Jump to content

OpenCandy adware was a bad decision and will cost you your good reputation


Recommended Posts

Posted

I'm really sorry to see you've chosen to include the OpenCandy adware as a mandatory part of the ImgBurn setup routine. From what you've said in a couple of other posts, it seems you're missing the point of my (and, likely, many others') aversion to this adware. Software that sells me, my (or my users') name, eyeballs, attention, etc., may be "no charge", but it is not "free". In those cases, *I* am (or my users are) the product, and many of us either don't appreciate it or have hard-and-fast corporate policies against such things. We're not "overly sensitive", either; we're concerned about the networks and users in the businesses we help manage.

My main objection to OpenCandy is this: It is a piece of closed-source software that must run with elevated privileges on equipment within my intranet. It makes connections to outside servers and exchanges data with them.

What is it sending them? Where are the servers? Who runs them? Are they secure? Is the client secure from being hijacked by bad guys? I can't just take their word for it--I have to be able to prove it.

Nothing in this process is transparent, and I cannot, in keeping with good governance, allow that to happen. If I do, I am not discharging my fiduciary responsibility to my employer.

Your assertion that OpenCandy is no worse than the Yahoo toolbar is incorrect: The Yahoo package was a single, known piece of software and, bad as it may have been, you at least knew it was going out under your name. OpenCandy, on the other hand, offers to my users whatever someone has paid OpenCandy to toss at them. You should be concerned that the "Super Safe Nifty Toolbar" is presented to your users as "recommended by ImgBurn". Is this really the way you want your name used?

It is one thing if you use OpenCandy and are up-front and honest about it; in that case, I still can't allow your software into my intranet, but I won't think you're deceitful.

If, on the other hand, you do not tell your users, clearly and up front, about OpenCandy (or bury it in the middle of a change log), your reputation will suffer. I--and many other administrators--will actively block your site(s) and blacklist your software. Your good reputation will be trashed, and a reputation is one thing that, once sullied, cannot be easily recovered.

Several of us will be submitting this site to Bluecoat (at the least) for inclusion within their "adware" category, which is prohibited in many organizations. Once this happens, your site traffic will decline a bit. Perhaps you don't care, but *I* do, mainly  because I now have to begin the process of having users de-install ImgBurn while I find something to replace it.

Hell, charge for ImgBurn! You deserve to be compensated for your work! OpenCandy, though, is a terrible way to go about it.
 

Posted

I just can't believe how ignorant people can be. :doh:

I'm really sorry to see you've chosen to include the OpenCandy adware as a mandatory part of the ImgBurn setup routine

It's not mandatory, you can avoid installing OpenCandy by a click. It's just you and others like you who don't want to read and decide what to do. You just click click click... Oh no, what I have done! Than blame others for your own ignorance.

 

If you are an administrator of an intranet you sure know how to do a silent install and there you go, no other things will install than just ImgBurn. I thought an administrator knew about silent install and how you eat such things.

 

I now have to begin the process of having users de-install ImgBurn while I find something to replace it.

Uninstalling ImgBurn will not uninstall OpenCandy. They are independent to each other.

 

Why not uninstall OpenCandy after you done the sin to not read that you already have the option to not install it and happily use ImgBurn?

 

Again, it's just you! And yeah, others like you! :whatever:

Posted

I just can't believe how ignorant people can be. :doh:

I'm really sorry to see you've chosen to include the OpenCandy adware as a mandatory part of the ImgBurn setup routine

It's not mandatory, you can avoid installing OpenCandy by a click. It's just you and others like you who don't want to read and decide what to do. You just click click click... Oh no, what I have done! Than blame others for your own ignorance.

 

If you are an administrator of an intranet you sure know how to do a silent install and there you go, no other things will install than just ImgBurn. I thought an administrator knew about silent install and how you eat such things.

 

I now have to begin the process of having users de-install ImgBurn while I find something to replace it.

Uninstalling ImgBurn will not uninstall OpenCandy. They are independent to each other.

 

Why not uninstall OpenCandy after you done the sin to not read that you already have the option to not install it and happily use ImgBurn?

 

Again, it's just you! And yeah, others like you! :whatever:

 

I posted this to explain the concerns I had with ImgBurn's new setup program, and why. I don't know who you are, but I didn't insult you, and I don't know why you felt the need to get personal. Perhaps you're compensating for something.

 

In all seriousness, though, you really should get your facts straight before you call other people ignorant; it makes you look petulent, or careless.

 

OpenCandy does not "install", it establishes a connection to an external server and offers to install something else. Exactly what differs from time to time. To verify this, see the OpenCandy FAQ site.

 

The OpenCandy wrapper/installer runs with elevated privileges during installation, and that's where the problem lies. Silent install may prevent OpenCandy from asking the user something, but no one can be sure the OpenCandy wrapper/installer is not getting control with an elevated-privilege token and doing something. The only way to be sure is to prevent internal users from running the ImgBurn setup program.

 

And no, ImgBurn is not a part of our standard OS image; people may install it if they choose. The reason we have to uninstall it is to prevent this latest update from running and possibly compromising the integrity of our intranet.

 

Even if you don't see the problem, it's there. Perhaps if you had experience managing and securing enterprise-class networks, you'd see it, too.

 

A Google search will show it's not "just me", as you pointed out with your remark "and others like you". If, by that, you mean "responsible administrators who can pass an IT audit", then I guess you're right.

Posted

Just a simple question since I'm not an IT guru or anything like that.

 

Can you not post a 'clean' version of the ImgBurn program on your main server and let other users within your realm simply download an approved copy from there?

 

Like I said, I never claimed to be an expert, but common sense is one thing that I do admire in people.

 

Also, if you look at the stats, there's been a couple million downloads of ImgBurn and there have been a really few number of complaints about this.  By the time it's all said and done, there will be about 4-5 million downloads of the program, like all the other versions, and the amount of complaints from users that are click happy/noobs/lazy or whatever will be in the 1/100000th of 1% , like every other time.

 

And as far as who ianmaty is, look under his avatar.  We've been around here a while and do have an idea about where the bear took his dump in the woods, or where and when users need to just let things that benefit the writer of the program alone.

Posted (edited)

I actually like the bundled software, best part of it. :headbanging:

 

Also, how about some new funny one-liners when the prog opens? I always get the He-Man ones. 

 

Time for my medication...

Edited by Altercuno
Posted

Well, one thing I have learned is that "common" sense isn't, and this discussion is pretty much proving that adage.

 

The program author could benefit himself far more by providing a for-sale (clean) version to people that cannot allow the OpenCandy stuff on their interior networks. I don't know why there is so much resistence to that idea, or so much defense of the OpenCandy crap-ware, but so be it. Nothing that's been said here is a discussion of the issues at hand; too bad.

 

Posted

If you're a network admin, wouldn't you just rip the imgburn.exe out of the setup exe (7zip can do it) and repackage it in an MSI anyway? Hell you could even just put the exe on a readonly share somewhere that people have access to.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.