OpenCandy and WinSCP

ClosedCandy wrote:

But I just think that before integrating something like OpenCandy he could have done a better research about OpenCandy and its intentions.

martin wrote:

OK.

• Installation package (with OpenCandy)
  
• Installation package (without OpenCandy)

• Does it ONLY install that OpenCandy dir under the WinSCP dir?
  
• Why does it create that dir? Why not auto-delete after install?
  
• Does it install or modify ANYTHING else? For example: C:\Program Files\OpenCandy or HKLM\Software\OpenCandy or HKCU\Software\OpenCandy
  
• I run the install as admin to install the trusted WinSCP, not to let ADWare/3rd-party-ware run freely on my computer
  
• Is there anyway you can drop the permissions before passing control to OpenCandy? Run WinSCP install as admin & OpenCandy as non-admin?

Anonymous wrote:

The /nocandy switch might be OK, but could I politely ask for separate downloads?...

Does it ONLY install that OpenCandy dir under the WinSCP dir?

Why does it create that dir? Why not auto-delete after install?

Does it install or modify ANYTHING else? For example: C:\Program Files\OpenCandy or HKLM\Software\OpenCandy or HKCU\Software\OpenCandy

Is there anyway you can drop the permissions before passing control to OpenCandy? Run WinSCP install as admin & OpenCandy as non-admin?

can you add those screenshots to the installation docs?

Can you please put the Candy/No Candy choice on the download page?
...so people don't have to remember an installer param?...or...are you able to put a Candy/No Candy option as a checkbox inside the installer?...(on the 1st screen or before the candy loads/runs?)...

I understand it's your choice to add OpenCandy to the installer, but could you elaborate on what made you decide to do it? (or link me to where you have already talked about it...I've read all I can find about it)

martin wrote:

You have portable package available already. Without OpenCandy.

#ifdef OpenCandy

#include "interm\winscpsetup.inc.iss"
#include "opencandy\OCSetupHlp.iss"

martin wrote:

It does.

Guest wrote:

Why does it create that dir?

martin wrote:

It needs to have admin rights to write to "Program files'.

martin wrote:

You do not have checkbox to disable Google Ads...

martin wrote:

What is the difference?

martin wrote:

Obviously to generate some income for exchange for time I spent on WinSCP development.

Anonymous wrote:

So is it not going to happen?...(releasing an installer without OpenCandy {alongside the one with OpenCandy}).

I could write an AutoHotkey script to "install" WinSCP...cuz I'm sure others will want it.

Also, about the /nocandy switch, does it 100% completely prevent the OpenCandy code from running/loading?...or is it just a flag to skip it? (but the installer still loads/runs parts of the OpenCandy code).

I will start searching after I post, but does the source code

#ifdef OpenCandy

...so creating an OpenCandy-free installer is as simple as undefining OpenCandy...interesting. Also interesting, grep'ing the source for "nocan", I can't find any mention of the /nocandy switch, how is that handled if the source don't mention it?

Why are these files not in the source?...

#include "interm\winscpsetup.inc.iss"
#include "opencandy\OCSetupHlp.iss"

martin wrote:

It does.

...there were 2 questions on that line. As you might've guessed I haven't run the OpenCandy installer, so I only know what it does from reading forums & stuff, I was under the impression it created that dir & left it there after install. So again...

Guest wrote:

Why does it create that dir?

...especially if it create & deletes it, why not use the temp dir?

martin wrote:

It needs to have admin rights to write to Program files.

...could it not have admin rights until after you allow it to install an offered program? I know WinSCP needs admin to write to Program Files, but OpenCandy only needs admin if you say Yes & take the offered install.

martin wrote:

You do not have checkbox to disable Google Ads...

...not a checkbox per-se, but I do have an option...Adblock Plus! Also, you do have the /nocandy switch, so why not a checkbox?

martin wrote:

What is the difference?

...the difference is...Google Ads cannot write to my hard drive with admin privs.

martin wrote:

I'm not convinced yet.

martin wrote:

Go ahead.

• Create Dir & Copy files to C:\Program Files\WinSCP (or other dir selected in installer)
  
• Create/Update HKLM Uninstaller key
  
• Associate scp:// sftp:// with WinSCP, if requested
  
• Create Start Menu, Desktop & other shortcuts as requested

martin wrote:

You have the option to build your own installer.

WinSCP OpenCandy
WinSCP Adware

martin wrote:

But OpenCandy does not write anything dangerous to your drive.

martin wrote:

Btw, how do you know WinSCP itself would not do it? The fact it is open source does not save you. Hhow do you know the binary you download on winscp.net was actually build from the published code?

Anonymous wrote:

So are you saying WinSCP is malware with fake open source?

dissapointed wrote:

Silent or by default installation of adware however, is absolutely not done!

I can understand that receiving alerts from security application can be scary for users that do not bother checking further. And that is the only reason, why I may consider removing the ad from the installer. Otherwise, there's no harm being done to you or anyone else.

Anonymous wrote:

...results in multiple people calling my office and asking why I am recommending software that contains adware/viruses.

My response now will be not to install WinSCP, but rather to use another program (I would link it but that would be effectively advertising a competitor since you are now considering yourself a business venture rather than an Open Source Developer). I will also be calling my customers and informing them that WinSCP has taken this stance and is installing ad-ware knowingly and intentionally, and let them know of multiple other products to replace their installations with.

Especially considering that your reaction to your customer base has been much less than friendly.

I am pretty sure from your previous posts that you simply do not care about the people that use your product

which makes me wonder if your lying about rather WinSCP itself might be doing something underhanded (see the definition of a lie of omission). After all, you did mention that we don't know that in another post so obviously you have though of doing malicious things with your program.

martin wrote:

This is what most opensource/freeware installer do nowdays.

martin wrote:

And no one goes crazy seeing ads on a website.

1. Ads on a website cannot access my computer or hard drive in any "bad" way...on the other hand, OpenCandy (or any .exe-based Adware) can DO ANYTHING they want to my computer, which is why I want to avoid them.
   
2. I, in fact, do not see the ads, due to Adblock Plus (so therefor I cannot "go crazy") (I also wish it worked against OpenCandy {& other .exe-based ads})

martin wrote:

...AV provider chose to pick OpenCandy noteworthy among all "adware" systems for application installers for raising alerts.

martin wrote:

And that the only reason why I've decided to remove OpenCandy from WinSCP installer in yesterday's 4.3.2 release.

martin wrote:

At least until this problem is resolved.

Ads on a website cannot access my computer or hard drive in any "bad" way...on the other hand, OpenCandy (or any .exe-based Adware) can DO ANYTHING they want to my computer, which is why I want to avoid them.

I, in fact, do not see the ads, due to Adblock Plus (so therefor I cannot "go crazy") (I also wish it worked against OpenCandy {& other .exe-based ads})

...Adware, of any sort, should be flagged by AV companies. Thank God they are!

martin wrote:

also, this removal of OpenCandy (even if temporary) seems to not be mentioned in the Version History or anywhere else...only here in this topic?

If I may ask, how much money have you made since you added OpenCandy? Is it worth the bad rep & angry users?

noftpanymore wrote:

Good god, what a bunch of suckers spitting nonsense! Martin is working his arse of with this software for many years. You use it for free, have no money left to donate (not employed? How did you pay your computer and other software?), but attack him in the most mean way and language.

I just hope he forgets you all quickly (and maybe simply deletes this whole thread).

martin wrote:

It's on frontpage :) But ok, I'll add it to version history too.

Anonymous wrote:

Just one more thing: How are we supposed to know which installer files have or don't have OpenCandy? They are all named winscpXXXsetup.exe, only the release notes would say if its included or not. I plan on installing 4.3.2, since it's without OpenCandy, but I'd like some way to know for sure if an install file has it or doesn't...before I run it.

sussix wrote:

What a terrible shame, I loved SCP, it was the only reliable FTP client I could find.

Hidden installation of software is *completely unacceptable* and I suspect it will have done irreversible damage to your reputation. I don't know how much opencandy is paying you, but I suspect they have bought your respectability very cheaply.

I realise that there is a switch to cancel this hidden install, but it is now difficult to have the confidence in the software to believe that it works - and if you are happy to have a switch to disable it, why try to hide it?

Also, what about all the users who are not as technically expert as us and have unwittingly installed what is basically spyware? I suspect they would be quite annoyed to discover what you have done to their machines without their permission.

It's a shame, but I cannot trust your software anymore and will *never* use it again.

A_Freeware_dev_too wrote:

Well, people come here to rag about you using a way to pay your bills, because after all you work for free, so that some people like a user in this thread said, gives your work to his *customers*, yes.

Man, people are really stupid and ignorant nowdays. I mean, you get WinSCP for free, there's a person working to make it better everyday, for free, and you make money with your customers, using this free software. Then, the developer tries to make some revenue out of his work, and everyone starts complaining.

First of all, if you don't pay for a product, you never, ever, have the right to complain about it. It's as simple as this. From the moment you pay for something, you have the right to do it, but complaining about something that a stranger built for you to use for free, that's just imoral.

Google collects every single bit of information about you, it uses that information to provide you with good targeted advertising, and no one complains, everyone loves Google! OpenCandy does exactly the same thing, and makes it possible for some freeware developers (which make no money at all from their hard work) to get some money to upgrade their computers so they can compile the software in 1minute instead of 1hour, given the fact that you compile hundreds of times before a release, you do the math.

Stupid ignorant internet users. Stop wasting your money on P0rn and help the developers that build the software you love so much.

@Martin: It's just a matter of time, be patient, Web 2.0 will be a reality, wether ignorants like it or not. It's the way the world moves.

I am that person that you mention, and I have paid for the software that I use. I have the right in your eyes therefore to complain. I then recommend that my customers use the software. I can not force my customers to pay for the software, but I can increase his revenue by recommending it since my customers trust me. However, since the insertion of this unsolicited advertising, I am now having to explain to the customers why the software that I recommended is being flagged as spyware, thus damaging my reputation while he gets to benefit.

GNU Public License is a free license that is used by so many developers that I couldnt even start to list them all. Most of which do not make a single dime off the programs they write. The most well known GNU product, Linux, is copywrite Linus Torvalds who has maintained his work for many years without having to sell out to companies such as OpenCandy. Thank you for informing me that I am stupid and ignorant while appearantly I understand the concept of open source but unfortunately you do not. By the way, I administer servers that make the company I work for millions of dollars a year by using an open source product that we do not pay for.

See above, I have donated to this project in the past. I have also donated to approximately 200 other Open Source projects in the past and I have assisted in creating code for at least 5 others that I have never been paid for or even asked for any kind of compensation other than the recognition that I had worked on the project to make someones life a little easier.

Google Analitics works by reviewing your browsing history which it obtains by inserting cookies into your browser. Additionally it can review the IP address that you are orgininating from to obtain a region and in some cases a zip code which it then can provide advertistements for your specific local. By using google, you choose to allow yourself to be subject to those advertistements as you can see by reviewing their terms of use. I do not install google on my computer and allow it full access to my system so that it can review the documents in the "My Documents" folder to better serve me potentially malicious software. Furthermore,google does not install any programs on my computer without my permission.

In my 25+ years in the IT industry, I have written by my estimate, approximately 5000+ shell scripts using CSH, BASH, SH or Korn, 300+ perl scripts, 80+ PHP pages (sorry just learning PHP due to necessity to learn MySQL and PostgreSQL), 150+ C and C++ programs and contributed at least 5000 bug reports and potential fixes. Does this qualify for "helping the developers that build the software I love so much?"

And when is this web 2.0 supposed to happen? As I recall the first uttering of the word was sometime around the turn of the century. Since then we have moved up in the world and created such wonderful things as XML, VXML, many more iterations of Java, heck we even have HTML5 coming out of the woodwork now. Personally I think web 2.0 will go the way of the vaporware and we will see terms such as "web 3.0" rather soon as the web has changed so much since 2000, that the idea of 2.0 is obsolete. I sincerely hope you are not holding your breath.

Rule number 1 on using Open Source Software:"Every Open Source Software is a LAND MINE"
Use it at your own risk.

Your company earns for millions of dollars by utilizing a software that was made by another person. Man, you are a SCUMBAG. Why don't you CREATE your own program and USE it to earn money.

See above, I have donated to this project in the past. I have also donated to approximately 200 other Open Source projects in the past and I have assisted in creating code for at least 5 others that I have never been paid for or even asked for any kind of compensation other than the recognition that I had worked on the project to make someones life a little easier.

Sure, you already donated but do you think it is enough to keep a person's expenses while creating a program as robust as this? Also why don't you help the creator if you say you can assist?

Same as the top comment. Want me to repeat it to you Mr. I AM SO GREAT AT PROGRAMMING?

Same as 2nd comment, CREATE YOUR OWN PROGRAM IF YOU ARE SO DAMN GOOD AT IT! Not utilize someones program.

DON'T CARE about it.

At Martin:
I know that there are leeches like me that use your program and earn money for it but don't think that we are ungrateful for your program(Specially SCUMBAGS that complaint alot about it). I apologize to you for all the people that acting up like they bought your program. I hope that you keep up the good work and more power to you.

martin wrote:

...I've decided to remove OpenCandy from WinSCP installer in yesterday's 4.3.2 release. At least until this problem is resolved.

Anonymous wrote:

...this removal of OpenCandy (even if temporary) seems to not be mentioned in the Version History or anywhere else...only here in this topic?

martin wrote:

It's on frontpage :) But ok, I'll add it to Version History too.

OpenCandy advertising module was suspended from an installation application.

The OpenCandy advertising module was suspended (temporarily removed) from the installer, due to Adware reports.

The OpenCandy advertising module was re-added to the installer, after addressing the Adware reports.

Petr wrote:

Many thanks for your comments and suggestions!

Petr wrote:

Note that there is Installation package (without OpenCandy) available at our download page.

Petr wrote:

A link to a page about OpenCandy...

Anonymous wrote:

TL DR this thread other than the first post which pretty much sums up my sentiments.

I work for a large organization, told my colleages to update, lo and behold, alert, upon alert, upon alert of OpenCandy.

<COMPUTERNAME> had Adware-OpenCandy.dll in file C:\DOCUME~1\<USERNAME>\LOCALS~1\Temp\is-R4P1Q.tmp\OCSetupHlp.dll at 08/03/11 19:41:28 UTC

Thanks, WinSCP. You had a great program, but adding OpenCandy has caused my organization a whole lot of grief.

Yeah, I'm aware there's a OpenCandy-free version. Now. After 15-20 McAfee alerts.

How about you make that OpenCandy-free version the standard install?

-BOFH

Petr wrote:

Thanks. This was reported to McAfee as a false possitive already.

We are really sorry that you have such troubles! Please drop me your email and I will send you personal reminder after each release with a link to winscp without OpenCandy.

Take care!

Anonymous wrote:

I'm sorry, but I have to ask: Does version 5.0.0 have Open Candy?

4.3.4 links to winscp434setupnocandy.exe

5.0.0 links to winscp500setup.exe

...which either means you dropped Open Candy altogether (here's hoping!)...or didn't provide a non-Open Candy version of 5.0.0 yet.

Whether it's "Adware" or not, I need a way to scan an exe & at least know, if it's Open Candy or not.

Does version 4.3.5 have OpenCandy?

4.3.5 Version History wrote:

Installer without OpenCandy does not include OpenCandy licence anymore.

Petr wrote:

The installer winscp435setup.exe and later winscp???setup.exe installers do NOT include OpenCandy nor they include any other bundled software of another sponsor.

Petr wrote:

In the future, we will mention it in the respective release notes if there is a sponsored software bundled in the installer.

 - The installer includes Google Chrome recommendation.
   WinSCP application itself does not contain any ads.
   By using the installer you support WinSCP development.
   Thank you!

WinSCP 5.1 Readme.txt wrote:

- The installer includes Google Chrome recommendation.
WinSCP application itself does not contain any ads.
By using the installer you support WinSCP development.
Thank you!

• Does that mean it is or is not OpenCandy anymore?
  
• If it's not OpenCandy anymore, why has the OpenCandy page not been updated?
  
• If I run the installer again (after cancelling the 1st install), the 5.1 installer does NOT present the Google Chrome recommendation again, how does it remember if I've run it before?

Anonymous wrote:

...version 5.1 (winscp510setup.exe), follows that naming scheme (winscp???setup.exe), but DOES include a Google Chrome recommendation.

...(holy crap...code tags have a small font {plz fix that}...

Does that mean it is or is not OpenCandy anymore?

If it's not OpenCandy anymore, why has the OpenCandy page not been updated?

If I run the installer again (after cancelling the 1st install), the 5.1 installer does NOT present the Google Chrome recommendation again, how does it remember if I've run it before?[/list]...I ran the 5.1 installer (by double clicking on it), to view this new recommendation, then with that installer instance still running in the background (waiting on the last page, not installing), I ran the installer again with /NOCANDY (to test) & it skipped the recommendation page (as expected), then I closed both installers (without installing) & ran it again by double clicking on it (which means without the /NOCANDY switch) & it did NOT present the Google Chrome recommendation (not expected).

I don't think the /NOCANDY switch did anything (on this new installer)

If I run the installer again (specifically, when I canceled the install the 1st time), it should not "remember" that I've run it before (& it should not skip the recommendation on subsequent runs)...perhaps I declined it once & changed my mind? (not really...but the point is the installer should not change behavior between identical runs).

dimos88 wrote:

I personally agree with the site admin...

dimos88 wrote:

I personally agree with the site admin . I am a developer too and i support his decision to integrate open candy on his software to make some money to continue developing applications for all of you. I personally use opencandy to monetize my applications. If a developer stop monetizing applications, the only way to continue developing is to sell the application(but this is not good idea for the end users). So install open candy and if you don't like it remove it......You should support a free software, to continue be free