Disappointed in NOD32


Posted by Cynic | Posted in Business, Security, Software, Super Simple | Posted on 29-03-2011

Tags: , ,

Security is an important issue, but at some point you need to just stop trying to defend against imaginary foes. I’m disappointed in ESET NOD32 as it is giving a false positive for OpenCandy as spyware.

NOD32 False Positive

I’ve looked into OpenCandy extensively. VERY extensively. I’ve examined the SDK. I’ve examined OpenCandy installers. I’ve not only spoken with representatives at OpenCandy, I’ve also spoken with their CEO, Darrius Thompson.

I came to know about this as I submitted my new software, Photo Resizer, to Softpedia. It was rejected because of the alert you see above.

Now, I don’t blame Softpedia. They were kind enough to promptly let me know that my software had been rejected. This is not their fault. They need to keep a “clean” download site, and they can’t have software that triggers alerts like that. The problem is that it’s a false positive.

This is the email I received (minus the Softpedia staff member’s name and email address and all that jazz):

Your product, Photo Resizer, has been recently proposed for submission to our software database.

Unfortunately, the application does not offer users the possibility to accept the OpenCandy service or not, which is considered a spyware behavior. Also our antivirus solution detected this as a potential threat as you can see from the attached screenshot.

Please take the appropriate measures to fix this issue and resubmit the software with us. If our staff will not encounter any problems during its installation or testing, it will be published on Softpedia as soon as possible.

Thank you for your understanding,
The Softpedia Support Team

They were nothing but polite. I was quite happy with their response. They’re in a tough position. But they are at the mercy of the AV and security companies.

I responded and included a screenshot of the installer that showed that users must make an explicit choice to accept or decline the OpenCandy offer (click the image for a larger version):

OpenCandy Optional Offers

So you can see there that there is nothing nefarious going on. You can either say yes or no.

I’ve been vocal in the past about “scareware” and how I really don’t like the predatory nature of scaring people into giving you money, and this really on reinforces my negative opinion of security in general. I think the security companies owe it to everyone to stop throwing so many babies out with the bath water because that’s just laziness. I know it’s a hard job to do, but that’s not an excuse.

I am firmly committed to quality software. While I fantasize about the many legal black-hat opportunities out there, I just don’t do them. I just can’t bring myself to do that. There are lots of legal sleazy things that I could do, but just because they’re legal doesn’t make them not sleazy.

I would greatly appreciate it if anyone out there would help voice some support for me and other developers out there that are trying to bring good software to your desktop and trying to make a living out of it with options like OpenCandy. Email ESET (the makers of NOD32) through their false positive page here.

You will be doing me and everyone else a favor. Thank you in advance for your support!


WOW! Those guys at Softpedia are BLISTERING FAST! I just received a response:

Hello Ryan,

Giving users the option to install or not a component is the right way to do it and is not considered spyware, just Ad-Supported. Also the antivirus alert must be solved to, as NOD32 has many users that might signal it as a threat. We are looking forward hearing from you after this issue has been resolved.



This is terribly funny. Many download sites use anti-virus scanning to verify downloads. It’s common. But I just received this:

We would like to inform you that your program Photo Resizer 2.0 has successfully passed antivirus and antispyware tests and were so impressed that we decided to give you our 100% CLEAN award! We use for scanning now four of the best antivirus engines available on the market.

Four of the best doesn’t include NOD32. Sigh… I feel sorry for the poor buggers at ESET.