kb1234

You can keep saying OpenCandy all you want, but it does not address any of the concerns people are having with the setup file being different on the mirrors and hashes not matching. That is a huge concern for me. I'm not concerned about OpenCandy. Products like it are part of the freeware/shareware world, but the 'trust me I know the file is safe even though your security software says it is not' does not really fly these days. Trust me kids, get in my car, I promise you will get a piece of candy. I'm just coming off a project where I was called in to help a large commercial software vendor who made the same claim, and then were required by law (US) to issue recall notices later on when it was discovered there was really a security risk in the software. It was not a cheap mistake.

Now that I have dug into this more and discovered the right keywords to search with I see a number of similarly confused users, most of them appearing to remain confused, with only a partial explanations ever given. These could all be resolved by a clear statement on the downloads page. http://forum.imgburn.com/index.php?/topic/24171-imgburn-2580-virus-found-hashs-do-not-match/?hl=%2Bopencandy http://forum.imgburn.com/index.php?/topic/24647-download-from-imgburn-mirror-reported-infected-from-symantec/?hl=%2Bopencandy&do=findComment&comment=160259 http://forum.imgburn.com/index.php?/topic/24578-checksums-on-the-homepage-changes-often/?hl=%2Bopencandy

I recommend indicating that the downloads are different and why, especially considering a hash is provided which won't match them. When I encountered the problem of the hash mismatch, and subsequently noticed the downloads are different, I did search the forum but found nothing. Perhaps I missed it, but either way I would expect the information to be front and center on the download page. The Trojan.Gen.2 does come from the setup.exe. I can't say whether or not it is a false positive related to OpenCandy, but it may very well be.

Please address the concern of the download being different from the mirrors. Clearly something is going on here. ​Some additional details on the detentions for those that are interested. A PUA.InstallCore threat is identified. This is an application that potentially installs unwanted applications on the computer, this could be open candy. Symantec identifies this as a security risk as it should. I see this occasionally in freeware/shareware downloads at it is expected. A Trojan.Gen.2 is also identified by Symantec. This is not classified by Symantec as only a security risk, but it has a full out virus classification. This is not a warning you would ever expect from a freeware/shareware.

Hi, I downloaded ImgBurn today, but found my anti-virus blocking the download and flagging it as a trojan. I decided to investigate further and there does appear to be an issue with the download links. 1) The download direct from imgburn.com (Mirror 7) is flagged as a trojan. The hash does match the one listed on your downloads page. 2) The download from imgburn.com is a different file than the one you get from the mirrors Digital Digest, Softpedia, and TechSpot. I did not check the others. 3) All three of the mentioned mirrors provide the exact same file, and it does not set off the virus scanner, however the hash does not match the one listed on your site. Could you please confirm which download is correct? I suspect imgburn.com has been compromised, both the file and the displayed hash. Thanks