Open the installer; click next; click next; click next; read nothing.

Is that how you install Windows software? If so, you've probably put more than a few programs on your computer without realizing it. And OpenCandy helped that happen.

That's right: you're not insane. OpenCandy is likely the reason your default search engine changed, or the antivirus trial you don't remember getting expired. You might even be mining LiteCoins without realizing it, all because you didn't pay attention while installing something.

Why do so many of the people behind the best Windows software do this? In a word: money. Developing software takes time, and many users would rather not pay – bundled crapware is a solution. If an installer changes your default search engine, the software's creator gets a cut of the ad revenue – same if you end up paying for that anti-virus software that installed without you noticing.

There's lots of ways to do this, but many developers work with a company called OpenCandy. They'll never say so publicly, but they're counting on you not paying attention while you install software so they – and the people behind your favourite free apps – can make a buck.

What is OpenCandy? A Brief History

Remember Divx?

DivX-Logo.svg

Yeah, those guys. They made a video player that was really popular back in the early 21st century. CEO Darrius Thompson started bundling the Yahoo Toolbar in the installer sometime in 2008, and the results were dramatic: Divx earned $15.7 million from the toolbar in the first nine months they offered it.

OpenCandy was built around this same technology, and today pitches itself to developers as a way to monetize free app downloads.

opencandy-pitch

Everyone wins, right? Well, everyone but the user who ends up with software they don't want.

(Interesting tidbit: OpenCandy is also behind the Windows 8 start menu replacement Pokki – naturally, the installer includes OpenCandy offers.)

Taking Advantage of Your Laziness

Let's look at a prominent example: µTorrent. This was once a great portable torrent client, meaning it didn't require an installer. This changed after BitTorrent, Inc took over development, likely so that things like this could be inserted in the installer:

utorrent-open-candy-search

It looks like a standard EULA, but read it and you'll quickly notice this has nothing to do with µTorrent. Click "Accept" – deliberately placed right where the "Next" button is during every other step of the installation – and your default search engine will change. OpenCandy and BitTorrent, Inc will both get a cut of the revenue.

But that's not enough – decline this offer and you'll see another.

utorrent-open-candy-skype

Yep, Microsoft is paying to trick you into installing Skype. Note how the "I do not accept" button is greyed out, so you think declining isn't even an option (it is).

In review: OpenCandy relies on you being lazy during installation, and will do things like change your default search engine or install software you didn't ask for.

Is OpenCandy Malware?

opencandy-virus

In 2011 Microsoft's anti-malware software started identifying OpenCandy as a piece of malware. It doesn't anymore, but some anti-malware programs still occasionally recognize OpenCandy as a threat.

Whether OpenCandy is actually malware or not is the subject of some debate. Like malware it's generally unwanted, and can make changes to the system almost all users would rather avoid. Unlike malware, however, it technically asks for your permission before installing (though it's worth repeating that many users don't notice being asked).

The debate will surely continue, with users being annoyed and OpenCandy insisting everything they do is above board (which, strictly speaking, it is).

Which Programs Come With OpenCandy?

OpenCandy seems to come and go from installers, and there's no official list of software that includes it. The Wikipedia article about OpenCandy has a list, though, and it includes the following programs:

  • CDBurnerXP
  • CutePDF
  • Foxit Reader
  • Miro
  • PeaZip
  • µTorrent

All of these were apps we, as a site, have recommended at one point or another – something we feel conflicted about.

How Can I Avoid OpenCandy Completely?

opencandy-adware

Would you rather avoid such shenanigans? That makes sense. There are a few quick ways to do this:

  • Using Ninite, which lets you install popular Windows freeware in bulk. You'll skip the installers entirely.
  • You can disconnect your computer from the Internet while installing software – OpenCandy can't operate without a web connection.
  • You can execute any OpenCandy-enabled installer from the command line, including the modifier "/nocandy", to run without OpenCandy offers.

These all work, but if you want to avoid OpenCandy altogether it's best to block "*.opencandy.com" completely by editing your hosts file.

Free as in Not Actually Free

opencandy-malware

OpenCandy gives the people who make free software a way to make money, but arguably does so by tricking users into installing software they don't want. We want to know: do you think this is okay? Or is it a violation of trust? Let's talk about the ethics of this in the comments below.