Topic "OpenCandy and Winscp"

Author Message
ClosedCandy

Guest


I am very saddened to see that Winscp has integrated OpenCandy. From now on I wont be using this great application. I have started using it recently and I was thinking about donating as well. But seeing that OpenCandy being part of a security application app like Winscp is very shameful to me. I do not see any ill intentions by the programmer of this application. But I just think that before integrating something like OpenCandy he could have done a better research about OpenCandy and its intentions.'

Anyways developing great software is not easy, and can be cumbersome financially too. But I doubt that he would make any real money from OpenCandy. This was such a big sacrifice for such small return to be honest.
Advertisements
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
Just don't install it.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
ClosedCandy wrote:
But I just think that before integrating something like OpenCandy he could have done a better research about OpenCandy and its intentions.'

OK, I suppose you have done the research. So what is it that you have found?

Also see documentation.
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
Anyway, it's not nice to have a new folder (C:\Program Files\WinSCP\OpenCandy) even if we don't choose to install it.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Ricardo wrote:
Anyway, it's not nice to have a new folder (C:\Program Files\WinSCP\OpenCandy) even if we don't choose to install it.

That's by mistake. This bug has been added to tracker.
_________________
Martin Prikryl
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
Extra info: http://winscp.net/forum/viewtopic.php?t=7191
Guest




Why don't you just use the executable, and not the installer? I mean, you can make a folder, copy the winscp.exe to that folder, and make a shortcut to it...

Martin, please allow a person installing WinSCP to opt-out of everything, including the installation of OpenCandy.

The other option is to install it, but setup the windows host file to block all connections to anything OpenCandy related... I'm sure that info is out there...

Regards,
Bryan
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
Even if we don't install OpenCandy, the installer of programs that include it automatically does outbound connections secretly.
Maybe it's just stats, but not cool anyway.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
I hope have all these issues resolved in the next release.
_________________
Martin Prikryl
Guest




I'm the guest from earlier... Martin... your news page which comes up talks about "most important changes" of the upcoming beta (new icons, improvements to background transfers, etc). You don't find out about OpenCandy until you click "see complete list"... Seems to me that something like adding software like OpenCandy would be at the top of the list of "most important changes" list? I mean you are adding a revenue stream, and that is important, right? I get you are trying to make some money, but something like this should have been the first thing I see on the front page...
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
I'm the guest from earlier... Martin... your news page which comes up talks about "most important changes" of the upcoming beta (new icons, improvements to background transfers, etc). You don't find out about OpenCandy until you click "see complete list"... Seems to me that something like adding software like OpenCandy would be at the top of the list of "most important changes" list? I mean you are adding a revenue stream, and that is important, right? I get you are trying to make some money, but something like this should have been the first thing I see on the front page...

Well, that's your opinion. Not mine. No point arguing about it.
_________________
Martin Prikryl
ClosedCandy Bites

Guest


Im very disappointed that a great product like WinSCP comes bundled with crap like OpenCandy. Personally I dont agree to OCs privacy policy nor do I trust them. I used to use WinSCP for all my ftp needs but now I think I'll go with a different product until OC is removed from WinSCP. Evil or Very Mad Evil or Very Mad Evil or Very Mad
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
ClosedCandy Bites wrote:
Im very disappointed that a great product like WinSCP comes bundled with crap like OpenCandy. Personally I dont agree to OCs privacy policy nor do I trust them. I used to use WinSCP for all my ftp needs but now I think I'll go with a different product until OC is removed from WinSCP. Evil or Very Mad Evil or Very Mad Evil or Very Mad

OK.
_________________
Martin Prikryl
Ricardo
[View user's profile]
Donor
Joined: 2006-02-03
Posts: 106
prikryl wrote:
ClosedCandy Bites wrote:
Im very disappointed that a great product like WinSCP comes bundled with crap like OpenCandy. Personally I dont agree to OCs privacy policy nor do I trust them. I used to use WinSCP for all my ftp needs but now I think I'll go with a different product until OC is removed from WinSCP. Evil or Very Mad Evil or Very Mad Evil or Very Mad

OK.

lol (Martin don't care?)

I'm waiting for 4.2.3. It promises to be a great version!
Guest




The /nocandy switch might be OK, but could I politely ask for separate downloads?...
...maybe even using the filename winscp427setup_opencandy.exe for the OpenCandy version & simply winscp427setup.exe for the No Candy version?

Can I get more info on OpenCandy?...

  • Does it ONLY install that OpenCandy dir under the WinSCP dir?
  • Why does it create that dir? Why not auto-delete after install?
  • Does it install or modify ANYTHING else? For example: C:\Program Files\OpenCandy or HKLM\Software\OpenCandy or HKCU\Software\OpenCandy
  • I run the install as admin to install the trusted WinSCP, not to let ADWare/3rd-party-ware run freely on my computer
  • Is there anyway you can drop the permissions before passing control to OpenCandy? Run WinSCP install as admin & OpenCandy as non-admin?
...I would almost like to see OpenCandy, to see how bad it is (can you add those screenshots to the installation docs?), but when I upgrade (I'm on 4.1.9 {no candy})...I will likely either install with the /nocandy switch or just download the Portable version & install myself...but...

    Can you please put the Candy/No Candy choice on the download page?
...so people don't have to remember an installer param?...or...are you able to put a Candy/No Candy option as a checkbox inside the installer?...(on the 1st screen or before the candy loads/runs?)...

I understand it's your choice to add OpenCandy to the installer, but could you elaborate on what made you decide to do it? (or link me to where you have already talked about it...I've read all I can find about it)
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
The /nocandy switch might be OK, but could I politely ask for separate downloads?...

You have portable package available already. Without opencandy.
Quote:
Does it ONLY install that OpenCandy dir under the WinSCP dir?

Right.
Quote:
Why does it create that dir? Why not auto-delete after install?

It does.
Quote:
Does it install or modify ANYTHING else? For example: C:\Program Files\OpenCandy or HKLM\Software\OpenCandy or HKCU\Software\OpenCandy

It writes to registry under WinSCP hive.
Quote:
Is there anyway you can drop the permissions before passing control to OpenCandy? Run WinSCP install as admin & OpenCandy as non-admin?

It needs to have admin rights to write to "Program files'.

Quote:
can you add those screenshots to the installation docs?

OK, will add some screenshot.
Quote:
Can you please put the Candy/No Candy choice on the download page?[/size][/list]...so people don't have to remember an installer param?...or...are you able to put a Candy/No Candy option as a checkbox inside the installer?...(on the 1st screen or before the candy loads/runs?)...

You do not have checkbox to disable Google Ads before opening WinSCP download page either. What is the difference?

Quote:
I understand it's your choice to add OpenCandy to the installer, but could you elaborate on what made you decide to do it? (or link me to where you have already talked about it...I've read all I can find about it)

Obviously to generate some income for exchange for time I spent on WinSCP development.
Guest




prikryl wrote:
You have portable package available already. Without opencandy.

...but the portable package is not installed (by definition). I currently have WinSCP installed & would like to upgrade, with an installer. So is it not going to happen?...(releasing an installer without OpenCandy {alongside the one with OpenCandy}). I could write an AutoHotkey script to "install" WinSCP...cuz I'm sure others will want it.

Also, about the /nocandy switch, does it 100% completely prevent the OpenCandy code from running/loading?...or is it just a flag to skip it? (but the installer still loads/runs parts of the OpenCandy code).

I will start searching after I post, but does the source code download have the installer source too? You use NSIS or some other open source installer don't you? Ah, found it, winscp427source.zip\release\winscpsetup.iss, you use Inno Setup.

Hmm...

winscpsetup.iss wrote:
#ifdef OpenCandy

...so creating an OpenCandy-free installer is as simple as undefining OpenCandy...interesting. Also interesting, grep'ing the source for "nocan", I can't find any mention of the "/nocandy" switch, how is that handled if the source don't mention it?

Why are these files not in the source?...

winscpsetup.iss wrote:
#include "interm\winscpsetup.inc.iss"
#include "opencandy\OCSetupHlp.iss"

prikryl wrote:
It does.

...there were 2 questions on that line. As you might've guessed I haven't run the OpenCandy installer, so I only know what it does from reading forums & stuff, I was under the impression it created that dir & left it there after install. So again...

Guest wrote:
Why does it create that dir?

...especially if it create & deletes it, why not use the temp dir?

prikryl wrote:
It needs to have admin rights to write to "Program files'.

...could it not have admin rights until after you allow it to install an offered program? I know WinSCP needs admin to write to Program Files, but OpenCandy only needs admin if you say Yes & take the offered install.

prikryl wrote:
You do not have checkbox to disable Google Ads...

...not a checkbox per-se, but I do have an option...Adblock Plus! Also, you do have the /nocandy switch, so why not a checkbox?

prikryl wrote:
What is the difference?

...the difference is...Google Ads cannot write to my hard drive with admin privs. I believe you only make money if people say Yes to the offered install? (actually I hope I'm wrong!)...if so, with a separate download, people can say Yes or No based on which download they choose, Candy or No Candy. I don't object to you making money, I do object to allowing a 3rd party access to my entire hard drive. I'd like to "decline" Candy on the download page, before they can access my hard drive. Actually, I'd like to see the OpenCandy offers, if viewing the offers would make you money, but I don't want to give OpenCandy full access. Perhaps OpenCandy should have an Opt-In view-offers-on-the-web option?...you would be on the WinSCP download page, but if you want to help WinSCP make money, you could click to an OpenCandy page, view the offers, accept/decline them, then get sent back to the WinSCP download page.

prikryl wrote:
Obviously to generate some income for exchange for time I spent on WinSCP development.

...I wish I had money, WinSCP is a great program, I don't know what to say, but to implore people using WinSCP to donate, if they have money.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
So is it not going to happen?...(releasing an installer without OpenCandy {alongside the one with OpenCandy}).

I'm not convinced yet.

Quote:
I could write an AutoHotkey script to "install" WinSCP...cuz I'm sure others will want it.

Go ahead.

Quote:
Also, about the /nocandy switch, does it 100% completely prevent the OpenCandy code from running/loading?...or is it just a flag to skip it? (but the installer still loads/runs parts of the OpenCandy code).

It prevents loading OpenCandy.

Quote:
[color=#a0a0a0]I will start searching after I post, but does the source code
winscpsetup.iss wrote:
#ifdef OpenCandy

...so creating an OpenCandy-free installer is as simple as undefining OpenCandy...interesting. Also interesting, grep'ing the source for "nocan", I can't find any mention of the "/nocandy" switch, how is that handled if the source don't mention it?

Why are these files not in the source?...

winscpsetup.iss wrote:
#include "interm\winscpsetup.inc.iss"
#include "opencandy\OCSetupHlp.iss"

winscpsetup.inc.iss is generated during build, it does contain only version number, nothing else. OCSetupHlp.iss is part of OpenCandy API. I'm not sure if it can be released into public, will check licence. Anyway, it is just a thin layer above the OpenCandy DLL, nothing of interest there. Also it is the piece of code that processes the /nocandy switch.

Quote:
prikryl wrote:
It does.

...there were 2 questions on that line. As you might've guessed I haven't run the OpenCandy installer, so I only know what it does from reading forums & stuff, I was under the impression it created that dir & left it there after install. So again...

Some very early version of OpenCandy sometime failed to the remove the directory. Hence the plethora post around the net about it.

Quote:
Guest wrote:
Why does it create that dir?

...especially if it create & deletes it, why not use the temp dir?

Do not know.

Quote:
prikryl wrote:
It needs to have admin rights to write to "Program files'.

...could it not have admin rights until after you allow it to install an offered program? I know WinSCP needs admin to write to Program Files, but OpenCandy only needs admin if you say Yes & take the offered install.

Maybe. Will consider it.

Quote:
prikryl wrote:
You do not have checkbox to disable Google Ads...

...not a checkbox per-se, but I do have an option...Adblock Plus! Also, you do have the /nocandy switch, so why not a checkbox?

You have the option to build your own installer.

prikryl wrote:
What is the difference?

Quote:
...the difference is...Google Ads cannot write to my hard drive with admin privs.

But OpenCandy does not write anything dangerous to your drive. Btw, how do you know WinSCP itself would not do it? The fact it is open source does not save you. Hhow do you know the binary you download on winscp.net was actually build from the published code?
_________________
Martin Prikryl
Guest




prikryl wrote:
I'm not convinced yet.

...so I should keep trying? What should I do to convince you?

prikryl wrote:
Go ahead.

...OK, I will look into an AutoHotkey script or custom Installer (probably using Inno Setup, since it's already that way...or porting to NSIS)...but I'm better at AutoHotkey, so that could be easier. Would you like to help & list everything the installer does?...here's the ones I can think of...

  • Create Dir & Copy files to C:\Program Files\WinSCP (or other dir selected in installer)
  • Create/Update HKLM Uninstaller key
  • Associate scp:// sftp:// with WinSCP, if requested
  • Create Start Menu, Desktop & other shortcuts as requested
...is that it or did I miss anything big?

prikryl wrote:
You have the option to build your own installer.

...yes, I believe I will be doing that, but it's soo much easier for you, since you are already setup to do it. Also, even tho you need/want money, I hope you know the reputation this is giving WinSCP...

prikryl wrote:
But OpenCandy does not write anything dangerous to your drive.

...I can't know that without running it under heavily scrutinizing programs to see what it does...& all of that on a PC or VM I don't care about/can reset.

prikryl wrote:
Btw, how do you know WinSCP itself would not do it? The fact it is open source does not save you. Hhow do you know the binary you download on winscp.net was actually build from the published code?

...well, I guess I don't. So are you saying WinSCP is malware with fake open source? The major point with open source, is the likelihood of someone checking the source. Now, if everyone hopes someone else is checking the source, no one is safe...but it's better than closed source. WinSCP rep is going down fast. Crying or Very sad
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
So are you saying WinSCP is malware with fake open source?

Obviously not. I just wanted to point out, that your use of WinSCP was based on you trusting me already. And that does not change with integrating OpenCandy.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
I have added an example of OpenCandy recommendation to the documentation.
dissapointed

Guest


Wanting to get some return on investment for your software development efforts is understandable.

Silent or by default installation of adware however, is absolutely not done!

I will not be installing WinSCP, not now and not in the future because of this! Not even with the suggested /NOCANDY or portable executable options, simply because I do not trust you anymore.

This is the end of a nice application and the start of a search for alternatives Sad
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
dissapointed wrote:
Silent or by default installation of adware however, is absolutely not done!

WinSCP does not do any silent or by default installation of adware. WinSCP (or actually its installer) can be considered adware on its own, as it displays one screen with advertisement during the installation progress. This is what most opensource/freeware installer do nowdays. WinSCP installer is doing that for almost two years now.

So I suppose you must have seen the ad in the past already. What has changed now that you do not trust WinSCP anymore?

I believe you react to WinSCP installer being recently triggered by some antivirus/antiadware applications, most notably Microsoft Windows Defender. But that does not mean, anything has changed recently. It is still the same as it has been since mid 2009. Only that single screen with advertisement in the installer. Nothing more.

Actually if you bother to check further, all those antivirus/antiadware applications actually state that WinSCP installer is doing only that.

I can understand that receiving alerts from security application can be scary for users that do not bother checking further. And that is the only reason, why I may consider removing the ad from the installer. Otherwise, there's no harm being done to you or anyone else.
Guest




I am a systems administrator where we (previously) use(d) WinSCP and recommend that our clients use the program to upload their files to us. We are Dependant on our clients uploading files via SSH from windows based operating systems. Those same clients have little or in most cases no knowledge of what a program does or how it does it. So the statement...

Quote:
I can understand that receiving alerts from security application can be scary for users that do not bother checking further. And that is the only reason, why I may consider removing the ad from the installer. Otherwise, there's no harm being done to you or anyone else.


...results in multiple people calling my office and asking why I am recommending software that contains adware/viruses. My response now will be not to install WinSCP, but rather to use another program (I would link it but that would be effectively advertising a competitor since you are now considering yourself a business venture rather than an Open Source Developer). I will also be calling my customers and informing them that WinSCP has taken this stance and is installing ad-ware knowingly and intentionally, and let them know of multiple other products to replace their installations with.

Especially considering that your reaction to your customer base has been much less than friendly.

I am pretty sure from your previous posts that you simply do not care about the people that use your product which makes me wonder if your lying about rather WinSCP itself might be doing something underhanded (see the definition of a lie of omission). After all, you did mention that we don't know that in another post so obviously you have though of doing malicious things with your program.

I would wish you good luck but I would rather not wish that to someone who propagates anything even remotely malicious.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
...results in multiple people calling my office and asking why I am recommending software that contains adware/viruses.

I'm sorry for that.

But again, I cannot do anything else than to repeat what's already in my previous posts.
The only thing why WinSCP installer can be considered adware is that single screen with dynamically picked ads. I.e. something very similar to Google AdSense ads on winscp.net site (and zillions of other sites on Internet). And no one goes crazy seeing ads on a website.

It's unfortunate that AV provider chose to pick OpenCandy noteworthy among all "adware" systems for application installers for raising alerts. And that the only reason why I've decided to remove OpenCandy from WinSCP installer in yesterday's 4.3.2 release. At least until this problem is resolved.

Quote:
My response now will be not to install WinSCP, but rather to use another program (I would link it but that would be effectively advertising a competitor since you are now considering yourself a business venture rather than an Open Source Developer). I will also be calling my customers and informing them that WinSCP has taken this stance and is installing ad-ware knowingly and intentionally, and let them know of multiple other products to replace their installations with.

Fair enough, your choice.

Quote:
Especially considering that your reaction to your customer base has been much less than friendly.

Sorry, but I'm not doing commercial customer care here. So I won't pretend, I do not feel offended by all those false accusations in this thread. Including yours.

Quote:
I am pretty sure from your previous posts that you simply do not care about the people that use your product

Of course I do, but that does not mean, I'll do anything they/you ask for.

Quote:
which makes me wonder if your lying about rather WinSCP itself might be doing something underhanded (see the definition of a lie of omission). After all, you did mention that we don't know that in another post so obviously you have though of doing malicious things with your program.

Haven't though about it a for a second. But obviously, there's no way for me to convince you, if you think otherwise.

Anyway, it looks like you've analysed every single word in my posts and deduced quite remarkable conclusions from their hidden meanings. Please note that I'm not a native English speaker, so I'm afraid you are wasting your time here. I'm glad that I'm able to express correctly the primary meanings of my English texts, and I'm way too far from trying them to have some hidden meanings Smile
_________________
Martin Prikryl
Guest




prikryl wrote:
This is what most opensource/freeware installer do nowdays.

...& that is very sad, but it's not a reason to "follow suit".

prikryl wrote:
And no one goes crazy seeing ads on a website.
  1. Ads on a website cannot access my computer or hard drive in any "bad" way...on the other hand, OpenCandy (or any .exe-based Adware) can DO ANYTHING they want to my computer, which is why I want to avoid them.
  2. I, in fact, do not see the ads, due to Adblock Plus (so therefor I cannot "go crazy") (I also wish it worked against OpenCandy {& other .exe-based ads})
prikryl wrote:
...AV provider chose to pick OpenCandy noteworthy among all "adware" systems for application installers for raising alerts.

...Adware, of any sort, should be flagged by AV companies. Thank God they are!

prikryl wrote:
And that the only reason why I've decided to remove OpenCandy from WinSCP installer in yesterday's 4.3.2 release.

...Thank You!...but please make this a permanent change...also, this removal of OpenCandy (even if temporary) seems to not be mentioned in the Version History or anywhere else...only here in this topic?

prikryl wrote:
At least until this problem is resolved.

...if it will keep OpenCandy out of WinSCP, then I hope this is never "resolved". OpenCandy is Adware, it should be flagged. I really hope you leave it out (please!).

Martin, I'm very sorry some people (& other Guests) in this topic have been so vocal (mean) with their feelings about this...but we love(d) our WinSCP, the way it was, squeaky clean (no hint of badware) & it was very shocking/sad to see this development (adding OpenCandy/Adware to the installer), some of us expressed our disappointment nicely, others expressed it meanly, but we were all hurt/saddened by it. Please leave it out & then we can see how many come back.

Also (not that I have money to Donate, but if I did), I would be much more inclined to Donate (to any Open Source project, including WinSCP), if it didn't leave a "bad taste" in my mouth -- I hope that reads/translates correctly -- I'd be much more likely to want to Donate, if there were no "bad things" about a program (or its installer).

If I may ask, how much money have you made since you added OpenCandy? Is it worth the bad rep & angry users?
noftpanymore
[View user's profile]
Donor
Joined: 2007-11-23
Posts: 28
Location: Germany
Good god, what a bunch of suckers spitting nonsense! Martin is working his arse of with this software for many years. You use it for free, have no money left to donate (not employed? How did you pay your computer and other software?), but attack him in the most mean way and language.

I just hope he forgets you all quickly (and maybe simply deletes this whole thread).
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Quote:
Ads on a website cannot access my computer or hard drive in any "bad" way...on the other hand, OpenCandy (or any .exe-based Adware) can DO ANYTHING they want to my computer, which is why I want to avoid them.

Well, this is something I have tried to cover in some of my previous posts here.

You download an .exe (WinSCP installer) from some website, run by some guy, you do not know, whose intentions you do not know, coming from some country in a middle of Europe, you have possibly never heard of. And you feel safe, probably only because the very same guy claims that the software in open source.

Now you find out that the software is bundled with a module created by company registered in US. Company that honestly and openly admits that their intention is to make money by selling advertising. Company that wouldn't dare to do anything malicious, because at that moment they will have to shut down their business. Yet you fell threatened.

Btw, WinSCP is really open source Smile

Quote:
I, in fact, do not see the ads, due to Adblock Plus (so therefor I cannot "go crazy") (I also wish it worked against OpenCandy {& other .exe-based ads})

But you had to do explicit action (installing Adblock Plus) to prevent that. You have many possibilities of explicit actions preventing OpenCandy.

Quote:
...Adware, of any sort, should be flagged by AV companies. Thank God they are!

Sure, I'm not against that. I just find strange that I have never seen any AV complaining against any adware, including really malicious ones. And I had downloaded some indeed. And now Microsoft picked OpenCandy, which is totally harmless. Being more ironic, knowing that Microsoft is by far the biggest advertiser on OpenCandy network.

prikryl wrote:
also, this removal of OpenCandy (even if temporary) seems to not be mentioned in the Version History or anywhere else...only here in this topic?

It's on frontpage Smile But ok, I'll add it to version history too.

Quote:
If I may ask, how much money have you made since you added OpenCandy? Is it worth the bad rep & angry users?

I'm afraid it is trade secret. Anyway, it is by order of magnitude larger amount than donations (I mean monthly volumes). Also, I haven't seen any decrease in donations since introducing OpenCandy (while I have expected that). So I do not hope for any increase after removing it.

Last edited by martin on 2011-02-25; edited 3 times in total
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
noftpanymore wrote:
Good god, what a bunch of suckers spitting nonsense! Martin is working his arse of with this software for many years. You use it for free, have no money left to donate (not employed? How did you pay your computer and other software?), but attack him in the most mean way and language.

Thanks.

Quote:
I just hope he forgets you all quickly (and maybe simply deletes this whole thread).

No I want to keep it. It is valid discussion, while maybe not a polite one Smile
_________________
Martin Prikryl
Guest




prikryl wrote:
It's on frontpage Smile But ok, I'll add it to version history too.

...yes, sorry, I noticed that after I posted. I went straight to the forum, read this post, check the version history, saw no note of it, then posted. Then later checked the homepage...

Just one more thing: How are we supposed to know which installer files have or don't have OpenCandy? They are all named winscpXXXsetup.exe, only the release notes would say if its included or not. I plan on installing 4.3.2, since it's without OpenCandy, but I'd like some way to know for sure if an install file has it or doesn't...before I run it.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
Just one more thing: How are we supposed to know which installer files have or don't have OpenCandy? They are all named winscpXXXsetup.exe, only the release notes would say if its included or not. I plan on installing 4.3.2, since it's without OpenCandy, but I'd like some way to know for sure if an install file has it or doesn't...before I run it.

You can run installer with /nocandy. It gets ignored when there's no OpenCandy in installer.

Btw, Microsoft already agreed with OpenCandy on some negligible change in their module, that would keep Windows Defender happy.
sussix

Guest


What a terrible shame, I loved SCP, it was the only reliable FTP client I could find.

Hidden installation of software is *completely unacceptable* and I suspect it will have done irreversible damage to your reputation. I don't know how much opencandy is paying you, but I suspect they have bought your respectability very cheaply.

I realise that there is a switch to cancel this hidden install, but it is now difficult to have the confidence in the software to believe that it works - and if you are happy to have a switch to disable it, why try to hide it?

Also, what about all the users who are not as technically expert as us and have unwittingly installed what is basically spyware? I suspect they would be quite annoyed to discover what you have done to their machines without their permission.

It's a shame, but I cannot trust your software anymore and will *never* use it again.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
sussix wrote:
What a terrible shame, I loved SCP, it was the only reliable FTP client I could find.

Hidden installation of software is *completely unacceptable* and I suspect it will have done irreversible damage to your reputation. I don't know how much opencandy is paying you, but I suspect they have bought your respectability very cheaply.

I realise that there is a switch to cancel this hidden install, but it is now difficult to have the confidence in the software to believe that it works - and if you are happy to have a switch to disable it, why try to hide it?

Also, what about all the users who are not as technically expert as us and have unwittingly installed what is basically spyware? I suspect they would be quite annoyed to discover what you have done to their machines without their permission.

It's a shame, but I cannot trust your software anymore and will *never* use it again.

You you are just repeating all the (in my view false) accusations from previous posts. I believe that I have addressed all of them already. So unless you tell me, what you do not agree about, with me, I have nothing to react to. I'm sorry.
_________________
Martin Prikryl
Another unhappy user

Guest


I became aware of your software where I work. I will definitely spread the word it's packaged with ad-ware.

MS definition page in case anyone is wondering what it does:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Adware:Win32/OpenCandy&threatid=159633
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Here are details about the issue with Microsoft Windows Defender:
<invalid link removed>
A_Freeware_dev_too

Guest


Well, people come here to rag about you using a way to pay your bills, because after all you work for free, so that some people like a user in this thread said, gives your work to his *customers*, yes.

Man, people are really stupid and ignorant nowdays. I mean, you get WinSCP for free, there's a person working to make it better everyday, for free, and you make money with your customers, using this free software. Then, the developer tries to make some revenue out of his work, and everyone starts complaining.

First of all, if you don't pay for a product, you never, ever, have the right to complain about it. It's as simple as this. From the moment you pay for something, you have the right to do it, but complaining about something that a stranger built for you to use for free, that's just imoral.

Google collects every single bit of information about you, it uses that information to provide you with good targeted advertising, and no one complains, everyone loves Google! OpenCandy does exactly the same thing, and makes it possible for some freeware developers (which make no money at all from their hard work) to get some money to upgrade their computers so they can compile the software in 1minute instead of 1hour, given the fact that you compile hundreds of times before a release, you do the math.

The computer you are using to read this text has a brand, how did you ever heard of that brand before you buught it? Yes, advertising, you are right (BINGO!) Advertising makes the world go round, don't you see?

Why don't you complain about the TV ads too? I mean, after all they are bundled to a free TV show too...

Stupid ignorant internet users. Stop wasting your money on P0rn and help the developers that build the software you love so much.

I just had to write this after reading this whole thread.
I work alot to implement features that people request for my software, then I get e-mails from people saying stuff like "hey! love ur program! I would donate, but I cant afford right now, but when I have the chance, I SURE WILL! LOVE YOUR SOFTWARE!!"

Yeah right, bullshit - NO THANKS.

@Martin: It's just a matter of time, be patient, Web 2.0 will be a reality, wether ignorants like it or not. It's the way the world moves.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
@A_Freeware_dev_too: Thanks!
Guest




A_Freeware_dev_too wrote:
Well, people come here to rag about you using a way to pay your bills, because after all you work for free, so that some people like a user in this thread said, gives your work to his *customers*, yes.

I am that person that you mention, and I have paid for the software that I use. I have the right in your eyes therefore to complain. I then recommend that my customers use the software. I can not force my customers to pay for the software, but I can increase his revenue by recommending it since my customers trust me. However, since the insertion of this unsolicited advertising, I am now having to explain to the customers why the software that I recommended is being flagged as spyware, thus damaging my reputation while he gets to benefit.

Quote:

Man, people are really stupid and ignorant nowdays. I mean, you get WinSCP for free, there's a person working to make it better everyday, for free, and you make money with your customers, using this free software. Then, the developer tries to make some revenue out of his work, and everyone starts complaining.

GNU Public License is a free license that is used by so many developers that I couldnt even start to list them all. Most of which do not make a single dime off the programs they write. The most well known GNU product, Linux, is copywrite Linus Torvalds who has maintained his work for many years without having to sell out to companies such as OpenCandy. Thank you for informing me that I am stupid and ignorant while appearantly I understand the concept of open source but unfortunately you do not. By the way, I administer servers that make the company I work for millions of dollars a year by using an open source product that we do not pay for.

Quote:

First of all, if you don't pay for a product, you never, ever, have the right to complain about it. It's as simple as this. From the moment you pay for something, you have the right to do it, but complaining about something that a stranger built for you to use for free, that's just imoral.

See above, I have donated to this project in the past. I have also donated to approximately 200 other Open Source projects in the past and I have assisted in creating code for at least 5 others that I have never been paid for or even asked for any kind of compensation other than the recognition that I had worked on the project to make someones life a little easier.

Quote:

Google collects every single bit of information about you, it uses that information to provide you with good targeted advertising, and no one complains, everyone loves Google! OpenCandy does exactly the same thing, and makes it possible for some freeware developers (which make no money at all from their hard work) to get some money to upgrade their computers so they can compile the software in 1minute instead of 1hour, given the fact that you compile hundreds of times before a release, you do the math.

Google Analitics works by reviewing your browsing history which it obtains by inserting cookies into your browser. Additionally it can review the IP address that you are orgininating from to obtain a region and in some cases a zip code which it then can provide advertistements for your specific local. By using google, you choose to allow yourself to be subject to those advertistements as you can see by reviewing their terms of use. I do not install google on my computer and allow it full access to my system so that it can review the documents in the "My Documents" folder to better serve me potentially malicious software. Furthermore, [bold]google does not install any programs on my computer without my permission.[/bold]

Quote:

Stupid ignorant internet users. Stop wasting your money on P0rn and help the developers that build the software you love so much.

In my 25+ years in the IT industry, I have written by my estimate, approximately 5000+ shell scripts using CSH, BASH, SH or Korn, 300+ perl scripts, 80+ PHP pages (sorry just learning PHP due to necessity to learn MySQL and PostgreSQL), 150+ C and C++ programs and contributed at least 5000 bug reports and potential fixes. Does this qualify for "helping the developers that build the software I love so much?"

Quote:

@Martin: It's just a matter of time, be patient, Web 2.0 will be a reality, wether ignorants like it or not. It's the way the world moves.

And when is this web 2.0 supposed to happen? As I recall the first uttering of the word was sometime around the turn of the century. Since then we have moved up in the world and created such wonderful things as XML, VXML, many more iterations of Java, heck we even have HTML5 coming out of the woodwork now. Personally I think web 2.0 will go the way of the vaporware and we will see terms such as "web 3.0" rather soon as the web has changed so much since 2000, that the idea of 2.0 is obsolete. I sincerely hope you are not holding your breath.
Dan Tabernsky

Guest


Quote:
I am that person that you mention, and I have paid for the software that I use. I have the right in your eyes therefore to complain. I then recommend that my customers use the software. I can not force my customers to pay for the software, but I can increase his revenue by recommending it since my customers trust me. However, since the insertion of this unsolicited advertising, I am now having to explain to the customers why the software that I recommended is being flagged as spyware, thus damaging my reputation while he gets to benefit.


Rule number 1 on using Open Source Software:"Every Open Source Software is a LAND MINE"
Use it at your own risk.


Quote:
GNU Public License is a free license that is used by so many developers that I couldnt even start to list them all. Most of which do not make a single dime off the programs they write. The most well known GNU product, Linux, is copywrite Linus Torvalds who has maintained his work for many years without having to sell out to companies such as OpenCandy. Thank you for informing me that I am stupid and ignorant while appearantly I understand the concept of open source but unfortunately you do not. By the way, I administer servers that make the company I work for millions of dollars a year by using an open source product that we do not pay for.


Your company earns for millions of dollars by utilizing a software that was made by another person. Man, you are a SCUMBAG. Why don't you CREATE your own program and USE it to earn money.

Quote:
See above, I have donated to this project in the past. I have also donated to approximately 200 other Open Source projects in the past and I have assisted in creating code for at least 5 others that I have never been paid for or even asked for any kind of compensation other than the recognition that I had worked on the project to make someones life a little easier.


Sure, you already donated but do you think it is enough to keep a person's expenses while creating a program as robust as this? Also why don't you help the creator if you say you can assist?

Quote:
Google Analitics works by reviewing your browsing history which it obtains by inserting cookies into your browser. Additionally it can review the IP address that you are orgininating from to obtain a region and in some cases a zip code which it then can provide advertistements for your specific local. By using google, you choose to allow yourself to be subject to those advertistements as you can see by reviewing their terms of use. I do not install google on my computer and allow it full access to my system so that it can review the documents in the "My Documents" folder to better serve me potentially malicious software. Furthermore,google does not install any programs on my computer without my permission.


Same as the top comment. Want me to repeat it to you Mr. I AM SO GREAT AT PROGRAMMING?

Quote:
In my 25+ years in the IT industry, I have written by my estimate, approximately 5000+ shell scripts using CSH, BASH, SH or Korn, 300+ perl scripts, 80+ PHP pages (sorry just learning PHP due to necessity to learn MySQL and PostgreSQL), 150+ C and C++ programs and contributed at least 5000 bug reports and potential fixes. Does this qualify for "helping the developers that build the software I love so much?"


Same as 2nd comment, CREATE YOUR OWN PROGRAM IF YOU ARE SO DAMN GOOD AT IT! Not utilize someones program.

Quote:
And when is this web 2.0 supposed to happen? As I recall the first uttering of the word was sometime around the turn of the century. Since then we have moved up in the world and created such wonderful things as XML, VXML, many more iterations of Java, heck we even have HTML5 coming out of the woodwork now. Personally I think web 2.0 will go the way of the vaporware and we will see terms such as "web 3.0" rather soon as the web has changed so much since 2000, that the idea of 2.0 is obsolete. I sincerely hope you are not holding your breath.


DON'T CARE about it.

At Martin:
I know that there are leeches like me that use your program and earn money for it but don't think that we are ungrateful for your program(Specially SCUMBAGS that complaint alot about it). I apologize to you for all the people that acting up like they bought your program. I hope that you keep up the good work and more power to you.

-from a programmer that understands how hard it is to do its job
Guest




[quote="Dan Tabernsky"]
Quote:

Rule number 1 on using Open Source Software:"Every Open Source Software is a LAND MINE"
Use it at your own risk.

Excellent point. Thus I am no longer using WinSCP, I will not donate to this project again, and I am no longer recommending it to my customers.

Quote:
Your company earns for millions of dollars by utilizing a software that was made by another person. Man, you are a SCUMBAG. Why don't you CREATE your own program and USE it to earn money.

Linux = Free. If you would like I can provide you with many diffrent links to it. If you have ever surfed the web though I am sure you have encountered it. It is commonly used by many of the Fortune 500 companies, most of which do not pay for it.

As for creating my own programs, I do. That is exactly what I was saying in the previous post. I normally write and use Linux for everything I do avoiding Microsoft in most cases. However that is my own preference and quite honestly its not the choice of many people. So I have to provide them with some means of having their computer understand simple RFC's without having to use cmd.exe. End users, especially Microsoft Certified Software Engineers (giggle) dont like not having a GUI to work with.


Quote:
See above, I have donated to this project in the past. I have also donated to approximately 200 other Open Source projects in the past and I have assisted in creating code for at least 5 others that I have never been paid for or even asked for any kind of compensation other than the recognition that I had worked on the project to make someones life a little easier.

Quote:

Sure, you already donated but do you think it is enough to keep a person's expenses while creating a program as robust as this? Also why don't you help the creator if you say you can assist?


Well that is the point of donating I believe. See, I dont know for sure but last time I checked Microsoft Windows 7 Home Premium full version costs somewhere in the neighborhood of $400. Since that alone contains some amazing amount of .exe files, I believe that purchasing this one .exe file would equate to somewhere around $1 (not that I donated a dollar, that is not the point but I am sure you will harp on me for saying that). In other words, it is not my responsibility to pay his rent, but because he created a good program, I am willing to help contribute to his lively-hood to a small degree. As for helping him further, this program is not written in a language that I am familiar with, nor do I wish to become familiar with it. Currently other programing languages pay my bills such as Java and PHP.

Quote:

Same as the top comment. Want me to repeat it to you Mr. I AM SO GREAT AT PROGRAMMING?

I mean really, I did not start to even imply that I was some great programmer. But I see that my arguments have somewhat flustered you. I guess that the truth hurts.

Quote:

Same as 2nd comment, CREATE YOUR OWN PROGRAM IF YOU ARE SO DAMN GOOD AT IT! Not utilize someones program.

Rule 1 of programing: Do not reinvent the wheel. WinSCP is not the only program that provides the same functionality. I choose not to link or mention the alternatives out of respect for the programmer here. However, I also will not write my own simply for that reason. And I have created other open source projects in the past when the necessity presented itself.

Quote:

DON'T CARE about it.

Good, the original response was not directed at you so you should not care.

Quote:

At Martin:
I know that there are leeches like me that use your program and earn money for it but don't think that we are ungrateful for your program(Specially SCUMBAGS that complaint alot about it). I apologize to you for all the people that acting up like they bought your program. I hope that you keep up the good work and more power to you.

I think you have the wrong impression here sir. I am quite grateful for it and as I stated I have donated in the past to this specific project. In fact, I believe that WinSCP is one of the best pieces of Windows software that I have seen in quite a long time. What I do not like is that there was an addon to the program that installed what some people and organizations consider to be malware and or spyware. I then expressed my opinion to the programmer and the reasons for that opinion. I am sorry that you do not agree, however I still have to live with the consequences of recommending this software to someone that DID have it pop up as adware where Martin does not. If you like the adware and want to give him the money, then please feel free to use the previous versions with it installed. Or even better, stop being a leech and donate so that he will get what he deserves and discussions (I've been civil I would appriciate if you would be too) such as this would not even be a possibility in the future. I personally will not, and will not recommend the software again even to clients that might have paid for it.

In case you missed it, the reason he put OpenCandy in the software was because he believes (rightfully so) that he should get some benefit from his work. Additionally, last I checked, WinSCP is in fact licensed under the GNU Public License, the same license that Linux is using (unless he is using v3 which he may be). Kind of ironic that you are throwing around innuendos and accusations about Open Source Software when the very software youre doing that for is using that license don't you think?
Pluckáh le Moko

Guest


Dear Prikryl,
I don't think that nobody would try to deny that you have done a very fine and nice piece of work in programming.
You did it under the freeware flag. You could, from the beginning, had done it under shareware or proprietary selling basis. You didn't. This has some pros and cons.
On the cons is the lack of steady financial income. On the pros, to get the image of being one of the Don Quixotes of the Internet, who, as one of your best critics said, try to make, pro bono, per gratia et per amore, to make life easier for others.
Our own lives change in many ways, and we all have to make a living and to see how to get over economical demands, but, is it worth to sell the well earned badge of virtual Don Quixote for a plate of lentils? What is more, has any advantage to tarnish that image, without the least need and real profit?
I take here the big liberty, asking for your kind forbearance and patience, of giving some not asked for advice, with the best of intentions and in all good will and faith.
"The wife of Caesar has to be over all suspicion", "never do anything good that looks like bad", are very true phrases. The same 'opencandy' outfit will never wear off the evil reputation they got for being lax, uncaring and just thinking in making money. In your case, the thing for having avoided all this trouble was as easy as to have put totally openly, clearly and widely, in the foreground at once and with trumpets and drums, the issue at hand, having advised something like "Please notice that from version so-and-so, and due to my personal circumstances that force me to seek more income, without any prejudice to the quality of my work and to the safety and privacy of my friends and users of same work, I will present from now on an option to download it which contains just in the installer and for one time the adware from 'open candy', which will be a means to help me from all those that for their own particular circumstances cannot donate. The way this add works is: [here to be explained the basics of it], and for those interested in getting informed more extensively about this here are these links [there would go the appropriate links]. I have studied in depth and reflected very hard on this option, and after that, up to the best of my knowledge, I concluded that it does not constitute any real problem for those that would use this installer, the information gotten from it wouldn't be personal at all and would be just for the one time that my software is installed, not leaving any active adware in the computer after the installation is finished; nowadays, not any serious AV program has any problem with it. Downloading from this installer will be very and dully appreciated by me, and will be a very good way to allow me to keep working in this project. Now, for anyone who, by whichever motive, would rather not to use this installer, there it is still the portable version, which is totally adware free, and for anyone who still would want to have the installation made in the hard drive of his computer there it is the option to run the installer from a prompt line to stop the add from running in the .exe installer, following the process that is explained step by step in this link [here the link]."
With this, my dear friend, surely more than 80 percent of the people downloading your program would have done it using, more or less happily, the adware containing installer, you would have given, offered openly and with the best will, the chance for everyone that could have any reserve about it a couple of perfect options, you would have gotten some increased income, and your reputation and that of your hard work wouldn't have gotten tarnished in the least.
Now, being honest, you know very well that the way you were answering to your critics, your users ( which are as good to you as you can be to them, because what is the artist without public, what is the freeware programmer without the users of his good work?), on this issue is not at all related with your proficiency in the English language, but was due to "be offended" by the critic to your decision, and to the not too open enough way to try to instrument it. Again, you could have avoided 90% of any possible critic by having acted in a polite, diplomatic and sensitive way when presenting the changes in the way to download your program, but then by reacting as you did to the critics, you only dropped more fuel into the fire. I do think that it is still good time to intelligently correct what can be corrected; you have had by now to step back, even if for the moment; in the immediate future just be not only totally open, but stop the bitterness in your attitude and consider that you are not just a not enough well paid author, but that you are a person reputed as a noble and efficient one that generously in some "tries to make easier life for others" just out of his generosity, and that this reputation is so much important to deserve, to get and to keep that many, many other things in life. And then, you still can have the chance to increase in some your income by being totally and pro-active open about it, and giving all the facilities for whover would be weary of dealing with opencandy, or whatever other sponsor. Just please take in account that humility, courtesy and good will shall always just enhance the merit of genius, and will give to one, in any situation, better practical results, and also the deep satisfaction of being a well liked and considered person. Thank you for your kind attention and your time in reading this, and please receive my good wishes and regards for you and your work.
Petr
[View user's profile]
Moderator
Joined: 2006-01-26
Posts: 50
Satisfied users make WinSCP so popular SFTP and FTP client! Thanks!

Read more about OpenCandy in WinSCP documentation, including information about how to avoid OpenCandy and about adware alerts with some older versions of WinSCP installer. Since release 4.3.3 the WinSCP installer with OpenCandy should not generate any adware alerts.
Guest




prikryl wrote:
...I've decided to remove OpenCandy from WinSCP installer in yesterday's 4.3.2 release. At least until this problem is resolved.
Anonymous wrote:
...this removal of OpenCandy (even if temporary) seems to not be mentioned in the Version History or anywhere else...only here in this topic?
prikryl wrote:
It's on frontpage Smile But ok, I'll add it to Version History too.

...does 4.3.3 have OpenCandy re-added?

It seems like OpenCandy has been re-added, but again, this is not mentioned in the Version History...unless I missed it on the Frontpage again (LOL). Please make the Version History contain all change notes. Including adding/removing OpenCandy.

Also, I'd change the 4.3.2 entry about this from...

Quote:
OpenCandy advertising module was suspended from an installation application.

...to...

Quote:
The OpenCandy advertising module was suspended (temporarily removed) from the installer, due to Adware reports.

...it's just better English that way.

If 4.3.3 DOES have OpenCandy re-added I'd add that to the Version History & word it like this...

Quote:
The OpenCandy advertising module was re-added to the installer, after addressing the Adware reports.

You already know we want you to remove it permanently, but please mark each version (at least in the Version History), so we can KNOW which ones have/don't have it. I know I can unconditionally use the /NOCANDY switch, but I still wanna know which versions have or don't have OpenCandy.
Petr
[View user's profile]
Moderator
Joined: 2006-01-26
Posts: 50
Many thanks for your comments and suggestions!

Note that there is Installation package (without OpenCandy) available at our download page. A link to a page about OpenCandy is also provided at the very same page for your convenience. Enjoy using WinSCP!

And as already mentioned, since release 4.3.3 the WinSCP installer with OpenCandy should not generate any adware alerts.
Guest




Petr wrote:
Many thanks for your comments and suggestions!

...just wondering, is Martin still here? It says you are "Moderator"...is this a recent change?

Petr wrote:
Note that there is Installation package (without OpenCandy) available at our download page.

...whoa!...was that there the whole time?...before my last post?...cuz, if so, I missed it. Thx!!! I was looking for notes in the Version History.

Petr wrote:
A link to a page about OpenCandy...

...yes, I've read that page many times.

There's a typo in the new Version 4.3.2 notes: "intaller" should be "installer"...but I also think it needs a "The" at the beginning, as per my example...or perhaps re-worded to "OpenCandy was suspended from the installer"...or even..."OpenCandy (an advertising module) was suspended from the installer"...there's just something that hits my ear wrong with "OpenCandy advertising module was..."...it just needs a "The" or an extra word...or re-worded.
Guest




FYI. Our company antivirus is killing Opencandy as adware, resulting in a very unsightly virus popup when users are installing WinSCP.
Guest




TL DR this thread other than the first post which pretty much sums up my sentiments.

I work for a large organization, told my colleages to update, lo and behold, alert, upon alert, upon alert of OpenCandy.

<COMPUTERNAME> had Adware-OpenCandy.dll in file C:\DOCUME~1\<USERNAME>\LOCALS~1\Temp\is-R4P1Q.tmp\OCSetupHlp.dll at 08/03/11 19:41:28 UTC

Thanks, WinSCP. You had a great program, but adding OpenCandy has caused my organization a whole lot of grief.

Yeah, I'm aware there's a OpenCandy-free version. Now. After 15-20 McAfee alerts.

How about you make that OpenCandy-free version the standard install?

-BOFH
Guest




Anonymous wrote:
TL DR this thread other than the first post which pretty much sums up my sentiments.

I work for a large organization, told my colleages to update, lo and behold, alert, upon alert, upon alert of OpenCandy.

<COMPUTERNAME> had Adware-OpenCandy.dll in file C:\DOCUME~1\<USERNAME>\LOCALS~1\Temp\is-R4P1Q.tmp\OCSetupHlp.dll at 08/03/11 19:41:28 UTC

Thanks, WinSCP. You had a great program, but adding OpenCandy has caused my organization a whole lot of grief.

Yeah, I'm aware there's a OpenCandy-free version. Now. After 15-20 McAfee alerts.

How about you make that OpenCandy-free version the standard install?

-BOFH


I'm talking about version 4.3.4 by the way.

McAfee didn't have a problem with 4.3.3 or 4.3.2...
Petr
[View user's profile]
Moderator
Joined: 2006-01-26
Posts: 50
Thanks. This was reported to McAfee as a false possitive already.

We are really sorry that you have such troubles! Please drop me your email and I will send you personal reminder after each release with a link to winscp without OpenCandy.

Take care!
Guest




Petr wrote:
Thanks. This was reported to McAfee as a false possitive already.

We are really sorry that you have such troubles! Please drop me your email and I will send you personal reminder after each release with a link to winscp without OpenCandy.

Take care!


I appreciate the rapid response. You have a great product here, and I've no personal vendetta against OpenCandy or you trying to make some extra $$$, I just do not like surprise antivirus alerts and then flak from my supervisors.
Guest




I'm sorry, but I have to ask: Does version 5.0.0 have Open Candy?

4.3.4 links to winscp434setupnocandy.exe

5.0.0 links to winscp500setup.exe

...which either means you dropped Open Candy altogether (here's hoping!)...or didn't provide a non-Open Candy version of 5.0.0 yet.

Whether it's "Adware" or not, I need a way to scan an exe & at least know, if it's Open Candy or not.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
I'm sorry, but I have to ask: Does version 5.0.0 have Open Candy?

4.3.4 links to winscp434setupnocandy.exe

5.0.0 links to winscp500setup.exe

...which either means you dropped Open Candy altogether (here's hoping!)...or didn't provide a non-Open Candy version of 5.0.0 yet.

Whether it's "Adware" or not, I need a way to scan an exe & at least know, if it's Open Candy or not.

5.0 does not include OpenCandy (yet).

To be completely sure you avoid OpenCandy, you can run any setup with /nocandy switch. Version that do not include OpenCandy just ignore it.
_________________
Martin Prikryl
Guest




I hate to keep asking on every new version, but the Release Notes, Version History & the OpenCandy page don't tell me, so...

    Does version 4.3.5 have OpenCandy?
...or more importantly, can you mention the OpenCandy-ness of the installer in the Release Notes, Version History & the OpenCandy page?

The OpenCandy page still claims that it IS included in the installer, even tho it was "suspended" before. I really do my research before asking, but I can't find anything that will tell me for sure.

One more note, the Version History does say...

4.3.5 Version History wrote:
Installer without OpenCandy does not include OpenCandy licence anymore.

...but 4.3.5 only has winscp435setup.exe...there's no winscp435setupnocandy.exe...is it safe to assume there is no OpenCandy in the installer, until the Version History says it's been re-added?

Yes, I know I can always use the /nocandy switch, but I don't even wanna run an OpenCandy-including .exe on my system, even with the /nocandy switch.
Petr
[View user's profile]
Moderator
Joined: 2006-01-26
Posts: 50
Thanks for asking! The installer winscp435setup.exe and later winscp???setup.exe installers do NOT include OpenCandy nor they include any other bundled software of another sponsor.

In the future, we will mention it in the respective release notes if there is a sponsored software bundled in the installer.

I will update OpenCandy page accordingly. Sorry for the confusion.
Guest




Petr wrote:
The installer winscp435setup.exe and later winscp???setup.exe installers do NOT include OpenCandy nor they include any other bundled software of another sponsor.

...version 5.1 (winscp510setup.exe), follows that naming scheme (winscp???setup.exe), but DOES include a Google Chrome recommendation.

Petr wrote:
In the future, we will mention it in the respective release notes if there is a sponsored software bundled in the installer.

...the 5.1 readme says...

Code:
 - The installer includes Google Chrome recommendation.
   WinSCP application itself does not contain any ads.
   By using the installer you support WinSCP development.
   Thank you!

...(holy crap...code tags have a small font {plz fix that}...anyway, so that it can be readable, I'll put it in a quote tag)...the 5.1 readme says...

WinSCP 5.1 Readme.txt wrote:
- The installer includes Google Chrome recommendation.
WinSCP application itself does not contain any ads.
By using the installer you support WinSCP development.
Thank you!

...I have some questions...

  • Does that mean it is or is not OpenCandy anymore?
  • If it's not OpenCandy anymore, why has the OpenCandy page not been updated?
  • If I run the installer again (after cancelling the 1st install), the 5.1 installer does NOT present the Google Chrome recommendation again, how does it remember if I've run it before?
...I ran the 5.1 installer (by double clicking on it), to view this new recommendation, then with that installer instance still running in the background (waiting on the last page, not installing), I ran the installer again with /NOCANDY (to test) & it skipped the recommendation page (as expected), then I closed both installers (without installing) & ran it again by double clicking on it (which means without the /NOCANDY switch) & it did NOT present the Google Chrome recommendation (not expected).

So: How did it remember that I ran it before? / Why did it skip the Google Chrome recommendation, when the same exact file was run a 2nd time?

I don't think the /NOCANDY switch did anything (on this new installer), I think it's programmed to only asks once & "somehow" remembers not to ask you again...but how does it remember? (what file or registry entry does it write to so it can remember?) I don't like software "remembering" things about me without permission. I was trying to test the /NOCANDY switch, but the installer changed its behavior by itself. The 1st time I ran it (& canceled) I got the recommendation, the next time I ran it (& canceled), I didn't.

If I run the installer again (specifically, when I canceled the install the 1st time), it should not "remember" that I've run it before (& it should not skip the recommendation on subsequent runs)...perhaps I declined it once & changed my mind? (not really...but the point is the installer should not change behavior between identical runs).

The installer also defaults to "Yes, install Google Chrome", which OpenCandy did NOT do. The default action should NOT be to install other foistware. We WANT WinSCP, not Google Chrome, or anything else. The default choices should NOT install other software or change your MAIN browser.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Anonymous wrote:
...version 5.1 (winscp510setup.exe), follows that naming scheme (winscp???setup.exe), but DOES include a Google Chrome recommendation.

The version of installer without OpenCandy was there because the OpenCandy-enabled installer always connects to OpenCandy servers (to download the ad) and we want to give an option to overly-suspictious users to avoid that. The Chrome ad is offline, so there's no such issue.

Quote:
...(holy crap...code tags have a small font {plz fix that}...

Will do.

Quote:
Does that mean it is or is not OpenCandy anymore?

No OpenCandy anymore in the recent releases.

Quote:
If it's not OpenCandy anymore, why has the OpenCandy page not been updated?

We keep the page for benefit of users, who happen to download old version of WinSCP with OpenCandy. Though some update would be appropriate indeed.

Quote:
If I run the installer again (after cancelling the 1st install), the 5.1 installer does NOT present the Google Chrome recommendation again, how does it remember if I've run it before?[/list]...I ran the 5.1 installer (by double clicking on it), to view this new recommendation, then with that installer instance still running in the background (waiting on the last page, not installing), I ran the installer again with /NOCANDY (to test) & it skipped the recommendation page (as expected), then I closed both installers (without installing) & ran it again by double clicking on it (which means without the /NOCANDY switch) & it did NOT present the Google Chrome recommendation (not expected).

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until]
"Martin Prikryl"=dword:????????

Quote:
I don't think the /NOCANDY switch did anything (on this new installer)

There's no /NOCANDY switch anymore. The reason for the switch was the same as for the version of the installer without OpenCandy, see above.

Quote:
If I run the installer again (specifically, when I canceled the install the 1st time), it should not "remember" that I've run it before (& it should not skip the recommendation on subsequent runs)...perhaps I declined it once & changed my mind? (not really...but the point is the installer should not change behavior between identical runs).

That's Google policy.

Peter might follow-up with his comments.
_________________
Martin Prikryl
dimos88

Guest


I personally agree with the site admin . I am a developer too and i support his decision to integrate open candy on his software to make some money to continue developing applications for all of you. I personally use opencandy to monetize my applications. If a developer stop monetizing applications, the only way to continue developing is to sell the application(but this is not good idea for the end users). So install open candy and if you don't like it remove it......You should support a free software, to continue be free
Petr
[View user's profile]
Moderator
Joined: 2006-01-26
Posts: 50
dimos88 wrote:
I personally agree with the site admin...


Thanks! Just to avoid missunderstanding, there is no OpenCandy in recent releases.
UncleBubba

Guest


dimos88 wrote:
I personally agree with the site admin . I am a developer too and i support his decision to integrate open candy on his software to make some money to continue developing applications for all of you. I personally use opencandy to monetize my applications. If a developer stop monetizing applications, the only way to continue developing is to sell the application(but this is not good idea for the end users). So install open candy and if you don't like it remove it......You should support a free software, to continue be free


I'm sorry, but you're missing the point (and misrepresenting things a little). Software that sells me, my name, my eyeballs, my attention, etc., may be "no charge", but it is not "free". In those cases, *I* am (or my users are) the product, and many of us either don't appreciate it or have hard-and-fast policies against such things. We're not "overly sensitive", we're concerned about the networks and users in the businesses we help manage.

My main objection to OpenCandy is this: It is a piece of closed-source software that must run with elevated privileges on equipment within my intranet. It makes connections to outside servers and exchanges data with them.

What is it sending them? Where are the servers? Is the client secure from being hijacked by bad guys? I can't just take their word for it--I have to be able to prove it.

Nothing in this process is transparent, and I cannot, in keeping with good governance, allow that to happen. If I do, I am not discharging my fiduciary responsibility to my employer.

It is one thing if you use OpenCandy and are up-front and honest about it; in that case, I still can't allow your software in my intranet, but I won't think you're deceitful.

If, on the other hand, you do not tell your users, clearly and up front, about OpenCandy, your reputation will suffer. I--and many other administrators--will actively block your site(s) and blacklist your software. Your good reputation (if you had one) will be trashed, and a reputation is one thing that, once sullied, cannot be easily recovered.
Petr
[View user's profile]
Moderator
Joined: 2006-01-26
Posts: 50
Thanks! Again, there is no OpenCandy in recent releases.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License