Pdfcreator toolbar/adware/malware?

 One of my users was recently notified of an update to pdfcreator. The user proceeded to go through with the update and found that the Babylon Toolbar was installed at the same time. A little research shows me that multiple people are complaining on SourceForge about the newer versions of pdfcreator containing malware and toolbars. Is this a ploy for more funds? I would rather purchase software than have to deal with updates containing potentially dangerous adware.

When I was installing pdfCreator 1.3.1 it never asked, it just went off downloading a thing called "Install Manager". Then at least it asked a question about accepting some conditions, which I could decline. The 1.3.1 installer has been cut down to ask less questions, but now, by default, you don't get asked for the option to install bonus random software. I want to be asked upfront, before it tries to download anything. I also want to be able to install this on systems that are not online, so I want to be able to run the installer without it needing to go to the internet for anything.

Hello,

the installer has been reduced in the number of screens, but we *always* ask on the software offer screen. The install manager is downloaded instantly, as it shows the offer screen. But it does not install software then. Only if the user accepts the offered software, it will be installed.

During the last months, we have improved the way the software is offered. With the old toolbar, people often got confused. The new offer system should be clearer for the user while at the same time offering software with higher value for the user, if he decides to install it.

kind regards,
Philip

Can you somehow disable the download of the install manager (e.g. by a commandline argument)?

Yes, this is very bad, worse than before.  A software installer should NEVER download and execute some other software without asking and fully disclosing what it is doing.  I do not want to have something download and execute, and only to hope that it does nothing to my system.  Even if the software is trusted by the developers, the 3rd party could change this at any time without warning.

After the installer executes, the only way to stop it is to decline the license.  We all know that most users will just click on buttons to make the dialog go away, and this kind of installer is preying on that fact.

The checkboxes in the previous versions were still a bit buried unless you stopped to read every little thing on the screen, and users complained about this a lot, but this new method makes it even harder to trust the project and its direction.

 

Here are the queries the installer makes:

  • http://api.opencandy.com/?clientv=29&cltzone=-240&language=en,en&method=get_offers&mstime=0.203&os=WIN6.1SP1-64&product_key=0675e285832e21485cda15b13531c57c&v=1.0&signature=5d30548a61d2da6e2ed02ef152386f8d
  • http://api.opencandy.com/?clientv=29&method=track_product_installed&mstime=64.912&product_key=0675e285832e21485cda15b13531c57c&session_key=1d4bf1fgd36ehb88540jjdd4q8614w946&v=1.0&signature=2eadd6917x4b7brdb3geda03c3H6cK6e
  • http://api.opencandy.com/?clientv=29&method=track_offers_not_ready&mstime=68.438&offer_id=2512&product_key=0675f25cde15begerg4gr12531c97c&session_key=1d4bb13248ewfi43rfd4d8614a946&state=5&state_time_secs=20.514&v=1.0&signature=39a5eeeadb74324089dwfewf899fe74fcf9

Here's the opencandy web site: http://www.opencandy.com/

 

P.S. There also need to be options about creating icons on the desktop.  Even the most minimal modern installers still include this as an option.

I just found out on a getsatisfaction.com thread that you can use the commandline-switch /NOCANDY. Interestingly the "candy"-nagscreen looks completely different on my computer at work and my homecomputer.

The /NOCANDY switch doesn't work for me. However what currently works is performing a silent install with an INF file that contains at least the following lines:

 [Setup]
Offer=0
Toolbar=0

I load the INF file as usual via "PDFCreator-..._setup.exe" /VERYSILENT /SP- /LOADINF="pdfcreatorsetup.inf" (Find other Innosetup parameters on their website: http://unattended.sourceforge.net/InnoSetup_Switches_ExitCodes.html)

That way my Pdfcreator 1.3 setup does not make any connections to opencandy servers anymore or downloads software. It still phones home to the Pdfcreator server, but this cannot be disabled according to the developers (http://www.pdfforge.org/forum/open-discussion/8298-pdfcreator-phones-home)

Of course you can and should also add other settings to the INF file or create your own with the /SAVEINF parameter.
 

Also please do not delete this account. It is very annoying to recreate the account every time we want to post a message.

@bugmenot: we do not delete accounts. Maybe you have been caught by the anti-spam facility in the forum by posting links or too frequently.

regarding the desktop icon: If you call the setup with the /Expert switch, you will have that back again. This will be a checkbox on the first screen in the next version.

This is to reduce the number of screens the user has to go through and that he is in most cases not interested in.

Philip,

I have not been able to find instructions that work to uninstall the toolbar.  Are there instructions on this site or can you provide a link?

Thanks!

Hello,

Are you refering to the Toolbar we have included up until 1.2.3? There, you can Uninstall it from the Help menu in the toolbar. If it is something else, it would help if you could provide me with a name.

kind regards,
Philip

I downloaded PDFArchitect a few days ago and the toolbar came with it.  The browser affected is Firefox 11.0

I went to the search line in the toolbar and used "Manage Search Engines" to remove it.  The icon was removed for the search line, but not the search box that appears above the toolbar.  When I closed the browser it was reset.

In the Options dialog box for the browser, nothing seemed to apply.

The Unistall program in the Control Panel (Windows 7) does not list a toolbar.

Where should I go next?

Tim

Norton Security Suite blocked a reinstall of v1.3.2, indicating that Installmanager.exe was detected as a threat, Suspicious.Cloud.2, based upon malware hueristics.  My reinstall was needed as the PDFCreator printed disappeared from my Devices and Printers list for Win 7 64bit.

OpenCandy is very bad. It scans the computer and send a list of all installed software to the opencandy network. With this information, an attacker could find vulnerabilities to attack the computer! Please do it like the developer of AxCryptor and offer an alternative OpenCandy free setup.

Hi,

 

we have been thinking about this and will probably offer an ad free version of PDFCreator in the future.

 

regards,

 

Robin

I understand your need to earn money to cover your costs. But, in my function as IT administrator in a company, I can’t take the risk to deploy software bundled with opencandy. We would like to donate to help you to cover your costs, but that’s not so easy. We need the process of offer -> order -> invoce. It would be perfect if you could offer a “maintenance contract” for business customers with opencandy free setup, I think 99€ / year would be ok.

Its confusing but its honest

There are two sets of conditions to read and accept - the first is for PDF creator - I accepted them

It then downloads install.exe and a second set of options/conditions are shown

I was asked and I said no to everything and I DECLINED the conditions - PDFCreator was installed and as far as I can tell no extras were installed

I came here afterwards to see if other users had complained - but in reality my install was fine PDFCreator with no extra software - I read the conditions accepted and declined as appropriate and it all looks ok to me.

I just try to install 1.4.1. On the first screen you have to accept open candy license, if not, cou can't continue with the installation :(

I too am annoyed at this advertising partner nonsense & would be willing to pay a fee for a 'clean' version.

Whoever made the decision to arbitrarliy change the installer to use this garbage is incredibly short sighted.  Surely it would have made a lot more sense to ask the membership what their preferred option was to provide funds to the project & not really annoy so many of the 'faithful'.  This product is no longer 'free' but advertising supported, not a problem if this how it's promoted but it isn't.

Anyway, I have taken much of the info from this thread & elsewhere & built a batch file to do most of the work of installing & avoiding the rubbish; it's 3 files, the batch file itself & XP & W7 versions of the INF files.  Anyone that want them email me via the forum.  I can put it up on Rapidshare if there's a demand.

The script works fine on my systems but will need to be 'run as' Administrator under Vista & 7 if you have UAC enabled.

Any suggestions on how to make it better are welcome, constructive critcism always welcome, haters keep it to yourself.

Cheers