of fact, even though the OpenCandy DLL is still part of the avast installer (was originally used to make the partner offer) it is not being executed at all. The Chrome offer is now done using a diffent technique.

We will remove the OpenCandy DLL from the avast installer in the next program update.

However, let me just say that I still think that the detection is illegitimate. OpenCandy is nothing else that a platform for doing partner software offers (bundles). There's a bunch of trusted companies doing business with OpenCandy, such as LogMeIn, NetNanny and Roboform.

It somehow reminds me of detecting all files packed by packers like Armadillo or VMProtect as viruses. True, there are some viruses that are packed by these packers. On the other hand, there's a bunch of legitimate (commercial) apps that are also packed by them. Having a detection that calls all files packed by these packers right away as viruses is just not right (easy for the virus analysts, but not helpful for the users).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

doktornotor

  • Guest
Re: NOD32 finds OpenCandy in free Avast
« Reply #16 on: March 04, 2011, 11:40:02 AM »
However, let me just say that I still think that the detection is illegitimate. OpenCandy is nothing else that a platform for doing partner software offers (bundles). There's a bunch of trusted companies doing business with OpenCandy, such as LogMeIn, NetNanny and Roboform.

It somehow reminds me of detecting all files packed by packers like Armadillo or VMProtect as viruses. True, there are some viruses that are packed by these packers. On the other hand, there's a bunch of legitimate (commercial) apps that are also packed by them. Having a detection that calls all files packed by these packers right away as viruses is just not right (easy for the virus analysts, but not helpful for the users).

This kind of debate has never been productive with ESET folks (as the thread linked here with complete lack of any useful response from ESET staff documents, BTW).

The same goes for packers with many vendors, not just ESET. It's often used by malware authors (where "malware" often means harmless keygens) to obfuscate stuff, so - you'll get detected, end of debate. Way easier than doing the code emulation properly. (ESET at least makes it possible to disable runtime packers detection.)

What it also reminds me of is
- Avira detecting a totally harmless utility called NoNotify (that gets rid of the splash screen and that infamous obnoxious advertising popup spam on every update) as virus
- NOD32 detecting pages that publish pirated usernames/passwords for their update servers as infected.
« Last Edit: March 04, 2011, 11:41:51 AM by doktornotor »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: NOD32 finds OpenCandy in free Avast
« Reply #17 on: March 04, 2011, 01:22:45 PM »
Non productive dialog with some program team is one of the most tedious tasks in internet.
I usually give up using such products...
The best things in life are free.

Mele20

  • Guest
Re: NOD32 finds OpenCandy in free Avast
« Reply #18 on: March 06, 2011, 09:20:36 AM »
As a matter of fact, even though the OpenCandy DLL is still part of the avast installer (was originally used to make the partner offer) it is not being executed at all. The Chrome offer is now done using a diffent technique.

We will remove the OpenCandy DLL from the avast installer in the next program update.

However, let me just say that I still think that the detection is illegitimate. OpenCandy is nothing else that a platform for doing partner software offers (bundles). There's a bunch of trusted companies doing business with OpenCandy, such as LogMeIn, NetNanny and Roboform.

It somehow reminds me of detecting all files packed by packers like Armadillo or VMProtect as viruses. True, there are some viruses that are packed by these packers. On the other hand, there's a bunch of legitimate (commercial) apps that are also packed by them. Having a detection that calls all files packed by these packers right away as viruses is just not right (easy for the virus analysts, but not helpful for the users).

Thanks
Vlk

I think the reason for Eset detecting OpenCandy is more along the lines of why Microsoft detects it and has an article about it. I will not install any application using OpenCandy installer for the reasons set out in the Microsoft article. We have a discussion on OpenCandy in the Software forum at dslreports. I am not upgrading Unlocker because it now uses OpenCandy installer.

I am glad you are no longer using it and will remove it. I think Avast should detect it. I think all AV should and I think everyone should boycott any programs using that installer. The thread at dslr has found two other file unlocking programs that have CLEAN installers. I will be using one of them when I get a Windows 7 computer as the last version of Unlocker not using Adware installer doesn't work on Windows 64 bit.

Some versions of OpenCandy installer violate their own privacy policy. I am not interested in having OpenCandy put stuff in my registry that it deliberately does not remove when cleaning up the installation of whatever software you got using its installer.  I am not interested in having OpenCandy look in my registry the next time I get a program using OpenCandy installer so that it can see the history it left behind in the registry and offer me a different toolbar if it sees I declined the one it offered earlier. That is a clear violation of my privacy.

I also am not interested in having it hook my computer with a unique ID that calls home to mommy or any of the other things SOME OpenCandy installers do. The real question here is whether or not it is possible for your antivirus program to detect if the OpenCandy installer is one of the bad ones or a benign one. I don't see how an AV could tell before the fact if the OpenCandy installer is a bad one or not. (How could your AV know whether or not the OpenCandy installer is going to leave privacy invading files in your registry or clean any files there out before finishing the installation)? Thus, I think all AV should alert on any software installation using OpenCandy installer.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy

Offline sooners2win

  • Full Member
  • ***
  • Posts: 196
Re: NOD32 finds OpenCandy in free Avast
« Reply #19 on: March 06, 2011, 04:10:17 PM »
Using search everything, I found no traces of OpenCandy on my computer, so as VLK said,
it is not being executed.
« Last Edit: March 06, 2011, 05:01:43 PM by sooners2win »
a6750f, amd phenom 9650quad core processor 2.30Ghz, Ram 8GB, Microsoft Vista Home Premium 64-bit SP2,Avast7 Free,Comodo Firewall, Malwarebytes, Superantispyware, Ccleaner, FF3.6.14,Google Chrome.